Search results

The purpose of this paper is to examine how the introduction of new communication channels facilitates interactive information sharing and collaboration between various actors over social networking services and how social networking fits in the existing European legal framework on data protection. The paper also aims to discuss some specific data protection issues, focusing on the role of the relevant actors, using the example of photo tagging.

Privacy in social networks is one of the main concerns for providers and users. This paper examines the role of the main actors in social networking, i.e. the providers and the users, scrutinised under the light of the European data protection legislation. Specifically, how social networking service providers deal with users' privacy and how users handle their personal information, if this manipulation is complied with the respective legislation and how “tagging”, one of the most familiar services provided by the social networking providers, may cause privacy risks.

Social networking is one of the most remarkable cultural phenomena that has blossomed in the Web 2.0 era. They enable the connection of users and they facilitate the exchange of information among them. However, the users reveal vast amounts of personal information over social networking services, without realising the privacy and security risks arising from their actions. The European data protection legislation could be used as a means for protecting the users against the unlawful processing of their personal information, although a number of problems arise regarding its applicability.

The paper discusses some privacy concerns involved in social networks and examines how social networking service providers and users deal with personal information with regard to the European data protection legislation.

This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed.

The impact of the applications’ evolutionary increment of permission requests from both the user’s and the developer’s point of view is studied, and finally, a series of remedies against the erosion of users’ privacy is proposed.

The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today’s smartphone operating systems do not provide an adequate level of protection for the user’s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices.

The proposed approach was evaluated through an examination of the Android’s permission model, although issues arise in other operating systems. The authors’ future intention is to conduct a user study to measure the user’s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions.

The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices.

The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware.

This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors’ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users’ privacy.

This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics.

A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment.

The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency.

The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services.

PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions.

This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it.

To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users.

The increasing number of cyber attacks has transformed the “cyberspace” into a “battlefield”, bringing out “cyber warfare” as the “fifth dimension of war” and emphasizing the States’ need to effectively protect themselves against these attacks. The existing legal framework seem inadequate to deal effectively with cyber operations and, from a strictly legal standpoint, it indicates that addressing cyber attacks does not fall within the jurisdiction of just one legal branch. This is mainly because of the fact that the concept of cyber warfare itself is open to many different interpretations, ranging from cyber operations performed by the States within the context of armed conflict, under International Humanitarian Law, to illicit activities of all kinds performed by non-State actors including cybercriminals and terrorist groups. The paper initially presents major cyber-attack incidents and their impact on the States. On this basis, it examines the existing legal framework at the European and international levels. Furthermore, it approaches “cyber warfare” from the perspective of international law and focuses on two major issues relating to cyber operations, i.e. “jurisdiction” and “attribution”. The multi-layered process of attribution in combination with a variety of jurisdictional bases in international law makes the successful tackling of cyber attacks difficult. The paper aims to identify technical, legal and, last but not least, political difficulties and emphasize the complexity in applying international law rules in cyber operations.

The paper focuses on the globalization of the “cyber warfare phenomenon” by observing its evolutionary process from the early stages of its appearance until today. It examines the scope, duration and intensity of major cyber-attacks throughout the years in relation to the reactions of the States that were the victims. Having this as the base of discussion, it expands further by exemplifying “cyber warfare” from the perspective of the existing European and International legal framework. The main aim of this part is to identify and analyze major obstacles that arise, for instance in terms of “jurisdiction” and “attribution” in applying international law rules to “cyber warfare”.

The absence of a widely accepted legal framework to regulate jurisdictional issues of cyber warfare and the technical difficulties in identifying, with absolute certainty, the perpetrators of an attack, make the successful tackling of cyber attacks difficult.

The paper fulfills the need to identify difficulties in applying international law rules in cyber warfare and constitutes the basis for the creation of a method that will attempt to categorize and rank cyber operations in terms of their intensity and seriousness.

The objective of this paper is to investigate the legal and technical reasons why a declaration of will, denoted by a digital signature, can be cancelled and how this cancellation can be technically achieved.

Proposes a technical framework for establishing a signature revocation mechanism based on special data structures, the signature revocation tokens (SRT), and investigates the alternatives for disseminating the signature status information (SSI) to the relying parties.

A relying party has to take into consideration the possible existence of a signature revocation, in order to decide on the validity of a digital signature. A scheme based on a central public repository for the archival and distribution of signature revocation tokens exhibits significant advantages against other alternatives.

Identifies various intrinsic problems of the digital signature creation process that raise several questions on whether the signer performs a conscious and wilful act, although he/she is held liable for this action. The law faces the eventual right of the signer to claim a revocation of a previously made declaration of will, especially in cases of an error, fraud or duress.