Understanding Users’ Behavior towards Applications Privacy Policies

Recently, smartphone usage has increased tremendously, and smartphones are being used as a requirement of daily life, equally by all age groups. Smartphone operating systems such as Android and iOS have made it possible for anyone with development skills to create apps for smartphones. This has enabled smartphone users to download and install applications from stores such as Google Play, App Store, and several other third-party sites. During installation, these applications request resource access permissions from users. The resources include hardware and software like contact, memory, location, managing phone calls, device state, messages, camera, etc. As per Google’s permission policy, it is the responsibility of the user to allow or deny any permissions requested by an app. This leads to serious privacy violation issues when an app gets illegal permission granted by a user (e.g., an app might request for granted map permission and there is no need for map permission in the app, and someone can thereby access your location by this app). This study investigates the behavior of the user when it comes to safeguarding their privacy while installing apps from Google Play. In this research, first, seven different applications with irrelevant permission requests were developed and uploaded to two different Play Store accounts. The apps were live for more than 12 months and data were collected through Play Store analytics as well as the apps’ policy page. The preliminary data analysis shows that only 20% of users showed concern regarding their privacy and security either through interaction with the development team through email exchange or through commenting on the platform and other means accordingly.

Essays in the Regulation of Drones and Counter-Drone Systems

<p>Rapid growth in the use of drones potentially delivers significant economic benefits, but it has also given rise to considerable public concern about safety risks, infringement of privacy, and other unwelcome surveillance and observation. Drones are able to be operated remotely from the pilot, making it difficult to identify the operator and attribute liability for harm caused. This in turn means that existing regulatory frameworks might not induce an efficient level of drone-related harm. The first substantive chapter of this thesis considers measures to address concerns about privacy and surveillance. I propose the adoption of a package of measures including: tort law reform, the promulgation of a "Code of Practice for Drone Operations" under New Zealand's Privacy Act 1993, a remotely-readable identifier to identify approved operators, provision for aerial trespass by unmanned aircraft, provision for the destruction of unmanned aircraft committing trespass, and the clarification of what constitutes a privacy violation by broadcast or closed-circuit television and video systems. Fundamental to those proposals are the concepts of drone registration and the legalisation of the right to self-defence against drones. Registration requires that a drone is registered with the regulatory authorities, with a registered drone being traceable back to the owner of the drone. Registered drones may also be required to carry a remotely-readable identifier. Legalisation of self-defence allows bystanders to take defensive actions against drones, with the potential for a drone to be destroyed. Both of these mechanisms provide a means by which the operator of a drone faces some cost if they are causing harm, and thus may induce more efficient actions by the drone operator. This thesis establishes a theoretical framework for self-defence, registration, and registration in conjunction with self-defence. Conditions are established under which each will be the preferred form of regulation. It is also established that the status quo, with neither registration nor self-defence, is likely to be optimal when harm from drone activity is relatively low. The conditions established around when self-defence is efficient also provide the conditions for the regulation of counter-drone systems. I identify the legal impediments to the implementation of drone-detection systems and counter-drone systems in New Zealand, and propose a regulatory framework to allow the adoption of those systems.</p>

Essays in the Regulation of Drones and Counter-Drone Systems

<p>Rapid growth in the use of drones potentially delivers significant economic benefits, but it has also given rise to considerable public concern about safety risks, infringement of privacy, and other unwelcome surveillance and observation. Drones are able to be operated remotely from the pilot, making it difficult to identify the operator and attribute liability for harm caused. This in turn means that existing regulatory frameworks might not induce an efficient level of drone-related harm. The first substantive chapter of this thesis considers measures to address concerns about privacy and surveillance. I propose the adoption of a package of measures including: tort law reform, the promulgation of a "Code of Practice for Drone Operations" under New Zealand's Privacy Act 1993, a remotely-readable identifier to identify approved operators, provision for aerial trespass by unmanned aircraft, provision for the destruction of unmanned aircraft committing trespass, and the clarification of what constitutes a privacy violation by broadcast or closed-circuit television and video systems. Fundamental to those proposals are the concepts of drone registration and the legalisation of the right to self-defence against drones. Registration requires that a drone is registered with the regulatory authorities, with a registered drone being traceable back to the owner of the drone. Registered drones may also be required to carry a remotely-readable identifier. Legalisation of self-defence allows bystanders to take defensive actions against drones, with the potential for a drone to be destroyed. Both of these mechanisms provide a means by which the operator of a drone faces some cost if they are causing harm, and thus may induce more efficient actions by the drone operator. This thesis establishes a theoretical framework for self-defence, registration, and registration in conjunction with self-defence. Conditions are established under which each will be the preferred form of regulation. It is also established that the status quo, with neither registration nor self-defence, is likely to be optimal when harm from drone activity is relatively low. The conditions established around when self-defence is efficient also provide the conditions for the regulation of counter-drone systems. I identify the legal impediments to the implementation of drone-detection systems and counter-drone systems in New Zealand, and propose a regulatory framework to allow the adoption of those systems.</p>

Privacy and Smart Speakers in Research With Older Adults

Advances in artificial intelligence and computational linguistics have made smart speakers, such as Amazon Alexa^TM^ and Google Home^TM^, economical and widely available. For older adults particularly, devices with voice interfaces can help to overcome accessibility challenges that often accompany interaction with today’s technologies. However, voice-activation also requires devices to be in a continuous state of ambient listening, which can create a significant privacy risk for the user, one that is often amplified as smart speakers are placed in highly personal home spaces to facilitate their utility. Deployment of these devices in research settings poses additional risk, as traces of data filter through research teams, app developers, and third-party services that support research efforts. This presentation addresses the privacy aspects of deploying Google Home Mini^TM^ speakers in research that examined their feasibility for enhancing physical activity among sedentary older adults. Interviews with participants were conducted in two studies: the first included a demonstration of the device and physical activity program (n=15); and the second included in-home use of devices and a physical activity program (n=15). Content analysis of study documentation, field notes, and interviews revealed specific areas that require additional attention when utilizing smart speakers in research, including the capture of identifying information, protocols for data handling, and requirements for informed consent. These findings are discussed in context with extant literature on individual privacy concerns and behaviors related to smart household devices. Results from this study can inform future research efforts incorporating smart speakers, to mitigate potential risks of privacy violation.

Trusting Your Bank in a Digitally Connected World: An Investigation into Perceptions of Privacy by Bank Customers

<p>People are placing more of their personal information online as the use of online social networking sites (OSNs) grows. Individuals often lack an awareness around the privacy implications of placing their personal information on these sites but still have an expectation of privacy about this information that may not entirely be justified. OSN data is often used for purposes other than those for which it was provided, but customer demand for ethical and compassionate use of their data is growing. Customers expect greater corporate social responsibility from companies, and especially banks, after the recent global financial crisis. Customers may perceive the use of OSN data by New Zealand banks to influence their lending decisions as a privacy violation. This study is intended to evaluate whether this use of OSN data would be perceived by customers to be a violation of their privacy. The research was carried out through a web-based survey and follow-up interviews with selected respondents. It was found that the less aware that respondents were about OSN privacy policies, the greater their expectation of privacy. The research also highlighted that even respondents who did not expect their data to remain private still had an expectation of privacy. A lack of perceived control was found to be associated with a greater expectation of a privacy invasion. Trust in respondents' banks was associated with a negative perception of those banks' use of OSN data for lending decisions. This study has revealed a high likelihood that a perception of betrayal coupled with a perceived privacy violation would take place should New Zealand Banks use OSN data in this manner.</p>

Trusting Your Bank in a Digitally Connected World: An Investigation into Perceptions of Privacy by Bank Customers

<p>People are placing more of their personal information online as the use of online social networking sites (OSNs) grows. Individuals often lack an awareness around the privacy implications of placing their personal information on these sites but still have an expectation of privacy about this information that may not entirely be justified. OSN data is often used for purposes other than those for which it was provided, but customer demand for ethical and compassionate use of their data is growing. Customers expect greater corporate social responsibility from companies, and especially banks, after the recent global financial crisis. Customers may perceive the use of OSN data by New Zealand banks to influence their lending decisions as a privacy violation. This study is intended to evaluate whether this use of OSN data would be perceived by customers to be a violation of their privacy. The research was carried out through a web-based survey and follow-up interviews with selected respondents. It was found that the less aware that respondents were about OSN privacy policies, the greater their expectation of privacy. The research also highlighted that even respondents who did not expect their data to remain private still had an expectation of privacy. A lack of perceived control was found to be associated with a greater expectation of a privacy invasion. Trust in respondents' banks was associated with a negative perception of those banks' use of OSN data for lending decisions. This study has revealed a high likelihood that a perception of betrayal coupled with a perceived privacy violation would take place should New Zealand Banks use OSN data in this manner.</p>

Personalized privacy assistant for digital voice assistants: Case study on Amazon Alexa

The advancements in modern technologies permit the invention of various digital devices which are controlled and activated by people’s gestures, touch and even by one’s voice. Google Assistant, iPhone Siri, Amazon Alexa etc., are most popular voice enabled devices which have grabbed the attention of digital gadget users. Their usage definitely makes the life easier and comfortable. The other side of these smart enabled devices is incredible violation of the privacy. This happens due to their continuous listening to the user and data transmission over a public network to the third-party services. The work proposed in this paper attempts to overcome the existing privacy violation problem with the voice enabled devices. The main idea is to incorporate an intelligent privacy assistant that works based on the user preferences over their data.

Methodology of estimating the number of inhabitants to assess the population exposure to environmental noise in Japan

Population exposure has been used in the risk assessment process for environmental noise. The number of inhabitants is essential data for the evaluation of population exposure. However, such data is not opened to the public to prevent privacy violation. There are several existing methods for the estimation of the number of habitants, but only with limited accuracy. The purpose of this study is to propose a more accurate method for estimating the number of inhabitants using web scraping techniques and numerical maps issued by the Geospatial Information Authority of Japan. The number of inhabitants is estimated from the number of households and the census. The number of households is calculated based on the total number of housing that is extracted from using web scraping techniques. The proposed method is found to present a better accuracy of the number of inhabitants for the detached houses while the estimation for apartment houses should be still improved.

A Survey on Security and Privacy Issues in Modern Healthcare Systems

Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients’ treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this article, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the article with future research directions toward securing healthcare systems against common vulnerabilities.