A Software Architecture to Ensure Surveillance Accountability

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/237983
Download file(s):
File Description SizeFormat 
237983.pdfFulltext1.73 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: A Software Architecture to Ensure Surveillance Accountability
Authors: Mukelabai, Mukelabei
Abstract: To meet various security objectives, organisations may employ surveillance technologies such as CCTV cameras or many other forms of online surveillance. However, several concerns have arisen as these technologies are becoming more and more privacy intrusive; thus threatening the civil liberties of the citizens they are meant to protect. More particularly, accountability and transparency are the most endangered privacy principles due to these surveillance activities. The complexity of surveillance activities and proliferation of personal information in today’s ubiquitous computing world renders access control and encryption techniques insufficient to protect privacy. Hence regulations and systems are needed to hold surveillance organisations accountable for the misuse of the information they gather and also make their operations transparent. This requires the use of an approach that ensures public trust and is also acceptable by Surveillance Organizations (SOs) as it should not compromise the main security objectives of the SO. However, some proposed approaches to achieve this accountability are either too weak as they rely on blindly trusting the SO or are too expensive or too intrusive in their requirements which would make them unacceptable by the SO. In certain legal cases, a court of law may request the SO to disclose to it, records related to a citizen under investigation. This thesis presents an architecture that includes two additional entities to the SO and Court: a Time Stamping Authority and an independent Data Protection Authority (DPA). This is to ensure the accountability of the SO to the DPA and also ensure that the SO can never use any observed fact about a Data Subject (a citizen in this context), in a court of law, without having previously committed that observation to the DPA.The architecture is evaluated by a model of its protocols which are for secrecy, authentication and integrity properties using ProVerif, a well known and mature protocol verification tool. Secrecy is used to prove that a secret observation cannot be leaked thus compromising the SO’s mission, while authentication and integrity properties ensure the accountability of the SO. The results provided by ProVerif show that secrecy and authentication can be preserved thus leading to the conclusion that it is possible for Software Engineers to design architectures that make a surveillance organization accountable while preserving its security objectives.
Keywords: Data- och informationsvetenskap;Computer and Information Science
Issue Date: 2016
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/237983
Collection:Examensarbeten för masterexamen // Master Theses

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.