International experience and common errors in protecting of confidentiality, protection and use of CbC reporting information

Within the OECD, where governments are working together to address important issues of globalization, efforts are also being made to help OECD member countries respond more quickly to new challenges, one of which is to ensure the confidentiality and proper use of information. The OECD provides governments with the opportunity to share experiences in implementing administrative policy, to seek answers to common problems, to identify best practices and to coordinate activities in the context of these issues. The study of issues related to ensuring confidentiality, protection and use of reporting information between countries (Country-by-country, hereinafter - CbC) in the article is considered from the standpoint of international experience, in the context of this issue. For Ukraine as a post-Soviet country, the study of relevant experience is presented by such countries as Georgia, Kazakhstan and Russia. The analysis of international experience in ensuring confidentiality and the appropriate level of protection of information that is the subject of exchange between OECD member countries as part of the implementation of the BEPS Action Plan. The research is based on a combination of general scientific methods, comparison methods and an empirical approach. A summary of the national regulations of the countries in question is made, which contain provisions on confidentiality, data protection and proper use of information Country-by-country reports. Based on the results of the study, it has been proven that different tax administrations should, in practice, have different approaches to ensure the required level of effective protection of confidentiality of country-by-country reports information and establish penalties for breach of confidentiality.

Legal Regime of Confidentiality Protection in the Mediation Process and Its Meaning

The work is dedicated to specific legal regime of confidentiality protection in the mediation process. To this end, not only the scope of the concept of confidentiality is explored, but also the peculiarities of its protection in mediation and in court. Legislative news and the standards recognized by the law “on mediation” is analyzed in this context. It is noteworthy, that due to several factors mediation becomes especially attractive for business in a pandemic conditions: unlike hearing the case in court, mediation is fast, cheap, calm, flexible and effective dispute resolution process aimed at maintaining the current relationship between the parties through mediation confidentiality. Given the confidentiality of the mediation process, the parties have a legitimate expectation that the information they disclose will remain confidential. It is confidentiality that empowers the trust of the parties towards mediation. At the same time, analysis of the law reveals that confidentiality is not absolute during mediation and it may be restricted in certain exceptional cases. Taking into account European experience and the obligations under the Association Agreement in Georgia was accepted the law “on mediation” in which it was formed exceptional cases of confidentiality restrictions. Moreover, disclosure of confi dential information is considered justified in exceptional cases if the preconditions established by law are met. It is advisable to evaluate the given cases as carefully and individually as possible. In this way, it will be ensured that the restriction of confidentiality, on the one hand, directly affects the areas defined by law, and on the other hand, as a result of its misinterpretation will not lead to the extension of the exception to the restriction and thus violate confidentiality.

“Hope for the Best, Plan for the Worst”: Understanding Institutional Inertia in Developing Confidentiality Protection Policies

When legal challenges to research confidentiality arise, researchers are expected to resist while the institutions that approve their research provide legal support to enable that resistance. Although researchers have done their part, university administrators have been much less consistent doing theirs. Canada’s federal policy now affirms university administrations “must” provide independent legal representation and “encourages” them to develop policies that articulate how they will do so. A national survey of Research Ethics Board (REB) Chairs and administrators found only one such policy, which turned our attention to factors that impeded creation of others like it. Administrative inertia, a lack of clear lines of responsibility, and resource issues top the list of justifications respondents offered. Implications for researchers, REBs, and university administrators are discussed.

Confidential Data Storage Systems for Wearable Platforms

With the features of mobility, reality augmentation, and context sensitivity, wearable devices are widely deployed into various domains. However, the sensitivity of collected data makes security and privacy protection one of the first priority in the advancement of wearable technologies. This chapter provides a study on encryption-based confidentiality protection for data storage systems in wearable platforms. The chapter first conducts a review to storage solutions in consumer wearable products and explores a two-tier, local flash memory and remote cloud storage, storage system in wearable platforms. Then encryption-based confidentiality protection and implementation methods for both flash memory and remote cloud storage are summarized. According to the interaction and integration of these two components, a categorization of confidential storage systems in wearable platforms is proposed. In addition, the benefits and selection criteria for each category are also discussed.

Embedded System Confidentiality Protection by Cryptographic Engine Implemented with Composite Field Arithmetic

Embedded systems are subjecting to various kinds of security threats. Some malicious attacks exploit valid code gadgets to launch destructive actions or to reveal critical details. Some previous memory encryption strategies aiming at this issue suffer from unacceptable performance overhead and resource consumption. This paper proposes a hardware based confidentiality protection method to secure the code and data stored and transferred in embedded systems. This method takes advantage of the I/D-cache structure to reduce the frequency of the cryptographic encryption and decryption processing. We implement the AES engine with composite field arithmetic to reduce the cost of hardware implementation. The proposed architecture is implemented on EP2C70 FPGA chip with OpenRisc 1200 based SoC. The experiment results show that the AES engine is required to work only in the case of I/D-cache miss and the hardware implementation overhead can save 53.24% and 13.39% for the AES engine and SoC respectively.

User Confidentiality Protection in Cloud Computing Using Enhanced Elliptic Curve Cryptography (ECC) Algorithm

Abstract— a lot of customers are concerned about their weakness to attack if their critical IT resources are beyond the firewall. The tremendously scalable nature of cloud computing allows users to access vast amounts of data and use computing resources distributed across different interfaces. Cloud entities, such as cloud service providers, users and business partners, share the resources available at different levels of technological operations. This paper focuses on user confidentiality protection in cloud computing using enhanced elliptic curve cryptography (ECC) algorithm over Galois Field GF(2m). The Strength of the proposed ECC algorithm depends on the complexity of computing discrete logarithm in a large prime modulus, and the Galois Field allows mathematical operations to mix up data easily and effectively. The methodology used involves encrypting and decrypting data to ensure user confidentiality protection and security in the cloud. Results show that the performance of ECC over Galois Field, in two area of evaluation, was better than the ECC algorithm which is used for comparison purpose.

SELECTED PROBLEMS OF SECURITY OF INFORMATION CONFIDENTIALITY IN CYBERSPACE

Information confidentiality is the one of the cornerstones of IT security, which is defined and described in ISO/IEC 27000 standard. Contemporary practices of disclosing information to unauthorized persons and systems are the reason for difficulties in this concept implementation. At every step we encounter situations where information is extracted or obtained illegally from different sources. The main purpose of this paper is to present the issue of information confidentiality protection in cyberspace, as a complex, full of contradictions problem of techno-social character. The role of information confidentiality in functioning of a society, organization and individual has been described. The most important information confidentiality threats have been characterized and the description of a number of incidents illustrating those threats has been quoted. Contemporary security threats have been presented as well as selected methods of information confidentiality protection transmitted in ICT networks. The characteristics of protection systems of information confidentiality have been analyzed, with special attention paid to their functionality and vulnerability to existing threats. The concept of protecting the confidentiality of information transmitted on the Internet based on the use of cryptography and steganography has been presented.