Pretty Private Group Management

Group management is a fundamental building block of today's Internet applications. Mailing lists, chat systems, collaborative document edition but also online social networks such as Facebook and Twitter use group management systems. In many cases, group security is required in the sense that access to data is restricted to group members only. Some applications also require privacy by keeping group members anonymous and unlinkable. Group management systems routinely rely on a central authority that manages and controls the infrastructure and data of the system. Personal user data related to groups then becomes de facto accessible to the central authority. In this paper, we propose a completely distributed approach for group management based on distributed hash tables. As there is no enrollment to a central authority, the created groups can be leveraged by various applications. Following this paradigm we describe a protocol for such a system. We consider security and privacy issues inherently introduced by removing the central authority and provide a formal validation of security properties of the system using AVISPA. We demonstrate the feasibility of this protocol by implementing a prototype running on top of Vuze's DHT

Deployment of churn prediction model in financial services industry

© 2016 IEEE. Nowadays, data analytics techniques are playing an increasingly crucial role in financial services due to the huge benefits they bring. To ensure a successful implementation of an analytics project, various factors and procedures need to be considered besides technical issues. This paper introduces some practical lessons from our deployment of a data analytics project in a leading wealth management company in Australia. Specifically, the process of building a customer churn prediction model is described. Besides common steps of data analysis, how to deal with other practical issues like data privacy and change management that are encountered by many financial companies are also introduced

GDPR: Governance implications for regimes outside the EU

It is estimated that as of 2017 around 120 nations around the globe had legislation to protect personal data with at least another 30 in train. Many of the early regimes (dating back to the 1980s and 90s) reflect the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980, updated 2013). However, there are also increasing concerns that these guidelines may no longer be fit for purpose with recent issues regarding breaches of data security and privacy. The EU's General Data Protection Regulation (GDPR) (2016) implements a reformed data privacy regime. Tellingly, some of the new and pending privacy regulations elsewhere reflect the GDPR, a characteristic that suggests much about the impact of international trade. Two questions arise: first, how is the GDPR likely to affect and influence governance of organisations, not only those domiciled in the EU, but also those trading with the Union or having a presence there? Second, compared to the GDPR, what gaps are there in other existing privacy regimes and what are the implications for the governance of those organisations and their risk management strategies? This paper compares the GDPR with privacy regimes in place in New Zealand and Australia (the first of which has GDPR “approved country status” for receipt of data) and attempts to answer the questions above, thus providing a focus for empirical research. As such, the paper provides insight into the impact of the data privacy and security legislative reform, on corporate governance, strategy and risk management beyond the EU in its reach to far distant regions. © The Authors, 2018. All Rights Reserved.Proceedings of the 14th European Conference on Management, Leadership and Governance, ECMLG 201

The underestimation of threats to patients data in clinical practice

Issues in the security of medical data present a greater challenge than in other data security environments. The complexity of the threats and ethics involved, coupled with the poor management of these threats makes the protection of data in clinical practice problematic. This paper discusses the security threats to medical data in terms of confidentiality, privacy, integrity, misuse and availability, and reviews the issue of responsibility with reference to clinical governance. Finally. the paper uncovers some of the underlying reasons for the underestimation of the threats to medical data by the medical profession

Certificateless Algorithm for Body Sensor Network and Remote Medical Server Units Authentication over Public Wireless Channels

Wireless sensor networks process and exchange mission-critical data relating to patients’ health status. Obviously, any leakages of the sensed data can have serious consequences which can endanger the lives of patients. As such, there is need for strong security and privacy protection of the data in storage as well as the data in transit. Over the recent past, researchers have developed numerous security protocols based on digital signatures, advanced encryption standard, digital certificates and elliptic curve cryptography among other approaches. However, previous studies have shown the existence of many security and privacy gaps that can be exploited by attackers to cause some harm in these networks. In addition, some techniques such as digital certificates have high storage and computation complexities occasioned by certificate and public key management issues. In this paper, a certificateless algorithm is developed for authenticating the body sensors and remote medical server units. Security analysis has shown that it offers data privacy, secure session key agreement, untraceability and anonymity. It can also withstand typical wireless sensor networks attacks such as impersonation, packet replay and man-in-the-middle. On the other hand, it is demonstrated to have the least execution time and bandwidth requirements

The Power Over Private Information in Big Data-Society: Power Structures of User-generated Data Manifested by Privacy and Data Policies

The starting point of this thesis is the managing of user-generated data in the online ecosystem and expanding development of big data. Many are worried that companies and authorities are invading their online privacy, and the lack of control by the provider of data, the citizens, can be considered one of our time’s most pressing civil rights issues. At the same time, media and information literacy become more and more important for the ability to actively be part of society. Libraries have an educational role to gain awareness of information issues, which includes privacy issues. The aim of this study is to investigate the power structures of privacy, ownership, gathering, store and use, of user-generated data, through the discourses manifested by privacy and data policies of social media services. This is done by deploying a theoretical framework of power and language with critical discourse analysis, CDA, and of mechanisms of privacy with communication privacy management, CPM, theory, complemented by a discursive understanding of power and normative manifestation in online interfaces. Methodologically the study is conducted by a critical discourse analysis of the privacy and data policies of Facebook, Twitter, Instagram, Google, Youtube, Tumblr, Pinterest, Snapchat, Reddit, Linkedin and Ello. An interface analysis is also conducted on the same social media services’ mobile phone applications and websites, pre and post login. By this, different discourses are identified. The companies claim that the users’ privacy is something valuable and important but this is not mirrored by the interfaces, where links to privacy policies mainly are placed in the bottom of pages and menus. In the policies privacy is constructed as possession, claiming to belong to, and be controlled by, the user. However, later statements contest this by manifesting great restrictions on both ownership and control. At the same time, the language of the policies is used to portray the user as responsible for all of the services’ practices. The policies of Reddit and Ello constitute exceptions in some respects and also express discursive struggle. In conclusion, this study shows that power in the policies is manifested by uncertainties, the users’ lack of control and influence and the social media companies’ lack of transparency