Showing papers on "Information privacy published in 1997"

Protecting Data Privacy in Private Information Retrieval Schemes.

Abstract: Private information retrieval (PIR) schemes allow a user to retrieve the ith bit of an n-bit data string x, replicated in k?2 databases (in the information-theoretic setting) or in k?1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity. In this paper we introduce a model of symmetrically-private information retrieval (SPIR), where the privacy of the data, as well as the privacy of the user, is guaranteed. That is, in every invocation of a SPIR protocol, the user learns only a single physical bit of x and no other information about the data. Previously known PIR schemes severely fail to meet this goal. We show how to transform PIR schemes into SPIR schemes (with information-theoretic privacy), paying a constant factor in communication complexity. To this end, we introduce and utilize a new cryptographic primitive, called conditional disclosure of secrets, which we believe may be a useful building block for the design of other cryptographic protocols. In particular, we get a k-database SPIR scheme of complexity O(n1/(2k?1)) for every constant k?2 and an O(logn)-database SPIR scheme of complexity O(log2n·loglogn). All our schemes require only a single round of interaction, and are resilient to any dishonest behavior of the user. These results also yield the first implementation of a distributed version of (n1)-OT (1-out-of-n oblivious transfer) with information-theoretic security and sublinear communication complexity.

Weaving Technology and Policy Together to Maintain Confidentiality

Abstract: Author demonstrates that removing all explicit identifiers from medical data does not guarantee medical record confidentiality. She examines three new software systems that do help maintain anonymity, but warns that systems' limitations demand complementary policies.

Privacy-enhancing technologies for the Internet

Abstract: The increased use of the Internet for everyday activities is bringing new threats to personal privacy. The paper gives an overview of existing and potential privacy enhancing technologies for the Internet, as well as motivation and challenges for future work in this field.

The Digital Individual and the Private Realm

Abstract: Geographic information systems and the technological family associated with them—global positioning systems, geodemographics, and remote surveillance systems—raise important questions with respect to the issue of privacy. Of most immediate import, the systems store and represent data in ways that render ineffective the most popular safeguards against privacy abuse. But the systems are associated with more fundamental changes in the right to privacy and even, some would say, with challenges to the possibility of privacy itself. They make reasonable and acceptable the view that technological change is inevitable and autonomous, and therefore, too, are the development of increasingly comprehensive dossiers on individuals and households and the use of increasingly powerful means for the technological enhancements of vision. And their use in the creation of data profiles supports a wide-ranging reconceptualization of community, place, and individual. Nonetheless, in the ways they create and use digital profile...

Privacy and the Computer: Why We Need Privacy in the Information Society

Abstract: For more than thirty years an extensive and significant philosophical debate about the notion of privacy has been going on. Therefore it seems puzzling that most current authors on information technology and privacy assume that all individuals intuitively know why privacy is important. This assumption allows privacy to be seen as a liberal nice to have value: something that can easily be discarded in the face of other really important matters like national security, the doing of justice and the effective administration of the state and the corporation. In this paper I want to argue that there is something fundamental in the notion of privacy and that due to the profoundness of the notion it merits extraordinary measures of protection and overt support. I will also argue that the notion of transparency (as advocated by Wasserstrom) is a useless concept without privacy and that accountability and transparency can only be meaningful if encapsulated in the concept of privacy. From philosophical and legal literature I will discuss and argue the value of privacy as the essential context and foundation of human autonomy in social relationships. In the conclusion of the paper I will discuss implications of this notion of privacy for the information society in general, and for the discipline of information systems in particular.

Biometrics: privacy's foe or privacy's friend?

Abstract: From the INS to ATM's, both the public and private sectors are making extensive use of biometrics for human recognition. As this technology becomes more economically viable and technically perfected, and thus more commonplace, the field of biometrics will spark legal and policy concerns. Critics inevitably compare biometrics to Big Brother and the loss of individual privacy. The probiometric lobby generally stresses the greater security and improved service that the technology provides. Is biometrics privacy's friend or privacy's foe? This paper explores the various arguments for and against biometrics and contends that while biometrics may pose legitimate privacy concerns, these issues can be adequately addressed. In the final analysis, biometrics emerges as privacy's friend.

Privacy in the Information Age

Abstract: Electronic information networks offer extraordinary advantages to business, government, and individuals in terms of power, capacity, speed, accessibility, and cost But these same capabilities present substantial privacy issues With an unprecedented amount of data available in digital format--which is easier and less expensive to access, manipulate, and store--others know more about you than ever beforeConsider this: data routinely collected about you includes your health, credit, marital, educational, and employment histories; the times and telephone numbers of every call you make and receive; the magazines you subscribe to and the books your borrow from the library; your cash withdrawals; your purchases by credit card or check; your electronic mail and telephone messages; where you go on the World Wide Web The ramifications of such a readily accessible storehouse of information are astonishingGovernments have responded to these new challenges to personal privacy in a wide variety of ways At one extreme, the European Union in 1995 enacted sweeping regulation to protect personal information; at the other extreme, privacy law in the United States and many other countries is fragmented, inconsistent, and offers little protection for privacy on the internet and other electronic networksFor all the passion that surrounds discussions about privacy, and the recent attention devoted to electronic privacy, surprisingly little consensus exists about what privacy means, what values are served--or compromised--by extending further legal protection to privacy, what values are affected by existing and proposed measures designed to protect privacy, and what principles should undergird a sensitive balancing of those valuesIn this book, Fred Cate addresses these critical issues in the context of computerized information He provides an overview of the technologies that are provoking the current privacy debate and discusses the range of legal issues that these technologies raise He examines the central elements that make up the definition of privacy and the values served, and liabilities incurred, by each of those components Separate chapters address the regulation of privacy in Europe and the United States The final chapter identifies four sets of principles for protecting information privacy The principles recognize the significance of individual and collective nongovernmental action, the limited role for privacy laws and government enforcement of those laws, and the ultimate goal of establishing multinational principles for protecting information privacyPrivacy in the Information Age involves questions that cut across the fields of business, communications, economics, and law Cate examines the debate in provocative, jargon-free, detail

Toward an Approach to Privacy in Public: Challenges of Information Technology

Abstract: This article highlights a contemporary privacy problem that falls outside the scope of dominant theoretical approaches. Although these approaches emphasize the connection between privacy and a protected personal (or intimate) sphere, many individuals perceive a threat to privacy in the widespread collection of information even in realms normally considered "public". In identifying and describing the problem of privacy in public, this article is preliminary work in a larger effort to map out future theoretical directions.

Data hiding for multimedia personalization, interaction, and protection

Abstract: The advantages of digital media have opened up many new possibilities to hide data (information) within audio, image and video files. In order to provide copyright protection digital watermarking has been proposed as a means of identifying the owner or distributor of digital data. Data hiding and watermarking research builds on ideas and concepts developed in cryptography, communications theory, algorithm design, and signal processing. The data hiding problem is inherently more difficult than any of the problems that have traditionally been addressed in these fields. All data hiding algorithms combine and extend, in a sense, many of the solutions developed in these areas.

Assuring security and privacy for digital library transactions on the Web: client and server security policies

Abstract: Often an information source on the Web would like to provide different classes of service to different clients. In the autonomous, highly distributed world of the Web, the traditional approach of using authentication to differentiate between classes of clients is no longer sufficient, as knowledge of a client's identity will often not suffice to determine whether a client is authorized to use a service. In (Ching et al., 1996) we proposed the use of digital credentials to help solve this problem; but their use will in turn introduce a bevy of new problems associated with credential management. In this paper we propose the use of server security policies and client credential submission policies to aid in the management of a client's digital credentials. We propose a structure for such policies, and briefly describe an implementation of personal security assistants and server security assistants that embodies our proposed approach.

Achieving user privacy in mobile networks

Abstract: Third generation mobile networks aim to offer 'any service, anywhere, at any time'. Users require privacy within these systems in order to feel confident of their use. Privacy requirements (in mobile networks) are: content, location and identification privacy, and authentication. Differing from previous approaches to privacy, the network itself is considered to be an untrusted party. The paper proposes a scheme that allows the user to register with the network and remain anonymous (both location and identification). Digital mixes are used to create anonymity and authentication is achieved through a token based scheme. Finally the aspect of information leaking to authorised third parties is discussed and billing requirements are detailed which involve the use of 'coin' like tokens traded for services.

Critical issues in Internet commerce

Abstract: In this article the authors identify reliability, privacy, and security as critical issues in electronic commerce In other work, designers of information systems have identified other issues as critical, such as the ability to provide offline verification It is widely agreed that an electronic currency system must provide divisibility, scalability in number of users, conservation of money or tamper resistance, exchangeability or interoperability, and availability However, by returning to the fundamental definition of money and the essential nature of electronic information systems, the authors argue that privacy, reliability, and security are also critical issues It is argued that these issues are particularly important in Internet commerce The authors conclude by noting how some proposed Internet commerce systems provide, or fail to provide, security, reliability, and privacy

An authentication protocol without trusted third party

Abstract: A secure authentication protocol which supports both the privacy of messages and the authenticity of communicating parties is proposed. The trusted third party (key information center) is not needed once the secure network system is set up. Mutual authentication and key distribution can be achieved with two messages merely between two parties involved.

Social choice about privacy: intelligent vehicle-highway systems in the United States

Abstract: This article looks at privacy concerns related to Intelligent Transportation Systems (ITS) in an institutional context. It offers conceptual frameworks to discuss the potential interactions between ITS technologies and the computer design profession, standards-setting bodies, marketing organizations, and government administrative agencies.

Invasion of Privacy and Charter Values: The Common-Law Tort Awakens

Abstract: The author argues for the recognition of a tort of invasion of privacy in the common-law provinces of Canada. The article provides an overview of various methods of protecting privacy, including civil-law approaches in Quebec and Germany, American and German constitutional approaches, and the protection in the public sphere provided by the Canadian Charter of Rights and Freedoms. The author advocates the "Charter values" approach in defining the parameters of a Canadian common-law privacy tort. The review contrasts the United Kingdom and Australia, where the tort of invasion of privacy has been forcefully denied, with the United States and Germany, where it has been generally recognized. After a survey of the Charter protection and its scope, and using the case of Dyment as a guide, the author proposes a three-part formulation for the privacy tort. Under this test, a plaintiff may recover where there is an identifiable private object falling within one of the three privacy zones (territorial, personal, informational), where the defendant has acted intentionally or recklessly in compromising the private object, and where the invasion of the private object was unreasonable in the circumstances. In conclusion, the author argues that not only should the new tort be developed by reference to

Privacy and the Workplace: Technology and Public Employment:

Abstract: One of the most interesting, yet controversial, areas concerning public personnel is employee privacy. What limits are there to employers' intrusions into, and control over, employees' behaviors an...

Privacy and the Economics of Personal Health Care Information

Abstract: Paul M Schwartz* Introduction [V]ideo rental records are afforded more federal protection than are medical records1 Genetic science permits, to a previously unimaginable degree, predictions as to the illnesses that a person-and her immediate relatives-might confront in the future At the same time, information technology permits greater transmission, sharing, and storage of personal health care data at ever lower costs on a national and even international basis2 The combination of easy dissemination of highly sensitive data and use of these data to predict future health risks has already caused significant harm3 Employers are gaining information regarding which employees, potential or present, might fall ill in the future and are utilizing it to deny them jobs or promotions4 Insurance companies are using this same information to deny health care coverage for these individuals5 And at least one Health Maintenance Organization ( HMO) has permitted electronic access to complete psychiatric-session notes to all its employees, including nurses and clerical staff6No adequate legal protection currently exists in this area7 As dissemination becomes easier technologically and more predictions are made of future illnesses, more people will lose jobs and health coverage unless health care information receives legal protection that shields it from inappropriate disclosure The critical issue is how the law should structure the use of personal medical data by government and private enterprise alike Proposals have been introduced in the current Congress that would prevent uncontrolled access to health care data8 Proponents of these measures typically justify them on fairness grounds or, even more broadly, through reliance on a perspective that views privacy as a right9 In contrast, their opponents have questioned the economic efficiency of privacy legislation10 This debate appears to have reached a stalemate" This Article argues, however, that a strong economic argument can be made in favor of informational privacy It does so by carrying out an internal critique of the current conventional wisdom of law and economics concerning the inefficiency of data privacy This Article evaluates and corrects certain conclusions of law and economics theorists by testing their arguments within a specific and complex American landscape In a world far more simple than the one that we inhabit, unlimited disclosure of personal data might be economically efficient Yet, in the current marketplace for health care and employment-and any such markets that we are likely to have in the future-a strong economic argument can be made in favor of privacy We begin by exploring the provocative views of Judge Richard Posner and Professor Richard Epstein, who argue against regulation and in favor of unconstrained access to information about individuals Judge Posner advocates open disclosure of personal information12 In his view, data privacy primarily serves to allow individuals to carry out dishonest manipulations of the world around them13 Richard Epstein finds that the full benefits of the enormous predictive power of genetic data will be reaped only if unrestricted access is provided to this information 14 This Article's second Part points out the weaknesses in these approaches and argues that neither absolute disclosure nor absolute secrecy for medical data will be socially optimal15 It finds open access sometimes to have negative effects and privacy to have a potentially positive impact Because much information may be both harmful and useful in different contexts for different reasons, an economically efficient distribution of information is unlikely to exist at either extreme on the privacy/disclosure continuum16 In its third Part, this Article considers the nature of an economically efficient regulation for health care information and argues that optimal distribution of personal health care information requires rules that are tied to and follow these data through various uses17 In the electronic age, a health "record" per se no longer exists …

Web Implementation of a Securtty Mediator for Medical Databases

Abstract: Internet access to medical data has greatly facilitated information sharing. As health care institutions become more willing or more pressured to share some of their protected information, tools are being developed to facilitate the information transfer while protecting the privacy of the data. To this end, under the TIHI project, we have designed a security mediator a software entity that screens both incoming queries and outgoing results for compliance with a medical institution’s policies pertaining to data privacy. The system is under the control of a security officer who enters simple rules into the system that implement the policies of the institution. In this paper, we describe the WWW implementation of the security mediator dual interface. The customer interface allows outsiders to request and receive filtered medical information from a hospital database. The security officer interface permits rule editing and resolution of cases not covered by the rule-set.

The Genetic Privacy Act: an analysis of privacy and research concerns.

Abstract: Author argues that the Genetic Privacy Act fails to protect nucleic acid-based information as it relates to individual privacy, yet overburdens medical and scientific research with vague consent standards.

PCASSO: applying and extending state-of-the-art security in the healthcare domain

Abstract: As healthcare enters the age of technology and Internet access, new challenges emerge, particularly with respect to the protection of patient privacy and the protection of highly sensitive and life-critical information. By bringing state-of-the-art security technology to the healthcare domain, PCASSO (Patient Centered Access to Secure Systems Online) is setting a new standard in healthcare protection and patient empowerment, as well as making safe use of the Internet a real possibility.

Security and privacy: promising advances

Abstract: The paper discusses some promising advances in computer security. Security system designers and implementers must consider several factors: security policy, privileges, authentication, correctness and auditing. The paper presents an overview of some sub-fields and their successes: trusted systems, operating systems, database management systems, distributed systems, cryptography, protocols, system correctness, intrusion detection and mobile code.