Potential mass surveillance and privacy violations in proximity-based social applications

Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts. This information is acquired through passive geo-localisation and used to build a sense of serendipitous discovery of people, places and interests. Unfortunately, while this class of applications opens different interactions possibilities for people in urban settings, obtaining access to certain identity information could lead a possible privacy attacker to identify and follow a user in their movements in a specific period of time. The same information shared through the platform could also help an attacker to link the victim's online profiles to physical identities. We analyse a set of popular dating application that shares users relative distances within a certain radius and show how, by using the information shared on these platforms, it is possible to formalise a multilateration attack, able to identify the user actual position. The same attack can also be used to follow a user in all their movements within a certain period of time, therefore identifying their habits and Points of Interest across the city. Furthermore we introduce a social attack which uses common Facebook likes to profile a person and finally identify their real identity

Trafficking in Persons: U.S. Policy and Issues for Congress

[Excerpt] This report focuses on international and domestic human trafficking and U.S. policy responses, with particular emphasis on the TVPA and its subsequent reauthorizations. The report begins with a description of key TIP-related definitions and an overview of the human trafficking problem. It follows with an overview of major foreign policy responses to international human trafficking. The report then focuses on responses to trafficking into and within the United States, examining relief for trafficking victims in the United States and discussing U.S. law enforcement efforts to combat domestic trafficking. The report concludes with an overview of current anti-trafficking legislation and an analysis of policy issues

Border Security: Understanding Threats at U.S. Borders

[Excerpt] The United States confronts a wide array of threats at U.S. borders, ranging from terrorists who may have weapons of mass destruction, to transnational criminals smuggling drugs or counterfeit goods, to unauthorized migrants intending to live and work in the United States. Given this diversity of threats, how may Congress and the Department of Homeland Security (DHS) set border security priorities and allocate scarce enforcement resources? In general, DHS’s answer to this question is organized around risk management, a process that involves risk assessment and the allocation of resources based on a cost-benefit analysis. This report focuses on the first part of this process by identifying border threats and describing a framework for understanding risks at U.S. borders. DHS employs models to classify threats as relatively high- or low-risk for certain planning and budgeting exercises and to implement certain border security programs. Members of Congress may wish to use similar models to evaluate the costs and benefits of potential border security policies and to allocate border enforcement resources. This report discusses some of the issues involved in modeling border-related threats

Literature Overview - Privacy in Online Social Networks

In recent years, Online Social Networks (OSNs) have become an important\ud part of daily life for many. Users build explicit networks to represent their\ud social relationships, either existing or new. Users also often upload and share a plethora of information related to their personal lives. The potential privacy risks of such behavior are often underestimated or ignored. For example, users often disclose personal information to a larger audience than intended. Users may even post information about others without their consent. A lack of experience and awareness in users, as well as proper tools and design of the OSNs, perpetuate the situation. This paper aims to provide insight into such privacy issues and looks at OSNs, their associated privacy risks, and existing research into solutions. The final goal is to help identify the research directions for the Kindred Spirits project

User's Privacy in Recommendation Systems Applying Online Social Network Data, A Survey and Taxonomy

Recommender systems have become an integral part of many social networks and extract knowledge from a user's personal and sensitive data both explicitly, with the user's knowledge, and implicitly. This trend has created major privacy concerns as users are mostly unaware of what data and how much data is being used and how securely it is used. In this context, several works have been done to address privacy concerns for usage in online social network data and by recommender systems. This paper surveys the main privacy concerns, measurements and privacy-preserving techniques used in large-scale online social networks and recommender systems. It is based on historical works on security, privacy-preserving, statistical modeling, and datasets to provide an overview of the technical difficulties and problems associated with privacy preserving in online social networks.Comment: 26 pages, IET book chapter on big data recommender system

AMISEC: Leveraging Redundancy and Adaptability to Secure AmI Applications

Security in Ambient Intelligence (AmI) poses too many challenges due to the inherently insecure nature of wireless sensor nodes. However, there are two characteristics of these environments that can be used effectively to prevent, detect, and confine attacks: redundancy and continuous adaptation. In this article we propose a global strategy and a system architecture to cope with security issues in AmI applications at different levels. Unlike in previous approaches, we assume an individual wireless node is vulnerable. We present an agent-based architecture with supporting services that is proven to be adequate to detect and confine common attacks. Decisions at different levels are supported by a trust-based framework with good and bad reputation feedback while maintaining resistance to bad-mouthing attacks. We also propose a set of services that can be used to handle identification, authentication, and authorization in intelligent ambients. The resulting approach takes into account practical issues, such as resource limitation, bandwidth optimization, and scalability

A Survey of the Economics of Security

This report assesses the literature on the inter-relations between the economy and security with particular focus on terrorism and the "human drivers of insecurity" to identify both available knowledge and crucial research gaps. In addition, the report surveys the European research capacity in the field of security economics. The study is based on a thorough literature survey of the newly emerging field of security economics, using a variety of electronic catalogues and search engines as sources. The study reveals that it is not just terror attacks but also security measures of private and public agents responding to the threat of terrorism that incur significant repercussions for the economy, often with trans-national consequences. Impacts vary with the maturity of an economy; appropriate ex ante and ex post policies are critical to contain the damage of terrorism. Given the dynamic nature of human-induced insecurity, policies should place emphasis on "systemic resilience". Gaps in the economic security literature include insufficient knowledge of the behaviour of terrorists and their targets. Furthermore, the global impacts of terror attacks and especially of security measures require more analysis. Future research requires a more rigorous conceptual framework, methodological improvements and, above all, better data. In comparison to the United States, the current research capacity in security economics in Europe is weak. On the one hand, there is significant research potential in the field of security economics within the European Union in the shape of several high quality researchers. On the other hand, the existing research infrastructure and institutional barriers both inhibit this potential from being developed academically and for policy advice. Establishing a European network of security economists and funding a European centre for security economics could contribute to remedy this situation.

An Economic Analysis of Privacy Protection and Statistical Accuracy as Social Choices

Statistical agencies face a dual mandate to publish accurate statistics while protecting respondent privacy. Increasing privacy protection requires decreased accuracy. Recognizing this as a resource allocation problem, we propose an economic solution: operate where the marginal cost of increasing privacy equals the marginal benefit. Our model of production, from computer science, assumes data are published using an efficient differentially private algorithm. Optimal choice weighs the demand for accurate statistics against the demand for privacy. Examples from U.S. statistical programs show how our framework can guide decision-making. Further progress requires a better understanding of willingness-to-pay for privacy and statistical accuracy