Internet of Things – New security and privacy challenges

The Internet of Things, an emerging global Internet-based technical architecture facilitating the exchange of goods and services in global supply chain networks has an impact on the security and privacy of the involved stakeholders. Measures ensuring the architecture's resilience to attacks, data authentication, access control and client privacy need to be established. An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector according to specific needs and thereby becomes easily adjustable. The contents of the respective legislation must encompass the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT.     

How much privacy do clouds provide? An Australian perspective

Cloud computing is becoming the standard operating process, communications system and underlying infrastructure of the Internet. This is of paradigm-shifting significance to the law. Multinationals, such as Google, Amazon, Apple, Facebook, and Microsoft, own and operate the cloud computing infrastructure of the Internet as well as influencing its culture. They have been called the Four Horsemen of Technology and consider Microsoft their inspiration.¹ Business can now be transacted at the speed of thought. The digital nervous system that Bill Gates envisioned is blossoming as cloud computing. However, sovereign nations can no longer effectively regulate the telecommunications systems within their borders without the tacit compliance of these cloud operating multinationals. The aim of this paper is to determine whether or not cloud computing infrastructure can support privacy regulation yet remain practical.     

“Personal information of privacy nature” under Chinese Civil Code

Chinese Civil Code separates the civil right to privacy and the civil interest of personal information through the proposal of the PIPN in Article 1034, which constructs a different model from both EU and US. Although this distinction is of great significance, it brings potential problems, too. The PIPN is a kind of personal information which is unwilling to be known to others with privacy nature, which can be defined through a method of combining basic definition plus enumerations. It is recommended to consider the context and purpose of processing personal information when deciding the PIPN, and the level of privateness, availability, risk and identifiability will be considered to the privacy test. Based on Chinese reality, ID number, biometric information, financial information should be list as the typical kinds of the PIPN in the future legislation.     

Balancing in a crisis? Bioterrorism, public health and privacy

Post-September 11, the government has been rapidly funding public health initiatives to bolster the Nation's ability to respond to bioterrorist attacks. While the infusion of money into the public health system is laudable, the pressure to enact legislation quickly has resulted in laws and policies that ignore privacy and civil liberties and that favor anti-bioterror initiatives over more common public health concerns. A public health agenda that ignores privacy and civil liberties will undermine public trust, leading people to not fully participate in critical public health activities. Our Nation is far more likely to succeed in preventing and responding to a potential act of bioterrorism if we embrace the principle that advancing public health and preserving individual liberties are symbiotic and inextricable.     

Public security versus privacy in technology law: A balancing act?

Technology invades a person's privacy but this has been justified in law on public security grounds. The more technology advances, the more difficult it is to control its privacy intrusive use. This paper argues that there are a number of difficulties posed by such use concerning the respect of one's privacy. The meaning of ‘public security’ is not entirely clear and there are various laws which authorise the invasion of privacy for public security reasons. Technology is developing at such a fast pace and in a more diffused manner without taking on board its privacy implications whilst technological privacy enhancement mechanisms are not catching up. The law of privacy is not sufficiently elaborate and is slow in coming to terms to deal with these novel situations posed by rapid technological advances. The paper thus develops universally legally binding minimum core principles that could be applied indiscriminately to all privacy intrusive technology.     

Restrictions on cryptography in India – A case studyof encryption and privacy

The developments of technology in communications industry have radically altered the ways in which we communicate and exchange information. Along with the speed, efficiency, and cost-saving benefits of the digital revolution come new challenges to the security and privacy of communications and information traversing the global communications infrastructure. As is with any technology the misuse of technology is noticed similarly the encryption technology. Encryption and other advanced technologies may be used, with direct impact on law enforcement and therefore some restrictions are necessary in the interests of national security. The problem, however, is ensuring that the restriction is legitimate and solely for in the interests of national security, the state not being allowed to interfere and keep a track on individuals' activities and private lives without sufficient cause. The individual needs encryption to protect their personal privacy and confidential data such as medical information, personal financial data, and electronic mail. In a networked environment, such information is increasingly at risk of being stolen or misused. Therefore, encryption is critical to building a secure and trusted global information infrastructure. Digital computers have changed the landscape considerably and the entire issue, at its simplest level, boils down to a form of balancing of interests. The specific legal and rights-related problems arising from the issue of cryptography and privacy in the Indian context are examined in this paper.     

Balancing data protection and privacy – The case of information security sensor systems

This article analyses government deployment of information security sensor systems from primarily a European human rights perspective. Sensor systems are designed to detect attacks against information networks by analysing network traffic and comparing this traffic to known attack-vectors, suspicious traffic profiles or content, while also recording attacks and providing information for the prevention of future attacks. The article examines how these sensor systems may be one way of ensuring the necessary protection of personal data stored in government IT-systems, helping governments fulfil positive obligations with regards to data protection under the European Convention on Human Rights (ECHR), the EU Charter of Fundamental Rights (The Charter), as well as data protection and IT-security requirements established in EU-secondary law. It concludes that the implementation of sensor systems illustrates the need to balance data protection against the negative privacy obligations of the state under the ECHR and the Charter and the accompanying need to ensure that surveillance of communications and associated metadata reach established principles of legality and proportionality. The article highlights the difficulty in balancing these positive and negative obligations, makes recommendations on the scope of such sensor systems and the legal safeguards surrounding them to ensure compliance with European human rights law and concludes that there is a risk of privatised policymaking in this field barring further guidance in EU-secondary law or case law.     

E-Government users’ privacy and security concerns and availability of laws in Dubai

The purpose of the study was to review privacy and security concerns and their impact on e-government adoption in Dubai. The research analyzed the literature on e-government, security and privacy concerns of e-government adoption and the legislative provision relating to privacy and security protection. A survey on e-government user concerns on privacy, security and ease of use was also carried out. The data for the survey in this research were collected from 190 respondents in Dubai. The results of the analysis revealed that perceived security, privacy and perceived ease of use were important constructs in e-government adoption. The analysis of legal framework showed that the Federal Constitution, the Penal Code, the new Data Protection Act and the Computer Crime Act could be used to address various privacy and security concerns. Thus, it is important that the policy makers facilitate an appropriate awareness campaign of the existence of both information privacy and security to attract more participation towards the e-government services.     

Pricing privacy – the right to know the value of your personal data

The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.     

Robots in the cloud with privacy: A new threat to data protection?

The focus of this paper is on the class of robots for personal or domestic use, which are connected to a networked repository on the internet that allows such machines to share the information required for object recognition, navigation and task completion in the real world. The aim is to shed light on how these robots will challenge current rules on data protection and privacy. On one hand, a new generation of network-centric applications could in fact collect data incessantly and in ways that are “out of control,” because such machines are increasingly “autonomous.” On the other hand, it is likely that individual interaction with personal machines, domestic robots, and so forth, will also affect what U.S. common lawyers sum up with the Katz's test as a reasonable “expectation of privacy.” Whilst lawyers continue to liken people's responsibility for the behaviour of robots to the traditional liability for harm provoked by animals, children, or employees, attention should be drawn to the different ways in which humans will treat, train, or manage their robots-in-the-cloud, and how the human–robot interaction may affect the multiple types of information that are appropriate to reveal, share, or transfer, in a given context.