Privacy vs. Data: Business Models in the digital, mobile Economy
Basic Information
Type of Lecture: | Lecture with Exercise |
---|---|
Course: | Master |
Hours/Week: | 2 |
Credit Points: | 6 |
Language: | German |
Term: | Summer 2016 |
Lecturers: | |
Email: |
Content of the Course
Description:
Course Contents
The majority of business models in the digital economy heavily rely on the existence of user data in order to enable a value proposition for users. For instance, advertisers use data for the targeting of advertisements whereas others apply it for the personalisation of their service offerings. However, what is beneficial for businesses often becomes of a threat to the privacy of users – especially if highly sensitive data, such as location data, is collected and processed without their consent. Within the digital economy field, this course is going to explore the area of conflict between data-centric business models and user privacy. Since mobile devices accumulate a significant amount of personal data about individuals, the following topics will be covered and examined with a special focus from this „mobile“ perspective:
-
-
-
- Digital data-driven business models
- Means of data collection and its threat to privacy
- Privacy and Data Protection
- Basics of Information Security
- Interplay between data and privacy within digital business models
-
-
Further information: Official "Privacy vs. Data" Lecture QIS Page
Literature:
-
-
-
- Studying how privacy regulation might impact economic activity on the advertising- supported Internet: Avi Goldfarb, Catherine E. Tucker (2011) Online Advertising, Behavioral Targeting, and Privacy, Communication of the ACM (54:5), New York, USA.
- THE TRADEOFF FALLACY - How Marketers Are Misrepresenting American Consumers And Opening Them Up to Exploitation, Joseph Turow, Michael Hennessy, Nora Draper, A Report from the Annenberg School for Communication University of Pennsylvania, USA.
-
-
Agenda:
Time:
-
-
-
- Mon, 25.04.16, 9 am - 5 pm (Room 2.202, RuW building)
- Tue, 26.04.16, 9 am - 5 pm (Room 2.202, RuW building)
- Wed, 27.04.16, 9 am - 1 pm (Room 1.801, Casino)
- Wed, 27.04.16, 1 pm - 5 pm (Room 2.202, RuW building)
- Thu, 28.04.16, 9 am - 5 pm (Room 2.202, RuW building)
- Fri, 29.04.16, 9 am - 5 pm (Room 2.202, RuW building)
-
-
Note: The course starts every day "cum tempore" (ct.)
Downloads:
-
-
-
- Lecture 1: Introduction & Course Organisation
- Lecture 2: Mobile Information & Communication Technology
- Lecture 3: Business Models, Markets and Platforms
- Lecture 4: Characteristics of Goods and Services in the Digital Economy
- Lecture 5: The “Big Four” in the Digital Economy
- Lecture 6: Online Profiling
- Lecture 7+8: Personal Data Collection & Usage
- Lecture 9+10: Privacy & Privacy Protection
- Lecture 11: (Mobile) Identity Management & Backbone Technologies of Digitalisation
- Lecture 12: Trade off between Privacy and ServiceValue
- Lecture 13: Research on Privacy, Identity and MobileBusiness
- Lecture 14: Lecture Conclusion & Written Exam Info
- Exercises
- World Café Results
-
-
Registration:
Course Registration and Written Exam Sign-Up:
IMPORTANT NOTE:
Successfully registered course participants are IN ADDITION required to sign up for the course’s written exam.
Exam
Seminar: IT-Sicherheitsmanagement
Basic Information
Type of Lecture: | Seminar |
---|---|
Course: | Master |
Hours/Week: | 2 |
Credit Points: | 6 |
Language: | German |
Term: | Winter 2016/2017 |
Lecturers: | |
Email: |
Content of the Course
Description:
Folien zur Kick-Off-Veranstaltung
Registration:
Maximum participants:
Exam
Project Seminar: Privacy in smartphone ecosystems
Basic Information
Type of Lecture: | Seminar |
---|---|
Course: | Master |
Hours/Week: | 6 |
Credit Points: | 12 |
Language: | English |
Term: | Winter 2016/2017 |
Lecturers: | |
Email: |
Content of the Course
Description:
Smartphone apps provide utility to their users by providing personalized and context-sensitive services. To achieve this, smartphone platforms provide those apps with access to a multiplicity of sensitive resources on the device e.g., device information, geolocation data, and user behavior information obtained from sensors. This capability however, poses important risks in regard to user privacy, especially considering that apps do not provide an appropriate level of transparency related to sensitive information processing.
The objective of this research project is to perform an extensive analysis of the state of the art in which different methodologies will be analyzed. Novel approaches will be investigated, and evaluated, specifically those emphasizing on understanding aspects such as context of app usage and purpose and functionality of apps when assessing their privacy properties.
Each project will be implemented by a group of students and will be focused on a specific perspective of the problem. Students focusing on the technical aspects are expected to have basic skills in
programming.
Topic 1: ““Transparency of smartphone apps”
Transparency is an important privacy principle, and strongly associated to the right of individuals to be informed about how and by whom their personal data have been processed, as well as the logic involved, such as data flows and its consequences. Human-computer interaction (HCI) techniques have the potential to substantially help users to better understand the privacy implications of the processing of their personal information especially for smartphone apps and in a similar form, support them to more easily have control of their data. Therefore, this project aims at identifying and addressing the challenges regarding user interface for providing transparency in smartphone apps. To this end, the project will investigate about the level of granularity by which users should be informed about the processing of their personal identifiable information and sensitive personal data. A literature review of HCI techniques, methods and tools to enhance transparency will be performed. Selected techniques will be analyzed and compared in terms of usability and usefulness, as well as the trade-offs with regard to commercial privacy requirements.
Topic 2: “Assessing privacy of smartphone apps through crowdsource comments”
Due to the lack of an appropriate level of transparency with regard to the processing of sensitive information by smartphone apps, smartphone users cannot identify data leakages and assess how their apps impact their privacy. Current privacy indicators in smartphone ecosystems have been shown to be ineffective regarding risk communication. Further, there are no means to help users make informed decisions regarding app selection. This project will investigate appropriate methods to support informed decision-making, by assessing the privacy of smartphones apps using crowd-source comments. It will provide a privacy risk score that will consider additional factors such as the context of app usage and its purpose and functionality. To this end, an extensive literature review will be performed, promising approaches will be identified and evaluated towards the implementation of a prototype using that for instance will benefit of machine learning techniques to identify the context and usage of the application as well as privacy related comments and ultimately provide a privacy risk score.
Topic 3: “Assessing privacy of smartphone apps through the analysis of data flows”
In current smartphone ecosystems a large number of available applications lack of proper information with regard their data access behavior, i.e. they are often poorly understood, in particular concerning their activities and functions related to privacy and security. In this regard, it is vital to provide users with information about the privacy risk of the installed applications (or desired to install); for instance, an application can lead to privacy risk because insecure data access permissions have been implemented in it. Therefore, proper mechanisms to automatically detect and evaluate the security risks and privacy invasiveness of smartphone apps are needed. To this end, a literature review is first needed to analyze and investigate which characteristics make an application a potential danger with regard to user's security and privacy. Afterwards, a technical/mathematical approach is required to provide a privacy score that will take into consideration the behavior of the application with regard to access permissions, data flows, and frequency of access and context/usage of the application
Topic 4: “Privacy risk indicators for smartphone apps”
Nowadays, it has become obvious that smartphone apps can easily exploit personal identifiable and sensitive information from users installing the applications in their smartphones. While users have become increasingly concerned towards their privacy, it has also been proved that smartphone users usually ignore any privacy related indicators. A potential reason could be that those indicators are not appropriate enough to provide enough awareness and at the same time encourage users to take proper measures. In this regard, application designers/developers could make the indicators more attractive and usable for users (from a psychological perspective). Therefore, the goal of this project is to provide a reliable foundation to highlight the importance of the psychological aspects of privacy when designing of privacy indicators for smartphone applications. The important aspect of this project is to clarify the psychological influences on the privacy indicators in smartphone apps (from both the application developers' and users' point of views). First, an extensive literature review should be done in order to classify the crucial psychological factors which have been ignored by the developers in designing of privacy indicators. After this classification, a case study should be performed (between 10 to 20 participants) to assess and measure the classification of the psychological factors in terms of usability and usefulness in order to determine whether they are important to the real users or not.
Topic 1
K. Y. Huang, "Challenges in Human-Computer Interaction Design for Mobile Devices," Proceedings of the World Congress on Engineering and Computer Science, USA, 2009.
I. Liccardi, J. Pato, and D. J. Weitzner, "Improving Mobile App Selection through Transparency and Better Permission Analysis," Journal of Privacy and Confidentiality (2013) 5, No. 2, 1–55.
L. Cen, L. Si, N. Li, and H. Jin, "User Comment Analysis for Android apps and CSPI Detection with Comment Expansion," Proceedings of the 1st International Workshop on PrivacyPreserving IR: When Information Retrieval Meets Privacy and Security (PIR 2014), 2014.
D. Kong, L. Cen, and H. Jin, "AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications," Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015.
Y. Jing, G. J. Ahn, Z. Zhao, and H. Hu, "RiskMon: Continuous and Automated Risk Assessment of Mobile Applications," Proceedings of the 4th ACM conference on Data and application security and privacy, 2014.
A. Mylonas, M. Theoharidou, and D. Gritzalis, "Assessing Privacy Risks in Android: A User-Centric Approach," Lecture Notes in Computer Science, 2014.
L. Kraus, I. Wechsung, and S. Moller, "Exploring PsychologicalNeed Fulfillment for Security and Privacy Actions onSmartphones," Proceedings of the 12thSymposium on Usable Privacy and Security, 2016.
M. Baddeley, "A Behavioural Analysis of Online Privacy and Security," Cambridge Working Papers in Economics, 2011.
Agenda:
Registration:
Instructions
The course registration is mandatory and will take place electronically via m-chair.de (registration section of the project seminar) within the period 1st to 10th of October. The maximum number of students allowed for this project seminar is 12 and the seminar participants will be chosen by the first-come first-served principle. If the maximum number of students is exceeded, the registration system will offer a waiting list for further potential participants. Once the registration deadline has expired, all course applicants will be notified via email about their final registration status.
The course registration does not replace the examination registration, which is needed to finally get graded in this course.
Examination registration and withdrawal take place within the period 13th to 26th of October 2016. Students will have to sign the registration list during the organizational Meeting on the 25th of October.
Maximum participants:
Exam:
Information:
Date: 10.Jan.2017
Time: 10:00 - 12:00
Room: 2.202
Information & Communication Security
Basic Information
Type of Lecture: | Lecture with Exercise |
---|---|
Course: | Master |
Hours/Week: | 2 |
Credit Points: | 6 |
Language: | English |
Term: | Winter 2016/2017 |
Lecturers: | |
Email: |
Content of the Course
Description:
The "Information and Communication Security" lecture series provides a general introduction to the topic of information and communication security. Students will be qualified to identify security challenges that come along with using and employing information and communication systems, and to identify and apply adequate means and methods to solve them. Emphasis will be put on the organizational and technical set-up of infrastructures, also including aspects of pragmatic and professional risk management, and profitability analysis of security concepts and technologies. Further, students will be qualified to identify and assess security risks, in order to develop and establish appropriate security strategies. Contents presented in the lecture will also be discussed in the context of international standardization and regulation activities in the domain of information and communication security, allowing students to consider long-term developments, trends, and challenges in their analysis.
Agenda:
Time and Place:
-
-
-
- Tuesday, 14.00 - 16.00, Hörsaalzentrum - HZ 15
- Wednesday, 10.00 - 12.00, Hörsaalzentrum - HZ 15
- Agenda:
- 18-Oct-16 VL1 Introduction
- 19-Oct-16 VL2 Authentication
- 26-Oct-16 Ü1 Authentication
- 01-Nov-16 VL3 Access Control
- 02-Nov-16 VL4 Cryptography I
- 09-Nov-16 VL5 Cryptography II
- 15-Nov-16 Ü2 Access Control
- 16-Nov-16 G1 Guest Lecture on Biometrics by Jürgen Kühn (SVA - System Vertrieb Alexander)
- 23-Nov-16 VL6 Electronic Signatures
- 29-Nov-16 VL7 Identity Management
- 30-Nov-16 Ü3 Cryptography I
- 07-Dec-16 VL8 Privacy Protection I
- 13-Dec-16 VL9 Privacy Protection II
- 14-Dec-16 Ü4 Cryptography II
- 21-Dec-16 VL10 Computer System Security
- 10-Jan-17 G2 Guest Lecture on Social Engineering by Jens Eichler (RühlConsulting)
- 11-Jan-17 G3 Guest Lecture on Information security management by Amir Neziri (Lufthansa)
- 18-Jan-17 VL11 Network Security I
- 24-Jan-17 VL12 Network Security II
- 25-Jan-17 G4 Guest Lecture on Pentests by Dr. Daniel Hamburg (TÜVRheinland)
- 01-Feb-17 VL13 Security Engineering
- 07-Feb-17 VL14 Evaluation Criteria
- 08-Feb-17 Ü5 Exam prep and wrap up
-
-
Downloads:
-
-
-
- Lecture 1: Introduction
- Lecture 2: Authentication
- Lecture 3: Access Control (updated)
- Lecture 4: Cryptography I
- Lecture 5: Cryptography II
- Guest Lecture: Biometrics
- Lecture 6: Electronic Signature
- Lecture 7: Identity Management
- Lecture 8: Privacy Protection I
- Lecture 9: Privacy Protection II
- Lecture 10: Computer System Security
- Lecture 11: Network Security I
- Lecture 12: Network Security II
- Lecture 13: Security Engineering
-
-
Exam
Information:
Mobile Business I - Technology, Markets, Platforms, and Business Models
Basic Information
Type of Lecture: | Lecture with Exercise |
---|---|
Course: | Master |
Hours/Week: | 2 |
Credit Points: | 6 |
Language: | English |
Term: | Winter 2016/2017 |
Lecturers: | |
Email: |
Content of the Course
Description:
The "Mobile Business" lecture series provides an introduction to technologies and economic principles defining these markets. Students will be qualified to identify success factors of mobile business models and to judge on possible application scenarios. Starting with the basics of mobile communication services, emphasis will be put on an analysis of the interaction between individuals and mobile devices / services.
This includes an historic overview across the development of mobile communication infrastructures, services, and protocols. Based on this, students will be qualified to identify possibilities and limitations of mobile business applications and business models, in order to consider the resulting opportunities and challenges when deriving the success factors. Characteristic attributes of mobile services, especially in contrast to electronic services, will be outlined and considered in an analysis of the current market environment for mobile business applications. Furthermore, traditional as well as emerging business models will be discussed. The course concludes with a presentation and discussion of several exemplary application scenarios. Students will be able to reflect on specific attributes of mobile applications, to analyse new scenarios, and to draw connections to traditional and established scenarios.
Agenda:
-
-
-
- Tue, Oct 18 at 10:00-12:00 in HZ15
VL01 - Introduction to Mobile Business 1 - Tue, Oct 25 at 10:00-12:00 in HZ15
VL02 - Mobile Telecommunication Infrastructures - Tue, Oct 25 at 14:00-16:00 in HZ15
E01 - The Pokémon Go Hype: How Augmented Reality (AR) Is Able to Shape the Digital Future (please bring a laptop to the lecture) - Tue, Nov 1 at 10:00-12:00 in HZ15
VL03 - Wireless Internet-oriented Infrastructures and Protocols - Tue, Nov 1 at 18:00-20:00 in HZ15
VL04 - Electronic Business vs. Mobile Business - Tue, Nov 8 at 10:00-12:00 in HZ15
VL05 - Mobile Communication Services - Tue, Nov 15 at 10:00-12:00 in HZ15
E02 - Technology Basics I - VL02-04 - Tue, Nov 22 at 14:00-16:00 in HZ15
VL06 - Market Structure and Value Chain - Tue, Nov 29 at 8:00-10:00 in HZ15
VL08 - Smartcards and Infrastructures - Tue, Nov 29 at 10:00-12:00 in HZ15
VL09 - Mobile Devices - Tue, Dec 6 at 10:00-12:00 in HZ15
VL07 - Business Models (Please note: lecture 7 will be shifted to this date!) - Tue, Dec 6 at 14:00-16:00 in HZ15
E03 - Economics Basics I - VL05-07 - Tue, Dec 13 at 10:00-12:00 in HZ15
VL10 - Concepts of Mobile OS - Tue, Dec 20 at 10:00-12:00 in HZ15
VL11 - Mobile OS and Security Aspects - Tue, Dec 20 at 14:00-16:00 in HZ15
E04 - Technology Basics II - VL08-10 - Tue, Jan 10 at 10:00-12:00 in HZ15
CS01 - Case Study on IoT Business Models (Michael Pachmajer, pwc) - Tue, Jan 17 at 10:00-12:00 in HZ15
CS02 - Case Study on IoT Business Models (Michael Pachmajer, pwc) - Tue, Jan 17 at 14:00-16:00 in HZ15
VL12 - Trusted Devices - Tue, Jan 24 at 10:00-12:00 in HZ15
VL13 - Acceptance and Success Factors in Mobile Business - Tue, Jan 31 at 10:00-12:00 in HZ15
CS03 - Accenture: Gamification in a Digital World - Tue, Jan 31 at 14:00-16:00 in HZ15
E05 - Economics Basics II - VL11-13 - Tue, Feb 7 at 10:00-12:00 in HZ15
VL14 - Exam Preparation - Questions & Answers
Please send your questions via mail (This email address is being protected from spambots. You need JavaScript enabled to view it. ) no later
than Thursday, 2.2.2017 at 14:00.
- Tue, Oct 18 at 10:00-12:00 in HZ15
-
-
Downloads:
-
-
-
- Lecture 01: Introduction to Mobile Business (updated 9 February 2017)
- Lecture 02: Basic Communication Paradigms and Mobile Telecommunications Infrastructures (updated 9 February 2017)
- Lecture 03: Wireless Internet-oriented Infrastructures and Protocols
- Lecture 04: Electronic Business vs. Mobile Business
- Lecture 05: Mobile Communication Services
- Lecture 06: Market Structure and Value Creation
- Lecture 07: Business models
- Lecture 08: Smartcards and Infrastructures (updated 1 December 2016)
- Lecture 09: Mobile devices (updated 1 December 2016)
- Lecture 10: Concepts of Mobile OS (updated 13 December 2016)
- Lecture 11: Mobile OS and Security Aspects (updated 18 January 2017)
- Lecture 12: Mobile Trusted Devices (updated 21 December 2016)
- Lecture 13: Acceptance and Success Factors in Mobile Business (the relevant slides are only up to slide 26, which were covered in the class)
- Lecture 14: Exam preparation session
- Lecture 01: Introduction to Mobile Business (updated 9 February 2017)
-
-
-
-
-
- Case study on IoT Business Models (Michael Pachmajer, pwc)
- Guest Lecture on Gamification (Jasmin Deniz Karatas, Accenture
- Exercise 1: Augmented Reality
- Exercise 2: Technology Basics I & Solutions
- Exercise 3: Economic Basics I (updated) & Solutions
- Exercise 4: Technology Basics II & Solutions
- Exercise 5: Economic Basics II & Solutions
- Case study on IoT Business Models (Michael Pachmajer, pwc)
-
-
Exam
Information: