Engineering Commons^™

Boundary Regulation Processes And Privacy Concerns With (Non-)Use Of Voice-Based Assistants, Jessica Vitak, Priya C. Kumar, Yuting Liao, Michael Zimmer

Human-Machine Communication

An exemplar of human-machine communication, voice-based assistants (VBAs) embedded in smartphones and smart speakers simplify everyday tasks while collecting significant data about users and their environment. In recent years, devices using VBAs have continued to add new features and collect more data—in potentially invasive ways. Using Communication Privacy Management theory as a guiding framework, we analyze data from 11 focus groups with 65 US adult VBA users and nonusers. Findings highlight differences in attitudes and concerns toward VBAs broadly and provide insights into how attitudes are influenced by device features. We conclude with considerations for how to address boundary regulation …

Presenting A Method To Detect Intrusion In Iot Through Private Blockchain, Rezvan Mahmoudie, Saeed Parsa, Amir Masoud Rahmani

Turkish Journal of Electrical Engineering and Computer Sciences

Blockchain (BC) has been used as a new solution to overcome security and privacy challenges in the Internet of Things (IoT). However, recent studies have indicated that the BC has a limited scalability and is computationally costly. Also, it has significant overhead and delay in the network, which is not suitable to the nature of IoT. This article aims at implementing BC in the IoT context for smart home management, as the integration of these two technologies ensures the IoT's security and privacy. Therefore, we proposed an overlay network in private BC to optimize its compatibility with IoT by increasing …

Privacy In Blockchain Systems, Murat Osmanoğlu, Ali̇ Aydin Selçuk

Turkish Journal of Electrical Engineering and Computer Sciences

Privacy of blockchains has been a matter of discussion since the inception of Bitcoin. Various techniques with a varying degree of privacy protection and complexity have been proposed over the past decade. In this survey, we present a systematic analysis of these proposals in four categories: (i) identity, (ii) transaction, (iii) consensus, and (iv) smart contract privacy. Each of these categories have privacy requirements of its own, and various solutions have been proposed to meet these requirements. Almost every technique in the literature of privacy enhancing technologies have been applied to blockchains: mix networks, zero-knowledge proofs, blind signatures, ring signatures, …

Permissioned Blockchain Based Remote Electronic Examination, Öznur Kalkar, İsa Sertkaya

Turkish Journal of Electrical Engineering and Computer Sciences

Recent coronavirus pandemic transformed almost all aspects of daily life including educational institutions and learning environments. As a result, this transformation brought remote electronic examination (shortly e-exam) concepts back into consideration. In this study, we revisit secure and privacy preserving e-exam protocol proposals and propose an e-exam protocol that utilizes decentralized identity-based verifiable credentials for proof of authentication and public-permissioned blockchain for immutably storing records. In regard to the previously proposed e-exam schemes, our scheme offers both privacy enhancement and better efficiency. More concretely, the proposed solution satisfies test answer authentication, examiner authentication, anonymous marking, anonymous examiner, question secrecy, question …

Estonian Internet Voting With Anonymous Credentials, İsa Sertkaya, Peter Roenne, Peter Y. A. Ryan

Turkish Journal of Electrical Engineering and Computer Sciences

The Estonian Internet voting (EIV) scheme is a unique example of a long-term nation-wide, legally binding electronic voting deployment. The EIV scheme is used in parallel with standard paper-based election day voting, of course invalidating an already cast i-vote. This necessarily requires careful authentication of the eligible voters and makes the Estonian identity card solution a crucial part of the scheme, however, note that Parsovs has recently drawn attention to the security flaws found in Estonian ID-cards. In this study, we propose an e-voting scheme EIV-AC that integrates the EIV scheme with anonymous credentials based on self-sovereign identity. In addition …

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Icts For Surveillance And Suppression: The Case Of The Indian Emergency 1975-1977, Ramesh Subramanian

Journal of International Technology and Information Management

Information and Communications technologies (ICT) pervade society. The Internet, wireless communication, and social media are ubiquitous in and indispensable in society today. As they continue to grow and mushroom, there are new and increased calls from various segments of the society such as technologists, activists, sociologists, and legal experts, who issue warnings on the more nefarious and undesirable uses of ICTs, especially by governments. In fact, government control and surveillance using ICTs is not a new phenomenon. By looking at history, we are able to see several instances when ICTs have been used by governments to control, surveil, and infringe …

Private Face Detection Based On Random Sub-Images In Cloud, Yuan Peng, Jin Xin, Xiaodong Li, Zhao Geng, Yaming Wu, Mingxin Ma, Yulu Tian, Yingya Chen

Journal of System Simulation

Abstract: In order to detect faces of terminal face image in the cloud at the same time protect both privacy of data,a method of face images privacy detection based on random sub-Images representation was proposed. Terminal divided original image into 2 value sub-images weighted sum based on random sub-images generation algorithm and randomly arranges weights of sub-images. Terminal sent sub-images according to the weights of random sequence to the cloud server. Cloud server detected sub-images with its face detection algorithm. Terminal merges test results based on random sub were exploded. Two random vectors were leveraged to protect the parameters …

From Protecting To Performing Privacy, Garfield Benjamin

The Journal of Sociotechnical Critique

Privacy is increasingly important in an age of facial recognition technologies, mass data collection, and algorithmic decision-making. Yet it persists as a contested term, a behavioural paradox, and often fails users in practice. This article critiques current methods of thinking privacy in protectionist terms, building on Deleuze's conception of the society of control, through its problematic relation to freedom, property and power. Instead, a new mode of understanding privacy in terms of performativity is provided, drawing on Butler and Sedgwick as well as Cohen and Nissenbaum. This new form of privacy is based on identity, consent and collective action, a …

The Data Market: A Proposal To Control Data About You, David Shaw, Daniel W. Engels

SMU Data Science Review

The current legal and economic infrastructure facilitating data collection practices and data analysis has led to extreme over-collection of data and the overall loss of personal privacy. Data over-collection has led to a secondary market for consumer data that is invisible to the consumer and results in a person's data being distributed far beyond their knowledge or control. In this paper, we propose a Data Market framework and design for personal data management and privacy protection in which the individual controls and profits from the dissemination of their data. Our proposed Data Market uses a market-based approach utilizing blockchain distributed …

The Robot Privacy Paradox: Understanding How Privacy Concerns Shape Intentions To Use Social Robots, Christoph Lutz, Aurelia Tamò-Larrieux

Human-Machine Communication

Conceptual research on robots and privacy has increased but we lack empirical evidence about the prevalence, antecedents, and outcomes of different privacy concerns about social robots. To fill this gap, we present a survey, testing a variety of antecedents from trust, technology adoption, and robotics scholarship. Respondents are most concerned about data protection on the manufacturer side, followed by social privacy concerns and physical concerns. Using structural equation modeling, we find a privacy paradox, where the perceived benefits of social robots override privacy concerns.

A New Grid Partitioning Technology For Location Privacy Protection, Yue Sun, Lei Zhang, Jing Li, Zhen Zhang

Turkish Journal of Electrical Engineering and Computer Sciences

Nowadays, the location-based service (LBS) has become an essential part of convenient service in people's daily life. However, the untrusted LBS servers can store lots of information about the user, such as the user's identity, location, and destination. Then the information can be used as background knowledge and combined with the query frequency of the user to launch the inference attack to obtain user's privacy. In most of the existing schemes, the author considers the algorithm of virtual location selection from the historical location of the user. However, the LBS server can infer the user's location information on the historical …

Responding To Some Challenges Posed By The Re-Identification Of Anonymized Personal Data, Herman T. Tavani, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper, we examine a cluster of ethical controversies generated by the re-identification of anonymized personal data in the context of big data analytics, with particular attention to the implications for personal privacy. Our paper is organized into two main parts. Part One examines some ethical problems involving re-identification of personally identifiable information (PII) in large data sets. Part Two begins with a brief description of Moor and Weckert’s Dynamic Ethics (DE) and Nissenbaum’s Contextual Integrity (CI) Frameworks. We then investigate whether these frameworks, used together, can provide us with a more robust scheme for analyzing privacy concerns that …

Permission-Based Privacy Analysis For Android Applications, Erza Gashi, Zhilbert Tafa

International Journal of Business and Technology

While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety …

Privacy Issues In Post Dissemination On Facebook, Burcu Sayi̇n Günel, Serap Şahi̇n, Dimitris G. Kogias, Charalampos Z. Patrikakis

Turkish Journal of Electrical Engineering and Computer Sciences

With social networks (SNs) being populated by a still increasing numbers of people who take advantage of the communication and collaboration capabilities that they offer, the probability of the exposure of people's personal moments to a wider than expected audience is also increasing. By studying the functionalities and characteristics that modern SNs offer, along with the people's habits and common behaviors in them, it is easy to understand that several privacy risks may exist, many of which people may be unaware of. In this paper, we focus on users' interactions with posts in a social network (SN), using Facebook as …

How Much Privacy Do We Have Today? A Study Of The Life Of Marc Mezvinsky, Miguel Mares, Salomon Gilles, Brian D. Gobran, Dan Engels

SMU Data Science Review

In this paper, we present a case study evaluating the level of information available about an individual through public, Internet-accessible sources. Privacy is a basic tenet of democratic society, but technological advances have made access to information and the identification of individuals much easier through Internet-accessible databases and information stores. To determine the potential level of privacy available to an individual in today’s interconnected world, we sought to develop a detailed history of Marc Mezvinsky, a semi-public figure, husband of Chelsea Clinton, and son of two former members of the United States House of Representatives. By utilizing only publicly and …

Privacy Risks And Security Threats In Mhealth Apps, Brinda Hansraj Sampat, Bala Prabhakar

Journal of International Technology and Information Management

mHealth (Mobile Health) applications (apps) have transformed the doctor-patient relationship. They help users with varied functionalities such as monitoring their health, understanding specific health conditions, consulting doctors online and achieving fitness goals. Whilst these apps provide an option of equitable and convenient access to healthcare, a lot of personal and sensitive data about users is collected, stored and shared to achieve these functionalities. Little is known about the privacy and security concerns these apps address. Based on literature review, this paper identifies the privacy risks and security features for evaluating thirty apps in the Medical category across two app distribution …

Emergent Ai, Social Robots And The Law: Security, Privacy And Policy Issues, Ramesh Subramanian

Journal of International Technology and Information Management

The rapid growth of AI systems has implications on a wide variety of fields. It can prove to be a boon to disparate fields such as healthcare, education, global logistics and transportation, to name a few. However, these systems will also bring forth far-reaching changes in employment, economy and security. As AI systems gain acceptance and become more commonplace, certain critical questions arise: What are the legal and security ramifications of the use of these new technologies? Who can use them, and under what circumstances? What is the safety of these systems? Should their commercialization be regulated? What are the …

Content Mining Techniques For Detecting Cyberbullying In Social Media, Shawniece L. Parker, Yen-Hung Hu

Virginia Journal of Science

The use of social media has become an increasingly popular trend, and it is most favorite amongst teenagers. A major problem concerning teens using social media is that they are often unaware of the dangers involved when using these media. Also, teenagers are more inclined to misuse social media because they are often unaware of the privacy rights associated with the use of that particular media, or the rights of the other users. As a result, cyberbullying cases have a steady rise in recent years and have gone undiscovered, or are not discovered until serious harm has been caused to …

Privacy And The Information Age: A Longitudinal View, Charles E. Downing

Journal of International Technology and Information Management

As information systems and data storage capacity become increasingly sophisticated, an important ethical question for organizations is “What can/will/should be done with the personal information that has been and can be collected?” Individuals’ privacy is certainly important, but so is less costly and more targeted business processes. As this conflict intensifies, consumers, managers and policy makers are left wondering: What privacy principles are important to guide organizations in self-regulation? For example, do consumers view the five rights originally stated in the European Data Protection Directive as important? Comprehensive? Is there a product discount point where consumers would forsake these principles? …

In-The-Wild Residual Data Research And Privacy, William B. Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Journal of Digital Forensics, Security and Law

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and …

Longer Than A Telephone Wire - Voice Firewalls To Counter Ubiquitous Lie Detection, Carl Reynolds, Matt Smith, Mark Woodman

The ITB Journal

Mobile computing and communication devices are open to surreptitious privacy attacks using emotion detection techniques; largely utilising work carried out in the area of voice stress analysis (VSA). This paper extends some work in the area of removing emotion cues in the voice, specifically focusing on lie detection and presents the results of a pilot study indicating that the use of mobile phones in situations of stress is common and that awareness of VSA is low. Existing strategies for the removal or modification of emotion cues, based on models of synthesis are considered and weaknesses are identified.

Cyber Black Box/Event Data Recorder: Legal And Ethical Perspectives And Challenges With Digital Forensics, Michael Losavio, Pavel Pastukov, Svetlana Polyakova

Journal of Digital Forensics, Security and Law

With ubiquitous computing and the growth of the Internet of Things, there is vast expansion in the deployment and use of event data recording systems in a variety of environments. From the ships’ logs of antiquity through the evolution of personal devices for recording personal and environmental activities, these devices offer rich forensic and evidentiary opportunities that smash against rights of privacy and personality. The technical configurations of these devices provide for greater scope of sensing, interconnection options for local, near, and cloud storage of data, and the possibility of powerful analytics. This creates the unique situation of near-total data …

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

A Reputation-Based Privacy Management System For Social Networking Sites, Mehmet Erkan Yüksel, Asim Si̇nan Yüksel, Abdül Hali̇m Zai̇m

Turkish Journal of Electrical Engineering and Computer Sciences

Social networking sites form a special type of virtual community where we share our personal information with people and develop new relationships on the Internet. These sites allow the users to share just about everything, including photos, videos, favorite music, and games, and record all user interactions and retain them for potential use in social data mining. This storing and sharing of large amounts of information causes privacy problems for the users of these websites. In order to prevent these problems, we have to provide strict privacy policies, data protection mechanisms, and trusted and built-in applications that help to protect …

P2p Collaborative Filtering With Privacy, Ci̇han Kaleli̇, Hüseyi̇n Polat

Turkish Journal of Electrical Engineering and Computer Sciences

With the evolution of the Internet and e-commerce, collaborative filtering (CF) and privacy-preserving collaborative filtering (PPCF) have become popular. The goal in CF is to generate predictions with decent accuracy, efficiently. The main issue in PPCF, however, is achieving such a goal while preserving users' privacy. Many implementations of CF and PPCF techniques proposed so far are centralized. In centralized systems, data is collected and stored by a central server for CF purposes. Centralized storage poses several hazards to users because the central server controls users' data. In this work, we investigate how to produce naïve Bayesian classifier (NBC)-based recommendations …

Securing Fuzzy Vault Schemes Through Biometric Hashing, Cengi̇z Örenci̇k, Thomas Brochmann Pedersen, Erkay Savaş, Mehmet Keski̇nöz

Turkish Journal of Electrical Engineering and Computer Sciences

The fuzzy vault scheme is a well-known technique to mitigate privacy, security, and usability related problems in biometric identification applications. The basic idea is to hide biometric data along with secret information amongst randomly selected chaff points during the enrollment process. Only the owner of the biometric data who presents correct biometrics can recover the secret and identify himself. Recent research, however, has shown that the scheme is vulnerable to certain types of attacks. The recently proposed ``correlation attack'', that allows linking two vaults of the same biometric, pose serious privacy risks that have not been sufficiently addressed. The primary …

The 2007 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland

Journal of Digital Forensics, Security and Law

All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain …