A Cognitive Theory of the Third-Party Doctrine and Digital Papers

For nearly 200 years, an individual’s personal papers enjoyed near-absolute protection from government search and seizure. That is no longer the case. With the widespread adoption of cloud-based information processing and storage services, the third-party doctrine operates to effectively strip our digital papers of meaningful Fourth Amendment protections. This Article presents a new approach to reconciling current third-party doctrine with the technological realities of modern personal information processing. Our most sensitive data is now processed and stored on cloud computing systems owned and operated by third parties. Although we may consider these services to be private and generally secure, the law does not currently require the government to obtain a warrant to access our information. The third-party doctrine creates a sweeping exception to the warrant requirement for any information exposed to a third party—even where that third party is an automated computing system rather than a human. As a result, our personal papers now receive no more protection than any other piece of potential evidence. In practical terms, they receive less. This ahistorical approach undermines the essential balance between an individual’s interest in privacy and the public’s interest in law enforcement. Many have identified and tried to rectify the privacy problems created by this shift, but it has proven difficult to articulate a limitation to the third-party doctrine that is both consistent with existing principles and feasible in practice. The Article begins with the intimate connection among freedom of thought, privacy of thought, and the longstanding enumeration of “papers” as a distinct object of Fourth Amendment protection. This historical understanding, which prior generations recognized intuitively, now finds strong support in contemporary cognitive science. Modern models of human cognition reveal how papers serve as cognitive artifacts performing cognitive tasks. These models furnish a set of proxy characteristics for reliably singling out those personal papers whose protection would most likely serve constitutional values. The result is a coherent and workable method for bringing needed discipline to the third-party doctrine and restoring equilibrium to information privacy

Big Data Privacy Context: Literature Effects On Secure Informational Assets

This article's objective is the identification of research opportunities in the current big data privacy domain, evaluating literature effects on secure informational assets. Until now, no study has analyzed such relation. Its results can foster science, technologies and businesses. To achieve these objectives, a big data privacy Systematic Literature Review (SLR) is performed on the main scientific peer reviewed journals in Scopus database. Bibliometrics and text mining analysis complement the SLR. This study provides support to big data privacy researchers on: most and least researched themes, research novelty, most cited works and authors, themes evolution through time and many others. In addition, TOPSIS and VIKOR ranks were developed to evaluate literature effects versus informational assets indicators. Secure Internet Servers (SIS) was chosen as decision criteria. Results show that big data privacy literature is strongly focused on computational aspects. However, individuals, societies, organizations and governments face a technological change that has just started to be investigated, with growing concerns on law and regulation aspects. TOPSIS and VIKOR Ranks differed in several positions and the only consistent country between literature and SIS adoption is the United States. Countries in the lowest ranking positions represent future research opportunities.Comment: 21 pages, 9 figure

State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue

Model for cryptography protection of confidential information

УДК 004.056 Борсуковський Ю.В., Борсуковська В.Ю. Модель криптографічного захисту конфіденційної інформації В даній статті проведено детальний аналіз вимог щодо формування моделі криптографічного захисту конфіденційної інформації. Розглянуто використання засобів криптографічного захисту інформації з метою реалізації організаційних та технічних заходів по запобіганню витокам конфіденційної інформації на об’єктах критичної інфраструктури. Сформульовані базові вимоги та рекомендації щодо структури та функціональних складових моделі захисту конфіденційної інформації. Формалізовані вимоги щодо створення, впровадження та експлуатації превентивних процедур управління багатоступінчатим захистом конфіденційної інформації. Наведено приклад використання моделі криптографічного захисту інформації для створення захищеної і прозорої в використанні бази аутентифікаційних даних користувача. Запропонована модель захисту дозволяє мати кілька ступенів програмного та апаратного захисту, що із однієї сторони спрощує їх використання при виконанні чинних політик безпеки і зменшує ймовірність дискредитації аутентифікаційних даних, а із іншої сторони підвищує ймовірність виявлення зловмисних дій третьої сторони за рахунок багатоступінчатої системи захисту. Враховано практичний досвід створення типових моделей захисту конфіденційної інформації для розробки, впровадження та управління сучасними політиками інформаційної безпеки щодо питань використання засобів криптографічного захисту конфіденційної інформації на підприємствах різних форми власності.UDC 004.056 Borsukovskyi Y., Borsukovska V. Model for Cryptography Protection of Confidential Information Current article provides the detailed analysis of requirements for creation of model for cryptography protection of confidential information. Article defines the use of information cryptography protection tools in order to ensure the application of organizational and technical actions to prevent leakage of confidential information at critical infrastructure assets. It provides the basic requirements for the structure and functional elements of model for protection of confidential information. Formalize requirements on creation, implementation and exploitation of preventive procedure in management of multi-level protection of confidential information. The article includes example of use of model for cryptography protection of information for creation of secure and transparent in use the authenticating data base of user. The presented model of protection ensures to have a few levels of firewalls, that, on one hand, simplifies its use in execution of acting security policies and decrease the probability of discrediting of authenticating data, and, on other hand, increase the probability to detect the criminal actions of third party by means of multi-level protection system. It considers the practical experience in creation of standard models for protection of confidential information for development, implementation and management of modern policies on information security in part of use of cryptography protection tools for confidential information at enterprises of different forms of incorporation