PRIMORIS      Contacts      FAQs      INSTICC Portal

Keynote Lectures

Privacy, Ethics and Big Data
Jason Hong, Carnegie Mellon University, United States

Tax Fraud and Investigation Procedures - Everybody, Every Where, Every Time
Hans-J. Lenz, Freie Universitat Berlin, Germany

Ethics in Security Research
Edgar Weippl, SBA Research, Austria


Privacy, Ethics and Big Data

Jason Hong
Carnegie Mellon University
United States

Brief Bio
Jason Hong is an associate professor in the Human Computer Interaction Institute, part of the School of Computer Science at Carnegie Mellon University. He works in the areas of ubiquitous computing and usable privacy and security, and his research has been featured in the New York Times, MIT Tech Review, CBS Morning Show, CNN, Slate, and more. Jason is an associate editor for IEEE Pervasive Computing and ACM Transactions on Human Computer Interaction, and is on the editorial board for CACM (Web site) and Foundations and Trends in HCI. He is also an author of the book The Design of Sites, a popular book on web design using web design patterns. Jason is also a co-founder of Wombat Security Technologies, which focuses on the human side of computer security. Jason received his PhD from Berkeley and his undergraduate degrees from Georgia Institute of Technology. Jason has participated on DARPA's Computer Science Study Panel (CS2P), is an Alfred P. Sloan Research Fellow, a Kavli Fellow, a PopTech Science fellow, and currently holds the HCII Career Development fellowship.

In the near future, our smartphones will know almost everything about us. In many ways, this will be good for individuals and for society, in terms of healthcare, safety, efficiency, and sustainability. However, these same capabilities will lead to new challenges for privacy and ethics, which we are only beginning to scratch the surface of. Who gains from these systems? Whose data will be used, and whose will not? How can we convey what behaviors applications have? How can we design better systems for privacy, ranging from systems architectures to user interfaces to policy?



Tax Fraud and Investigation Procedures - Everybody, Every Where, Every Time

Hans-J. Lenz
Freie Universitat Berlin

Brief Bio
In 1973 I got a doctoral degree (PhD like) in Statistics and Operations Research, Freie Universität Berlin, Germany. In 1978 I was offered a Professorship of Applied Computer Science and Statistics at Freie Universität Berlin, and one of Statistics at University of Bonn. I accepted the first one, and retired there in 2008.
My present research concerns Business Intelligence, data quality assessment at the business and economics level in co-operation with the Institute of North America Studies, Berlin, data fraud detection, model-based controlling under uncertainty, and cost/benefit and risk calculations of oil / gas exploration and production in cooperation together with Technical University Berlin.
My research activities in 1969 – 2008 led to ~ 25 books published or co-edited, ~ 350 technical papers authored or co-authored and ~ 25 PhD students supervised.
I received a honorary membership from the Romanian Statistical Society in 2005, and in I got the Golden Medal of Freie Universität Berlin for excellence of service.

Tax Fraud is a criminal activity done by a manager of a firm or at least one tax payer who intentionally manipulates tax data to deprive the tax authorities or the government of money for his own benefit. Tax fraud is a kind of data fraud, and happens every time and every where in daily life of households, business, economics, politics, science, health care or even in religious communities etc. Data fraud is extensionally characterized by the four fields: Spy-out, data plagiarism, manipulation and fabrication. Data manipulation takes existing data and manipulates the content encapsulated in tables, diagrams, documents or (historical) pictures.
Tax fraud manipulates book keeping figures and tax declarations either by increasing expenditures or decreasing income. There is no clear boundary to accounting and balance sheet policy of firms, especially if accounting and valuation latitude is utilized.
The tax fraud investigation by the tax fraud authority can be embedded into the Bayesian Learning Theory based on investigation and integration of partial information. The kick-off is an initial suspicion issued by a stage holder or insider like a fired employee, disappointed companion or wife, envious neighbor or inquisitive custom collector. This first step can be conceived as the fixing of the prior distribution p(θ) on the (complete but still in detail unknown) tax liability θ of the tax betrayer. The next step at the authority’s site is concerned with opening a new case, and getting access to the tax file of the suspect. Formally, the likelihood of the tax fraud, l(x|θ), is established. This allows updating of the initial suspicion for gaining the posterior distribution p(θ|x) ∝ l (x|θ) p(θ).
This cycle may be performed again if further step by step investigations deliver more information on the non-conforming suspect‘s life style related to the series of his annual taxable income. The necessary investigations are tricky for getting insight into the betrayer’s life style, and make use of criminal investigator’s good practice like, for instance, “Simple issues first!”.
The main step, however, of the tax fraud investigation is getting a search warrant from the court, and, consequently, starting inspection of business premises and home with “full power”. More formally, we take the former posterior p(θ|x) as a new prior p*(θ) and combine it with the new facts about the tax crime, y, using the likelihood l*(y|θ) getting the new suspicion facts p*(y|θ) as the updated posterior. The investigation stops when a general definition of the tax crime is formulated using p*. Then the charge is left to the judicial system to prosecute, judge and eventually arrest the accused people.
There is and will be no omnibus test available to detect manipulations of (even double-entry) book keeping data with high precision. However, a bundle of techniques like probability distribution analysis methods, Benford’s Law application, inliers and outlier as well as tests of conformity between data and BKI-indicator systems exist to give hints for tax data fraud.
Finally, investigators may be hopeful in the long run because betrayers never will be able to construct a perfect manipulated world of figures, cf. F. Wehrheim (2011).



Ethics in Security Research

Edgar Weippl
SBA Research

Brief Bio
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked in a re-search startup for two years. He then spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant in New York, NY and Albany, NY, and in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded the research center SBA Re-search together with A Min Tjoa and Markus Klemen.Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is member of the editorial board of Computers & Security (COSE) and he organizes the ARES conference.

Some research approaches in information security may or may not be considered unethical. Looking at borderline cases is relevant as today's research papers will influence how young researchers conduct their research. In this talk we discuss fundamental ethical principles and their role in recent literature and show what has happened since 2013.
{Schrittwieser, S.; Mulazzani, M.; Weippl, E., "Ethics in security research which lines should not be crossed?," Security and Privacy Workshops (SPW), 2013 IEEE , vol., no., pp.1,4, 23-24 May 2013, doi: 10.1109/spw.2013.6914700}