Pseudo Identities Based on Fingerprint Characteristics

This paper presents the integrated project TURBINE which is funded under the EU 7th research framework programme. This research is a multi-disciplinary effort on privacy enhancing technology, combining innovative developments in cryptography and fingerprint recognition. The objective of this project is to provide a breakthrough in electronic authentication for various applications in the physical world and on the Internet. On the one hand it will provide secure identity verification thanks to fingerprint recognition. On the other hand it will reliably protect the biometric data through advanced cryptography technology. In concrete terms, it will provide the assurance that (i) the data used for the authentication, generated from the fingerprint, cannot be used to restore the original fingerprint sample, (ii) the individual will be able to create different "pseudo-identities" for different applications with the same fingerprint, whilst ensuring that these different identities (and hence the related personal data) cannot be linked to each other, and (iii) the individual is enabled to revoke an biometric identifier (pseudo-identity) for a given application in case it should not be used anymore

Electronic Identity in Europe: Legal challenges and future perspectives (e-ID 2020)

This deliverable presents the work developed by the IPTS eID Team in 2012 on the large-encompassing topic of electronic identity. It is structured in four different parts: 1) eID: Relevance, Le-gal State-of-the-Art and Future Perspectives; 2) Digital Natives and the Analysis of the Emerging Be-havioral Trends Regarding Privacy, Identity and Their Legal Implications; 3) The "prospective" use of social networking services for government eID in Europe; and 4) Facial Recognition, Privacy and Iden-tity in Online Social Networks.JRC.J.3-Information Societ

Assessing electronic government readiness of public organisations: effect of internal factors (case of Egypt).

Governments have become more and more interested in embracing Information and Communication Technology (ICT), and have made a remarkable progress over the last few years. Electronic Government (e-government) - described as the strategic use of ICT to transform the public sector - is presently recognised as a driver and a key enabler of citizen-centric, cooperative, and seamless modern governance. E-government implementation implies not only a profound transformation in the way government interacts with the governed, but also a reinvention of its internal processes and how public organisations carry their business both internally as well as externally while interacting with the other segments of the community. Based on the literature, it is frequently claimed that the availability of an effective E-Government Readiness (EGR) assessment framework is a necessary condition for advancing e-government proper implementation. Most e-government appraisal models address the Electronic Service (e-service) dimension of e-government that focuses on the services provided by the government to the citizens on the Internet. This gives a very narrow perspective to e-government ignoring a key dimension: the Electronic Administration (e-administration), that highlights the importance of modernising the public sector, increasing government productivity, and transforming its internal processes. Furthermore, developed models assess E-Government Readiness (EGR) on a country as a whole without conducting an in-depth assessment on a public organisation scale. In addition, the majority of these models do not take into consideration the opinion of the civil servants involved in such e-government programs, a key stakeholder that affects their success. The objective of this thesis is to develop a framework that assesses EGR focusing on e-administration within public organisations through obtaining its employees‟ feedback. The suggested framework investigated the internal factors affecting EGR categorised into four dimensions: (i) strategy, (ii) people, (iii) technology, and (iv) processes. A number of measuring constructs are identified under each dimension. The framework components, relationships, and hypotheses were derived from the literature on Electronic Readiness (e-readiness), EGR, Information Systems (IS) and Electronic Commerce (e-commerce) success. In order to test the proposed framework, the thesis examined the relations and interactions of these components in an emerging e-government environment using four case studies of different characteristics to represent public organisations in Egypt. These organisations cover municipalities, investment, tax payment, and health sectors. Quantitative data collection method was through distributing a questionnaire to a sample of employees in each organisation. Data obtained from the questionnaire in each organisation was triangulated with data gathered from other sources of evidence: (i) interviews with top management, (ii) documentations, (iii) archival records, and (iv) observations. Findings of the empirical research were evaluated against the framework suggested in the beginning leading to a final framework that assesses EGR of public organisations. Findings revealed that framework's hypotheses were all confirmed. Concerning Egypt's EGR assessment, results proved that processes, technology, and people have a high effect on EGR, whereas strategy has a modest impact on it. This reflects that strategy is not given a high value in terms of e-government and that top management need to further promote e-government within public Egyptian organisations. Findings revealed also the modest impact of strategy on the two dimensions: technology and processes compared with its high effect on people. The research highlighted also the different measuring constructs that have the highest weights in each of the four dimensions. This helps in understanding e-government environment of public organisations in Egypt, showing the main components that affect EGR. The thesis though provides a rich insight into investigating e-administration within public organisations especially in a developing country such as Egypt, and presents a systematic approach to assess EGR of public organisations based on the four e-government building blocks: (i) strategy, (ii) people, (iii) technology, and (iv) processes. Therefore the thesis contributes to research areas in the literature related to assessments of information systems, e-commerce, e-readiness, and e-government readiness

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse