Unwinding Ariadne's Identity Thread

Aktypi, Angeliki; Nurse, Jason R. C.; Goldsmith, Michael

doi:10.1145/3137616.3137617

Cited by 38 publications

(11 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent research [4] has found that many popular devices have extremely lax security standards for the data they collect. Other work has found that privacy leakages in the Bluetooth communication between these trackers and a smartphone can track a person's movements (and identify them by gait) [5], or, related to the above discussion of re-identification, can leverage information posted on social media from these trackers with other public information to find home addresses [6]. The relatively lax regulatory environment that governs these trackers does not help mitigate these risks.…”

Section: Golden State Killermentioning

confidence: 99%

Current regulations will not protect patient privacy in the age of machine learning

Narayan

2020

MIT Science Policy Review

View full text Add to dashboard Cite

Machine learning (ML) has shown great promise in advancing health outcomes by parsing ever more effectively through massive clinical and genomic datasets. These advances are tempered by fears that they come at the cost of privacy. Since data relating to health are particularly sensitive because of immutability and comprehensiveness, these privacy concerns must be seriously addressed. We consider examples (the Golden State Killer, the Personal Genome Project, and the rise of wearable fitness trackers) where the tension between technological progress and lost privacy is already apparent. We discuss, in light of ML capabilities, the current state of privacy regulation in healthcare. We note the Constitutional right to privacy does not yet in general protect voluntary disclosures of data; HIPAA, the current law regulating healthcare data in the US, does not apply to the burgeoning field of healthcare-adjacent companies and organizations collecting health data; and access controls remain subject to re-identification attacks. We then discuss the active research in algorithmic paradigms for privacy, highlighting their promise but also their limitations. In order to encourage technological progress, reframing privacy for the age of ML might involve extending the Constitutional right to privacy, extending the applicability of HIPAA, and/or enforcing transparent privacy policies.

show abstract

Section: Golden State Killermentioning

confidence: 99%

Current regulations will not protect patient privacy in the age of machine learning

Narayan

2020

MIT Science Policy Review

View full text Add to dashboard Cite

show abstract

“…As wearable devices, such as the glasses from Andrew's story, become more complex and diverse due to industry manufacturers striving to deliver more features and functionality to users at lower costs, it is unsuspecting and uninformed users of such devices, as well as bystanders, that become exposed to a wider range of potential security and privacy attacks from malicious parties [30,66,93]. But glasses are not the only wearables that can become targets of such attacks: smartwatches, fitness trackers, and armbands have been repeatedly exposed in the scientific literature as being unsecure [6,15,20,30,81,94,94]. However, unlike smartwatches and fitness trackers, for which a large body of literature has uncovered many security threats and proposed defense mechanisms, similar systematic investigations for glasses are lacking.…”

Section: :2 • Opaschi and Vatavumentioning

confidence: 99%

“…The advent of wearables that publicly advertise their presence in the radio spectrum, share the data they collect with connected devices or with services from the cloud, and register to unsecured local networks, demands dedicated attention to the privacy and security threats to which they expose their users. Some of those security threats have been recently uncovered for smartwatches [81,93,94], fitness trackers [6,15,20,30], and smart armbands [103], but considerably less attention has been devoted to examine the security of video streaming camera glasses. Regarding the latter, the main focus of research has been the privacy of bystanders and their reactions to wearers of such devices [23,25,43,[48][49][50].…”

Section: Related Workmentioning

confidence: 99%

“…Classen et al [15] analyzed the Fitbit ecosystem and revealed several vulnerabilities, where attackers could exploit the Fitbit protocol to extract private data about users or wirelessly flash malware. And Aktypi et al [6] examined the exposure of user identity to third parties caused by such devices automatically sharing their users' physical performance on social networks.…”

Section: Security and Privacy Threats For Wearablesmentioning

confidence: 99%

See 1 more Smart Citation

Uncovering Practical Security and Privacy Threats for Connected Glasses with Embedded Video Cameras

Opaschi

Vatavu

2020

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

We address in this work security and privacy threats for connected camera glasses, for which very few investigations have been conducted so far, despite the considerable attention to understanding security concerns for other wearables, such as smartwatches and fitness trackers. To raise awareness about such threats, we present the results of a case study involving a low-cost spy camera glasses device, readily available on the market, that can be used to record and stream live video, for which we demonstrate infringement of several privacy requirements (regarding the camera glasses device itself, the data collected by the embedded video camera, the wearer of the device, and for bystanders as well) that lead to corresponding security threats (e.g., data confidentiality, integrity, availability, and access control). To foster replicability and reproducibility of our empirical results, investigation method, and implementation of attacks, we describe our case study in the form of a detailed activity log and release full C++ code implementing our approach. Furthermore, we present our findings to three IT security experts and summarize their recommendations for designing more secure connected camera glasses.

show abstract

“…When designing Geollery, we take privacy concerns into consideration right at the beginning since location data may reveal details of people's lives [32]. We tackle privacy in two ways:…”

Section: Privacymentioning

confidence: 99%

Geollery

Varshney

2019

Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

3D buildings with 360°images geotagged social media virtual avatars and live chats geotagged virtual gifts geotagged street art geotagged framed photos Geollery.com Figure 1: Geollery creates an interactive mirrored world where users are immersed with 3D buildings, live chats, and geotagged social media. The social media are visualized as balloons, billboards, framed photos, and gift boxes in real time.

show abstract

Unwinding Ariadne's Identity Thread

Cited by 38 publications

References 27 publications

Current regulations will not protect patient privacy in the age of machine learning

Current regulations will not protect patient privacy in the age of machine learning

Uncovering Practical Security and Privacy Threats for Connected Glasses with Embedded Video Cameras

Geollery

Contact Info

Product

Resources

About