19 research outputs found
Use of apps in the COVID-19 response and the loss of privacy protection
Mobile apps provide a convenient source of tracking and data collection to fight against the spread of COVID-19. We report our analysis of 50 COVID-19-related apps, including their use and their access to personally identifiable information, to ensure that the right to privacy and civil liberties are protected.Ope
Preserving Privacy in Cyber-physical-social systems: An Anonymity and Access Control Approach
With the significant development of mobile commerce, the integration of physical, social, and cyber worlds is increasingly common.
The term Cyber Physical Social Systems is used to capture technology’s human-centric role. With the revolutionization of CPSS,
privacy protections become a major concern for both customers
and enterprises. Although data generalization by obfuscation and
anonymity can provide protection for an individual’s privacy, overgeneralization may lead to less-valuable data. In this paper, we
contrive generalization boundary techniques (k-anonymity) to maximize data usability while minimizing disclosure with a privacy
access control mechanism. This paper proposes a combination of
purpose-based access control models with an anonymity technique
in distributed computing environments for privacy preserving policies and mechanisms that demonstrate policy conflicting problems.
This combined approach will provide protections for individual personal information and make data sharable to authorized party with
proper purposes. Here, we have examined data with k-anonymity
to create a specific level of obfuscation that maintains the usefulness of data and used a heuristic approach to a privacy access
control framework in which the privacy requirement is to satisfy
the k-anonymity. The extensive experiments on both real-world
and synthetic data sets show that the proposed privacy aware access
control model with k- anonymity is practical and effective. It will
generate an anonymized data set in accordance with the privacy
clearance of a certain request and allow users access at different
privacy levels, fulfilling some set of obligations and addressing privacy and utility requirements, flexible access control, and improved
data availability, while guaranteeing a certain level of privacy.Ope
Towards a Comprehensive Set of PII for Ensuring Privacy Protections
Personal Identifiable Information (PII) refers to any information that can be used to trace or identify an individual. With increasing online communication and a remote workforce, sharing PII has become mainstream online. In turn, this allows adversaries to attack account users’ systems, and impact users financially, economically, and affect their reputation. While the Internet,
innovation and industrialization has become the important part of our social and economic structure as a natural component, each individual’s development depends on reliable and resilient infrastructure. Since the Internet is an unavoidable resource in our everyday life, this has become
necessary to ensure safe and secure communication among different parties to enhance technological capabilities of industrial sectors all over the world. Industries are liable to keep people in society safe in online environments, which makes this a good time to consider a sustainable development plan to ensure security and privacy when preserving online
communication for individuals. There are different mechanisms that exist to provide users with a certain level of privacy and safety. With the overarching technological development, it has become complicated to measure and handle PII (directly or indirectly) considering the recent setting of
piecewise protection for different data types. In our study, we detail how organizations provide protection for different data types among PII. In addition, we have conducted a short study that analyzes online social data privacy on Facebook and Reddit in regards to how they handle collected
data. Finally, we offer several paths for future research that must be considered for a comprehensive privacy protection program for users’ PII when developing resilient infrastructure, including regional and transborder.Ope
What is in Your App? Uncovering Privacy Risks of Female Health Applications
FemTech or Female Technology, is an expanding field dedicated to providing
affordable and accessible healthcare solutions for women, prominently through
Female Health Applications that monitor health and reproductive data. With the
leading app exceeding 1 billion downloads, these applications are gaining
widespread popularity. However, amidst contemporary challenges to women's
reproductive rights and privacy, there is a noticeable lack of comprehensive
studies on the security and privacy aspects of these applications. This
exploratory study delves into the privacy risks associated with seven popular
applications. Our initial quantitative static analysis reveals varied and
potentially risky permissions and numerous third-party trackers. Additionally,
a preliminary examination of privacy policies indicates non-compliance with
fundamental data privacy principles. These early findings highlight a critical
gap in establishing robust privacy and security safeguards for FemTech apps,
especially significant in a climate where women's reproductive rights face
escalating threats.Comment: 9 pages, 3 table
Information Privacy: Current and future research directions
As more and more data is collected, concerns about information privacy become more and more salient. Information privacy is an inter- and multi-disciplinary subject relevant to researchers throughout the iSchools community. This full-day workshop will bring researchers together to discuss current and future research directions in information privacy and how iSchools can respond to the forthcoming National Privacy Research Strategy. Through a keynote presentation, plenary speakers, position papers, and group discussion, participants will explore current privacy research issues and their relevance to information research conducted by the iSchools community. Privacy scholars may submit position papers on their research projects and future directions to the workshop website for selection for presentation during the afternoon of the workshop. In addition to discussions of the presentations, during breakout sessions the workshop participants will seek to define new information privacy research questions for future work by iSchools scholars.Ope
Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency
So many of our daily activities now take place “in the cloud,” where we use our devices to tap into massive networks that span the globe. Virtually every time that we plug into a new service, the service requires us to click the seemingly ubiquitous box indicating that we have read and agreed to the provider’s terms of service (TOS) and privacy policy. If a user does not click on this box, he is denied access to the service, but agreeing to these terms without reading them can negatively impact the user’s legal rights. As part of this work, we analyzed and categorized the terms of TOS agreements and privacy policies of several major cloud services to aid in our assessment of the state of user privacy in the cloud. Our empirical analysis showed that providers take similar approaches to user privacy and were consistently more detailed when describing the user’s obligations to the provider than when describing the provider’s obligations to the user. This asymmetry, combined with these terms’ nonnegotiable nature, led us to conclude that the current approach to user privacy in the cloud is in need of serious revision. In this Article, we suggest adopting a legal regime that requires companies to provide baseline protections for personal information and also to take steps to enhance the parties’ control over their own data. We emphasize the need for a regime that allows for “data control” in the cloud, which we define as consisting of two parts: (1) the ability to withdraw data and require a service provider to stop using or storing the user’s information (data withdrawal); and (2) the ability to move data to a new location without being locked into a particular provider (data mobility). Ultimately, our goal with this piece is to apply established law and privacy theories to services in the cloud and set forth a model for the protection of information privacy that recognizes the importance of informed and empowered users
Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities
Recent innovations in mobile technologies are playing an important
and vital role in combating the COVID-19 pandemic. While mobile apps’
functionality plays a crucial role in tackling the COVID-19 spread, it is also
raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.Ope
Stance classification of Twitter debates: The encryption debate as a use case
Social media have enabled a revolution in user-generated
content. They allow users to connect, build community, produce
and share content, and publish opinions. To better understand
online users’ attitudes and opinions, we use stance classification.
Stance classification is a relatively new and challenging
approach to deepen opinion mining by classifying a user's stance
in a debate. Our stance classification use case is tweets that were
related to the spring 2016 debate over the FBI’s request that
Apple decrypt a user’s iPhone. In this “encryption debate,”
public opinion was polarized between advocates for individual
privacy and advocates for national security. We propose a
machine learning approach to classify stance in the debate, and a
topic classification that uses lexical, syntactic, Twitter-specific,
and argumentative features as a predictor for classifications.
Models trained on these feature sets showed significant
increases in accuracy relative to the unigram baseline.Ope
Eight months into the COVID-19 Pandemic- Do Users Expect less Privacy?
While mobile apps provide immense benefits for the containment of the spread of COVID-19, privacy and security of these digital tracing apps are at the center of public debate. To understand users concerns and preferences for using a COVID-19 app, we conducted 2 surveys 3 months apart to determine what kind of privacy protections users were seeking in these apps and if those expectations change over time. Our survey results from participants N1: 2294 and N2: 2140 indicate that, trust plays a vital role in their adoption decision of such apps. Additionally, users’ preference for certain privacy protection and transparency revealed a disconnect between what technologists’ and users’ expectation. In this paper, we present our survey results to formalize design guidelines for app designers, providers and relevant authority. We recommend three important mechanisms of trust, preferences, and transparency that could greatly influence users’ adoption of such apps and can provide critical design components that can satisfy users’ expected privacy protections.Ope