1,721,246 research outputs found
Reconciling the what, when and how of privacy notifications in fitness tracking scenarios
No full textThe increasing number of fitness tracking wearables deployed worldwide poses challenges to the privacy of their users, esp. in terms of transparency. Privacy notifications facilitate transparency by providing users with situational awareness about the pro-cessing of their personal data. We present the results of two online surveys including English-speaking (n(Eng) = 154) and German-speaking (n(Ger) = 150) users of fitness track-ing devices from Europe, conducted to elicit determinants of notification settings. We found evidence for the perceived usefulness of privacy notifications, and for concordant predictors in terms of when and how users prefer to be notified about personal data processing in 12 scenarios related to fitness tracking
Enhanced Privacy in Smart Workplaces: Employees’ Preferences for Transparency Indicators and Control Interactions in the Case of Data Collection with Smart Watches
No full text
Attacker Profiling in Quantitative Security Assessment Based on Attack Trees
Full text linkWe present the results of research of limiting adversarial budget in attack games, and, in particular, in the failure-free attack tree models presented by Buldas-Stepanenko in 2012 and improved in 2013 by Buldas and Lenin. In the previously presented models attacker’s budget was assumed to be unlimited. It is natural to assume that the adversarial budget is limited and such an assumption would allow us to model the adversarial decision making more close to the one that might happen in real life. We analyze three atomic cases – the single atomic case, the atomic AND, and the atomic OR. Even these elementary cases become quite complex, at the same time, limiting adversarial budget does not seem to provide any better or more precise results compared to the failure-free models. For the limited model analysis results to be reliable, it is required that the adversarial reward is estimated with high precision, probably not achievable by providing expert estimations for the quantitative annotations on the attack steps, such as the cost or the success probability. It is doubtful that it is reasonable to face this com- plexity, as the failure-free model provides reliable upper bounds, being at the same time computationally less complex
Data Protection in Healthcare and Welfare - Education of Data Protection Officials in Germany
No full textShed Light on Unconscious Disclosure and Consumption of Information in the Digital Age
Full text linkThe technological evolution of computers, their networking, and the digitization of information revolutionized the exchange of information fundamentally. Nowadays, almost anyone can easily receive, create, modify and distribute information with almost unlimited reach. The resulting democratized flow of information and the elimination of spatial separation and temporal boundaries enabled a bunch of new
possibilities for individuals and societies. However, like any preceding upheaval in human communication, these changes cause also new challenges and issues that must be learned to deal with. On one hand, the unlimited amount of digital information available and the simultaneous creation and dissemination of misleading, false, influencing, and malicious content makes it difficult to assess and verify the credibility of received information. The impacts of such malicious information range from serious issues for individuals to societies. On the other hand, the interactive way of digital information exchange discloses a lot of (privacy-sensitive) information about the user. Information collected and analyzed is used to provide services, personalize information flows, or even to detect and prevent the spread of malicious
information and behavior. However, the path between new achievements, safety, and freedom is very narrow. Today’s digital information exchange can simultaneously be used for global surveillance of individuals on an unprecedented scale. In the worst case, complete surveillance leads to repression of minorities and unwelcome opinions as well as the establishment of self-censorship, and thus undermines freedom of speech an essential human right and the foundation of modern democracies. Overall, digital
information exchange enabled surveillance and manipulation at a low cost. The best solution to these problems would, of course, be systematic prevention. Basically, however, systemic measures of both problems are opposed to each other. The more data is disclosed, the more possible surveillance; the less, the less control over shared information. Hence, in practice, new and old technological developments and their systemic measures are always subject to negotiation processes between safety, freedom, and utility.
Thus, existing systemic measures cannot completely protect users from the mentioned issues of digital information exchange. Transparency and education concerning the consumption and unconscious disclosure of digital information and thus increased awareness of end users is, therefore, an important supplement. On the one hand, to fill the gaps of systemic measures and, on the other hand, to empower users and societies to (co-)determine the negotiation processes themselves - and thus to counteract the new power asymmetries as well as to become part of the solution. This work aims to reveal such gaps for different use cases; to develop
transparency solutions for identified gaps; and to evaluate the impact and efficacy of developed solutions. First, we analyze how the traditional exchange of analog information has changed with digitization in terms of verification and unconscious disclosure of information, and develop a transparency tool for the exchange of analog printed documents. Afterward, we investigate the field of new digital developments, with a focus on the IoT. In particular, the integration of small sensors into any physical objects is increasingly blurring
the boundary between the digital and analog worlds, and let the information transfer disappear more and more unconsciously in the background. Thus, on one hand, we investigate in detail the change in mobility (connected driving) and, on the other hand, at the impact on bystanders who unconsciously disclose data through surrounding recording sensors without even being an active part of the system. For the latter, we additionally develop and evaluate a transparency solution. In the last part, we investigate the state of news
consumption in the German-speaking population and develop and evaluate a solution for contextualizing information to support the assessment of news in social networks
The Need and Practice of User Authentication and TTP Services in Distributed Health Information Systems (first thoughts)
No full textPrivacy, Usability, Acceptance and Transparency in Car Insurance Innovations
Full text linkThe Internet of Things (IoT) supports technology innovations by providing us with a variety of services present in our lives. For example, by using a smartwatch, people can get live information about their well-being and also have quick access to information stored on their smartphones.
IoT is also present in urban planning, agriculture sector, and the healthcare industry, among others. For example, in urban cities, it is possible to install sensors to monitor pollution, analyze traffic, provide real-time parking information, and send notifications about incidents or disasters. In agriculture, IoT supports monitoring of CO2 levels, temperature, humidity, and other relevant indicators to improve the productivity in this sector. Moreover, the location of animals can be tracked using sensors. In the healthcare industry, IoT allows doctors to monitor their patients remotely, access real-time medical records, and provide telemedicine services. Data collection is required to implement such innovations supported by IoT.
In the insurance context, car insurance innovations such as Usage-Based Insurance (UBI) are offered in which the premium is determined based on the user's driving behavior. In order to achieve this, insurers gather data (e.g., speed, acceleration, braking, location, time of day driven) to determine the driving style and provide feedback for improvement. In effect, drivers with a good score get a discount on the next renewal premium. Although such innovations bring benefits, they include data processing that potentially contain personal information, undermining users' privacy. Moreover, such innovations could also have some features that result in a hassle to users or do not have clear explanations about data handling, which could reduce the intention to use them. The General Data Protection Regulation (GDPR) proposes principles to mitigate such privacy and transparency concerns. However, it does not provide adequate details on how they should be implemented.
This thesis provides insights into the privacy, usability, transparency, and user acceptance of car insurance innovations to close the gaps mentioned above. This is done by conducting a series of studies to research on these topics, taking UBI as a scenario. The studies show that data sharing and storage are the main privacy concerns. Moreover, the findings indicate that usability issues primarily come from the technology used to collect driving data. From the studies, we identify the performance expectancy for improving driving style, performance expectancy for saving money, social influence, hedonic motivation, trust in the insurer, and perceived safety as acceptance factors of the intention to use UBI. Based on the findings, we propose a user acceptance model, validating it with current, former, and potential users.
This work sets a foundation for future research on privacy, usability, transparency, and user acceptance of car insurance innovations. Moreover, it gives recommendations to vendors (i.e., insurers, technology providers, Original Equipment Manufacturer [OEM]) which could help improve such innovations in the insurance sector.Auf Basis des Internets der Dinge (engl. Internet of Things, IoT) wurden verschiedene Dienste entwickelt, die sich unmittelbar in den Alltag der Menschen integrieren lassen. Beispielsweise können Nutzer mittels einer Smartwatch Echtzeit-Updates der eigenen Gesundheitsdaten erhalten und darüber hinaus auch einen schnellen Zugriff auf Informationen bekommen, die auf dem Smartphone gespeichert sind.
IoT kommt mittlerweile in verschiedenen Branchen zum Einsatz, wie etwa der Stadtplanung, der Landwirtschaft oder dem Gesundheitswesen. Städtische Gebiete können zum Beispiel von der Installation von Sensoren profitieren, die zur Überwachung der Luftverschmutzung, des Verkehrsflusses oder von freien Parkplätzen dienen. Ebenso können die gesammelten Sensordaten dazu beitragen, die Bevölkerung bei Zwischenfällen oder Naturkatastrophen sachdienlich zu informieren. In der Landwirtschaft werden Sensoren zur Überwachung des CO2-Gehalts, der Temperatur, der Luftfeuchtigkeit sowie von anderen Indikatoren zur Steigerung der Produktivität eingesetzt. Außerdem können Sensoren auch zur Verfolgung von Wildtieren in ihren natürlichen Lebensräumen verwendet werden. Die Gesundheitsbranche nutzt IoT-Anwendungen, um eine Fernüberwachung von Patienten, aber auch Echtzeitzugriff auf Krankenakten und telemedizinische Dienste zu ermöglichen. Um all diese Anwendungsszenarien zu realisieren, braucht das Internet der Dinge jedoch Daten.
In der Versicherungsbranche haben Kfz-Versicherungsunternehmen innovative Kfz-Versicherungen wie die nutzungsbasierte Versicherung (engl. usage-based insurance, UBI) entwickelt, um die Versicherungsprämie auf der Grundlage des Fahrverhaltens des Nutzers festzulegen. Konkret sammeln die Versicherer etwa Daten zur Geschwindigkeit, Beschleunigung oder zum Bremsverhalten und Standort, um den Fahrstil zu bestimmen und den Fahrern Feedback für Verbesserungen zu geben. Fahrer, die eine gute Bewertung erhalten, können im nächsten Versicherungsjahr einen Preisnachlass erhalten. Obwohl innovative Technologien oft Vorteile bieten, werden dabei in der Regel auch Daten verarbeitet, die personenbezogen oder personenbeziehbar sein können, wodurch die Privatsphäre von Nutzern gefährdet werden kann. Darüber hinaus können sich Nutzer von bestimmten Funktionen dieser Programme belästigt fühlen und mangelhafte Erklärungen zur Datenverarbeitung können sogar vor einer Nutzung abschrecken. Die Datenschutz-Grundverordnung (DSGVO) schlägt daher Maßnahmen vor, um Bedenken hinsichtlich des Datenschutzes, der Benutzerfreundlichkeit und der Transparenz zu adressieren, allerdings ohne konkrete Angaben zur Umsetzung zu machen.
Diese Dissertation analysiert den Datenschutz, die Benutzerfreundlichkeit, die Transparenz und die Benutzerakzeptanz von Kfz-Versicherungsinnovationen, indem sie Ergebnisse aus durchgeführten Studien zu UBI präsentiert. Die Resultate zeigen, dass die gemeinsame Nutzung und Speicherung von Daten die größten Datenschutzbedenken bei UBI darstellen. Darüber hinaus zeigen die Studien, dass die zur Erfassung von Fahrdaten eingesetzte Technologie die Hauptursache für Probleme bei der Benutzerfreundlichkeit von UBI ist und dass zu den Akzeptanzfaktoren für die Einführung von UBI die Leistungserwartungen zur Verbesserung des Fahrstils und zur Einsparung von Geld sowie der soziale Einfluss, die hedonische Motivation, das Vertrauen in den Versicherer und die wahrgenommene Sicherheit gehören. Basierend auf unseren Studien schlagen wir ein Nutzerakzeptanzmodell vor, welches mit aktuellen, ehemaligen und potenziellen UBI-Nutzern validiert wurde.
Zusammenfassend schafft diese Dissertation eine Grundlage für zukünftige Studien, die sich hinsichtlich des Datenschutzes, der Benutzerfreundlichkeit, der Transparenz und der Benutzerakzeptanz von Innovationen in der Kfz-Versicherung beschäftigen. Außerdem bietet sie Empfehlungen für Anbieter (d. h. Versicherer, Technologieanbieter, Erstausrüster), um diese Programme zu verbessern
Upside Down: Exploring the Ecosystem of Dark Web Data Markets
Full text linkLarge-scale dark web marketplaces have been around for more than a decade. So far, academic research has mainly focused on drug and hacking-related offers. However, data markets remain understudied, especially given their volatile nature and distinct characteristics based on shifting iterations. In this paper, we perform a large-scale study on dark web data markets. We first characterize data markets by using an innovative theoretical legal taxonomy based on the Council of Europe's Cybercrime Convention and its implementation in Dutch law. The recent Covid-19 pandemic showed that cybercrime has become more prevalent with the increase of digitalization in society. In this context, important questions arise regarding how cybercrime harms are determined, measured, and prioritized. We propose a determination of harm based on criminal law qualifications and sanctions. We also address the empirical question of what the economic activity on data markets looks like nowadays by performing a comprehensive measurement of digital goods based on an original dataset scraped from twelve marketplaces consisting of approximately 28,000 offers from 642 vendors. The resulting analysis combines insights from the theoretical legal framework and the results of the measurement study. To our knowledge, this is the first study to combine these two elements systematically
A Privacy-Preserving Platform for User-Centric Quantitative Benchmarking
Full text linkWe propose a centralised platform for quantitative benchmarking of key performance indicators (KPI) among mutually distrustful organisations. Our platform offers users the opportunity to request an ad-hoc benchmarking for a specific KPI within a peer group of their choice. Architecture and protocol are designed to provide anonymity to its users and to hide the sensitive KPI values from other clients and the central server. To this end, we integrate user-centric peer group formation, exchangeable secure multi-party computation protocols, short-lived ephemeral key pairs as pseudonyms, and attribute certificates. We show by empirical evaluation of a prototype that the performance is acceptable for reasonably sized peer groups
- …
