Technology, privacy and identity: a Hong Kong perspective

This article explores the concepts of privacy and identity in Hong Kong in relation to the law relating to data protection. It first considers the notions of privacy and identity in the light of Hong Kong's socioeconomic situation and recent postcolonial heritage. It then highlights the importance of identity management and considers the distinctions and overlaps between identity management and privacy protection. With this conceptual framework in mind, the article then considers the various laws in Hong Kong pertaining to data protection, with a focus on the aspects relating to identity management. It observes that while there is some legal protection in respect of the data relating to an individual's identity, there are other priorities which may take precedence in determining the extent of identity management under the legal system in Hong Kong. Finally, recommendations are made as to how to improve identity management within the context of data protection in Hong Kong

Surveillance and the Self: Understanding Privacy and Identity in Digital Environments

The widespread use of internet enabled devices among contemporary US adults has given rise to a series of questions about issues of identity, privacy and group behaviors. The increasing use of algorithmic systems in social media and the attendant privacy concerns among users may also contribute to increased levels of strategic management of identity among users. In order to contribute to this discussion, this project examines perceptions and practices of privacy and self-representation in digital spaces among college age adults 18-24. This project utilizes semi-structured interview data collected with college students in the Eastern United States and focuses on both behavioral and attitudinal patterns. I specifically consider the impact of strategic interventions of corporate media platforms to collect, distribute, manage and utilize individual level data on participants\u27 information consumption, individual identity representation and group affiliation. Preliminary data suggests that participants engage partial and strategic representations of self across diverse media platforms. Patterns of self-representation are shaped by a wide variety of factors including in-group online community norms, perceptions of visibility and privacy, algorithmic distributions of information and individual perceptions of technology. Furthermore, online identity, while partial and strategically created, has the potential to impact self-identity and group affiliation in a diverse set of offline and online contexts

Identity principles in the digital age: a closer view

Identity and its management is now an integral part of web-based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. As identity management systems assume functionally equivalent roles, their significance for privacy cannot be underestimated. The Centre for Democracy and Technology has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between 'identity' conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with the key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus applicable to existing and new information communication technologies. The conclusion is that securing compliance with the legislation will prove to be the biggest governance challenge. Standard setting and norms will go some way to ease the need for centralised regulatory oversight

Economic location-based services, privacy and the relationship to identity

Mobile telephony and mobile internet are driving a new application paradigm: location-based services (LBS). Based on a person’s location and context, personalized applications can be deployed. Thus, internet-based systems will continuously collect and process the location in relationship to a personal context of an identified customer. One of the challenges in designing LBS infrastructures is the concurrent design for economic infrastructures and the preservation of privacy of the subjects whose location is tracked. This presentation will explain typical LBS scenarios, the resulting new privacy challenges and user requirements and raises economic questions about privacy-design. The topics will be connected to “mobile identity” to derive what particular identity management issues can be found in LBS

A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model

Patient privacy protection using anonymous access control techniques

Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records