3G UMTS man in the middle attacks and policy reform considerations

Man in the middle attacks on 3G UMTS have been a known vulnerability since at least 2004. Many experts have presented solutions to resolve this issue. The first attempt to mitigate the issue in the form of mutual authentication fell short. It is now public knowledge that law enforcement and the FBI have used this man in the middle style attack to collect intelligence within the United States. It is imperative we openly acknowledge that while the man in the middle attack has immediate benefits, there are also inherent risks to maintaining a lower standard of security. There has been no official documentation from these agencies on the protocol used to conduct these collections. This paper will outline the deficiency in GSM and UMTS, show how a man in the middle style attack would work and what is keeping the attack still possible after so many years. Finally, there will be four points to consider for preliminary policy reform; constitutionality, oversight, vulnerability, and protection

Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack

Cyber-attacks present significant challenges to a modern, globalised world. Progressively used by criminal and terrorist organisations to attack or victimise non-state actors, governments are increasingly forced to pursue cyber-security strategies to ensure the security of their citizens and private sectors. An examination of New Zealand’s response to the threat of cyber-attacks shows that successive governments have taken steps to enhance New Zealand’s domestic cyber-security capacity and international cyber-security partnerships. These steps have been highly contentious where they have resulted in greater domestic surveillance capabilities. Despite this, New Zealand has enacted significant oversight mechanisms that provide reassurance that the New Zealand Government is mindful of the delicate steps it must take to maintain an appropriate balance between privacy and security

An assessment of the knowledge processing environment in an organisation : a case study

Knowledge Management is associated with organisational initiatives in response to the demands of a knowledge-based economy in which the potential value of knowledge as a source for competitive advantage is recognised. However, the lack of a common understanding about knowledge itself, its characteristics and how it is constructed has led to diverse approaches about how to "manage" it. This study presents a critical overview of traditional and contemporary KM approaches. The main focus of this study was to discover and apply a suitable methodology for assessing an organisation's knowledge processing environment. This includes an analysis of the current practices and behaviours of people within the organisation relating to the creation of new knowledge and integrating such knowledge into day-to-day work. It also includes inferring from the above practices those policies and programmes that affect knowledge outcomes. This research makes extensive use of the Knowledge Life Cycle (KLC) framework and the Policy Synchronisation Method (PSM) developed by advocates of the New Knowledge Management movement. A case study approach was followed using a range of data collection methods, which included personal interviews, a social network survey and focus group discussions. The selected case is the small IT department at the East London campus of Rhodes University. Evidence from the case suggests that the knowledge processing environment within the IT department is unhealthy. The current knowledge processing practices and behaviours are undesirable and not geared towards the creation of new knowledge and the integration of such knowledge within the business processes of the IT department. There is little evidence of individual and organisational learning occurring and the problem solving process itself is severely hampered by dysfunctional knowledge practices. The study concludes that the above state of affairs is a reflection of the quality and appropriateness of policies and programmes in the extended organisation. Equally, the local definition of rules, procedures and the execution thereof at a business unit level is mostly lacking. The study illustrates that a systematic assessment of the knowledge processing environment provides the organisation with a sound baseline from where knowledge-based interventions can be launched

TRACK UP - Capturing user profile in a mobile platform

An Android application showing to the users what an application can know about them, their profile and their behaviour, combining data obtained from the phone and from cloud services. There is also an investigation about "user profiling" and an evaluation report[ANGLÈS] Nowadays, with the rise of the smartphones, internet services and technology in general, the life of millions of people has changed dras tically. Specifically, people use smartphones every day and those store personal and important information about their lives. Therefore, smartphones may know some personal and dangerous user information such as h abits, interests and relations. That informa tion has been used by applications and services to improve the experience between the user and the device, because knowing user information allow the devices to anticipate the user’s actions. However, it’s known that that information is not only used to im prove the experience, but is also used by companies and government s to take own advantage of the users information. The process to obtain user information is called user profiling. So, proved that user profiling has good and bad things, it creates the dile mma about personalization vs privacy. My project’s aim is to build an android application showing which kind of information the applications are capable to obtain from the user life. Therefore, the application tracks the user during the whole day and s tores some powerful information at the database. Finally, the user can check which information has been obtained during the last days. Looking at the final result, the application developed is running even when the application is closed, obtaining informat ion such as the whole day location, user wake up times, phone usages, friends, browse hist ory, personal information, etc. Therefore, the project includes planning and management, research about the topic and the moment situation, the study of requiremen ts and software design, the application developing, the project viva and the evaluation report The developing process is preceded by a research report. The research consist s in analysing how user profiling works nowadays and which information is importan t in user profiling. The research also studies how the term big data has changed our world and how it may be dangerous, contrasting that some experts’ opinions. In addition, different ways to obtain valuable information in android devices is studied in the research and used later in the developing process. Finally, the evaluation report includes an evaluation of every part executed during the project. This report analyses extensively the methodology used and the project planning and management, comparing the dates planned at the beginning and modified during the project. Finally, the report also evaluates the application’s usability to find problems, using the experience of some users and their opinion.[CASTELLÀ] En estos días donde el uso de los smartphones, servicios de internet y la tecn ología en general ha crecido rápidamente , la vida de millones de personas ha cambiado de forma sustancial. Actualmente, mucha gente utiliza el móvil cada día, ofreciéndoles la oportunidad de o btener información personal . Por lo tanto, los smartphones pueden saber información personal y peligrosa del usuario como hábitos, intereses y relaci ones sociales. Esta información es utilizada por aplicacion es y servicios para mejorar la experiencia de usuario , ya que conociendo información del usuario los dispositivos se pueden anticipar a sus acciones. Aun así, es sabido que esta información no es solo utilizada para mejorar la experi encia sino que también la usan empresas y gobiernos para sacar un provecho , ya sea económico o de otro tipo. Este proceso de obtener información d el usuari o y guardarla es conocido como “ user pr ofiling ” . Por lo tanto, viendo que “ user profiling ” tiene ventajas e inconvenientes para los usuarios, llegamos a la discusión sobre si preferimos personalización o pri vacidad , ya que normalmente una cosa va en detrimento de la otra. El objetivo del proyecto consiste en desarrollar una aplicación Android que muestre a los usuarios que tipo de información suya son la s aplicaciones capaces de obtener. Por lo tanto, la aplicación espía el usuario durante todo el día y guarda valiosa i nformación en la base de datos. Finalmente , el usuario puede comprobar qué información ha sido obtenida durante los últimos d ías. Si nos fijamos en el resultado final, la aplicación desarrollada se está ejecutando incluso cuando la aplicación está cerrada y obtiene información como la localización del usuario, las horas que se despierta, los usos del teléfono , amigos, el histori al de búsqueda, información personal, etc. El proy ecto incluye la planificación, el estudio sobre el tema y la situación actual , el estudio de requisitos y diseño del software, el desarrollo de la aplicación, la present ación del proyecto y la información de avaluación. El desarrollo va prec edido por el informe de investigación. La investigación consiste en analizar como “ user profiling ” funciona hoy en dí a y que inf ormación es importante. Por otro lado, el documente también analiza como el t érmino “ big data ” ha cambiado el mundo y como eso puede ser peligroso, contrastando con la opinión de expertos. Además, también se estudian varias formas de obtener i nformación en dispositivos Android que después se utilizan en el desarrollo. Finalmente, el informe de evaluación incluye la evaluación de cada parte del proyecto. Este informe analiza extendidamente la metodología usada y la planificación del pro yecto, 5 comparando las fechas previstas en el inicio con su modificación durante todo el proceso. Por otra parte, la usabilidad de la aplicación también es analizada en este apartado, usando la experi encia y opini ón de algunos usuarios.[CATALÀ] Avui en dia, amb l’augment de l’ús dels smartphones, serveis d’internet i la tecnologia en general, la vida de milions de persones ha canviat de manera substancial. Actualment, molta gent fa servir el mòbil cada dia, i aquests poden guardar informació personal dels usuaris. Per tant, els smartp hones poden guardar informació personal i perillosa de l’usuari com poden ser hàbits, interessos i relacions socials. Aquesta informació és utilitzada per aplicacions i serveis per millorar la experiència d’usuari, ja que saber informació de l’usuari perme t als dispositius anticipar - se a les seves accions. Tot i així, és sabut que aquesta informació no és només utilitzada per millorar l’experiència, sinó que també la fan servir empreses i governs per treure ́n un profit , ja sigui econòmic o per altres motius . Aquest procés d’obtenir informació de l’usuari i guardar - la és anomenat “user profiling”. Per tant, veient que “user profiling” té coses bones i dolentes arribem al dilema sobre si preferim personalització o privacitat ja que normalment una cosa va en de triment de l’altra. L’objectiu del projecte consisteix en desenvolupar una aplicació android ensenyant a l’usuari quin tipus de informació personal són les aplicacions capaces d’obtenir. Per tant, l’aplicació espia l’usuari durant tot el dia i guard a valuosa informació a la base de dades. Finalment, l’usuari pot comprovar quina informació ha estat obtinguda durant els últims dies. Si ens fixem en el resultat final, l’aplicació desenvolupada s’està executant fins i tot quan l’aplicació està tancada i obté informació com la localització de l’usuari, les hores que l’usuari es lleva, els usos del telèfon, amics, l’historial de cerca, informació personal, etc. El projecte inclou la planificació, recerca sobre el tema i la situació del moment, l’estudi d els requisits i del disseny del software, el desenvolupament de l’aplicació, la presentació del projecte i l’informe d’avaluació. El desenvolupament va precedit per l’informe de recerca. La recerca consisteix en analitzar com “user profiling” funciona av ui en dia i quina informació és important. D’altra banda, el document també analitza com el terme de “big data” ha canviat el món i com això pot ser perillós contrastant la opinió de diferents experts. A més a més, diverses maneres d’obtenir informació val uosa en dispositius android és estudiada a la recerca i utilitzada en el desenvolupament. Finalment, l’informe d’avaluació inclou l’avaluació de cada part del projecte. Aquest informe analitza extensament la metodologia usada i la planificació del proje cte, comparant les dates previstes a l’inici amb la seva modificació durant tot el procés. Per altra banda, la usabilitat de l’aplicació també és analitzada en aquest apartat, fent servir l’experiència i l’opinió d’alguns usuaris

Privacy in the internet of Things. Fostering user empowerment fhrough digital literacy

Os dispositivos da Internet das Coisas estão por todo o lado, desde o nascimento da computação ubíqua que se prevê que a vida quotidiana do ser humano contenha milhões de dispositivos que con trolam todos os aspectos da nossa vida. Hoje em dia, temos veículos inteligentes, casas inteligentes, cidades inteligentes, dispositivos vestíveis, entre outros, que utilizam vários tipos de dispositivos e vários tipos de redes para comunicar. Estes dispositivos criam novas formas de recolha e tratamento de dados pessoais de utilizadores e não utilizadores. A maioria dos utilizadores nais nem sequer tem conhecimento ou tem pouco controlo sobre a informação que está a ser recolhida por estes sistemas. Este trabalho adopta uma abordagem holística a este problema, começando por realizar uma revisão da literatura para compilar as soluções actuais, os desa os e as oportunidades de investigação futura. Realizando, em seguida, um inquérito para saber mais sobre o conhecimento geral dos indivíduos acerca da privacidade, da Internet das Coisas e hábitos online e, nalmente, com base na informação recolhida, é proposta uma aplicação móvel que fornece aos utilizadores informações sobre os dispositivos que estão próximos e como proteger os dados que não querem partilhar com estes dispositivos. Os testes com utilizadores revelaram que os participantes val orizam ter acesso a mais informações sobre termos relacionados com a privacidade. Esta aplicação é capaz de detetar que tipo de dispositivos estão próximos, que tipo de dados são recolhidos por esses dispositivos e apresentar opções de privacidade ao utilizador, quando possível, com o objetivo de fornecer aos indivíduos uma ferramenta para tomarem decisões informadas sobre os seus dados privados.Internet of Things devices are everywhere, since the birth of ubiquitous computing, human everyday life is expected to contain millions of devices that control every aspect of our lives. Today we have smart vehicles, smart houses, smart cities, wearables among other things that use various types of devices, and various types of networks to communicate. These devices create new ways of collecting and processing personal data from users, and non-users. Most end users are not even aware or have little control over the information that is being collected by these systems. This work takes a holistic approach to this problem by rst conducting a literature review to compile current solutions, challenges and future research opportunities. Then conducting a survey to learn more about the general knowledge of individuals about privacy, the Internet of Things and online habits, and nally, based on the information gathered, a mobile application is proposed that gives users information about nearby devices, and how to protect the data that they do not want to share with them. User testing revealed that participants valued having access to more information about privacy related terms. This application is capable of detecting what type of devices are nearby, what kind of data is collected by these devices, and displaying privacy options to the user, when it is possible to do so, with the goal of providing individuals a tool to make informed decisions about their private data

The Prosecutor in your pocket: a study on the constitutional issues arising out of the use of social media evidence in government investigations with a specific focus on the right to privacy

Full textToday, individuals network and interact with each other in radically different ways, using social networking sites such as Facebook and Twitter. Utilizing this new media, individuals are able to share intimate details of their lives, coordinate activities, and exchange ideas with friends, family and others in ways previously accomplished only in person, by telephone, or in written letters stored in one 's home. At the same time, social networking sites are increasingly being utilized by terrorist entities for both recruiting purposes and for the planning, financing , and execution of terrorist acts, as well as by other criminal actors. As such social networks have become a valuable source of intelligence for the law enforcement and intelligence communities, enabling the collection of information pertaining to individuals in ways not previously possible. However, the law pertaining to surveillance in cyberspace has failed to keep pace with society's adoption of social networking and other cloud computing technologies. This paper examines the privacy safeguards inherent in the article 31 of the Kenyan Constitution 2010 and Fourth Amendment to the American Constitution and the need to strike an appropriate balance between an individual 's reasonable expectations of privacy in one's online communications and the government's intelligence requirements necessary to combat emerging criminal and terrorist threats

When Cyber Systems Crash: Attitudes Towards Cyber Utilization And Security

This research focused on examining attitudinal differences of Internet utilization and security with the objective of understanding the relationships that cyber usability have with cybercrime and then determine best practices needed to promote the secure use of the Internet. The research was designed as a quantitative study that used judgment sampling to survey 433 cases to explain the relationship that exists between cyber utilization and security. To achieve this objective, research questions and hypothesis were designed to guide the analysis. Cross tabulation analysis was used to compare the dependent and independent variables while Chi-square, Lambda and Gamma statistical tests were used to verify the relationship and identify statistical significance of the relationship. The findings revealed that while variables like being IT savvy, amount of financial loss, education, age, gender and residence location did not have evidence of a relationship with security, research participants had concern for secure cyber use and thought that cybersecurity awareness training and type of transaction conducted on the Internet were associated to security even though the strength of each relationship was weak. The study highlighted the damaging effects of cybercrime and recommended that cyber users should embrace best practice principles as they browse the Internet and utilize cybersecurity awareness training as an important function of secure IT utilization

IRISS (Increasing Resilience in Surveillance Societies) FP7 European Research Project, Deliverable 4.2: Doing privacy in everyday encounters with surveillance.

The main idea of IRISS WP 4 was to analyse surveillance as an element of everyday life of citizens. The starting point was a broad understanding of surveillance, reaching beyond the narrowly defined and targeted (nonetheless encompassing) surveillance practices of state authorities, justified with the need to combat and prevent crime and terrorism. We were interested in the mundane effects of surveillance practices emerging in the sectors of electronic commerce, telecommunication, social media and other areas. The basic assumption of WP 4 was that being a citizen in modern surveillance societies amounts to being transformed into a techno-social hybrid, i.e. a human being inexorably linked with data producing technologies, becoming a data-leaking container. While this “ontological shift” is not necessarily reflected in citizens’ understanding of who they are, it nonetheless affects their daily lives in many different ways. Citizens may entertain ideas of privacy, autonomy and selfhood rooted in pre-electronic times while at the same time acting under a regime of “mundane governance”. We started to enquire about the use of modern technologies and in the course of the interviews focussed on issues of surveillance in a more explicit manner. Over 200 qualitative interviews were conducted in a way that produced narratives (stories) of individual experiences with different kinds of technologies and/or surveillance practices. These stories then were analysed against the background of theoretical hypotheses of what it means in objective terms to live in a surveillance society. We assume that privacy no longer is the default state of mundane living, but has to be actively created. We captured this with the term privacy labour. Furthermore we construed a number of dilemmas or trade-off situations to guide our analysis. These dilemmas address the issue of privacy as a state or “good” which is traded in for convenience (in electronic commerce), security (in law enforcement surveillance contexts), sociality (when using social media), mutual trust (in social relations at the workplace as well as in the relationship between citizens and the state), and engagement (in horizontal, neighbourhood watch-type surveillance relations). For each of these dilemmas we identified a number of stories demonstrating how our respondents as “heroes” in the narrative solved the problems they encountered, strived for the goals they were pursuing or simply handled a dilemmatic situation. This created a comprehensive and multi-dimensional account of the effects of surveillance in everyday life. Each of the main chapters does focus on one of these different dilemmas