4,562 research outputs found
PRIVACY’S NEXT ACT
This Article identifies and describes three data privacy policy developments from recent legislative sessions that may seem unrelated, but which I contend together offer clues about privacy law’s future over the short-to-medium term.
The first is the proliferation, worldwide and in U.S. states, of legislative proposals and statutes referred to as “age-appropriate design codes.” Originating in the United Kingdom, age-appropriate design codes typically apply to online services “directed to children” and subject such services to transparency, default settings, and other requirements. Chief among them is an implied obligation to conduct ongoing assessments of whether a service could be deemed “directed to children” such that it triggers application of the codes.
The second development is a well-documented push for responsible artificial intelligence (“AI”) practices in the form of new transparency and accountability frameworks. The most comprehensive such framework is the European Union’s AI Act, although similar reforms in Canada, as well as nascent reforms here in the United States, address analogous topics. Among these are requirements for AI developers to assess, document, and, in some instances, report to regulators the existence of potential harms and plans to mitigate them prior to launching a new AI-driven product or service.
The third development, certain reforms to competition policies, is least likely to be traditionally counted among “privacy” laws. However, I argue that two recent reforms in Europe—the Digital Services Act and the Digital Markets Act—implicate data privacy concerns and should be viewed as imposing privacy-related compliance obligations. For instance, these frameworks address the use of personal data, including sensitive personal information, for online advertising purposes.
My argument is that common threads across these developments underscore the dynamism of privacy law at a critical moment in its development and highlight the increased public awareness of the benefits––and risks––of a data-driven economy and society. To that end, I identify three specific trends among these developments that I anticipate recurring in data privacy policy proposals over privacy’s “next act.” First, legislators and regulators alike appear increasingly focused on age verification technologies as a mechanism for distinguishing between internet users and determining to whom they must provide certain protections. Second, there is a growing appetite for shifting assessment obligations onto regulated entities, albeit with guidance, and requiring that the results of such assessments are affirmatively disclosed to regulators. Third, privacy obligations are no longer limited to data privacy laws. They are increasingly found in other types of policy proposals––and detecting them will require a broader view of what constitutes a “privacy” law than typical among privacy professionals
Hidden in the Cloud : Advanced Cryptographic Techniques for Untrusted Cloud Environments
In the contemporary digital age, the ability to search and perform operations on encrypted data has become increasingly important. This significance is primarily due to the exponential growth of data, often referred to as the "new oil," and the corresponding rise in data privacy concerns. As more and more data is stored in the cloud, the need for robust security measures to protect this data from unauthorized access and misuse has become paramount.
One of the key challenges in this context is the ability to perform meaningful operations on the data while it remains encrypted. Traditional encryption techniques, while providing a high level of security, render the data unusable for any practical purpose other than storage. This is where advanced cryptographic protocols like Symmetric Searchable Encryption (SSE), Functional Encryption (FE), Homomorphic Encryption (HE), and Hybrid Homomorphic Encryption (HHE) come into play. These protocols not only ensure the confidentiality of data but also allow computations on encrypted data, thereby offering a higher level of security and privacy.
The ability to search and perform operations on encrypted data has several practical implications. For instance, it enables efficient Boolean queries on encrypted databases, which is crucial for many "big data" applications. It also allows for the execution of phrase searches, which are important for many machine learning applications, such as intelligent medical data analytics. Moreover, these capabilities are particularly relevant in the context of sensitive data, such as health records or financial information, where the privacy and security of user data are of utmost importance.
Furthermore, these capabilities can help build trust in digital systems. Trust is a critical factor in the adoption and use of digital services. By ensuring the confidentiality, integrity, and availability of data, these protocols can help build user trust in cloud services. This trust, in turn, can drive the wider adoption of digital services, leading to a more inclusive digital society.
However, it is important to note that while these capabilities offer significant advantages, they also present certain challenges. For instance, the computational overhead of these protocols can be substantial, making them less suitable for scenarios where efficiency is a critical requirement. Moreover, these protocols often require sophisticated key management mechanisms, which can be challenging to implement in practice. Therefore, there is a need for ongoing research to address these challenges and make these protocols more efficient and practical for real-world applications.
The research publications included in this thesis offer a deep dive into the intricacies and advancements in the realm of cryptographic protocols, particularly in the context of the challenges and needs highlighted above.
Publication I presents a novel approach to hybrid encryption, combining the strengths of ABE and SSE. This fusion aims to overcome the inherent limitations of both techniques, offering a more secure and efficient solution for key sharing and access control in cloud-based systems. Publication II further expands on SSE, showcasing a dynamic scheme that emphasizes forward and backward privacy, crucial for ensuring data integrity and confidentiality. Publication III and Publication IV delve into the potential of MIFE, demonstrating its applicability in real-world scenarios, such as designing encrypted private databases and additive reputation systems. These publications highlight the transformative potential of MIFE in bridging the gap between theoretical cryptographic concepts and practical applications. Lastly, Publication V underscores the significance of HE and HHE as a foundational element for secure protocols, emphasizing its potential in devices with limited computational capabilities.
In essence, these publications not only validate the importance of searching and performing operations on encrypted data but also provide innovative solutions to the challenges mentioned. They collectively underscore the transformative potential of advanced cryptographic protocols in enhancing data security and privacy, paving the way for a more secure digital future
A Matter of Facts: The Evolution of Copyright’s Fact-Exclusion and Its Implications for Disinformation and Democracy
The Article begins with a puzzle: the curious absence of an express fact-exclusion from copyright protection in both the Copyright Act and its legislative history despite it being a well-founded legal principle. It traces arguments in the foundational Supreme Court case (Feist Publications v. Rural Telephone Service) and in the Copyright Act’s legislative history to discern a basis for the fact-exclusion. That research trail produces a legal genealogy of the fact-exclusion based in early copyright common law anchored by canonical cases, Baker v. Selden, Burrow-Giles v. Sarony, and Wheaton v. Peters. Surprisingly, none of them deal with facts per se but instead with adjacent and related copyright doctrines. A close look at these cases, as well as at relevant legislative history, uncovers provocative aspects of the fight over facts through the nineteenth and twentieth centuries. This fight is really a debate over the evolving place of human labor and the contours of social progress regarding the production of facts in crucial periods of economic and political development. The nature of “facts” and their increasingly central role in governance and technological progress puts pressure on their control and manipulation, including by and for businesses and democratic institutions, such as legislatures and agencies. Revisiting this history amplifies the need for a broader copyright fact-exclusion and a richer public domain that will lead to doctrinal clarity for our digital age. It also has political implications for how to consider the contestability of facts in the twenty-first century as a matter of access to information and the stabilization of societal institutions – such as law, science, and a free press – that are critical for sustaining U.S. democracy
ENHANCING CLOUD SYSTEM RUNTIME TO ADDRESS COMPLEX FAILURES
As the reliance on cloud systems intensifies in our progressively digital world, understanding and reinforcing their reliability becomes more crucial than ever. Despite impressive advancements in augmenting the resilience of cloud systems, the growing incidence of complex failures now poses a substantial challenge to the availability of these systems. With cloud systems continuing to scale and increase in complexity, failures not only become more elusive to detect but can also lead to more catastrophic consequences. Such failures question the foundational premises of conventional fault-tolerance designs, necessitating the creation of novel system designs to counteract them.
This dissertation aims to enhance distributed systems’ capabilities to detect, localize, and react to complex failures at runtime. To this end, this dissertation makes contributions to address three emerging categories of failures in cloud systems. The first part delves into the investigation of partial failures, introducing OmegaGen, a tool adept at generating tailored checkers for detecting and localizing such failures. The second part grapples with silent semantic failures prevalent in cloud systems, showcasing our study findings, and introducing Oathkeeper, a tool that leverages past failures to infer rules and expose these silent issues. The third part explores solutions to slow failures via RESIN, a framework specifically designed to detect, diagnose, and mitigate memory leaks in cloud-scale infrastructures, developed in collaboration with Microsoft Azure. The dissertation concludes by offering insights into future directions for the construction of reliable cloud systems
Security and Privacy in AI-Driven Industry 5.0: Experimental Insights and Threat Analysis
This empirical research offers important insights from simulated industrial situations as it examines security and privacy in AI-driven Industry 5.0. When responding to security problems, participants' remarkable average reaction time of 14 minutes demonstrated their preparedness. On a 5-point rating scale, the clarity and openness of privacy rules were scored 3.8 overall; however, differences between 3.5 and 4.2 indicated the range of privacy issues. These results highlight the need of well-defined security procedures, thorough training, and easily available, transparent privacy regulations in order to manage the ethical integration of AI into Industry 5.0 and promote stakeholder confidence and data protection
Distributed Ledger Technology (DLT) Applications in Payment, Clearing, and Settlement Systems:A Study of Blockchain-Based Payment Barriers and Potential Solutions, and DLT Application in Central Bank Payment System Functions
Payment, clearing, and settlement systems are essential components of the financial markets and exert considerable influence on the overall economy. While there have been considerable technological advancements in payment systems, the conventional systems still depend on centralized architecture, with inherent limitations and risks. The emergence of Distributed ledger technology (DLT) is being regarded as a potential solution to transform payment and settlement processes and address certain challenges posed by the centralized architecture of traditional payment systems (Bank for International Settlements, 2017). While proof-of-concept projects have demonstrated the technical feasibility of DLT, significant barriers still hinder its adoption and implementation. The overarching objective of this thesis is to contribute to the developing area of DLT application in payment, clearing and settlement systems, which is still in its initial stages of applications development and lacks a substantial body of scholarly literature and empirical research. This is achieved by identifying the socio-technical barriers to adoption and diffusion of blockchain-based payment systems and the solutions proposed to address them. Furthermore, the thesis examines and classifies various applications of DLT in central bank payment system functions, offering valuable insights into the motivations, DLT platforms used, and consensus algorithms for applicable use cases. To achieve these objectives, the methodology employed involved a systematic literature review (SLR) of academic literature on blockchain-based payment systems. Furthermore, we utilized a thematic analysis approach to examine data collected from various sources regarding the use of DLT applications in central bank payment system functions, such as central bank white papers, industry reports, and policy documents. The study's findings on blockchain-based payment systems barriers and proposed solutions; challenge the prevailing emphasis on technological and regulatory barriers in the literature and industry discourse regarding the adoption and implementation of blockchain-based payment systems. It highlights the importance of considering the broader socio-technical context and identifying barriers across all five dimensions of the social technical framework, including technological, infrastructural, user practices/market, regulatory, and cultural dimensions. Furthermore, the research identified seven DLT applications in central bank payment system functions. These are grouped into three overarching themes: central banks' operational responsibilities in payment and settlement systems, issuance of central bank digital money, and regulatory oversight/supervisory functions, along with other ancillary functions. Each of these applications has unique motivations or value proposition, which is the underlying reason for utilizing in that particular use case
The politics of internet privacy regulation in a globalised world: an examination of regulatory agencies' autonomy, politicisation, and lobbying strategies
The rapid proliferation of new information technologies has not only made internet privacy one of the most pressing issues of the contemporary area, it has also triggered new regulatory challenges because of their cross-border character. This PhD thesis examines the politics of internet privacy regulation at the global level. Existing research has largely investigated the extent to which there is no international privacy regime, when and why data protection regulations in the European Union affect member state laws and trade relations, and how interest groups shape data protection regulations in the EU. Little scholarly attention, however, has been accorded to the decision-making processes and policies produced beyond the legislative arena. Non-legislative and technical modes of policy-making are yet becoming more prominent in global politics. This research focuses on global data protection and internet privacy rules determined by leading, but little-known, internet regulatory agencies, in particular: the Internet Corporation for Assigned Names and Numbers, World Wide Web Consortium, Internet Engineering Task Force, and Institute of Electrical and Electronics Engineers. It investigates three distinct but interconnected questions regarding regulatory agencies' autonomy, politicisation, and interest groups' lobbying strategies. Each of the three questions corresponds to one substantive chapter and makes distinct contributions, using separate theoretical frameworks, methods, and analyses. Taken together, the chapters provide important theoretical arguments and empirical evidence on the making of internet privacy regulation, with a special emphasis on the role of corporate interests
Assessing the Role and Regulatory Impact of Digital Assets in Decentralizing Finance
This project will explore the development of decentralized financial (DeFi) markets since the first introduction of digital assets created through the application of a form of distributed ledger technology (DLT), known as blockchain, in 2008. More specifically, a qualitative inquiry of the role of digital assets in relation to traditional financial markets infrastructure will be conducted in order to answer the following questions:
(i) can the digital asset and decentralized financial markets examined in this thesis co-exist with traditional assets and financial markets, and, if so,
(ii) are traditional or novel forms of regulation (whether financial or otherwise) needed or desirable for the digital asset and decentralized financial markets examined herein?
The aim of this project will be to challenge a preliminary hypothesis that traditional and decentralized finance can be compatible; provided, that governments and other centralized authorities approach market innovations as an opportunity to improve existing monetary infrastructure and delivery of financial services (both in the public and private sector), rather than as an existential threat. Thus, this thesis seeks to establish that, through collaborating with private markets to identify the public good to which DeFi markets contribute, the public sector can foster an appropriate environment which is both promotive and protective of the public interest without unduly stifling innovation and progress
- …