Main Page
Report
Program
Session I
Session II
Session III
Session IV
Session V
Session VI
 
Intellectual Property Rights Page
 

For more information, please contact Mark Frankel.
 
Scientific Freedom, Responsibility & Law Program
 

PRIVACY, SECURITY, AUTHENTIFICATION
Ken Metzner
Academic Press

Privacy

  • EU directive to member countries to define their laws with respect to personal data: e.g. name, address, ID, card numbers, interests, what they are looking at, etc.
  • Must state what is retained, purpose, internal use only?, wider use?
  • Reasonable limitations, stated purpose only
  • Disclosure of the intended purpose of collecting the data, to the customer or user is essential
  • EU directive forbids transfer of such data to countries outside EU lacking equivalent laws or regulations; applies even within the divisions of a multinational company
  • Access for person whose data are stored
  • USA will probably soon enact similar laws or regulations, with emphasis on disclosure and special rules for children
  • Many companies now looking to be “certified” with respect to handling of data
  • Probable consequence: More careful collecting, storing, and handling of personal data

Security

  • Problem: security of collected personal data
  • Problem: security of commercial and financial data
  • Problem: law enforcement needs to guard against crime and terrorist activity
  • More pressure to come on US government to loosen export restrictions on strong encryption
  • WIPO treaty on copyright and database protection will bring greater opportunities for technology to be applied e.g. to allow reading, but not printing; downloading, but not retransmission
  • New US law to address not only commer-cial purposes, but also commercial impact
  • Price differentiation by type of customer: e.g. students versus faculty, type of institution, access only in off-hours
  • Ability to make contracts of advantage to poorer customers (by age, geography, etc.)
  • Real-time access to instant information, versus later access for legal, audit, or archival purposes

Authentication

  • Problem: Insure that a person who claims a particular identity or access right, really is that person or has that right (member of an institution or a society? Owner of account?)
  • User-name and password, IP address
  • Can be abused: cost of other methods compared to the cost of lost business
  • More sophisticated: dedicated services