Food and Drug Administration--General hospital and personal use devices; general provisions. Final rule

Food and Drug Administration [FDA] is issuing a final rule regarding general provisions applicable to the classification of general hospital and personal use devices. The preamble to this rule responds to general comments received on the proposals regarding classification of general hospital and personal use devices. This action is being taken under the Medical Device Amendments of 1976.     

Medical devices; various proposed rules for device classification; withdrawal of proposed rules. Food and Drug Administration. Withdrawal of proposed rules

The Food and Drug Administration (FDA) is withdrawing various proposed rules related to classification of general hospital and personal use devices, anesthesiology devices, and immunology and microbiology devices to eliminate unnecessary regulations.     

Remote Wiping and Secure Deletion on Mobile Devices: A Review

Mobile devices have become ubiquitous in almost every sector of both private and commercial endeavors. As a result of such widespread use in everyday life, many users knowingly and unknowingly save significant amounts of personal and/or commercial data on these mobile devices. Thus, loss of mobile devices through accident or theft can expose users—and their businesses—to significant personal and corporate cost. To mitigate this data leakage issue, remote wiping features have been introduced to modern mobile devices. Given the destructive nature of such a feature, however, it may be subject to criminal exploitation (e.g., a criminal exploiting one or more vulnerabilities to issue a remote wiping command to the victim's device). To obtain a better understanding of remote wiping, we survey the literature, focusing on existing approaches to secure flash storage deletion and provide a critical analysis and comparison of a variety of published research in this area. In support of our analysis, we further provide prototype experimental results for three Android devices, thus providing both a theoretical and applied focus to this article as well as providing directions for further research.     

A review on feature selection in mobile malware detection

The widespread use of mobile devices in comparison to personal computers has led to a new era of information exchange. The purchase trends of personal computers have started decreasing whereas the shipment of mobile devices is increasing. In addition, the increasing power of mobile devices along with portability characteristics has attracted the attention of users. Not only are such devices popular among users, but they are favorite targets of attackers. The number of mobile malware is rapidly on the rise with malicious activities, such as stealing users data, sending premium messages and making phone call to premium numbers that users have no knowledge. Numerous studies have developed methods to thwart such attacks. In order to develop an effective detection system, we have to select a subset of features from hundreds of available features. In this paper, we studied 100 research works published between 2010 and 2014 with the perspective of feature selection in mobile malware detection. We categorize available features into four groups, namely, static features, dynamic features, hybrid features and applications metadata. Additionally, we discuss datasets used in the recent research studies as well as analyzing evaluation measures utilized.     

Location privacy: The challenges of mobile service devices

Adding to the current debate, this article focuses on the personal data and privacy challenges posed by private industry's use of smart mobile devices that provide location-based services to users and consumers. Directly relevant to personal data protection are valid concerns about the collection, retention, use and accessibility of this kind of personal data, in relation to which a key issue is whether valid consent is ever obtained from users. While it is indisputable that geo-location technologies serve important functions, their potential use for surveillance and invasion of privacy should not be overlooked. Thus, in this study we address the question of how a legal regime can ensure the proper functionality of geo-location technologies while preventing their misuse. In doing so, we examine whether information gathered from geo-location technologies is a form of personal data, how it is related to privacy and whether current legal protection mechanisms are adequate. We argue that geo-location data are indeed a type of personal data. Not only is this kind of data related to an identified or identifiable person, it can reveal also core biographical personal data. What is needed is the strengthening of the existing law that protects personal data (including location data), and a flexible legal response that can incorporate the ever-evolving and unknown advances in technology.     

Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study

Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and is an under‐explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log‐in to and log‐out from Symform account using the client application, file synchronization as well as their time stamp information. This research contributes to an in‐depth understanding of the types of terrestrial artifacts that are likely to remain after the use of cooperative storage cloud on client devices.     

Regulating mobile advertising in the European Union and the United States

Mobile advertising is a gradually developing component of the marketing mix that includes advertisements directed to or accessed on consumers' mobile devices. Growing concerns about the protection of the consumers' personal data are being raised since mobile advertising may become an extremely intrusive practice in an intimate personal space. Approaches of protecting the consumers' personal information differ greatly throughout the world. This article contrasts the regulatory environment in the European Union and in the United States applicable to the consumer's privacy and personal data used for mobile advertising purposes while also examining the effectiveness of each of these approaches.     

Forensic data recovery and examination of magnetic swipe card cloning devices

Magnetic swipe card technology is used for many purposes including credit, debit, store loyalty, mobile phone top-up and security identification cards. These types of cards and the details contained on them are often relied upon as a form of identification and personal authentication. As such reliance is placed upon them it is surprising that they do not incorporate more stringent security features, and because of this lack of features it is not surprising that they attract the attention of people who wish to exploit them for illegal gain. The paper introduces the type of technology, and range of devices available for manipulating magnetic swipe card data. It proposes the use of Digital Evidence Bags as a suitable format for the evidential storage of information obtained from them, thus further illustrating the flexibility of the format and demonstrating the diverse range of devices that have to be handled within the digital investigation and law enforcement community.     

The principle of security safeguards: Unauthorized activities

The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information.     

Police use of TASER devices in mental health emergencies: A review

The proliferation of TASER devices among police forces internationally has been accompanied by concerns about injuries and health effects, and about the use of TASER devices on vulnerable populations such as people with mental illness. TASER devices have generated a flood of research studies, although there remain unanswered questions about some of the key issues. This paper outlines the introduction of TASER devices to policing and their subsequent widespread adoption. The paper considers the role of police in mental health emergencies with a particular focus on use of TASER devices. Some factors contribute to the special vulnerability of people with mental illness to the effects of TASER devices. The paper also reviews research into use of TASER devices and raises issues about conflict of interest in research into TASER devices. We conclude that TASER devices look set to play a significant role in policing in the future. We make suggestions for a future research programme, and suggest guidelines for publication of papers in which there may be a conflict of interest.     

Use of a Spray Device to Locate Touch DNA on Casework Samples

The use of a fluorescent dye to visualize cellular material on surfaces offers a targeted sampling approach for locating touch DNA on casework items. However, the current application of such dye is not feasible for examination of relatively large items. As a result, development of an efficient dye application system is required to translate this approach into practice. Here, the spray pattern (area covered, intensity, and evenness) of 15 different commercial spray devices was examined visually using food coloring. From this, five devices were selected to apply Diamond Nucleic Acid Dye (DD) to three substrates (glass slide, plastic sheet, and brown packing tape) seeded with saliva and touch DNA. The cellular material was visualized using the Dino-lite Microscope and Polilight. The inhibitory effects of DD afforded by each spray device were examined using Identifiler Plus^® DNA profiling kit and a DNA input of 800 pg. The two most promising devices were further tested on a range of mock casework items seeded with touch DNA. The results presented demonstrate the feasibility of a spray system to apply DD to large surfaces and subsequently detect cellular material at both micro and macroscale. Specifically, the data suggest that a pressurized continuous-spray system is favorable and that droplet size influences the intensity of fluorescence and surface coverage. Furthermore, this study indicates that full STR profiles can be obtained following spraying with DD solution, even with excessive application, which is essential for the widespread use of these devices in casework.     

Heroin, crack, and AIDS: examining social change within Honolulu, Hawaii's street sex trade

The intent of the research was to conduct a replication study of a previous investigation in order to permit a comparative analysis of some aspects that might permeate overtime from the street sex trade of Honolulu, Hawaii. The design comprised the elements of a (1) longitudinal design, (2) a snowball sampling technique, (3) a survey instrument and (4) ethnographic and field data collection. Data comparison utilized survey interviews obtained from a population immersed in the street sex trade at the same location but from two different points in time. Both studies used Likert scale and semantic differential tests to target the prostitutes' attitudes toward the law, experiences with local social service agencies, and other aspects of the streetwalkers' personal lives. Details included the use of drugs and alcohol, fear of sexually transmitted infections, and experiences with crime and victimization. Increases in highest educational level completed were noted, but decreases in the completion of high school were more significant. Self reported use of narcotics was relatively consistent across the two studies, but an overall decrease in frequency of use was found. The current subjects rated HIV and AIDS their number one personal concern; whereas in 1974, the most commonly chosen concern was being arrested. None of the 1992 subjects reported that they had contracted HIV or the AIDS virus and stated that they preliminary depended on regular military clients for their income. The overall analysis of both samples yielded the epidemiological themes of (1) drug addition, (2) sexual exploitation, and (3) sexually transmitted infections among those within the street sex trade even though the time periods between them had spanned almost over twenty years. This revised version was published online in July 2006 with corrections to the Cover Date.     

Asymmetries of control: Surveillance,intrusion, and corporate theft of privacy

This paper deals with the asymmetry in relations between the individual actor and the corporation. In particular the paper focuses on the impact of corporate use of technologies of surveillance, ostensibly to reduce crime and to increase efficiency. A case is made that the use of these technologies to invade citizens' personal privacy in order to procure personal information without consent is a still-unrecognized form of corporate theft. Steps toward a remedy are suggested.     

General hospital and personal use devices: proposed classification of liquid chemical sterilants and general purpose disinfectants--FDA. Proposed rule

The Food and Drug Administration (FDA) is proposing to classify both liquid chemical sterilants intended for use as the terminal step in processing critical and semicritical medical devices prior to patient use, and general purpose disinfectants intended to process noncritical medical devices and equipment surfaces. Under the proposal, liquid chemical sterilants would be classified into class II (special controls) and general purpose disinfectants would be classified into class I (general controls). FDA also proposes to exempt general purpose disinfectants from the premarket notification requirements. The agency is publishing in this document the recommendations of the General Hospital and Personal Use Devices Panel (the Panel) regarding the classification of these devices. After considering public comments on the proposed classification, FDA will publish a final regulation classifying these devices. This action is being taken to establish sufficient regulatory controls that will provide reasonable assurance of the safety and effectiveness of these devices.     

Exemption from import/export requirements for personal medical use. Final rule

The Drug Enforcement Administration (DEA) is amending its regulations to expressly incorporate the restrictions on personal use importation imposed by Congress in 1998 and to expand upon those restrictions to curtail the diversion that has continued even after the 1998 congressional amendment. Specifically, DEA is limiting to 50 dosage units the total amount of controlled substances that a United States resident may bring into the United States for legitimate personal medical use when returning from travel abroad at any location and by any means. This regulation will help prevent importation of controlled substances for unlawful use while still accommodating travelers who have a legitimate medical need for controlled substances during their journey.     

Medical devices; effective date of requirement for premarket approval for three class III preamendments devices--FDA. Proposed rule; opportunity to request a change in classification

The Food and Drug Administration (FDA) is proposing to require the filing of a premarket approval application (PMA) or a notice of completion of a product development protocol (PDP) for the following three class III preamendments devices: Lung water monitor, powered vaginal muscle stimulator for therapeutic use, and stair-climbing wheelchair. The agency also is summarizing its proposed findings regarding the degree of risk of illness or injury designed to be eliminated or reduced by requiring the devices to meet the statute's approval requirements and the benefits to the public from the use of the devices. In addition, FDA is announcing the opportunity for interested persons to request that the agency change the classification of any of the devices based on new information. This action implements certain statutory requirements.     

Operationalizing The Law of Jurisdiction: Where in the World Can I Be Sued for Operating a World Wide Web Page?

The concept of personal jurisdiction-the power of a court to decide the rights of a person and issue a binding judgment-is becoming increasingly complex in cases involving the World Wide Web. The two approaches courts currently use to assert personal jurisdiction are inadequate and inconsistently employed, leaving individuals who perform services or conduct business over the Web without clear answers about where they may be haled into court. The "Zippo test" fails to consistently take an accurate account of the complete picture of the contacts generated from Internet use, and the "Calder effects test" is not applicable in all cases. This article outlines a "Web-contacts" approach as a consistent way to operationalize "purposeful availment" for personal jurisdiction based on contacts via the Web.     

Methodological challenges to government sampling techniques in civil fraud and abuse cases

This Article discusses the use of statistical sampling in Medicare and Medicaid fraud and abuse audits. The author reviews cases in which government sampling methodologies have been challenged. Finally, the author describes the various alternatives available for challenging the validity of the statistical sampling used by the government in its audits.     

Origin,Analytical Characterization,and Use of Human Odor in Forensics

Developing a strategy to characterize the odor prints of individuals should be relevant to support identification obtained using dogs in courts of justice. This article proposes an overview of the techniques used for the forensic profiling of human odor. After reviewing the origin of human odor—both genetic and physiological—the different analytical steps from sample collection to statistical data processing are presented. The first challenge is the collection of odor, whether by direct sampling with polymer patches, cotton gauze, etc., or indirect sampling with devices like Scent Transfer Unit. Then, analytical techniques are presented. Analyses are commonly performed with gas chromatography coupled with mass spectrometry. As they yield large amounts of data, advanced statistical tools are needed to provide efficient and reliable data processing, which is essential to give more probative value to information.     

个人信息流通利用的制度基础——以信息识别性为视角

《个人信息保护法》以信息主体同意为基础,构筑了个人控制的个人信息直接利用制度,但其是否为流通利用提供了通道仍存疑问。信息因其识别性能的差异,可区分为直接标识符、间接标识符和准标识符,三者给个人权益带来的危害风险不同。《个人信息保护法》规定的匿名化和去标识化本质上是针对特定数据集中信息识别风险的制度安排,能消除因信息本身识别性产生的风险,而很难消除基于识别分析的识别性产生的风险。因此,缺失针对“基于识别分析的识别性产生的风险”的措施,现行关于匿名化和去标识化的规范均不能支撑个人信息流通利用。去标识化需要改造成为“去直接标识符+识别控制”的受控去标识化制度,在防控个人信息识别风险的前提下,为个人信息流通利用提供制度保障,以最大化实现个人信息的社会价值。