|
|

PRIVACY, SECURITY, AUTHENTIFICATION
Ken Metzner
Academic Press
Privacy
- EU directive to member countries to define their laws with respect
to personal data: e.g. name, address, ID, card numbers, interests, what
they are looking at, etc.
- Must state what is retained, purpose, internal use only?, wider use?
- Reasonable limitations, stated purpose only
- Disclosure of the intended purpose of collecting the data, to the
customer or user is essential
- EU directive forbids transfer of such data to countries outside EU
lacking equivalent laws or regulations; applies even within the divisions
of a multinational company
- Access for person whose data are stored
- USA will probably soon enact similar laws or regulations, with emphasis
on disclosure and special rules for children
- Many companies now looking to be “certified” with respect to handling
of data
- Probable consequence: More careful collecting, storing, and handling
of personal data
Security
- Problem: security of collected personal data
- Problem: security of commercial and financial data
- Problem: law enforcement needs to guard against crime and terrorist
activity
- More pressure to come on US government to loosen export restrictions
on strong encryption
- WIPO treaty on copyright and database protection will bring greater
opportunities for technology to be applied e.g. to allow reading, but
not printing; downloading, but not retransmission
- New US law to address not only commer-cial purposes, but also commercial
impact
- Price differentiation by type of customer: e.g. students versus faculty,
type of institution, access only in off-hours
- Ability to make contracts of advantage to poorer customers (by age,
geography, etc.)
- Real-time access to instant information, versus later access for legal,
audit, or archival purposes
Authentication
- Problem: Insure that a person who claims a particular identity or
access right, really is that person or has that right (member of an
institution or a society? Owner of account?)
- User-name and password, IP address
- Can be abused: cost of other methods compared to the cost of lost
business
- More sophisticated: dedicated services
|