It's axiomatic to state that people fear what they do not understand, and this is especially true when it comes to technology. However, despite their prevalence, computers remain shrouded in mystery, and many users feel apprehensive when interacting with them. Smartphones have only exacerbated the issue. Indeed, most users of these devices leverage only a small fraction of the power they hold in their hands. How Things Work: The Computer Science Edition is a roadmap for readers who want to overcome their technophobia and harness the full power of everyday technology. Beginning with the basics, the book demystifies the mysterious world of computer science, explains its fundamental concepts in simple terms, and answers the questions many users feel too intimidated to ask. By the end of the book, readers will understand how computers and smart devices function and, more important, how they can make these devices work for them. To complete the picture, the book also introduces readers to the darker side of modern technology: security and privacy concerns, identity theft, and threats from the Dark Web.

Internet attack on computer systems is pervasive. It can take from less than a minute to as much as eight hours for an unprotected machine connected to the Internet to be completely compromised. It is the information security architect's job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer system's existing information security posture. Detailing the time-tested practices of experienced security architects, it explains how to deliver the right security at the right time in the implementation lifecycle. Securing Systems: Applied Security Architecture and Threat Models covers all types of systems, from the simplest applications to complex, enterprise-grade, hybrid cloud architectures. It describes the many factors and prerequisite information that can influence an assessment. The book covers the following key aspects of security analysis: When should the security architect begin the analysis? At what points can a security architect add the most value? What are the activities the architect must execute? How are these activities delivered? What is the set of knowledge domains applied to the analysis? What are the outputs? What are the tips and tricks that make security architecture risk assessment easier? To help you build skill in assessing architectures for security, the book presents six sample assessments. Each assessment examines a different type of system architecture and introduces at least one new pattern for security analysis. The goal is that after you've seen a sufficient diversity of architectures, you'll be able to understand varied architectures and can better see the attack surfaces and prescribe security solutions.

This book examines the FinTech revolution from a data privacy perspective. It analyzes key players on the FinTech market and the developments in various market segments. Particular attention is paid to an empirical analysis of the privacy statements of 505 German FinTech firms and how they were adapted after the General Data Protection Regulation (GDPR) entered into effect in May 2018. The analysis also includes 38 expert interviews with relevant stakeholders from supervisory and regulatory authorities, the financial and FinTech industry, leading consulting firms and consumer protection agencies. By adopting this approach, the book identifies key regulatory needs, offers a valuable asset for practitioners and academics alike, and shares intriguing insights for lawyers, economists and everyone interested in FinTech and data privacy.

Neuroscience has begun to intrude deeply into what it means to be human, an intrusion that offers profound benefits but will demolish our present understanding of privacy. In Privacy in the Age of Neuroscience, David Grant argues that we need to reconceptualize privacy in a manner that will allow us to reap the rewards of neuroscience while still protecting our privacy and, ultimately, our humanity. Grant delves into our relationship with technology, the latest in what he describes as a historical series of 'magnitudes', following Deity, the State and the Market, proposing the idea that, for this new magnitude (Technology), we must control rather than be subjected to it. In this provocative work, Grant unveils a radical account of privacy and an equally radical proposal to create the social infrastructure we need to support it.

IoT is empowered by various technologies used to detect, gather, store, act, process, transmit, oversee, and examine information. The combination of emergent technologies for information processing and distributed security, such as Cloud computing, Artificial intelligence, and Blockchain, brings new challenges in addressing distributed security methods that form the foundation of improved and eventually entirely new products and services. As systems interact with each other, it is essential to have an agreed interoperability standard, which is safe and valid. This book aims at providing an introduction by illustrating state-of-the-art security challenges and threats in IoT and the latest developments in IoT with Cloud, AI, and Blockchain security challenges. Various application case studies from domains such as science, engineering, and healthcare are introduced, along with their architecture and how they leverage various technologies Cloud, AI, and Blockchain. This book provides a comprehensive guide to researchers and students to design IoT integrated AI, Cloud, and Blockchain projects and to have an overview of the next generation challenges that may arise in the coming years.

The growth of data-collecting goods and services, such as ehealth and mhealth apps, smart watches, mobile fitness and dieting apps, electronic skin and ingestible tech, combined with recent technological developments such as increased capacity of data storage, artificial intelligence and smart algorithms, has spawned a big data revolution that has reshaped how we understand and approach health data. Recently the COVID-19 pandemic has foregrounded a variety of data privacy issues. The collection, storage, sharing and analysis of health- related data raises major legal and ethical questions relating to privacy, data protection, profiling, discrimination, surveillance, personal autonomy and dignity. This book examines health privacy questions in light of the General Data Protection Regulation (GDPR) and the general data privacy legal framework of the European Union (EU). The GDPR is a complex and evolving body of law that aims to deal with several technological and societal health data privacy problems, while safeguarding public health interests and addressing its internal gaps and uncertainties. The book answers a diverse range of questions including: What role can the GDPR play in regulating health surveillance and big (health) data analytics? Can it catch up with internet-age developments? Are the solutions to the challenges posed by big health data to be found in the law? Does the GDPR provide adequate tools and mechanisms to ensure public health objectives and the effective protection of privacy? How does the GDPR deal with data that concern children's health and academic research? By analysing a number of diverse questions concerning big health data under the GDPR from various perspectives, this book will appeal to those interested in privacy, data protection, big data, health sciences, information technology, the GDPR, EU and human rights law.

As the 2020 global lockdown became a universal strategy to control the COVID-19 pandemic, social distancing triggered a massive reliance on online and cyberspace alternatives and switched the world to the digital economy. Despite their effectiveness for remote work and online interactions, cyberspace alternatives ignited several Cybersecurity challenges. Malicious hackers capitalized on global anxiety and launched cyberattacks against unsuspecting victims. Internet fraudsters exploited human and system vulnerabilities and impacted data integrity, privacy, and digital behaviour. Cybersecurity in the COVID-19 Pandemic demystifies Cybersecurity concepts using real-world cybercrime incidents from the pandemic to illustrate how threat actors perpetrated computer fraud against valuable information assets particularly healthcare, financial, commercial, travel, academic, and social networking data. The book simplifies the socio-technical aspects of Cybersecurity and draws valuable lessons from the impacts COVID-19 cyberattacks exerted on computer networks, online portals, and databases. The book also predicts the fusion of Cybersecurity into Artificial Intelligence and Big Data Analytics, the two emerging domains that will potentially dominate and redefine post-pandemic Cybersecurity research and innovations between 2021 and 2025. The book's primary audience is individual and corporate cyberspace consumers across all professions intending to update their Cybersecurity knowledge for detecting, preventing, responding to, and recovering from computer crimes. Cybersecurity in the COVID-19 Pandemic is ideal for information officers, data managers, business and risk administrators, technology scholars, Cybersecurity experts and researchers, and information technology practitioners. Readers will draw lessons for protecting their digital assets from email phishing fraud, social engineering scams, malware campaigns, and website hijacks.

With the advent of the IT revolution, the volume of data produced has increased exponentially and is still showing an upward trend. This data may be abundant and enormous, but it's a precious resource and should be managed properly. Cloud technology plays an important role in data management. Storing data in the cloud rather than on local storage has many benefits, but apart from these benefits, there are privacy concerns in storing sensitive data over third-party servers. These concerns can be addressed by storing data in an encrypted form; however, while encryption solves the problem of privacy, it engenders other serious issues, including the infeasibility of the fundamental search operation and a reduction in flexibility when sharing data with other users, amongst others. The concept of searchable encryption addresses these issues. This book provides every necessary detail required to develop a secure, searchable encryption scheme using both symmetric and asymmetric cryptographic primitives along with the appropriate security models to ensure the minimum security requirements for real-world applications.

What is the appropriate balance between privacy, security, and accountability? What do we owe each other in terms of information sharing and access? Why is privacy valuable and is it more or less important than other values like security or free speech? Is Edward Snowden a hero or villain? Within democratic societies, privacy, security, and accountability are seen as important values that must be balanced appropriately. If there is too much privacy, then there may be too little accountability - and more alarmingly, too little security. On the other hand, where there is too little privacy, individuals may not have the space to grow, experiment, and engage in practices not generally accepted by the majority. Moreover, allowing overly limited control over access to and uses of private places and information may itself be a threat to security. By clarifying the moral, legal, and social foundations of privacy, security, and accountability, this book helps determine the appropriate balance between these contested values. Twelve specially commissioned essays provide the ideal resource for students and academics in information and applied ethics.

This book provides the state-of-the-art development on security and privacy for fog/edge computing, together with their system architectural support and applications. This book is organized into five parts with a total of 15 chapters. Each area corresponds to an important snapshot. The first part of this book presents an overview of fog/edge computing, focusing on its relationship with cloud technology and the future with the use of 5G communication. Several applications of edge computing are discussed. The second part of this book considers several security issues in fog/edge computing, including the secure storage and search services, collaborative intrusion detection method on IoT-fog computing, and the feasibility of deploying Byzantine agreement protocols in untrusted environments. The third part of this book studies the privacy issues in fog/edge computing. It first investigates the unique privacy challenges in fog/edge computing, and then discusses a privacy-preserving framework for the edge-based video analysis, a popular machine learning application on fog/edge. This book also covers the security architectural design of fog/edge computing, including a comprehensive overview of vulnerabilities in fog/edge computing within multiple architectural levels, the security and intelligent management, the implementation of network-function-virtualization-enabled multicasting in part four. It explains how to use the blockchain to realize security services. The last part of this book surveys applications of fog/edge computing, including the fog/edge computing in Industrial IoT, edge-based augmented reality, data streaming in fog/edge computing, and the blockchain-based application for edge-IoT. This book is designed for academics, researchers and government officials, working in the field of fog/edge computing and cloud computing. Practitioners, and business organizations (e.g., executives, system designers, and marketing professionals), who conduct teaching, research, decision making, and designing fog/edge technology will also benefit from this book The content of this book will be particularly useful for advanced-level students studying computer science, computer technology, and information systems, but also applies to students in business, education, and economics, who would benefit from the information, models, and case studies therein.

Digitising personal information is changing our ways of identifying persons and managing relations. What used to be a "natural" identity, is now as virtual as a user account at a web portal, an email address, or a mobile phone number. It is subject to diverse forms of identity management in business, administration, and among citizens. Core question and source of conflict is who owns how much identity information of whom and who needs to place trust into which identity information to allow access to resources.

This book presents multidisciplinary answers from research, government, and industry. Research from states with different cultures on the identification of citizens and ID cards is combined towards analysis of HighTechIDs and Virtual Identities, considering privacy, mobility, profiling, forensics, and identity related crime.

"FIDIS has put Europe on the global map as a place for high quality identity management research." V. Reding, Commissioner, Responsible for Information Society and Media (EU)"

Cyber-Security Threats, Actors, and Dynamic Mitigation provides both a technical and state-of-the-art perspective as well as a systematic overview of the recent advances in different facets of cyber-security. It covers the methodologies for modeling attack strategies used by threat actors targeting devices, systems, and networks such as smart homes, critical infrastructures, and industrial IoT. With a comprehensive review of the threat landscape, the book explores both common and sophisticated threats to systems and networks. Tools and methodologies are presented for precise modeling of attack strategies, which can be used both proactively in risk management and reactively in intrusion prevention and response systems. Several contemporary techniques are offered ranging from reconnaissance and penetration testing to malware detection, analysis, and mitigation. Advanced machine learning-based approaches are also included in the area of anomaly-based detection, that are capable of detecting attacks relying on zero-day vulnerabilities and exploits. Academics, researchers, and professionals in cyber-security who want an in-depth look at the contemporary aspects of the field will find this book of interest. Those wanting a unique reference for various cyber-security threats and how they are detected, analyzed, and mitigated will reach for this book often.

"Biometrics in the New World" takes a fresh look at biometrics and identity management within a fast-changing world.

The concept of biometric identity verification is revisited, including identity intelligence, federation and the use of third party infrastructure. Furthermore, the book examines some of the fundamentals of the technology which are often overlooked. However, the dialogue extends beyond technical considerations, and explores some of the broader societal and philosophical aspects surrounding the use of biometric applications, bringing this whole area into a new focus at a time.

Topics and features: presents a brief history of the development of biometrics, and describes some of the popularly held misconceptions surrounding the technology; investigates the challenges and possibilities of biometrics across third party infrastructures and on mobile computing devices; provides guidance on biometric systems design, stressing the importance of an end-to-end approach, together with the alignment with policy and operational procedures; explores the mechanisms necessary to enable identity intelligence, including logging mechanisms, data communications and data formats; discusses such usage issues as collaboration frameworks, and messaging and data translation; examines the impact of biometric technologies on society, for better and worse, covering issues of privacy and user factors; reviews the current situation in identity management and biometric technologies, and predicts where these trends may take us in the future.

This accessible and thought-provoking work is an essential guide for biometric systems integrators, professional consultancies, government agencies and other consumers of biometric technology. Academics interested in biometrics will also find the book to be a source of valuable insights, as will the casual reader.

Web applications occupy a large space within the IT infrastructure of a business or a corporation. They simply just don't touch a front end or a back end; today's web apps impact just about every corner of it. Today's web apps have become complex, which has made them a prime target for sophisticated cyberattacks. As a result, web apps must be literally tested from the inside and out in terms of security before they can be deployed and launched to the public for business transactions to occur. The primary objective of this book is to address those specific areas that require testing before a web app can be considered to be completely secure. The book specifically examines five key areas: Network security: This encompasses the various network components that are involved in order for the end user to access the particular web app from the server where it is stored at to where it is being transmitted to, whether it is a physical computer itself or a wireless device (such as a smartphone). Cryptography: This area includes not only securing the lines of network communications between the server upon which the web app is stored at and from where it is accessed from but also ensuring that all personally identifiable information (PII) that is stored remains in a ciphertext format and that its integrity remains intact while in transmission. Penetration testing: This involves literally breaking apart a Web app from the external environment and going inside of it, in order to discover all weaknesses and vulnerabilities and making sure that they are patched before the actual Web app is launched into a production state of operation. Threat hunting: This uses both skilled analysts and tools on the Web app and supporting infrastructure to continuously monitor the environment to find all security holes and gaps. The Dark Web: This is that part of the Internet that is not openly visible to the public. As its name implies, this is the "sinister" part of the Internet, and in fact, where much of the PII that is hijacked from a web app cyberattack is sold to other cyberattackers in order to launch more covert and damaging threats to a potential victim. Testing and Securing Web Applications breaks down the complexity of web application security testing so this critical part of IT and corporate infrastructure remains safe and in operation.

Justice apps - mobile and web-based programmes that can assist individuals with legal tasks - are being produced, improved, and accessed at an unprecedented rate. These technologies have the potential to reshape the justice system, improve access to justice, and demystify legal institutions. Using artificial intelligence techniques, apps can even facilitate the resolution of common legal disputes. However, these opportunities must be assessed in light of the many challenges associated with app use in the justice sector. These include the digital divide and other accessibility issues; the ethical challenges raised by the dehumanisation of legal processes; and various privacy, security, and confidentiality risks. Surveying the landscape of this emergent industry, this book explores the objectives, opportunities, and challenges presented by apps across all areas of the justice sector. Detailed consideration is also given to the use of justice apps in specific legal contexts, including the family law and criminal law sectors. The first book to engage with justice apps, this book will appeal to a wide range of legal scholars, students, practitioners, and policy-makers.

Trust and Records in an Open Digital Environment explores issues that arise when digital records are entrusted to the cloud and will help professionals to make informed choices in the context of a rapidly changing digital economy. Showing that records need to ensure public trust, especially in the era of alternative truths, this volume argues that reliable resources, which are openly accessible from governmental institutions, e-services, archival institutions, digital repositories, and cloud-based digital archives, are the key to an open digital environment. The book also demonstrates that current established practices need to be reviewed and amended to include the networked nature of the cloud-based records, to investigate the role of new players, like cloud service providers (CSP), and assess the potential for implementing new, disruptive technologies like blockchain. Stancic and the contributors address these challenges by taking three themes - state, citizens, and documentary form - and discussing their interaction in the context of open government, open access, recordkeeping, and digital preservation. Exploring what is needed to enable the establishment of an open digital environment, Trust and Records in an Open Digital Environment should be essential reading for data, information, document, and records management professionals. It will also be a key text for archivists, librarians, professors, and students working in the information sciences and other related fields.

Trust and Records in an Open Digital Environment explores issues that arise when digital records are entrusted to the cloud and will help professionals to make informed choices in the context of a rapidly changing digital economy. Showing that records need to ensure public trust, especially in the era of alternative truths, this volume argues that reliable resources, which are openly accessible from governmental institutions, e-services, archival institutions, digital repositories, and cloud-based digital archives, are the key to an open digital environment. The book also demonstrates that current established practices need to be reviewed and amended to include the networked nature of the cloud-based records, to investigate the role of new players, like cloud service providers (CSP), and assess the potential for implementing new, disruptive technologies like blockchain. Stancic and the contributors address these challenges by taking three themes - state, citizens, and documentary form - and discussing their interaction in the context of open government, open access, recordkeeping, and digital preservation. Exploring what is needed to enable the establishment of an open digital environment, Trust and Records in an Open Digital Environment should be essential reading for data, information, document, and records management professionals. It will also be a key text for archivists, librarians, professors, and students working in the information sciences and other related fields.

This book offers an analysis of privacy impacts resulting from and reinforced by technology and discusses fundamental risks and challenges of protecting privacy in the digital age. Privacy is among the most endangered "species" in our networked society: personal information is processed for various purposes beyond our control. Ultimately, this affects the natural interplay between privacy, personal identity and identification. This book investigates that interplay from a systemic, socio-technical perspective by combining research from the social and computer sciences. It sheds light on the basic functions of privacy, their relation to identity, and how they alter with digital identification practices. The analysis reveals a general privacy control dilemma of (digital) identification shaped by several interrelated socio-political, economic and technical factors. Uncontrolled increases in the identification modalities inherent to digital technology reinforce this dilemma and benefit surveillance practices, thereby complicating the detection of privacy risks and the creation of appropriate safeguards. Easing this problem requires a novel approach to privacy impact assessment (PIA), and this book proposes an alternative PIA framework which, at its core, comprises a basic typology of (personally and technically) identifiable information. This approach contributes to the theoretical and practical understanding of privacy impacts and thus, to the development of more effective protection standards. This book will be of much interest to students and scholars of critical security studies, surveillance studies, computer and information science, science and technology studies, and politics.

This book focuses on RFID (Radio Frequency Identification), IoT (Internet of Things), and WSN (Wireless Sensor Network). It includes contributions that discuss the security and privacy issues as well as the opportunities and applications that are tightly linked to sensitive infrastructures and strategic services. This book addresses the complete functional framework and workflow in IoT-enabled RFID systems and explores basic and high-level concepts. It is based on the latest technologies and covers the major challenges, issues, and advances in the field. It presents data acquisition and case studies related to data-intensive technologies in RFID-based IoT and includes WSN-based systems and their security. It can serve as a manual for those in the industry while also helping beginners to understand both the basic and advanced aspects of IoT-based RFID-related issues. This book can be a premier interdisciplinary platform for researchers, practitioners, and educators to present and discuss the most recent innovations, trends, and concerns as well as practical challenges encountered, and find solutions that have been adopted in the fields of IoT and analytics.

Web applications occupy a large space within the IT infrastructure of a business or a corporation. They simply just don't touch a front end or a back end; today's web apps impact just about every corner of it. Today's web apps have become complex, which has made them a prime target for sophisticated cyberattacks. As a result, web apps must be literally tested from the inside and out in terms of security before they can be deployed and launched to the public for business transactions to occur. The primary objective of this book is to address those specific areas that require testing before a web app can be considered to be completely secure. The book specifically examines five key areas: Network security: This encompasses the various network components that are involved in order for the end user to access the particular web app from the server where it is stored at to where it is being transmitted to, whether it is a physical computer itself or a wireless device (such as a smartphone). Cryptography: This area includes not only securing the lines of network communications between the server upon which the web app is stored at and from where it is accessed from but also ensuring that all personally identifiable information (PII) that is stored remains in a ciphertext format and that its integrity remains intact while in transmission. Penetration testing: This involves literally breaking apart a Web app from the external environment and going inside of it, in order to discover all weaknesses and vulnerabilities and making sure that they are patched before the actual Web app is launched into a production state of operation. Threat hunting: This uses both skilled analysts and tools on the Web app and supporting infrastructure to continuously monitor the environment to find all security holes and gaps. The Dark Web: This is that part of the Internet that is not openly visible to the public. As its name implies, this is the "sinister" part of the Internet, and in fact, where much of the PII that is hijacked from a web app cyberattack is sold to other cyberattackers in order to launch more covert and damaging threats to a potential victim. Testing and Securing Web Applications breaks down the complexity of web application security testing so this critical part of IT and corporate infrastructure remains safe and in operation.

Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency strategies. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources, target high risk threats, and evaluate risk assessment methodologies and the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from preplanning (mission/vision, principles, strategic objectives, new initiatives derivation), project management directives, cyber threat and vulnerability analysis, cyber risk and controls assessment to reporting and measurement techniques for plan success and overall strategic plan performance. In addition, a methodology is presented to aid in new initiative selection for the following year by identifying all relevant inputs. Tools utilized include: Key Risk Indicators (KRI) and Key Performance Indicators (KPI) National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) Target State Maturity interval mapping per initiative Comparisons of current and target state business goals and critical success factors A quantitative NIST-based risk assessment of initiative technology components Responsible, Accountable, Consulted, Informed (RACI) diagrams for Cyber Steering Committee tasks and Governance Boards' approval processes Swimlanes, timelines, data flow diagrams (inputs, resources, outputs), progress report templates, and Gantt charts for project management The last chapter provides downloadable checklists, tables, data flow diagrams, figures, and assessment tools to help develop your company's cybersecurity and cyber resiliency strategic plan.

The second edition of Data Protection goes beyond the traditional topics including deduplication, continuous availability, snapshots, replication, backup, and recovery, and explores such additional considerations as legal, privacy, and ethical issues. A new model is presented for understanding and planning the various aspects of data protection, which is essential to developing holistic strategies. The second edition also addresses the cloud and the growing adoption of software and function as a service, as well as effectively planning over the lifespan of a workload: what the best mix of traditional and cloud native data protection services might be. Virtualization continues to present new challenges to data protection, and the impact of containerization is examined. The book takes a holistic, business-based approach to data protection. It explains how data protection is a mix of proactive and reactive planning, technology, and activities that allow for data continuity. There are three essential activities that refer to themselves as data protection; while they all overlap in terms of scope and function, each operates as a reasonably self-contained field with its own specialists and domain nomenclature. These three activities are: * Data protection as a storage and recovery activity * Data protection as a security activity * Data protection as a privacy activity These activities are covered in detail, with a focus on how organizations can use them to leverage their IT investments and optimize costs. The book also explains how data protection is becoming an enabler for new processes around data movement and data processing. This book arms readers with information critical for making decisions on how data can be protected against loss in the cloud, on premises, or in a mix of the two. It explains the changing face of recovery in a highly virtualized datacenter and techniques for dealing with big data. Moreover, it presents a model for where data recovery processes can be integrated with IT governance and management in order to achieve the right focus on recoverability across the business. About the Author Preston de Guise has been working with data recovery products for his entire career-designing, implementing, and supporting solutions for governments, universities, and businesses ranging from SMEs to Fortune 500 companies. This broad exposure to industry verticals and business sizes has enabled Preston to understand not only the technical requirements of data protection and recovery, but the management and procedural aspects too.

Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.

JA1/4rjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, JA1/4rjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.

With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.

This book is about enforcing privacy and data protection. It demonstrates different approaches - regulatory, legal and technological - to enforcing privacy. If regulators do not enforce laws or regulations or codes or do not have the resources, political support or wherewithal to enforce them, they effectively eviscerate and make meaningless such laws or regulations or codes, no matter how laudable or well-intentioned. In some cases, however, the mere existence of such laws or regulations, combined with a credible threat to invoke them, is sufficient for regulatory purposes. But the threat has to be credible. As some of the authors in this book make clear - it is a theme that runs throughout this book - "carrots" and "soft law" need to be backed up by "sticks" and "hard law". The authors of this book view privacy enforcement as an activity that goes beyond regulatory enforcement, however. In some sense, enforcing privacy is a task that befalls to all of us. Privacy advocates and members of the public can play an important role in combatting the continuing intrusions upon privacy by governments, intelligence agencies and big companies. Contributors to this book - including regulators, privacy advocates, academics, SMEs, a Member of the European Parliament, lawyers and a technology researcher - share their views in the one and only book on Enforcing Privacy.

There is much interest in the use of biometrics for verification, identification, and "screening" applications, collectively called biometric authentication. This interest has been heightened because of the threat of terrorism. Biometric authentication systems offer advantages over systems based on knowledge or possession such as unsupervised (legacy) authentication systems based on password/PIN and supervised (legacy) authentication systems based on driver's licences and passports. The most important advantage is increased security: when a person is authenticated based on a biometric, the probability that this person is the originally enrolled person can be statistically estimated or computed in some other way. When a person is authenticated based on a password or even based on human observation, no such probabilities can be determined. Of course, the mere capability to compute this probability is not sufficient, what is needed is that the probability of correct authentication is high and the error probabilities are low. Achieving this probabilistic linking by introducing biometrics in authentication systems brings along many design choices and may introduce additional security loopholes. "Biometrics" examines the many aspects of biometric applications that are an issue even before a particular biometrics has been selected. In addition, the book further studies many issues that are associated with the currently popular biometric identifiers, namely, finger, face, voice, iris, hand (geometry) and signature.