184 research outputs found
A Tool for Improving Privacy in Software Development
Privacy is considered a necessary requirement for software development. It is necessary to understand how certain software vulnerabilities can create problems for organizations and individuals. In this context, privacy-oriented software development plays a primary role to reduce some problems that can arise simply from individuals’ interactions software applications, even when the data being processed is not directly linked to identifiable. The loss of confidentiality, integrity, or availability at some point in the data processing, such as data theft by external attackers or the unauthorized access or use of data by employees., represent some types of cybersecurity-related privacy events. Therefore, this research work discusses the formalization of 5 key privacy elements (Privacy by Design Principles, Privacy Design Strategies, Privacy Pattern, Vulnerabilities and Context) in software development and presents a privacy tool that supports developers’ decisions to integrate privacy and security requirements in all software development phases
A Framework for Preserving Privacy and Cybersecurity in Brain-Computer Interfacing Applications
Brain-Computer Interfaces (BCIs) comprise a rapidly evolving field of
technology with the potential of far-reaching impact in domains ranging from
medical over industrial to artistic, gaming, and military. Today, these
emerging BCI applications are typically still at early technology readiness
levels, but because BCIs create novel, technical communication channels for the
human brain, they have raised privacy and security concerns. To mitigate such
risks, a large body of countermeasures has been proposed in the literature, but
a general framework is lacking which would describe how privacy and security of
BCI applications can be protected by design, i.e., already as an integral part
of the early BCI design process, in a systematic manner, and allowing suitable
depth of analysis for different contexts such as commercial BCI product
development vs. academic research and lab prototypes. Here we propose the
adoption of recent systems-engineering methodologies for privacy threat
modeling, risk assessment, and privacy engineering to the BCI field. These
methodologies address privacy and security concerns in a more systematic and
holistic way than previous approaches, and provide reusable patterns on how to
move from principles to actions. We apply these methodologies to BCI and data
flows and derive a generic, extensible, and actionable framework for
brain-privacy-preserving cybersecurity in BCI applications. This framework is
designed for flexible application to the wide range of current and future BCI
applications. We also propose a range of novel privacy-by-design features for
BCIs, with an emphasis on features promoting BCI transparency as a prerequisite
for informational self-determination of BCI users, as well as design features
for ensuring BCI user autonomy. We anticipate that our framework will
contribute to the development of privacy-respecting, trustworthy BCI
technologies
End-to-End Privacy for Open Big Data Markets
The idea of an open data market envisions the creation of a data trading
model to facilitate exchange of data between different parties in the Internet
of Things (IoT) domain. The data collected by IoT products and solutions are
expected to be traded in these markets. Data owners will collect data using IoT
products and solutions. Data consumers who are interested will negotiate with
the data owners to get access to such data. Data captured by IoT products will
allow data consumers to further understand the preferences and behaviours of
data owners and to generate additional business value using different
techniques ranging from waste reduction to personalized service offerings. In
open data markets, data consumers will be able to give back part of the
additional value generated to the data owners. However, privacy becomes a
significant issue when data that can be used to derive extremely personal
information is being traded. This paper discusses why privacy matters in the
IoT domain in general and especially in open data markets and surveys existing
privacy-preserving strategies and design techniques that can be used to
facilitate end to end privacy for open data markets. We also highlight some of
the major research challenges that need to be address in order to make the
vision of open data markets a reality through ensuring the privacy of
stakeholders.Comment: Accepted to be published in IEEE Cloud Computing Magazine: Special
Issue Cloud Computing and the La
An Inventory of Existing Neuroprivacy Controls
Brain-Computer Interfaces (BCIs) facilitate communication between brains and computers. As these devices become increasingly popular outside of the medical context, research interest in brain privacy risks and countermeasures has bloomed. Several neuroprivacy threats have been identified in the literature, including brain malware, personal data being contained in collected brainwaves and the inadequacy of legal regimes with regards to neural data protection. Dozens of controls have been proposed or implemented for protecting neuroprivacy, although it has not been immediately apparent what the landscape of neuroprivacy controls consists of. This paper inventories the implemented and proposed neuroprivacy risk mitigation techniques from open source repositories, BCI providers and the academic literature. These controls are mapped to the Hoepman privacy strategies and their implementation status is described. Several research directions for ensuring the protection of neuroprivacy are identified
Attitudes towards privacy by design in e-government: Views from the trenches
Abstract. In light of increasing public pressure and strict regulation, issues of information security and privacy gain prominence in the e-government domain. A promising approach to ensure data protection is to embrace the Privacy by Design principles and practices in the public sector but this remains a major challenge for practitioners. This article leverages in-depth interviews with e-government stakeholders in Bulgaria to explore their opinions and preferences on data protection issues, thus outlining the main drivers and barriers for Privacy by Design implementations. The key insight is that increasing citizen demands and regulatory oversight engender a change in privacy thinking that defies the current status quo. Limited understanding, scarcity of best practices, legacy systems and insufficient financial and administrative capacity seem to be the main implementation obstacles.Keywords. Privacy by Design, e-government, data protection, personal data.JEL. C80, H10, H11
- …