Foreign Intelligence Surveillance Act Section 702: The Good, The Bad, and a Proposal to Make it Less Ugly

Section 702 of the Foreign Intelligence Surveillance Act (“FISA”) has been controversial since its inception. Created to allow intelligence collection against targeted foreign persons, electronic surveillance under Section 702 casts a wide net, often capturing communications sent to or by United States persons. Opponents point to the invasion of privacy such collection presents, and to the well-documented abuse and biased use of Section 702 data against U.S. citizens. This Note argues that despite this, Section 702 is a vital tool in the fight against terrorism and drug trafficking and the case against Section 702 is weaker than it appears. This Note offers a minor revision to Section 702 that would address many of the privacy concerns found in Section 702 while preserving the ability of the intelligence agencies to effectively use the collected data

Libraries, Electronic Resources, and Privacy: The Case for Positive Intellectual Freedom

Public and research libraries have long provided resources in electronic formats, and the tension between providing electronic resources and patron privacy is widely recognized. But assessing trade-offs between privacy and access to electronic resources remains difficult. One reason is a conceptual problem regarding intellectual freedom. Traditionally, the LIS literature has plausibly understood privacy as a facet of intellectual freedom. However, while certain types of electronic resource use may diminish patron privacy, thereby diminishing intellectual freedom, the opportunities created by such resources also appear liberty-enhancing. Adjudicating between privacy loss and enhanced opportunities on intellectual freedom grounds must therefore provide an account of intellectual freedom capable of addressing both privacy and opportunity. I will argue that intellectual freedom is a form of positive freedom, where a person’s freedom is a function of the quality of her agency. Using this view as the lodestar, I articulate several principles for assessing adoption of electronic resources and privacy protections

Sony, Cyber Security, and Free Speech: Preserving the First Amendment in the Modern World

Reprinted from 16 U.C. Davis Bus. L.J. 309 (2016). This paper explores the Sony hack in 2014 allegedly launched by the North Korean government in retaliation over Sony’s production of The Interview and considers the hack’s chilling impact on speech in technology. One of the most devastating cyber attacks in history, the hack exposed approximately thirty- eight million files of sensitive data, including over 170,000 employee emails, thousands of employee social security numbers and unreleased footage of upcoming movies. The hack caused Sony to censor the film and prompted members of the entertainment industry at large to tailor their communication and conform storylines to societal standards. Such censorship cuts the First Amendment at its core and exemplifies the danger cyber terror poses to freedom of speech by compromising Americans’ privacy in digital mediums. This paper critiques the current methods for combatting cyber terror, which consist of unwieldy federal criminal laws and controversial information sharing policies, while proposing more promising solutions that unleash the competitive power of the free market with limited government regulation. It also recommends legal, affordable and user-friendly tools anyone can use to secure their technology, recapture their privacy and exercise their freedom of speech online without fear of surreptitious surveillance or retaliatory exposure

Big Data Privacy Context: Literature Effects On Secure Informational Assets

This article's objective is the identification of research opportunities in the current big data privacy domain, evaluating literature effects on secure informational assets. Until now, no study has analyzed such relation. Its results can foster science, technologies and businesses. To achieve these objectives, a big data privacy Systematic Literature Review (SLR) is performed on the main scientific peer reviewed journals in Scopus database. Bibliometrics and text mining analysis complement the SLR. This study provides support to big data privacy researchers on: most and least researched themes, research novelty, most cited works and authors, themes evolution through time and many others. In addition, TOPSIS and VIKOR ranks were developed to evaluate literature effects versus informational assets indicators. Secure Internet Servers (SIS) was chosen as decision criteria. Results show that big data privacy literature is strongly focused on computational aspects. However, individuals, societies, organizations and governments face a technological change that has just started to be investigated, with growing concerns on law and regulation aspects. TOPSIS and VIKOR Ranks differed in several positions and the only consistent country between literature and SIS adoption is the United States. Countries in the lowest ranking positions represent future research opportunities.Comment: 21 pages, 9 figure

Privacy-Preserving Observation in Public Spaces

One method of privacy-preserving accounting or billing in cyber-physical systems, such as electronic toll collection or public transportation ticketing, is to have the user present an encrypted record of transactions and perform the accounting or billing computation securely on them. Honesty of the user is ensured by spot checking the record for some selected surveyed transactions. But how much privacy does that give the user, i.e. how many transactions need to be surveyed? It turns out that due to collusion in mass surveillance all transactions need to be observed, i.e. this method of spot checking provides no privacy at all. In this paper we present a cryptographic solution to the spot checking problem in cyber-physical systems. Users carry an authentication device that authenticates only based on fair random coins. The probability can be set high enough to allow for spot checking, but in all other cases privacy is perfectly preserved. We analyze our protocol for computational efficiency and show that it can be efficiently implemented even on plat- forms with limited computing resources, such as smart cards and smart phones

Privacy and Confidentiality in an e-Commerce World: Data Mining, Data Warehousing, Matching and Disclosure Limitation

The growing expanse of e-commerce and the widespread availability of online databases raise many fears regarding loss of privacy and many statistical challenges. Even with encryption and other nominal forms of protection for individual databases, we still need to protect against the violation of privacy through linkages across multiple databases. These issues parallel those that have arisen and received some attention in the context of homeland security. Following the events of September 11, 2001, there has been heightened attention in the United States and elsewhere to the use of multiple government and private databases for the identification of possible perpetrators of future attacks, as well as an unprecedented expansion of federal government data mining activities, many involving databases containing personal information. We present an overview of some proposals that have surfaced for the search of multiple databases which supposedly do not compromise possible pledges of confidentiality to the individuals whose data are included. We also explore their link to the related literature on privacy-preserving data mining. In particular, we focus on the matching problem across databases and the concept of ``selective revelation'' and their confidentiality implications.Comment: Published at http://dx.doi.org/10.1214/088342306000000240 in the Statistical Science (http://www.imstat.org/sts/) by the Institute of Mathematical Statistics (http://www.imstat.org

Privacy Vulnerabilities in the Practices of Repairing Broken Digital Artifacts in Bangladesh

This paper presents a study on the privacy concerns associated with the practice of repairing broken digital objects in Bangladesh. Historically, repair of old or broken technologies has received less attention in ICTD scholarship than design, development, or use. As a result, the potential privacy risks associated with repair practices have remained mostly unaddressed. This paper describes our three-month long ethnographic study that took place at ten major repair sites in Dhaka, Bangladesh. We show a variety of ways in which the privacy of an individual’s personal data may be compromised during the repair process. We also examine people’s perceptions around privacy in repair, and its connections with their broader social and cultural values. Finally, we discuss the challenges and opportunities for future research to strengthen the repair ecosystem in developing countries. Taken together, our findings contribute to the growing discourse around post-use cycles of technology

Knowing Your Population: Privacy-Sensitive Mining of Massive Data

Location and mobility patterns of individuals are important to environmental planning, societal resilience, public health, and a host of commercial applications. Mining telecommunication traffic and transactions data for such purposes is controversial, in particular raising issues of privacy. However, our hypothesis is that privacy-sensitive uses are possible and often beneficial enough to warrant considerable research and development efforts. Our work contends that peoples behavior can yield patterns of both significant commercial, and research, value. For such purposes, methods and algorithms for mining telecommunication data to extract commonly used routes and locations, articulated through time-geographical constructs, are described in a case study within the area of transportation planning and analysis. From the outset, these were designed to balance the privacy of subscribers and the added value of mobility patterns derived from their mobile communication traffic and transactions data. Our work directly contrasts the current, commonly held notion that value can only be added to services by directly monitoring the behavior of individuals, such as in current attempts at location-based services. We position our work within relevant legal frameworks for privacy and data protection, and show that our methods comply with such requirements and also follow best-practice

Efficient Privacy Preserving Viola-Jones Type Object Detection via Random Base Image Representation

A cloud server spent a lot of time, energy and money to train a Viola-Jones type object detector with high accuracy. Clients can upload their photos to the cloud server to find objects. However, the client does not want the leakage of the content of his/her photos. In the meanwhile, the cloud server is also reluctant to leak any parameters of the trained object detectors. 10 years ago, Avidan & Butman introduced Blind Vision, which is a method for securely evaluating a Viola-Jones type object detector. Blind Vision uses standard cryptographic tools and is painfully slow to compute, taking a couple of hours to scan a single image. The purpose of this work is to explore an efficient method that can speed up the process. We propose the Random Base Image (RBI) Representation. The original image is divided into random base images. Only the base images are submitted randomly to the cloud server. Thus, the content of the image can not be leaked. In the meanwhile, a random vector and the secure Millionaire protocol are leveraged to protect the parameters of the trained object detector. The RBI makes the integral-image enable again for the great acceleration. The experimental results reveal that our method can retain the detection accuracy of that of the plain vision algorithm and is significantly faster than the traditional blind vision, with only a very low probability of the information leakage theoretically.Comment: 6 pages, 3 figures, To appear in the proceedings of the IEEE International Conference on Multimedia and Expo (ICME), Jul 10, 2017 - Jul 14, 2017, Hong Kong, Hong Kon