Showing papers on "Information privacy published in 1995"
TL;DR: The relationships among nationality, cultural values, personal information privacy concerns, and information privacy regulation are examined in this article.
Abstract: The relationships among nationality, cultural values, personal information privacy concerns, and information privacy regulation are examined in this article.
378 citations
Book•
18 Sep 1995
TL;DR: In this paper, the dynamics of congressional policy formulation on privacy issues and why legislation has lagged so far behind technological development are explored, and the authors explain why privacy issues have lagged behind technological developments.
Abstract: From the Publisher:
This book explores the dynamics of congressional policy formulation on privacy issues and explains why legislation has lagged so far behind technological development.
308 citations
Journal Article•
279 citations
TL;DR: The goal of this two-day meeting was to foster interaction between active workers in mobile computing, with a view toward cross-fertilization of ideas.
Abstract: The goal of this two-day meeting was to foster interaction between active workers in mobile computing, with a view toward cross-fertilization of ideas. A summary is given of the discussions that took place during the workshop. The focus is on those interactions that seemed most insightful, or controversial, or evoked the most response from the audience. The discussions included novel methods of mobile computing and the development of system structures, file systems, wiring the campus, application frameworks, exploiting mobility commercially, networks and protocols, accessing the World-Wide Web, and privacy and anonymity. >
118 citations
08 May 1995
TL;DR: This work has developed a replicated memory service which allows users to read from memory without revealing which memory locations they are reading and shows how this protocol can be used in conjunction with existing privacy preserving protocols to allow a user of a mobile computer to maintain privacy despite active attacks.
Abstract: Even as wireless networks create the potential for access to information from mobile platforms, they pose a problem for privacy. In order to retrieve messages, users must periodically poll the network. The information that the user must give to the network could potentially be used to track that user. However, the movements of the user can also be used to hide the user's location if the protocols for sending and retrieving messages are carefully designed. We have developed a replicated memory service which allows users to read from memory without revealing which memory locations they are reading. Unlike previous protocols, our protocol is efficient in its use of computation and bandwidth. We show how this protocol can be used in conjunction with existing privacy preserving protocols to allow a user of a mobile computer to maintain privacy despite active attacks. >
94 citations
TL;DR: It is hard to say what conscientious employees and their ethical employers expect, but it is easy to say that ethical employers should expect the same from their employees.
Abstract: What should conscientious employees and their ethical employers expect? It's hard to say.
87 citations
TL;DR: The AKA method of preference for some proposed PCS air interfaces that are under development by standards bodies is indicated and three proposed AKA methods are compared using this model.
Abstract: Describes progress in the development of authentication and key agreement (AKA) processes for personal communication systems (PCS). A conceptual framework is first established; this is a three-part general model that characterizes all AKA techniques. Then three proposed AKA methods are compared using this model. These methods are the so-called secret key method of GSM, the secret key method of United States Digital Cellular (IS-54, IS-95), and a public key/secret key method. Finally, a summary is presented that indicates the AKA method of preference for some proposed PCS air interfaces that are under development by standards bodies. >
85 citations
28 Feb 1995
TL;DR: This document presents an introduction to the proposal for federal legislation `the Genetic Privacy Act`; a copy of the proposed act; and comment.
Abstract: The Genetic Privacy Act is a proposal for federal legislation. The Act is based on the premise that genetic information is different from other types of personal information in ways that require special protection. The DNA molecule holds an extensive amount of currently indecipherable information. The major goal of the Human Genome Project is to decipher this code so that the information it contains is accessible. The privacy question is, accessible to whom? The highly personal nature of the information contained in DNA can be illustrated by thinking of DNA as containing an individual`s {open_quotes}future diary.{close_quotes} A diary is perhaps the most personal and private document a person can create. It contains a person`s innermost thoughts and perceptions, and is usually hidden and locked to assure its secrecy. Diaries describe the past. The information in one`s genetic code can be thought of as a coded probabilistic future diary because it describes an important part of a unique and personal future. This document presents an introduction to the proposal for federal legislation `the Genetic Privacy Act`; a copy of the proposed act; and comment.
73 citations
TL;DR: Two new conference key distribution schemes for digital mobile communication systems are presented, in which a group of users can generate a common secret keg over a public channel so that they may hold a secure conference.
Abstract: We propose a new service for digital mobile communication systems. The service enables two or more users to hold a secure conference. Two requirements must be considered: privacy and authentication. Privacy involves ensuring that an eavesdropper cannot intercept the conversations of the parties holding the conference. Authentication involves ensuring that service is not obtained fraudulently in order to avoid usage charges. We present two new conference key distribution schemes for digital mobile communication systems. In these schemes, a group of users can generate a common secret keg over a public channel so that they may hold a secure conference. >
71 citations
TL;DR: The article addresses such questions as: what are the implications of the existing privacy guidelines, especially those of the OECD, for knowledge discovery?
Abstract: Several countries have generated principles to protect individuals from the potential invasion of privacy that data collection and retrieval poses. The Organization for Economic Cooperation and Development (OECD) has provided probably the best known set of guidelines. A number of countries have adopted these guidelines as statutory law, in whole or in part. The OECD has specific guidelines pertaining to data privacy that directly affect those performing knowledge discovery generally, and those who use so called "personal data" in particular. The article addresses such questions as: What are the implications of the existing privacy guidelines, especially those of the OECD, for knowledge discovery? What are the limitations of these guidelines? How do the restrictions on knowledge discovery about individuals affect knowledge discovery on groups? How do legal systems influence knowledge discovery?. >
55 citations
27 Aug 1995
TL;DR: It is argued that use of a key escrow system that permits warrants for the interception and decryption of communications for arbitrary time periods can produce both greater privacy protection and more effective law enforcement than the authors now enjoy.
Abstract: We propose a key escrow system that permits warrants for the interception and decryption of communications for arbitrary time periods, and with either one or two communicating parties specified as the target. The system is simple and practical, and affords reasonable protection against misuse. We argue that use of such a system can produce both greater privacy protection and more effective law enforcement than we now enjoy.
TL;DR: Characteristics of the Internet that make it difficult to provide assurances and some of the techniques that can be used to protect users of the network are discussed.
Abstract: As the Internet is used to a greater extent in business, issues of protection and privacy will have more importance. Users and organizations must have the ability to control reads and writes to network accessible information, they must be assured of the integrity and confidentiality of the information accessed over the net, and they must have a means to determine the security, competence, and honesty of the commercial service providers with which they interact. They must also be able to pay for purchases made on the network, and they should be free from excessive monitoring of their activities. This paper discusses characteristics of the Internet that make it difficult to provide such assurances and surveys some of the techniques that can used to protect users of the network. >
Journal Article•
TL;DR: In this paper, the authors define requirements that a cryptographic system used for PCS would need to meet to provide proper privacy and authentication for a PCS phone, some cryptographic system will be necessary.
Abstract: To provide the proper privacy and authentication for a PCS phone, some cryptographic system will be necessary The article defines requirements that a cryptographic system used for PCS would need to meet It does not attempt to define the cryptographic system It does provide a template for examining cryptographic systems to choose between cryptographic alternatives Some of the cryptographic requirements are in the air interface between the PCS phone and the radio port Other requirements are on databases stored in the network and on information shared between systems in the process of handovers or giving service for roaming units The paper first discusses four levels of privacy (including defining two new levels) Then, requirements are identified and discussed in the areas of privacy, theft resistance, radio system performance, system lifetime, physical requirements as implemented in portable/mobile PCS phones, and law enforcement needs >
Journal Article•
Journal Article•
Proceedings Article•
20 Aug 1995TL;DR: An architectural solution of a modular K DD system including a separate data server handling also data security requirements and ensuring that only dynamically aggregated data leave the server and can be analysed by the discovery modules of the KDD system is proposed.
Abstract: KDD deals with the ready data, available in all scientific and applied domains. However, some domains with comprehensive and conclusive data have severe data security problems. To exclude the reidentification risk of individual cases, e.g. persons or companies, the access to these data is rigidly restricted, and often KDD applications are not allowed at all. In this paper, we discuss data privacy issues based on our experience with some applications of the discovery system Explora and other data analysis approaches. At first, some examples of applications are presented referring to a simple classification organized according to two dimensions important for the privacy discussion. Then we treat the reidentification risk and discuss anonymization methods to overcome these problems. Aggregation and synthetization methods are discussed in more detail. There is a tradeoff between the reduction of the reidentification risk and the preservation of the statistical content of data. We analyse for some main KDD patterns, how far the statistical content of anonymized data is still sufficient. In principle, KDD needs aggregate events. Since the event space of a dataset is very large, a static precomputation of all possible events is often not viable. We propose an architectural solution of a modular KDD system including a separate data server handling also data security requirements and ensuring that only dynamically aggregated data leave the server and can be analysed by the discovery modules of the KDD system. Finally, some other data privacy aspects are addressed.
01 Aug 1995
TL;DR: This work evaluates several well-known proposals for credentials, focusing on issues related to privacy and scalability, and point out the research issues that remain before such schemes can be deployed in a world-wide environment with strong privacy guarantees.
Abstract: We consider the problem of providing secure, private access to applications and data in a world-wide distributed client-server environment such as the Internet of the future. In such a system, the set of potential users of a service may extend far beyond the local community knowable to the application providing the service. Applications will not generally have prior knowledge of the individual making a request upon which an access control decision can be baed and furthermore, knowledge of an individual's identity may not be directly useful. We frame our discussion in the context of supporting credentials which are submitted with a request, and propose a list of desiderata for such credentials. We evaluate several well-known proposals for credentials, focusing on issues related to privacy and scalability, and then point out the research issues that remain before such schemes can be deployed in a world-wide environment with strong privacy guarantees.
TL;DR: The authors examined how consumer privacy issues have been perceived over time and across cultures through the analysis of media coverage of the issue in England and the United States over the past 33 years, finding that Americans have expressed more concern about interactional privacy issues (such as intrusions into individuals’ lives through the receipt of direct mail and telephone solicitations).
TL;DR: Health-related applications supported under the HPCC program and NII initiatives include connection of health care institutions to the Internet; enhanced access to gene sequence data; the "Visible Human" Project; and test-bed projects in telemedicine, electronic patient records, shared informatics tool development, and image systems.
02 Apr 1995
TL;DR: The tools and principles necessary to increase personal privacy are demonstrated by creating an anonymous credit card and a national health insurance plan, in which treatment, payment and an individual's identity are separated.
Abstract: Communications networks can separate as well as join information. This ability can be used to increase personal privacy in an environment where advances in technology makes it possible to collect and correlate increasing amounts of information about individuals. The tools and principles necessary to increase personal privacy are demonstrated by creating an anonymous credit card, in which a person's identity and purchases are separated, and a national health insurance plan, in which treatment, payment and an individual's identity are separated. An analysis technique is developed to determine how well the information is separated.
01 Jan 1995
TL;DR: A disaggregated "virtual record" would replace the integrated patient file, and the risks to data privacy inherent in the use of names or permanent identification numbers would be eliminated.
Abstract: For twenty five years the legal system has tried to protect the privacy of identified patient data contained in information systems. The rapid development of such technology has repeatedly frustrated the public policies incorporated into the legal system. However the newest information technologies provide the possibility of fundamentally changing the way information is stored in the health care system and, by "De personalizing the data," allow restoration of a reasonable level of personal privacy, without interfering with the legitimate needs for medical data. The system would require a secure "identifier control facility" and act as a network "file access table" able to reconstruct widely distributed bits of the patients record. A disaggregated "virtual record" would replace the integrated patient file, and the risks to data privacy inherent in the use of names or permanent identification numbers would be eliminated.
Book•
01 Jan 1995
TL;DR: The Difficulties of Privacy as an Idea Background: Up To and Through the American Golden Age of Privacy Background: Those Left Out of the Golden Age Types of Privacy The Pernicious Side of Privacy What Privacy Provides Sexual Assault News-Reporting Ethics Invasions of Privacy Summary Index as discussed by the authors
Abstract: The Difficulties of Privacy as an Idea Background: Up To and Through the American Golden Age of Privacy Background: Those Left Out of the Golden Age Types of Privacy The Pernicious Side of Privacy What Privacy Provides Sexual Assault News-Reporting Ethics Invasions of Privacy Summary Index
25 Apr 1995
TL;DR: This work describes a scheme which provides authentication of the communicating entities, location privacy, and secure messaging, and provides a correct and efficient mechanism to establish secure communications.
Abstract: Recent years have witnessed the rapid growth of mobile computing environments. One of the major concerns in such environments is security, specially in the context of wireless communications. We describe some of the important issues which need to be addressed in designing a security scheme for mobile communications. These include autonomy of communicating entities, mobility of the users, limitations of the hardware, etc. We describe a scheme which addresses the above issues, and provides a correct and efficient mechanism to establish secure communications. Our scheme provides authentication of the communicating entities, location privacy, and secure messaging. >
Book•
01 Jan 1995
TL;DR: The Computer Privacy Handbook gives you the practical tools to reassert your privacy, and PGP (Pretty Good Privacy) is the de facto world standard for e-mail privacy.
Abstract: From the Publisher:
The Computer Privacy Handbook gives you the practical tools to reassert your privacy. You'll find out who is selling your secrets, how computers help snoops, the dangers of a cash-free society, how the U.S. government wants to monitor all telecommunications, why e-mail can be terribly unsafe, the advantages of anonymous remailers, how to protect yourself with encryption and digital signatures, and how to safeguard your Social Security number. Also included is a complete, user-friendly manual for PGP (Pretty Good Privacy), a top-rate software program that protects your personal and business data files and e-mail from snoops! PGP is the de facto world standard for e-mail privacy.
Journal Article•
04 Jan 1995
TL;DR: The design of a computerized technology transfer mechanism for the engineering sciences area based on Sandia National Laboratories' Technology Information Environment for Industry (TIE-IN) is outlined and the security, privacy and appropriate access issues that arose in the design of the system are explained.
Abstract: This paper describes the need for faster and more efficient technology transfer mechanisms. It outlines the design of a computerized technology transfer mechanism for the engineering sciences area based on Sandia National Laboratories' Technology Information Environment for Industry (TIE-IN). It explains the security, privacy and appropriate access issues that arose in the design of the system. >