When Others Impinge upon Your Privacy:Interdependent Risks and Protection in a Connected World

Privacy is defined as the right to control, edit, manage, and delete information about oneself and decide when, how, and to what extent this information is communicated to others. Therefore, every person should ideally be empowered to manage and protect his own data, individually and independently of others. This assumption, however, barely holds in practice, because people are by nature biologically and socially interconnected. An individual's identity is essentially determined at the biological and social levels. First, a person is biologically determined by his DNA, his genes, that fully encode his physical characteristics. Second, human beings are social animals, with a strong need to create ties and interact with their peers. Interdependence is present at both levels. At the biological level, interdependence stems from genetic inheritance. At the social level, interdependence emerges from social ties. In this thesis, we investigate whether, in today's highly connected world, individual privacy is in fact achievable, or if it is almost impossible due to the inherent interdependence between people. First, we study interdependent privacy risks at the social level, focusing on online social networks (OSNs), the digital counterpart of our social lives. We show that, even if an OSN user carefully tunes his privacy settings in order to not be present in any search directory, it is possible for an adversary to find him by using publicly visible attributes of other OSN users. We demonstrate that, in OSNs where privacy settings are not aligned between users and where some users reveal a (even limited) set of attributes, it is almost impossible for a specific user to hide in the crowd. Our navigation attack complements existing work on inference attacks in OSNs by showing how we can efficiently find targeted profiles in OSNs, which is a necessary precondition for any targeted attack. Our attack also demonstrates the threat on OSN-membership privacy. Second, we investigate upcoming interdependent privacy risks at the biological level. More precisely, due to the recent drop in costs of genome sequencing, an increasing number of people are having their genomes sequenced and share them online and/or with third parties for various purposes. However, familial genetic dependencies induce indirect genomic privacy risks for the relatives of the individuals who share their genomes. We propose a probabilistic framework that relies upon graphical models and Bayesian inference in order to formally quantify genomic privacy risks. Then, we study the interplay between rational family members with potentially conflicting interests regarding the storage security and disclosure of their genomic data. We consider both purely selfish and altruistic behaviors, and we make use of multi-agent influence diagrams to efficiently derive equilibria in the general case where more than two relatives interact with each other. We also propose an obfuscation mechanism in order to reconcile utility with privacy in genomics, in the context where all family members are cooperative and care about each other's privacy. Third, we study privacy-enhancing systems, such as anonymity networks, where users do not damage other users' privacy but are actually needed in order to protect privacy. In this context, we show how incentives based on virtual currency can be used and their amount optimized in order to foster cooperation between users and eventually improve everyone's privacy.[...

Analyzing Scrip Systems

Scrip systems provide a nonmonetary trade economy for exchange of resources. We model a scrip system as a stochastic game and study system design issues on selection rules to match potential trade partners over time. We show the optimality of one particular rule in terms of maximizing social welfare for a given scrip system that guarantees players' incentives to participate. We also investigate the optimal number of scrips to issue under this rule. In particular, if the time discount factor is close enough to one, or trade benefits one partner much more than it costs the other, the maximum social welfare is always achieved no matter how many scrips are in the system. When the benefit of trade and time discount are not sufficiently large, on the other hand, injecting more scrips in the system hurts most participants; as a result, there is an upper bound on the number of scrips allowed in the system, above which some players may default. We show that this upper bound increases with the discount factor as well as the ratio between the benefit and cost of service. Finally, we demonstrate similar properties for a different service provider selection rule that has been analyzed in previous literature.Masdar Institute of Science and TechnologyNational Science Foundation (U.S.) (Contract CMMI-0758069

Data protection for the common good : developing a framework for a data protection-focused data commons

This research is part of Janis Wong’s doctoral research, which is funded by the University of St Andrews St Leonard’s College, School of Computer Science, and School of Management.In our data-driven society, personal data affecting individuals as data subjects are increasingly being collected and processed by sizeable and international companies. While data protection laws and privacy technologies attempt to limit the impact of data breaches and privacy scandals, they rely on individuals having a detailed understanding of the available recourse, resulting in the responsibilization of data protection. Existing data stewardship frameworks incorporate data-protection-by-design principles but may not include data subjects in the data protection process itself, relying on supplementary legal doctrines to better enforce data protection regulations. To better protect individual autonomy over personal data, this paper proposes a data protection-focused data commons to encourage co-creation of data protection solutions and rebalance power between data subjects and data controllers. We conduct interviews with commons experts to identify the institutional barriers to creating a commons and challenges of incorporating data protection principles into a commons, encouraging participatory innovation in data governance. We find that working with stakeholders of different backgrounds can support a commons’ implementation by openly recognizing data protection limitations in laws, technologies, and policies when applied independently. We propose requirements for deploying a data protection-focused data commons by applying our findings and data protection principles such as purpose limitation and exercising data subject rights to the Institutional Analysis and Development (IAD) framework. Finally, we map the IAD framework into a commons checklist for policy-makers to accommodate co-creation and participation for all stakeholders, balancing the data protection of data subjects with opportunities for seeking value from personal data.Publisher PDFPeer reviewe

2004-2006 Xavier University Undergraduate and Graduate Information College of Arts and Sciences, College of Social Sciences, Williams College of Business, Course Catalog

https://www.exhibit.xavier.edu/coursecatalog/1154/thumbnail.jp

2006-2008 Xavier University Undergraduate and Graduate Information College of Arts and Sciences, College of Social Sciences, Williams College of Business, Course Catalog

https://www.exhibit.xavier.edu/coursecatalog/1155/thumbnail.jp

Bitcoin as a Nonviolent Tool Against State Financial Censorship

Aim: This study investigates the use of bitcoin by nonviolent resistance campaigns to counter state financial censorship, a topic underrepresented in academic literature. Method: This study is designed as descriptive basic research with its methodological approach as case studies. The study presents a global dataset of 93 financial censorship events by government authorities from 1981 to 2023, encompassing the first global dataset of nonviolent campaigns that have employed bitcoin. Two nonviolent campaigns that utilised bitcoin are examined in detail: the Feminist Coalition’s EndSARS protest and the Freedom Convoy’s Covid-19 mandate protest. Additionally, the study explores the Sri Lanka Campaign for Peace and Justice’s use of bitcoin despite not facing financial censorship. Results: Both the Feminist Coalition and the Freedom Convoy adopted bitcoin immediately following financial censorship events, allowing them to add significant contributions to their funds. Sri Lanka Campaign for Peace and Justice experienced limited impact from using bitcoin. The results suggest that bitcoin has supported nonviolent campaigns, particularly in response to financial censorship. Conclusion: This study shows how (a) nonviolent campaigns have used bitcoin against financial censorship, for private donations, and for alternative means for funding; (b) bitcoin is a nonviolent tool with many features and functions similar to previous nonviolent tools and tactics involving money; (c) bitcoin can be of great interest for human rights activists and NGOs, illustrating how misconceptions regarding its association with illegal activities should be reconsidered. On the contrary, this study illustrates how bitcoin enhances personal autonomy and serves as a form of resistance against financial censorship by enabling borderless, censorship-resistant, and permissionless transactions

2002-2004 Xavier University Undergraduate and Graduate Information College of Arts and Sciences, College of Social Sciences, Williams College of Business, Course Catalog

https://www.exhibit.xavier.edu/coursecatalog/1153/thumbnail.jp