PriCL: Creating a Precedent A Framework for Reasoning about Privacy Case Law

We introduce PriCL: the first framework for expressing and automatically reasoning about privacy case law by means of precedent. PriCL is parametric in an underlying logic for expressing world properties, and provides support for court decisions, their justification, the circumstances in which the justification applies as well as court hierarchies. Moreover, the framework offers a tight connection between privacy case law and the notion of norms that underlies existing rule-based privacy research. In terms of automation, we identify the major reasoning tasks for privacy cases such as deducing legal permissions or extracting norms. For solving these tasks, we provide generic algorithms that have particularly efficient realizations within an expressive underlying logic. Finally, we derive a definition of deducibility based on legal concepts and subsequently propose an equivalent characterization in terms of logic satisfiability.Comment: Extended versio

Invisible Pixels Are Dead, Long Live Invisible Pixels!

Privacy has deteriorated in the world wide web ever since the 1990s. The tracking of browsing habits by different third-parties has been at the center of this deterioration. Web cookies and so-called web beacons have been the classical ways to implement third-party tracking. Due to the introduction of more sophisticated technical tracking solutions and other fundamental transformations, the use of classical image-based web beacons might be expected to have lost their appeal. According to a sample of over thirty thousand images collected from popular websites, this paper shows that such an assumption is a fallacy: classical 1 x 1 images are still commonly used for third-party tracking in the contemporary world wide web. While it seems that ad-blockers are unable to fully block these classical image-based tracking beacons, the paper further demonstrates that even limited information can be used to accurately classify the third-party 1 x 1 images from other images. An average classification accuracy of 0.956 is reached in the empirical experiment. With these results the paper contributes to the ongoing attempts to better understand the lack of privacy in the world wide web, and the means by which the situation might be eventually improved.Comment: Forthcoming in the 17th Workshop on Privacy in the Electronic Society (WPES 2018), Toronto, AC

Privacy protocols

Security protocols enable secure communication over insecure channels. Privacy protocols enable private interactions over secure channels. Security protocols set up secure channels using cryptographic primitives. Privacy protocols set up private channels using secure channels. But just like some security protocols can be broken without breaking the underlying cryptography, some privacy protocols can be broken without breaking the underlying security. Such privacy attacks have been used to leverage e-commerce against targeted advertising from the outset; but their depth and scope became apparent only with the overwhelming advent of influence campaigns in politics. The blurred boundaries between privacy protocols and privacy attacks present a new challenge for protocol analysis. Covert channels turn out to be concealed not only below overt channels, but also above: subversions, and the level-below attacks are supplemented by sublimations and the level-above attacks.Comment: 38 pages, 6 figure

Removing the Silencer : Coverage and Protection of Physician Speech Under the First Amendment

The physician–patient relationship rests on a bedrock of trust. Without trust, patients—and for that matter, physicians—are less willing to divulge information critical to providing accurate medical diagnoses and treatments. The state of Florida seemingly ignored this when its legislature, with support from the National Rifle Association and other pro-gun advocates, enacted the Firearm Owners Privacy Act (FOPA), a statute that restricts physicians from questioning their patients about firearm ownership. In Wollschlaeger v. Governor of Florida , the United States Court of Appeals for the Eleventh Circuit held that FOPA did not regulate physician speech but, instead, regulated physician conduct. As such, the law was exempted from First Amendment scrutiny. But almost one year to the day after publishing its first Wollschlaeger opinion, the Eleventh Circuit sua sponte vacated its original opinion and substituted in its place a brand new opinion—one holding that FOPA was subject to First Amendment scrutiny, but nonetheless passed constitutional muster. This Note uses the diverging Wollschlaeger opinions as a vehicle to analyze the First Amendment’s coverage and protection of physician speech. Specifically, it argues that an uninhibited line of communication is required to protect the trust necessary for an effective physician–patient relationship. This logical underpinning leads to the conclusion that the First Amendment presumptively covers physician speech and, furthermore, that physician speech should be subject to intermediate scrutiny—a level of scrutiny that FOPA cannot meet

Issues of quality assurance in the management of plagiarism in blended learning environments

Increasing access to and availability of electronic resources presents students with a rich library of opportunities for independent study. But students also find themselves in the confusing territory of how they should best use these resources within their assessment activities. Likewise, teaching institutions are faced with the problems of plagiarism and collusion, and the challenges of educating, deterring, detecting, and dealing with breaches of policy in a fair and consistent way across all disciplines. This paper examines issues of quality assurance in the management of plagiarism by discussing the following questions: – How can effective automated plagiarism detection services be introduced and managed across the institution? – What teaching and assessment practices can be adopted to deter plagiarism? – What part should collusion and plagiarism detection tools play in educating and deterring students? – What are appropriate penalties for plagiarism and collusion and how can these be applied consistently across disciplines? Drawing together three distinct strands of research, in both distance and campus based institutions, the authors discuss how practice and policy have evolved in recent years in an attempt to reduce the incidence of plagiarism and collusion. The paper will illustrate this evolution by reporting on recent developments in assessment strategy, detection tools, and policy within two UK HE Institutions: The UK Open University and Manchester Metropolitan University

Homo Datumicus : correcting the market for identity data

Effective digital identity systems offer great economic and civic potential. However, unlocking this potential requires dealing with social, behavioural, and structural challenges to efficient market formation. We propose that a marketplace for identity data can be more efficiently formed with an infrastructure that provides a more adequate representation of individuals online. This paper therefore introduces the ontological concept of Homo Datumicus: individuals as data subjects transformed by HAT Microservers, with the axiomatic computational capabilities to transact with their own data at scale. Adoption of this paradigm would lower the social risks of identity orientation, enable privacy preserving transactions by default and mitigate the risks of power imbalances in digital identity systems and markets

Big Brother is Listening to You: Digital Eavesdropping in the Advertising Industry

In the Digital Age, information is more accessible than ever. Unfortunately, that accessibility has come at the expense of privacy. Now, more and more personal information is in the hands of corporations and governments, for uses not known to the average consumer. Although these entities have long been able to keep tabs on individuals, with the advent of virtual assistants and “always-listening” technologies, the ease by which a third party may extract information from a consumer has only increased. The stark reality is that lawmakers have left the American public behind. While other countries have enacted consumer privacy protections, the United States has no satisfactory legal framework in place to curb data collection by greedy businesses or to regulate how those companies may use and protect consumer data. This Article contemplates one use of that data: digital advertising. Inspired by stories of suspiciously well-targeted advertisements appearing on social media websites, this Article additionally questions whether companies have been honest about their collection of audio data. To address the potential harms consumers may suffer as a result of this deficient privacy protection, this Article proposes a framework wherein companies must acquire users\u27 consent and the government must ensure that businesses do not use consumer information for harmful purposes