Publications-Theses
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 行動應用軟體隱私保護標準研究
Study on Mobile Application Privacy Protection Standards作者 郭淑儀
Kuo, Shu Yi貢獻者 陳起行
Chen, Chi Shing
郭淑儀
Kuo, Shu Yi關鍵詞 資訊隱私
行動應用軟體
隱私標準
Information Privacy
Mobile Applications
Mobile Apps
Privacy Standards日期 2012 上傳時間 1-Nov-2013 11:41:47 (UTC+8) 摘要 行動應用軟體具備適地性、即時性、主動性,可以提供個人化的便利服務。智慧手機普及率上升,亦將帶動行動電子商務風潮,但是消費者對於隱私安全方面的顧慮,卻是推動之阻力。行動應用軟體暗藏隱私隱憂,可能輕易截取隱私資料,包括行動裝置代碼、帳號密碼、文字訊息、照片、影音、連絡資料、行事曆資料、歷史接聽紀錄、網路使用習慣、地理定位資料等。這些隱私資料是屬於我國個資法第二條「其他得以直接或間接方式識別該個人之資料」,為個資法保護之範圍。手機用戶隱私資訊外洩問題層出不窮,歐盟和美國之爭議案例頻仍,遂於近年陸續提出相關法案和隱私保護措施。歐盟為全方位式立法,著重政府主導功能;美國是部門式規範模式,尊重產業自律。為解決各國或國際組織之個資隱私保護規範不一致問題,透過信賴標章的產業自律規範,發展成為具有效力之民間保護標準,甚至是國家標準,進而與國際標準接軌,至少可為企業降低遵守法規所投入之成本。標準是可以用來捍衛國內產業競爭力,在國際市場競爭具有相當之重要性。國際標準組織的運作通常採共識決,強調嚴謹和透明化;需要在產業和政府支持下,累積國際標準制定經驗,長期堅持投入,始得取得領先主導標準之先機。最受到矚目的行動軟體隱私標準「不被追蹤」,因與廣告商利益衝突,W3C遲遲不能通過標準定案。在各國行動應用軟體隱私保護規範尚未完備之際,透過國際標準組織、區域組織和產業組織等自律發展,形成隱私保護標準,可彌補相關法令規範未及之處。建議自法規、隱私標準和隱私標章認證方面推動個資與隱私保護,朝向政府管制和產業自律併進之模式發展。國際行動應用軟體標準發展雖尚在萌芽階段,相關產業仍須密切關注。在科技推陳出新的時代中,個資和隱私保護法制總是趕不上科技變遷,為避免問題反覆發生,標準制定推動者、立法者和執法者皆需與時俱進。
Mobile applications featured with localization, instant responsiveness and proactivenss can provide convenient and personalized services. The widespread adoption of smart phones may drive the next wave of m-commerce(mobile e-commerce), and however, consumer privacy fears limit the growth of m-commerce.There are concerns over privacy leaks that mobile applications can easily access to privacy-sensitive data, such as UDID, ID/password, text messages, photos, videos, address book, calendar, historical phone records, on-line behavior, geolocation, etc. The privacy information mentioned above should have been covered under Article 2 of Taiwan Personal Information Protection Act “other information which may be used to identify a natural person, both directly and indirectly”.In response to the increasing privacy leaks in mobile devices and law disputes, privacy protection measures and regulations have been proposed or enforced these years in European Union countries and the United States. European Union establishes a comprehensive legislation focused on government-centric functions, while the United States uses a sectoral approach that relies on industry self-regulation. In order to solve the inconsistent privacy regulations within countries and international organizations, one effective way is to promote privacy seals certified through industry self-regulation, and furthermore, develop to be industry standards, and national standards in line with international standards, and that can at least help enterprises reduce costs for responses to the mandatory regulations.Standards can be a means to safeguard industrial competitiveness, and are considered to be critically important to outcompete international trade markets. International standard bodies normally use consensus-building process, highlighted with impartiality and transparency. With supports from industry and government on accumulating experiences in international standard setting, and long-term inputs in participation, aim at competing for market dominance. The catching debate over digital advertisers interests to nail down the long overdue Do Not Track standard continues at W3C. While awaiting privacy regulations for mobile applications, self-regulation can be developed within international standard bodies, regional organizations, industry consortia, and privacy protection standards can help patch up the inadequacy of existing regulations.It is recommended to promote protection of personal data and privacy from aspects of regulations, privacy standards, and privacy seal certification, toward a model combined with government regulation and industry self-regulation. Mobile apps standards are still at the initiative stage, and therefore, the related industries should watch closely. Following by the advancement of technology with each passing day, personal data regulations and privacy laws are in danger of lagging behind technological change. In order to prevent recurring problems, standard setters, regulators, and executors should keep pace with the times.參考文獻 英文文獻1.Abdelmounaam Rezgui, Mourad Ouzzani, Athman Bouguettaya, Brahim Medjahed, Preserving Privacy in Web Services, Proceedings of the 4th international workshop on Web information and data management, November 20022.Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android Permissions:User Attention, Comprehension, and Behavior, Proceedings of the Eighth Symposium on Usable Privacy and Security, July 20123.Ali Grami and Bernadette H. Schell, Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges, Proceedings Second Annual Conference on Privacy, Security and Trust, October 13~15, 20044.Andre Charland, Brian LeRoux, Mobile Application Development: Web vs. Native, Association for Computing Machinery, Volume 9, Issue 4, April 20115.A standard for standards – Principles of standardization, http://www.bsigroup.com/Documents/standards/bs0-pas0/BSI-BS0-Standard-for-Standards-UK-EN.pdf, BSI Standards Publication, 20116.Biometrics and Standards, ITU-T Technology Watch Report, December 20097.Bob Toth, Putting the U.S. standardization system into perspective: new insights, StandardView Vol. 4, No. 4, December 19968.D. Cracker , "Making standards the IETF Way" in ACM StandardView, Vol.1, No.1, September 19939.David Wright, Should privacy impact assessments be mandatory?, Communications of the ACM , Volume 54 Issue 8, August 201110.Davies, Simon,“Monitor: Extinguishing Privacy on the Information Superhighway”, Pan Macmillan, Sydney, 199611.E-health Standards and Interoperability, ITU-T Technology Watch Report, April 201212.Emre Yildirim, Mobile Privacy: Is There An App For That? On smart mobile devices, apps and data protection, 201213.Hans Löhr, Ahmad-Reza Sadeghi, Marcel WinandySecuring the E-Health Cloud, IHI `10 Proceedings of the 1st ACM International Health Informatics Symposium, 201014.Haris Hamidovic, JOnline: An Introduction to the Privacy Impact Assessment Based on ISO 223, ISACA, Volume 4, 2010, http://www.isaca.org/Journal/Past-Issues/2010/Volume-4/Pages/JOnline-An-Introduction-to-the-Privacy-Impact-Assessment-Based-on-ISO22307.aspx15.Heejin Lee, Sangjo Oh, The political economy of standards setting by newcomers:China’s WAPI and South Korea’s WIPI, Telecommunication Policy 32, ScienceDirect, 200816.HL7 Europe Newsletter , May 201317.Ian Reay, Scott Dick, and James Muller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, Transactions on the Web (TWEB) , Volume 3 Issue 2, Article 6, April 200918.Ivo Salmre, Writing Mobile Code: Essential Software Engineering for Building Mobile Applications, Addison-Wesley Professional, 200519.John Martin Ferris, Privacy Impact Assessment, The ISO PIA Standard for Financial Services, Law, Governance and Technology Series , Volume 6, Springer Netherland, 201220.Jonathan A. Morell and Selden Stewart, Standards Development for Information Technology: Best Practices for the United States, StandardView Vol. 4, No. 1, March 199621.Kobayashi, M. and Takeda, K, Information retrieval on the web, ACM Computing Surveys (ACM Press) 32 (2), 200022.Matthias Finkbeiner, Atsushi Inaba, Reginald Tan, Kim Christiansen, Hans-Jürgen Klüppel, The New International Standards for Life Cycle Assessment: ISO 14040 and ISO 14044, The International Journal of Life Cycle Assessment, Volume 11, Issue 2, March 200623.Mobile Applications, ITU-T TechWatch Alert, 1, July 200924.Robert M. Gellman, Can Privacy Be Requlated Effectively on a National Level? Thoughts on the Possible Need for International Privacy Rules, Villanova Law Review, Vol. 41, Iss. 1, Art. 2, 199625.Robert P. Minch, Privacy Issues in Location-Aware Mobile Devices, Proceedings of the 37th Hawaii International Conference on System Sciences, 200426.Ronald Dworkin, Liberty and Liberalism, In Taking Rights Seriously, Cambridge, NA:Harvard University Press, 197727.Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, August 200628.Shane Greenstein, Victor Stango, Standards and Public Policy, Cambridge University Press, 200729.Shirley Chan, Heejin Lee, Sangjo Oh, An International Mobile Security Standard Dispute: From the Actor—Network Perspective, Designing Ubiquitous Information Environments: Socio-Technical Issues and Challenges, IFIP — The International Federation for Information Processing Volume 185, 200530.Stephen T. Kent, Internet Privacy Enhanced Mail, Communications of the ACM , Volume 36 Issue 8, August 199331.The Inadequacy of Self Regulation within the Internet Behavioral Advertising Industry, Brooklyn Journal of Corporate, Financial & Commercial Law, 7 Brook. J. Corp. Fin. & Com. L. 277, Fall 201232.Warren and Brandeis,“The Right to Privacy”, Harvard Law Review, Vol. IV, December 15, 189033.Warwick Ford, Advances in Public-key Certificate Standards, SIGSAC Review , Volume 13 Issue 3, July 1995中文文獻1.Web Services的應用與省思,鼎新電腦企業通電子報,第46期,2003年8月。2.刁仁國,淺論美國與歐盟《乘客姓名記錄(PNR)協議》對我國國境執法的啟示第一屆「國境安全與人口移動」學術研討會,2007年。3.立法院三讀通過「個人資料保護法」,法務部新聞稿,法務部法律事務司,2010年4月27日。4.行動上網將成主流,比PC革命更偉大,遠見雜誌2011年1月號 第295期。5.李兆國,標準制定組織及標準專利權之爭議,2003年12月。6.李震山,電腦處理個人資料保護法之回顧與前瞻,中正法學集刊第14期,2003年12月。7.周慧蓮,隱私標準保護爭議之國際化,月旦法學雜誌第104期,2004年1月。8.邱文聰,從資訊自決與資訊隱私的概念區分 - 評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌No.168,2009年5月。9.翁清坤,論個人資料保護標準之全球化,東吳法律學報第22卷第1期,2010年。10.財團法人工業技術研究院,經濟部商業交易安全認證前瞻技術研發與應用委外案 網路交易安全問題及企業應變架構之研究期末報告,2009年12月。11.財團法人中華民國國家資訊基本建設產業發展協進會,深入國際標準化組織,產業技術標準活絡及推廣委辦計畫,經濟部標準檢驗局,2009年6月。12.財團法人資訊工業策進會,符合W3C標準之網頁製作基本指引結構篇 - XHTML1.0,2006年10月。13.許孝萱,行動RFID私密性研究,2008年6月。14.陳起行,資訊隱私法理探討 - 以美國法為中心,政大法學評論,第64期,2000年12月。15.湯亦敏,標準制定組織之智慧財產保護政策及競爭法問題探討,2006年6月。16.葉英秋,論個人隱私與公共利益-以警察資料之取得與運用為中心,2008年。17.詹文男暨MIC研究團隊,2012資通訊產業發展十大趨勢,財團法人資訊工業策進會產業情報研究所(MIC),2012年。18.廖緯民,論搜尋引擎的隱私權威脅,月旦民商法雜誌第24期。19.劉靜怡,資訊隱私權保護的國際化爭議 – 從個資保護體制的規範到國際貿易規範的適用,月旦法學雜誌,第86期,2002年。20.劉靜怡,網際網路時代的資訊使用與隱私權保護規範:個人、政府與市場的拔河,資訊管理研究第四卷第三期,2002年11月。21.樊國禎、黃健誠,「後檯實名,前檯匿名」與隱私架構初探:根基於ISO/IEC 29100:2011-12-15 標準系列,網路通訊國家型科技計畫簡訊,第50期,2013年4月。22.蕭文生譯,關於「1983年人口普查法」之判決 - 聯邦憲法法院判決第65輯第1頁以下,西德聯邦憲法法院裁判選輯(一),司法院,1990年10月。中文網站部份1."金錢損失"和"隱私洩露" 網路安全亂象如何治?,解放日報,2013年2月13日,http://www.ce.cn/cysc/tech/07hlw/guonei/201302/13/t20130213_21336538.shtml。2.10萬隱私地雷!近三成Android應用程式越矩取個資,2012年11月5日 ,http://news.cnyes.com/Content/20121105/KFNV4RYTE6QW7.shtml。3.2012中華民國電子商務年鑑:環境篇,http://eccommerceenvironment.blogspot.tw/2012/11/blog-post_9665.html。4.BS 10012個資保護標準的10大實務作法,http://www.ithome.com.tw/itadm/article.php?c=62797&s=4。5.Continua Health Alliance,360°科技,2008年8月4日, http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=10&Cat=20&Cat1=&id=100637#ixzz2VE8jkR1D。6.Gartner選出2012年十大消費性無線行動應用,2009年12月24日, http://www.ctimes.com.tw/DispNews/tw/LBS/NFC/Gartner/0911241813BO.shtml。7.GSMA行動經濟報告:全球行動數據營收於2017年超越語音營收,數位時代網站,2012年2月26日, http://www.bnext.com.tw/article/view/cid/128/id/26698http://www.bnext.com.tw/article/view/cid/128/id/26698。8.LBS結合多元行動應用 再創「打卡」新商機,DIGITIMES中文網,2012年1月18日, http://www.digitimes.com.tw/tw/things/shwnws.asp?cnlid=15&cat=10&cat1=15&id=0000268484_MMX5XIBW715TLV5CCR8QW#ixzz2VKFekulW。9.TSM平台過關,五銀行卡位搶手機信用卡商機,MoneyDJ 財經知識庫,2013年1月24日,http://www.moneydj.com/kmdj/news/NewsViewer.aspx?a=81b2d9a1-786c-45a2-96b8-d08b5726b294#ixzz2cOJlNSuI。10.プライバシーマーク制度,http://privacymark.jp/privacy_mark/about/outline_and_purpose.html。11.中美就WAPI申請國際標準達成一致,2009年6月16日,http://news.mydrivers.com/1/137/137274.htm。12.王忠,美國網路隱私保護框架之啟示,中國科學基金第2期,頁99~100,http://pub.nsfc.gov.cn/sficcn/ch/reader/view_abstract.aspx?file_no=201302099&flag=1。13.加拿大與荷蘭指控WhatsApp侵犯個人隱私,2013年1月29日,http://www.ithome.com.tw/itadm/article.php?c=78611。14.行動支付產業鏈 安全環環相扣,2013年4月9日,http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7393。15.洪羿漣,透過認證標章減輕法律風險 因應個資規定 適法性最要緊,2012年9月3日, http://www.netadmin.com.tw/article_content.aspx?sn=120828000916.面對個資風暴 善設資訊管理機制,DAF 2012 個資防護與網路安全應用研討會,2012年8月27日, http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051A10816&id=0000299295_IFS1RCXBL6BR1O4ZCN1QZ。17.個人資料保護法Q&A-從NFC手機談個人資料的管制(上),2011年10月1日,http://www.is-law.com/post/4/765;個人資料保護法Q&A-從NFC手機談個人資料的管制(中),2011年10月4日,http://www.is-law.com/post/4/766;個人資料保護法Q&A-從NFC手機談個人資料的管制(下),2011年10月7日,http://www.is-law.com/post/4/767。18.個資法兩階段施行,經建會網站,2012年10月24日,http://www.cepd.gov.tw/m1.aspx?sNo=0017751&ex=2。19.個資法通過 誰有可能成為受惠產業?資安人科技網,2010年6月28日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=5786。20.財團法人台灣網路資訊中心,2011年IETF第82次台北會議活動說明書, http://www.ietf82.tw/2011_IETF82_Taipei-final-chn.pdf,2011年。21.財團法人臺灣網路資訊中心新聞稿,2012年7月9日,http://www.twnic.net.tw/NEWS4/119.pdf。22.高易中,以Web技術建立跨行動平台APP, RUN!PC網站,2013年1月9日,http://www.runpc.com.tw/content/content.aspx?id=109324。23.許舜喨,以新修正個人資料保護法探討病歷資料之保護,2013年02月18日,http://www.ibmi.org.tw/client/ReportDetail.php?REFDOCTYPID=0lgfj8ve17pfj9w5&REFDOCID=0miejmapz7bntxai。24.國家資通安全會報,國際個資保護發展趨勢與標準規範,2012年4月,http://www.icst.org.tw/docs/Fup/%E8%AD%B0%E9%A1%8C%E4%B8%80%EF%BC%9A%E5%9C%8B%E9%9A%9B%E5%80%8B%E8%B3%87%E4%BF%9D%E8%AD%B7%E7%99%BC%E5%B1%95%E8%B6%A8%E5%8B%A2%E8%88%87%E6%A8%99%E6%BA%96%E8%A6%8F%E7%AF%84-%E6%9B%B4%E6%96%B0%E7%89%88.pdf。25.許多安卓手機軟體 竊用戶隱私,中央社,2013年3月16日,http://tw.news.yahoo.com/%E8%A8%B1%E5%A4%9A%E5%AE%89%E5%8D%93%E6%89%8B%E6%A9%9F%E8%BB%9F%E9%AB%94-%E7%AB%8A%E7%94%A8%E6%88%B6%E9%9A%B1%E7%A7%81-124426037--finance.html。26.虛實緊密結合的SoLoMo時代來臨,你準備好了嗎?http://emf.migosoft.com/case/case122.html。27.新版個資法預計10月正式上路,資訊工業策進會新聞中心,2012年8月8日,http://www.iii.org.tw/service/3_1_1_c.aspx?id=1037。28.運用個資遮罩,為重要個資穿上金鐘罩- 既保護個資,也讓作業流程不打結,2012年12月19日,http://www.ithome.com.tw/privacylaw/article/77886。29.廖珮君,TPIPAS開放輔導權 未來有機會成為國家標準?! 資安人,2012年10月8日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7087。30.簡榮宗,追蹤式廣告與個人資料保護的分界,台灣法律網,http://www.lawtw.com/article.php?template=article_content&area=free_browse&parent_path=,1,561,&job_id=186137&article_category_id=200&article_id=107773。英文網站部份1.A High Level Reference Architecture for Mobile Health, GSMA, March 29, 2012, http://www.gsma.com/connectedliving/wp-content/uploads/2012/03/mobilearchitectureinteractive241111.pdf2.Alex Simonelis, A Concise Guide to the Major Internet Bodies, Magazine Ubiquity, Feburary 2005, http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=10719153.Anderson, Chris, The Long Tail, Wired Magazine, 12.10, October 2004, http://www.thelongtail.com/about.html 4.Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, On the deployment of Mobile Trusted Modules, http://sit.sit.fraunhofer.de/smv/publications/download/MTM_deployment_paper.pdf5.Apple Accused in Suit of Tracking IPad, IPhone User Location , April 26, 2011, http://www.bloomberg.com/news/2011-04-25/apple-accused-in-suit-of-tracking-ipad-iphone-user-location-1-.html6.Apple Beefs Up Privacy Protections In iOS 7, June13, 2013, http://www.mediapost.com/publications/article/202222/apple-beefs-up-privacy-protections-in-ios-7.html#ixzz2W4zRaWQr7.Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID, August 19, 2011, http://techcrunch.com/2011/08/19/apple-ios-5-phasing-out-udid/8.Armin Hornung, Gleb Krivosheev, Noor Singh, Jeff Bilger, Standards War, CSEP 590A: History of Computing, Autumn 2006, http://www.cs.washington.edu/education/courses/csep590/06au/projects/standards-wars.pdf9.Bill would put mobile app vendors on the hook for privacy in US, May 10, 2013, http://www.computerworlduk.com/news/networking/3446597/bill-would-put-mobile-app-vendors-on-the-hook-for-privacy/10.Boris Segalis, Mobile Location Privacy Opinion Adopted by Europe’s WP29, May 19, 2011, http://www.infolawgroup.com/2011/05/articles/data-privacy-law-or-regulation/mobile-location-privacy-opinion-adopted-by-europes-wp29/11.CEN BOSS(Business Operations Support System), http://www.cen.eu/boss/supporting/Guidance%20documents/GD026%20-%20Standards%20and%20Regulations/Pages/default.aspxhttp://www.ithome.com.tw/itadm/article.php?c=7861112.Chantal Tode, FTC wants mobile firms to do more to protect consumer privacy, February 5, 2013, http://www.mobilemarketer.com/cms/news/legal-privacy/14723.html13.Chris Brook, FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices, February 4, 2013 , http://threatpost.com/ftc-endorses-new-privacy-guidelines-do-not-track-mobile-apps-devices-020413/14.http://clicktoverify.truste.com/pvr.php?page=validate&url=www.travelzoo.com&sealid=102&lang=zh-tw 15.Cloud Security Alliance Announces Key Initiative in Development of Cloud Security Standards in Partnership with ISO/IEC, 2011 CSA Press Release, April 20, 2011, https://cloudsecurityalliance.org/csa-news/key-initiative-in-development-of-cloud-security-standards-in-partnership-with-isoiec/16.Colin Bennett, An International Standard for Privacy Protection: Objections to the Objections, Jurisdiction II: Global Networks/Local Rules, Internet Law and Policy Forum, September 11~12, 2000, http://www.ilpf.org/events/jurisdiction2/presentations/bennett_pr/#f217.Colleen Frye, A look at the W3C’s mobile Web application best practices, January 2011, http://searchsoa.techtarget.com/tip/A-look-at-the-W3Cs-mobile-Web-application-best-practices18.Daneil Castro, Benefits and Limitations of Industry Self-Regulation for Online Behavioral Advertising, The Information Technology & Innovation Fundation, December 2011, http://www.ntia.doc.gov/files/ntia/2011-self-regulation-online-behavioral-advertising.pdf19.Durlak, Jerry, “Privacy and Security”, Communication for Tomorrow, http://renda.colunato. yorku.ca/com4tomo/1296.html20.European data protection authorities publish their joint opinion on mobile apps, Press Release, ARTICLE 29 DATA PROTECTION WORKING PARTY, 14 March, 2013, http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/20130314_pr_apps_mobile_en.pdf21.First California lawsuit over mobile privacy issues crashes, May14, 2013, http://www.computerworlduk.com/news/public-sector/3447146/first-california-lawsuit-over-mobile-privacy-issues-crashes/?intcmp=rel_articles;ntwrkng;link_122.First FTC Privacy Action Against Mobile App Publisher Alleging COPPA Violation Results in $50,000 Settlement, August 2011, http://digilaw.edwardswildman.com/blog.aspx?entry=3813 1523.FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers, December 1, 2010, http://www.ftc.gov/opa/2010/12/privacyreport.shtm24.FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures, Released by FTC, Feburary 1, 2013, http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm25.Galen Gruman, http://www.infoworld.com/d/mobile-technology/3-easy-steps-more-secure-iphone-or-ipad-204930, October 16, 201226.Gartner Highlights Top Consumer Mobile Applications and Services for Digital Marketing Leaders, October 11, 2012, http://www.gartner.com/newsroom/id/219411527.Geolocation API Specification, http://dev.w3.org/geo/api/spec-source.html#security28.Geolocation Privacy Legislation, April 10, 2013, http://www.gps.gov/policy/legislation/gps-act/29.GlobalPlatform and TCG to work on mobile security standards, July 3, 2012 http://www.nfcworld.com/2012/07/03/316640/globalplatform-and-tcg-to-work-on-mobile-security-standards/30.Google Calls for International Standards on Internet Privacy, September 15, 2007, http://www.washingtonpost.com/wp-dyn/content/article/2007/09/13/AR2007091302248.html31.Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin, Siemens Networks GmbH Co KG, The IETF Geopriv and Presence Architecture Focusing on Location Privacy, October 18, 2006, http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv/Hans J. Kleinsteuber, Self-regulation, Co-regulation, State Regulation, http://www.osce.org/fom/1384434.How Mobile Apps are Invading Your Privacy Infographic, May 31, 2012, http://www.veracode.com/blog/2012/05/how-mobile-apps-are-invading-your-privacy-infographic/35.How secure is your personal health information? ISO provides guidelines for health care organizations, ISO news, September 29, 2004, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref93436.http://ec.europa.eu/justice/data-protection/document/international-transfers/binding-corporate-rules/index_en.htm 37.http://en.wikipedia.org/wiki/Privatus38.http://isotc.iso.org/livelink/livelink?func=ll&objId=8862396&objAction=browse&sort=name39.http://standards.ieee.org/develop/40.http://uddi.xml.org41.http://welcome.hp.com/country/tw/zh/privacy/p3p_popup.html42.http://www.bsigroup.tw/;http://www.bsigroup.com43.http://www.cgmopen.org44.http://www.dcml.org45.http://www.ehealth.scot.nhs.uk/46.http://www.gs1tw.org/twct/web/gs1_wordshowdetail.jsp?MID=DT20060606847.http://www.gsma.com48.http://www.hl7.org.tw/about.htm49.http://www.hl7.org/implement/standards/index.cfm?ref=nav50.http://www.hl7.org/implement/standards/nocost.cfm51.http://www.ietf.org52.http://www.iso.org53.http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/jtc1_home/jtc1_sc37_home.htm54.http://www.itu.int55.http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx56.http://www.legalxml.org57.http://www.mefmobile.org/about-mef58.http://www.mefmobile.org/activities-and-analytics/analytics/global-privacy-survey-201359.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/ASC_X960.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/webinar-driving-mobile-security-standards-in-m-commerce61.http://www.oasis-pki.org/62.http://www.rsa.com/rsalabs/node.asp?id=230663.http://www.tpipas.org.tw64.http://www.truste.com/consumer-privacy/about-oba/65.http://www.trustedcomputinggroup.org/about_tcg66.http://www.w3.org/67.http://www.w3.org/2005/10/Process-20051014/tr68.http://www.w3.org/TR/mwabp/69.http://www.w3.org/TR/ws-arch/#whatis70.https://cloudsecurityalliance.org/research/mobile/71.https://www.oasis-open.org72.https://www.pcisecuritystandards.org73.https://www.x9.org/about/74.Industry Renews Plea To Keep "Do Not Track" Off By Default, April 29, 2013, http://www.adexchanger.com/online-advertising/industry-renews-plea-to-set-do-not-track-off-by-default/ 75.Inside iOS 5: privacy change kills app developers` access to UDID, 19 August, 2011, http://appleinsider.com/articles/11/08/19/inside_ios_5_privacy_change_kills_app_developers_access_to_udid76.ISO 22857:2004, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=3652277.ISO/IEC 15944-8:2012(E) Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions, first edition 2012/04/0178.ISO/IEC 24745:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5294679.ISO/IEC 24760, first Edition 2011/12/15, http://webstore.iec.ch/preview/info_isoiec24760-1%7Bed1.0%7Den.pdf80.ISO/IEC 24760-1:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5791481.ISO/IEC 27018, http://www.iso27001security.com/html/27018.html82.ISO/IEC 29100:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4512383.ISO/IEC 29176 Information technology — Mobile item identification and management — Consumer privacy-protection protocol for Mobile RFID services, first edition 2011/10/1584.ISO/IEC 29176:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4525585.ISO/IEC 29187-1 ed1.0, Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET) -- Part 1: Framework and reference model86.ISO/IEC 29187-1:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4526687.ISO/IEC Directives Supplement — Procedures specific to JTC 1, First edition, 201088.ISO/IEC Directives, Part 1, Ninth edition, 2012, http://www.iec.ch/members_experts/refdocs/iec/isoiecdir-1%7Bed9.0%7Den.pdf89.ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems90.ISO/TC 68 Financial services, http://www.iso.org/iso/iso_technical_committee.html?commid=4965091.ISO/TR 12859:2009, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5205292.ISO/TS 13582:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5403793.ISO/TS 21547:2010, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4447994.ISO/TS 25237:2008, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4280795.Jason Cipriani, How to control Your Privacy Settings on iOS 6, http://howto.cnet.com/8301-11310_39-57507698-285/how-to-control-your-privacy-settings-on-ios-6/, September 19, 201296.Jim Brock, Do Not Track arrives for mobile apps, courtesy of Apple and Google (really) , September 27, 2012 , http://blog.privacychoice.org/2012/09/27/do-not-track-arrives-for-mobile-apps-courtesy-of-apple-and-google-really/97.John J. Altorelli and Amy L. Rosenberg , California Enacts Nation’s First State Online Privacy Protection Act, December 2003, http://www.paulhastings.com/Resources/Upload/Publications/256.pdf98.Kai Rannenberg , A framework for identity management (ISO/IEC 24760) , Mobile Business & Multilateral Security, June 2006, http://fg-secmgt.gi.de/fileadmin/gliederungen/fb-sec/Workshops_neu/WS_2012-06_IdentityMgmt/6_Rannenberg_framework_for_identity_management.pdfKaty Bachman, What Exactly Does `Do Not Track` Mean? Digital Advertising Alliance is fighting misinformation, May 6, 2013, http://www.adweek.com/news/technology/what-exactly-does-do-not-track-mean-14914999.Location-based mobile services are profiting but need to do more to ease privacy fears, March 22, 2013, http://www.computerworlduk.com/news/mobile-wireless/3346389/location-based-mobile-services-are-profiting-but-need-ease-privacy-fears/Mathew J. Schwartz, W3C Proposes Do Not Track Privacy Standard, November 14, 2011, http://www.informationweek.com/security/privacy/w3c-proposes-do-not-track-privacy-standa/231902974100.MEF joins ASC X9 to develop essential standards for advancing Mobile Commerce (M-Commerce) in the US, May 10, 2011, http://www.mefmobile.org/News/mef-news/21/mef-joins-asc-x9-to-develop-essential-standards-for-advancing-mobile-commerce-m-commerce-in-the-us101.MEF launches App Privacy Initiative to build Consumer Trust around User Data Collection , April 25, 2012, http://www.mefmobile.org/News/mef-news/197/mef-launches-app-privacy-initiative-to-build-consumer-trust-around-user-data-collection102.MEF tackles Mobile Threats and Security implications as next phase of its m-Commerce Initiative, May 14, 2012, http://internetretailing.net/2012/05/mef-tackles-mobile-threats-and-security-implications-as-next-phase-of-its-m-commerce-initiative/103.Mike Clendenin, ISO rejects China`s WLAN standard, December 3, 2006, http://www.eetimes.com/electronics-news/4059133/ISO-rejects-China-s-WLAN-standard104.Minutes of JTC1 Ad Hoc Meeting, January 19, 2012, https://mentor.ieee.org/802.11/dcn/12/11-12-0199-00-0jtc-jacksonville-minutes-jan-2012.doc105.Mobile and Privacy, GSM Association 2012, February 2012, http://www.gsma.com/publicpolicy/wp-content/uploads/2012/03/gsmaprivacydesignguidelinesformobileapplicationdevelopmentv1.pdfMobile App Developers: Start with Security, February 2013, http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security106.Mobile Apps Developer Settles FTC Charges It Violated Children`s Privacy Rule, August 15, 2011, http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm107.Mobile Privacy Disclosures:Building Trust Through Transparency , FTC Staff Report, February 2013, http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pd108.Mobile Web Standards (OMA, BONDI, GSMA OneAPI, HTML5), https://developer.att.com/developer/tierNpage.jsp?passedItemId=2400412109.Opinion 02/2013 on apps on smart devices, ARTICLE 29 DATA PROTECTION WORKING PARTY, Adopted on February27, 2013, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf110.P3P and Privacy:An Update for the Privacy Community, March 2009, http://www.ipc.on.ca/images/Resources/p3p.pdf111.Paper, Plastic... or Mobile? An FTC Workshop on Mobile, March 2013, Paymentshttp://www.ftc.gov/os/2013/03/130306mobilereport.pdf112.Pareto principle, http://www.businessdictionary.com/definition/Pareto-principle.html113.PCI Mobile Payment Acceptance Security Guidelines for Developers, September 2012, https://www.pcisecuritystandards.org/documents/Mobile_Payment_Security_Guidelines_Developers_v1.pdf114.PCI Security Standards Council Releases Gudiance for Merchants on Mobile Payment Acceptance Security, February 14, 2013, https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf115.Peter Fleischer , The need for global privacy standards, September 14, 2007, http://portal.unesco.org/ci/fr/files/25452/11909026951Fleischer-Peter.pdf/Fleischer-Peter.pdf116.Privacy Requirements for Mobile Services, Approved Version 1.0.1 – 07 Aug 2007, http://technical.openmobilealliance.org/technical/release_program/docs/Privacy/V1_0-20070807-A/OMA-RD-Privacy-V_1_0_1-20070807-A.pdf117.Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25.1.2012, COM(2012) 11 final, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf118.Rockefeller Reintroduces, Do Not Track Act Privacy heats up again in Congress , Febuary 28, 2013, http://www.adweek.com/news/technology/rockefeller-reintroduces-do-not-track-act-147610119.Ron Kim, Trusted Platform Module and Privacy:Promises and Limitations, http://www.cs.auckland.ac.nz/compsci725s2c/archive/termpapers/skim.pdf120.Rajnish Tiwari1, Stephan Buse and Cornelius Herstatt, From Electronic to Mobile Commerce: Technology Convegence Enables Innovative Business Services, http://www.mobile-prospects.com/publications/files/E2M-Commerce.pdf121.Richard Santalesa , W3C Publishes Draft “Do-Not-Track” Standard, November 18, 2011, http://www.infolawgroup.com/2011/11/articles/privacy-law/w3c-publishes-draft-donottrack-standards/122.S. Thrum and Y. Kane, Your Apps are Watching You, Wall Street Journal, http://online.wsj.com/, 2010123.Scott Bradner, IETF Structure and Internet Standards Process, 62nd IETF, March 2005, http://www.ietf.org/newcomers.html124.Standards for Web Applications on Mobile: current state and roadmap, May 2012, http://www.w3.org/2012/05/mobile-web-app-state/125.The History of the Do Not Track Header, January 21, 2011, http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html126.TECH SENSE: What “Do Not Track” Means for Advertisers, February 21, 2013, http://blog.pointroll.com/aducation/tech-sense-what-do-not-track-means-for-advertisers/ 127.ITU-T Report, “Measuring and Reducing the Standards Gap” , December 4, 2009, http://itu.int/en/ITU-T/gap128.The Application Privacy, Protection, and Security (APPS) Act of 2013 (Discussion Draft), http://hankjohnson.house.gov/sites/hankjohnson.house.gov/files/documents/APPS_Act_Key_Provisions.pdf 129.The APPS Act – a proposal to protect users’ mobile privacy, May 17, 2013, http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/130.The New Firefox Cookie Policy, Feburary 22, 2013, http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/131.The Rise of China in Technology Standards: New Norms in Old Institutions, January 16, 2013, http://origin.www.uscc.gov/sites/default/files/Research/RiseofChinainTechnologyStandards.pdf132.Tracking Preference Expression (DNT), W3C Working Draft, April 30, 2013, http://www.w3.org/TR/2013/WD-tracking-dnt-20130430/133.United States of America (For the Federal Trade Commission), Plaintiff, v. Path, Inc., Defendant (United States District Court for the Northern District of California, San Francisco Division), Case No. C 13 0448, FTC File No. 122 3158, http://www.ftc.gov/opa/2013/02/path.shtm134.United States of America, Plaintiff v. W3 Innovations, LLC, also d/b/a Broken Thumbs Apps, and Justin Maples, individually and as an officer of W3 Innovations, LLC, Defendants (United States District Court for the Northern District of California) Case No. CV-11-03958-PSG, FTC File No. 102 3251, http://ftc.gov/os/caselist/1023251/135.US regulators probe mobile app developing firms over violation of children`s privacy, http://appdev.cbronline.com/news/us-regulators-probe-mobile-app-developing-firms-over-violation-of-childrens-privacy-111212, December 11, 2012136.W3C Workshop: Do Not Track and Beyond, November 26~27, 2012, http://www.w3.org/2012/dnt-ws/report137.Why Europe’s Do Not Track stance could spark a trade war, March 22, 2013, http://lastwatchdog.com/europes-track-stance-spark-trade-war/ 138.http://www.sans.org/reading-room/whitepapers/privacy/comparison-online-privacy-seal-programs-685 139.Xinwen Zhang, Onur Acıiçmez, and Jean-Pierre Seifert, A Trusted Mobile Phone Reference Architecture via Secure Kernel, 2007, http://profsandhu.com/zhang/pub/zhang-stc07.pdf 描述 碩士
國立政治大學
法學院碩士在職專班
99961011
101資料來源 http://thesis.lib.nccu.edu.tw/record/#G0099961011 資料類型 thesis dc.contributor.advisor 陳起行 zh_TW dc.contributor.advisor Chen, Chi Shing en_US dc.contributor.author (Authors) 郭淑儀 zh_TW dc.contributor.author (Authors) Kuo, Shu Yi en_US dc.creator (作者) 郭淑儀 zh_TW dc.creator (作者) Kuo, Shu Yi en_US dc.date (日期) 2012 en_US dc.date.accessioned 1-Nov-2013 11:41:47 (UTC+8) - dc.date.available 1-Nov-2013 11:41:47 (UTC+8) - dc.date.issued (上傳時間) 1-Nov-2013 11:41:47 (UTC+8) - dc.identifier (Other Identifiers) G0099961011 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/61477 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 法學院碩士在職專班 zh_TW dc.description (描述) 99961011 zh_TW dc.description (描述) 101 zh_TW dc.description.abstract (摘要) 行動應用軟體具備適地性、即時性、主動性,可以提供個人化的便利服務。智慧手機普及率上升,亦將帶動行動電子商務風潮,但是消費者對於隱私安全方面的顧慮,卻是推動之阻力。行動應用軟體暗藏隱私隱憂,可能輕易截取隱私資料,包括行動裝置代碼、帳號密碼、文字訊息、照片、影音、連絡資料、行事曆資料、歷史接聽紀錄、網路使用習慣、地理定位資料等。這些隱私資料是屬於我國個資法第二條「其他得以直接或間接方式識別該個人之資料」,為個資法保護之範圍。手機用戶隱私資訊外洩問題層出不窮,歐盟和美國之爭議案例頻仍,遂於近年陸續提出相關法案和隱私保護措施。歐盟為全方位式立法,著重政府主導功能;美國是部門式規範模式,尊重產業自律。為解決各國或國際組織之個資隱私保護規範不一致問題,透過信賴標章的產業自律規範,發展成為具有效力之民間保護標準,甚至是國家標準,進而與國際標準接軌,至少可為企業降低遵守法規所投入之成本。標準是可以用來捍衛國內產業競爭力,在國際市場競爭具有相當之重要性。國際標準組織的運作通常採共識決,強調嚴謹和透明化;需要在產業和政府支持下,累積國際標準制定經驗,長期堅持投入,始得取得領先主導標準之先機。最受到矚目的行動軟體隱私標準「不被追蹤」,因與廣告商利益衝突,W3C遲遲不能通過標準定案。在各國行動應用軟體隱私保護規範尚未完備之際,透過國際標準組織、區域組織和產業組織等自律發展,形成隱私保護標準,可彌補相關法令規範未及之處。建議自法規、隱私標準和隱私標章認證方面推動個資與隱私保護,朝向政府管制和產業自律併進之模式發展。國際行動應用軟體標準發展雖尚在萌芽階段,相關產業仍須密切關注。在科技推陳出新的時代中,個資和隱私保護法制總是趕不上科技變遷,為避免問題反覆發生,標準制定推動者、立法者和執法者皆需與時俱進。 zh_TW dc.description.abstract (摘要) Mobile applications featured with localization, instant responsiveness and proactivenss can provide convenient and personalized services. The widespread adoption of smart phones may drive the next wave of m-commerce(mobile e-commerce), and however, consumer privacy fears limit the growth of m-commerce.There are concerns over privacy leaks that mobile applications can easily access to privacy-sensitive data, such as UDID, ID/password, text messages, photos, videos, address book, calendar, historical phone records, on-line behavior, geolocation, etc. The privacy information mentioned above should have been covered under Article 2 of Taiwan Personal Information Protection Act “other information which may be used to identify a natural person, both directly and indirectly”.In response to the increasing privacy leaks in mobile devices and law disputes, privacy protection measures and regulations have been proposed or enforced these years in European Union countries and the United States. European Union establishes a comprehensive legislation focused on government-centric functions, while the United States uses a sectoral approach that relies on industry self-regulation. In order to solve the inconsistent privacy regulations within countries and international organizations, one effective way is to promote privacy seals certified through industry self-regulation, and furthermore, develop to be industry standards, and national standards in line with international standards, and that can at least help enterprises reduce costs for responses to the mandatory regulations.Standards can be a means to safeguard industrial competitiveness, and are considered to be critically important to outcompete international trade markets. International standard bodies normally use consensus-building process, highlighted with impartiality and transparency. With supports from industry and government on accumulating experiences in international standard setting, and long-term inputs in participation, aim at competing for market dominance. The catching debate over digital advertisers interests to nail down the long overdue Do Not Track standard continues at W3C. While awaiting privacy regulations for mobile applications, self-regulation can be developed within international standard bodies, regional organizations, industry consortia, and privacy protection standards can help patch up the inadequacy of existing regulations.It is recommended to promote protection of personal data and privacy from aspects of regulations, privacy standards, and privacy seal certification, toward a model combined with government regulation and industry self-regulation. Mobile apps standards are still at the initiative stage, and therefore, the related industries should watch closely. Following by the advancement of technology with each passing day, personal data regulations and privacy laws are in danger of lagging behind technological change. In order to prevent recurring problems, standard setters, regulators, and executors should keep pace with the times. en_US dc.description.tableofcontents 第一章 緒論 1 第一節 研究範圍與架構 1 第一項 研究範圍 1 第二項 研究架構 2 第二節 研究方法 2第二章 行動應用軟體與資訊隱私 4 第一節 資訊隱私 4 第二節 行動應用軟體與隱私保護 6 第三節 行動軟體侵犯隱私問題 9 第一項 不當取得隱私資料問題 9 第二項 行動上網行為追蹤問題 11 第三項 行動應用軟體侵犯隱私案例 13第三章 隱私保護標準組織發展與挑戰 16 第一節 產業自律、標準與法規 16 第二節 隱私保護相關標準組織 21 第一項 BSI 21 第二項 IETF 23 第三項 ISO 27 第四項 ITU-T 34 第五項 PCI SSC 37 第六項 OASIS 38 第七項 W3C 41 第八項 TCG 46 第九項 GSMA 47 第十項 MEF 48 第三節 隱私保護標準發展之挑戰 49 第一項 標準制定之複雜性 49 第二項 標準發展生命循環 51 第三項 標準發展之鴻溝 52 第四節 隱私保護標準爭議案例 52第四章 隱私保護標準 55 第一節 個人資料保護標準 55 第一項 個資管理系統標準 55 第二項 隱私架構標準 57 第三項 身分隱私保護標準 58 第四項 生物辨識資料保護標準 59 第二節 網際網路隱私保護標準 60 第三節 資訊系統隱私保護標準 61 第一項 智慧交通系統隱私保護標準 61 第二項 ICT學習系統隱私保護標準 61 第四節 金融隱私保護標準 62 第五節 醫療隱私保護標準 64 第一項 ISO 22857:2004 65 第二項 ISO/TS 25237:2008 65 第三項 ISO/TS 21547:2010 66 第四項 ISO/TS 13582:2013 67 第五項 OASIS醫療隱私標準 67 第六項 蘇格蘭國民保健服務行動資料保護標準 67 第六節 Web隱私保護標準 68 第七節 雲端隱私保護標準 69 第八節 行動RFID服務隱私保護標準 70 第九節 行動隱私保護標準 71第五章 行動應用軟體隱私保護標準 73 第一節 不被追蹤隱私標準 73 第一項 FTC不被追蹤隱私標準建議 73 第二項 W3C不被追蹤隱私標準 74 第三項 Google和Apple不被追蹤隱私標準 77 第二節 地理定位隱私保護標準 78 第一項 W3C地理定位隱私標準 80 第二項 IETF地理位置隱私和展現架構隱私標準 80 第三節 行動金融隱私標準 81 第四節 行動應用軟體隱私標準倡議 83 第一項 W3C行動Web倡議 83 第二項 GSMA行動應用發展隱私設計指南 84 第三項 MEF行動應用軟體隱私倡議 85第六章 結論與建議 87 第一節 行動應用軟體隱私標準發展趨勢 87 第一項 國際隱私標準發展趨勢 87 第二項 隱私保護標準之全球化發展 88 第三項 行動應用軟體隱私保護標準之折衝發展 90 第四項 行動應用軟體隱私保護標準有助因應法規 92 第二節 我國發展個資管理標準與國際接軌 93 第三節 對我國行動軟體隱私保護法制之建議 96參考文獻 99 zh_TW dc.format.extent 1220246 bytes - dc.format.mimetype application/pdf - dc.language.iso en_US - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0099961011 en_US dc.subject (關鍵詞) 資訊隱私 zh_TW dc.subject (關鍵詞) 行動應用軟體 zh_TW dc.subject (關鍵詞) 隱私標準 zh_TW dc.subject (關鍵詞) Information Privacy en_US dc.subject (關鍵詞) Mobile Applications en_US dc.subject (關鍵詞) Mobile Apps en_US dc.subject (關鍵詞) Privacy Standards en_US dc.title (題名) 行動應用軟體隱私保護標準研究 zh_TW dc.title (題名) Study on Mobile Application Privacy Protection Standards en_US dc.type (資料類型) thesis en dc.relation.reference (參考文獻) 英文文獻1.Abdelmounaam Rezgui, Mourad Ouzzani, Athman Bouguettaya, Brahim Medjahed, Preserving Privacy in Web Services, Proceedings of the 4th international workshop on Web information and data management, November 20022.Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android Permissions:User Attention, Comprehension, and Behavior, Proceedings of the Eighth Symposium on Usable Privacy and Security, July 20123.Ali Grami and Bernadette H. Schell, Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges, Proceedings Second Annual Conference on Privacy, Security and Trust, October 13~15, 20044.Andre Charland, Brian LeRoux, Mobile Application Development: Web vs. Native, Association for Computing Machinery, Volume 9, Issue 4, April 20115.A standard for standards – Principles of standardization, http://www.bsigroup.com/Documents/standards/bs0-pas0/BSI-BS0-Standard-for-Standards-UK-EN.pdf, BSI Standards Publication, 20116.Biometrics and Standards, ITU-T Technology Watch Report, December 20097.Bob Toth, Putting the U.S. standardization system into perspective: new insights, StandardView Vol. 4, No. 4, December 19968.D. Cracker , "Making standards the IETF Way" in ACM StandardView, Vol.1, No.1, September 19939.David Wright, Should privacy impact assessments be mandatory?, Communications of the ACM , Volume 54 Issue 8, August 201110.Davies, Simon,“Monitor: Extinguishing Privacy on the Information Superhighway”, Pan Macmillan, Sydney, 199611.E-health Standards and Interoperability, ITU-T Technology Watch Report, April 201212.Emre Yildirim, Mobile Privacy: Is There An App For That? On smart mobile devices, apps and data protection, 201213.Hans Löhr, Ahmad-Reza Sadeghi, Marcel WinandySecuring the E-Health Cloud, IHI `10 Proceedings of the 1st ACM International Health Informatics Symposium, 201014.Haris Hamidovic, JOnline: An Introduction to the Privacy Impact Assessment Based on ISO 223, ISACA, Volume 4, 2010, http://www.isaca.org/Journal/Past-Issues/2010/Volume-4/Pages/JOnline-An-Introduction-to-the-Privacy-Impact-Assessment-Based-on-ISO22307.aspx15.Heejin Lee, Sangjo Oh, The political economy of standards setting by newcomers:China’s WAPI and South Korea’s WIPI, Telecommunication Policy 32, ScienceDirect, 200816.HL7 Europe Newsletter , May 201317.Ian Reay, Scott Dick, and James Muller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, Transactions on the Web (TWEB) , Volume 3 Issue 2, Article 6, April 200918.Ivo Salmre, Writing Mobile Code: Essential Software Engineering for Building Mobile Applications, Addison-Wesley Professional, 200519.John Martin Ferris, Privacy Impact Assessment, The ISO PIA Standard for Financial Services, Law, Governance and Technology Series , Volume 6, Springer Netherland, 201220.Jonathan A. Morell and Selden Stewart, Standards Development for Information Technology: Best Practices for the United States, StandardView Vol. 4, No. 1, March 199621.Kobayashi, M. and Takeda, K, Information retrieval on the web, ACM Computing Surveys (ACM Press) 32 (2), 200022.Matthias Finkbeiner, Atsushi Inaba, Reginald Tan, Kim Christiansen, Hans-Jürgen Klüppel, The New International Standards for Life Cycle Assessment: ISO 14040 and ISO 14044, The International Journal of Life Cycle Assessment, Volume 11, Issue 2, March 200623.Mobile Applications, ITU-T TechWatch Alert, 1, July 200924.Robert M. Gellman, Can Privacy Be Requlated Effectively on a National Level? Thoughts on the Possible Need for International Privacy Rules, Villanova Law Review, Vol. 41, Iss. 1, Art. 2, 199625.Robert P. Minch, Privacy Issues in Location-Aware Mobile Devices, Proceedings of the 37th Hawaii International Conference on System Sciences, 200426.Ronald Dworkin, Liberty and Liberalism, In Taking Rights Seriously, Cambridge, NA:Harvard University Press, 197727.Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, August 200628.Shane Greenstein, Victor Stango, Standards and Public Policy, Cambridge University Press, 200729.Shirley Chan, Heejin Lee, Sangjo Oh, An International Mobile Security Standard Dispute: From the Actor—Network Perspective, Designing Ubiquitous Information Environments: Socio-Technical Issues and Challenges, IFIP — The International Federation for Information Processing Volume 185, 200530.Stephen T. Kent, Internet Privacy Enhanced Mail, Communications of the ACM , Volume 36 Issue 8, August 199331.The Inadequacy of Self Regulation within the Internet Behavioral Advertising Industry, Brooklyn Journal of Corporate, Financial & Commercial Law, 7 Brook. J. Corp. Fin. & Com. L. 277, Fall 201232.Warren and Brandeis,“The Right to Privacy”, Harvard Law Review, Vol. IV, December 15, 189033.Warwick Ford, Advances in Public-key Certificate Standards, SIGSAC Review , Volume 13 Issue 3, July 1995中文文獻1.Web Services的應用與省思,鼎新電腦企業通電子報,第46期,2003年8月。2.刁仁國,淺論美國與歐盟《乘客姓名記錄(PNR)協議》對我國國境執法的啟示第一屆「國境安全與人口移動」學術研討會,2007年。3.立法院三讀通過「個人資料保護法」,法務部新聞稿,法務部法律事務司,2010年4月27日。4.行動上網將成主流,比PC革命更偉大,遠見雜誌2011年1月號 第295期。5.李兆國,標準制定組織及標準專利權之爭議,2003年12月。6.李震山,電腦處理個人資料保護法之回顧與前瞻,中正法學集刊第14期,2003年12月。7.周慧蓮,隱私標準保護爭議之國際化,月旦法學雜誌第104期,2004年1月。8.邱文聰,從資訊自決與資訊隱私的概念區分 - 評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌No.168,2009年5月。9.翁清坤,論個人資料保護標準之全球化,東吳法律學報第22卷第1期,2010年。10.財團法人工業技術研究院,經濟部商業交易安全認證前瞻技術研發與應用委外案 網路交易安全問題及企業應變架構之研究期末報告,2009年12月。11.財團法人中華民國國家資訊基本建設產業發展協進會,深入國際標準化組織,產業技術標準活絡及推廣委辦計畫,經濟部標準檢驗局,2009年6月。12.財團法人資訊工業策進會,符合W3C標準之網頁製作基本指引結構篇 - XHTML1.0,2006年10月。13.許孝萱,行動RFID私密性研究,2008年6月。14.陳起行,資訊隱私法理探討 - 以美國法為中心,政大法學評論,第64期,2000年12月。15.湯亦敏,標準制定組織之智慧財產保護政策及競爭法問題探討,2006年6月。16.葉英秋,論個人隱私與公共利益-以警察資料之取得與運用為中心,2008年。17.詹文男暨MIC研究團隊,2012資通訊產業發展十大趨勢,財團法人資訊工業策進會產業情報研究所(MIC),2012年。18.廖緯民,論搜尋引擎的隱私權威脅,月旦民商法雜誌第24期。19.劉靜怡,資訊隱私權保護的國際化爭議 – 從個資保護體制的規範到國際貿易規範的適用,月旦法學雜誌,第86期,2002年。20.劉靜怡,網際網路時代的資訊使用與隱私權保護規範:個人、政府與市場的拔河,資訊管理研究第四卷第三期,2002年11月。21.樊國禎、黃健誠,「後檯實名,前檯匿名」與隱私架構初探:根基於ISO/IEC 29100:2011-12-15 標準系列,網路通訊國家型科技計畫簡訊,第50期,2013年4月。22.蕭文生譯,關於「1983年人口普查法」之判決 - 聯邦憲法法院判決第65輯第1頁以下,西德聯邦憲法法院裁判選輯(一),司法院,1990年10月。中文網站部份1."金錢損失"和"隱私洩露" 網路安全亂象如何治?,解放日報,2013年2月13日,http://www.ce.cn/cysc/tech/07hlw/guonei/201302/13/t20130213_21336538.shtml。2.10萬隱私地雷!近三成Android應用程式越矩取個資,2012年11月5日 ,http://news.cnyes.com/Content/20121105/KFNV4RYTE6QW7.shtml。3.2012中華民國電子商務年鑑:環境篇,http://eccommerceenvironment.blogspot.tw/2012/11/blog-post_9665.html。4.BS 10012個資保護標準的10大實務作法,http://www.ithome.com.tw/itadm/article.php?c=62797&s=4。5.Continua Health Alliance,360°科技,2008年8月4日, http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=10&Cat=20&Cat1=&id=100637#ixzz2VE8jkR1D。6.Gartner選出2012年十大消費性無線行動應用,2009年12月24日, http://www.ctimes.com.tw/DispNews/tw/LBS/NFC/Gartner/0911241813BO.shtml。7.GSMA行動經濟報告:全球行動數據營收於2017年超越語音營收,數位時代網站,2012年2月26日, http://www.bnext.com.tw/article/view/cid/128/id/26698http://www.bnext.com.tw/article/view/cid/128/id/26698。8.LBS結合多元行動應用 再創「打卡」新商機,DIGITIMES中文網,2012年1月18日, http://www.digitimes.com.tw/tw/things/shwnws.asp?cnlid=15&cat=10&cat1=15&id=0000268484_MMX5XIBW715TLV5CCR8QW#ixzz2VKFekulW。9.TSM平台過關,五銀行卡位搶手機信用卡商機,MoneyDJ 財經知識庫,2013年1月24日,http://www.moneydj.com/kmdj/news/NewsViewer.aspx?a=81b2d9a1-786c-45a2-96b8-d08b5726b294#ixzz2cOJlNSuI。10.プライバシーマーク制度,http://privacymark.jp/privacy_mark/about/outline_and_purpose.html。11.中美就WAPI申請國際標準達成一致,2009年6月16日,http://news.mydrivers.com/1/137/137274.htm。12.王忠,美國網路隱私保護框架之啟示,中國科學基金第2期,頁99~100,http://pub.nsfc.gov.cn/sficcn/ch/reader/view_abstract.aspx?file_no=201302099&flag=1。13.加拿大與荷蘭指控WhatsApp侵犯個人隱私,2013年1月29日,http://www.ithome.com.tw/itadm/article.php?c=78611。14.行動支付產業鏈 安全環環相扣,2013年4月9日,http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7393。15.洪羿漣,透過認證標章減輕法律風險 因應個資規定 適法性最要緊,2012年9月3日, http://www.netadmin.com.tw/article_content.aspx?sn=120828000916.面對個資風暴 善設資訊管理機制,DAF 2012 個資防護與網路安全應用研討會,2012年8月27日, http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051A10816&id=0000299295_IFS1RCXBL6BR1O4ZCN1QZ。17.個人資料保護法Q&A-從NFC手機談個人資料的管制(上),2011年10月1日,http://www.is-law.com/post/4/765;個人資料保護法Q&A-從NFC手機談個人資料的管制(中),2011年10月4日,http://www.is-law.com/post/4/766;個人資料保護法Q&A-從NFC手機談個人資料的管制(下),2011年10月7日,http://www.is-law.com/post/4/767。18.個資法兩階段施行,經建會網站,2012年10月24日,http://www.cepd.gov.tw/m1.aspx?sNo=0017751&ex=2。19.個資法通過 誰有可能成為受惠產業?資安人科技網,2010年6月28日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=5786。20.財團法人台灣網路資訊中心,2011年IETF第82次台北會議活動說明書, http://www.ietf82.tw/2011_IETF82_Taipei-final-chn.pdf,2011年。21.財團法人臺灣網路資訊中心新聞稿,2012年7月9日,http://www.twnic.net.tw/NEWS4/119.pdf。22.高易中,以Web技術建立跨行動平台APP, RUN!PC網站,2013年1月9日,http://www.runpc.com.tw/content/content.aspx?id=109324。23.許舜喨,以新修正個人資料保護法探討病歷資料之保護,2013年02月18日,http://www.ibmi.org.tw/client/ReportDetail.php?REFDOCTYPID=0lgfj8ve17pfj9w5&REFDOCID=0miejmapz7bntxai。24.國家資通安全會報,國際個資保護發展趨勢與標準規範,2012年4月,http://www.icst.org.tw/docs/Fup/%E8%AD%B0%E9%A1%8C%E4%B8%80%EF%BC%9A%E5%9C%8B%E9%9A%9B%E5%80%8B%E8%B3%87%E4%BF%9D%E8%AD%B7%E7%99%BC%E5%B1%95%E8%B6%A8%E5%8B%A2%E8%88%87%E6%A8%99%E6%BA%96%E8%A6%8F%E7%AF%84-%E6%9B%B4%E6%96%B0%E7%89%88.pdf。25.許多安卓手機軟體 竊用戶隱私,中央社,2013年3月16日,http://tw.news.yahoo.com/%E8%A8%B1%E5%A4%9A%E5%AE%89%E5%8D%93%E6%89%8B%E6%A9%9F%E8%BB%9F%E9%AB%94-%E7%AB%8A%E7%94%A8%E6%88%B6%E9%9A%B1%E7%A7%81-124426037--finance.html。26.虛實緊密結合的SoLoMo時代來臨,你準備好了嗎?http://emf.migosoft.com/case/case122.html。27.新版個資法預計10月正式上路,資訊工業策進會新聞中心,2012年8月8日,http://www.iii.org.tw/service/3_1_1_c.aspx?id=1037。28.運用個資遮罩,為重要個資穿上金鐘罩- 既保護個資,也讓作業流程不打結,2012年12月19日,http://www.ithome.com.tw/privacylaw/article/77886。29.廖珮君,TPIPAS開放輔導權 未來有機會成為國家標準?! 資安人,2012年10月8日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7087。30.簡榮宗,追蹤式廣告與個人資料保護的分界,台灣法律網,http://www.lawtw.com/article.php?template=article_content&area=free_browse&parent_path=,1,561,&job_id=186137&article_category_id=200&article_id=107773。英文網站部份1.A High Level Reference Architecture for Mobile Health, GSMA, March 29, 2012, http://www.gsma.com/connectedliving/wp-content/uploads/2012/03/mobilearchitectureinteractive241111.pdf2.Alex Simonelis, A Concise Guide to the Major Internet Bodies, Magazine Ubiquity, Feburary 2005, http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=10719153.Anderson, Chris, The Long Tail, Wired Magazine, 12.10, October 2004, http://www.thelongtail.com/about.html 4.Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, On the deployment of Mobile Trusted Modules, http://sit.sit.fraunhofer.de/smv/publications/download/MTM_deployment_paper.pdf5.Apple Accused in Suit of Tracking IPad, IPhone User Location , April 26, 2011, http://www.bloomberg.com/news/2011-04-25/apple-accused-in-suit-of-tracking-ipad-iphone-user-location-1-.html6.Apple Beefs Up Privacy Protections In iOS 7, June13, 2013, http://www.mediapost.com/publications/article/202222/apple-beefs-up-privacy-protections-in-ios-7.html#ixzz2W4zRaWQr7.Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID, August 19, 2011, http://techcrunch.com/2011/08/19/apple-ios-5-phasing-out-udid/8.Armin Hornung, Gleb Krivosheev, Noor Singh, Jeff Bilger, Standards War, CSEP 590A: History of Computing, Autumn 2006, http://www.cs.washington.edu/education/courses/csep590/06au/projects/standards-wars.pdf9.Bill would put mobile app vendors on the hook for privacy in US, May 10, 2013, http://www.computerworlduk.com/news/networking/3446597/bill-would-put-mobile-app-vendors-on-the-hook-for-privacy/10.Boris Segalis, Mobile Location Privacy Opinion Adopted by Europe’s WP29, May 19, 2011, http://www.infolawgroup.com/2011/05/articles/data-privacy-law-or-regulation/mobile-location-privacy-opinion-adopted-by-europes-wp29/11.CEN BOSS(Business Operations Support System), http://www.cen.eu/boss/supporting/Guidance%20documents/GD026%20-%20Standards%20and%20Regulations/Pages/default.aspxhttp://www.ithome.com.tw/itadm/article.php?c=7861112.Chantal Tode, FTC wants mobile firms to do more to protect consumer privacy, February 5, 2013, http://www.mobilemarketer.com/cms/news/legal-privacy/14723.html13.Chris Brook, FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices, February 4, 2013 , http://threatpost.com/ftc-endorses-new-privacy-guidelines-do-not-track-mobile-apps-devices-020413/14.http://clicktoverify.truste.com/pvr.php?page=validate&url=www.travelzoo.com&sealid=102&lang=zh-tw 15.Cloud Security Alliance Announces Key Initiative in Development of Cloud Security Standards in Partnership with ISO/IEC, 2011 CSA Press Release, April 20, 2011, https://cloudsecurityalliance.org/csa-news/key-initiative-in-development-of-cloud-security-standards-in-partnership-with-isoiec/16.Colin Bennett, An International Standard for Privacy Protection: Objections to the Objections, Jurisdiction II: Global Networks/Local Rules, Internet Law and Policy Forum, September 11~12, 2000, http://www.ilpf.org/events/jurisdiction2/presentations/bennett_pr/#f217.Colleen Frye, A look at the W3C’s mobile Web application best practices, January 2011, http://searchsoa.techtarget.com/tip/A-look-at-the-W3Cs-mobile-Web-application-best-practices18.Daneil Castro, Benefits and Limitations of Industry Self-Regulation for Online Behavioral Advertising, The Information Technology & Innovation Fundation, December 2011, http://www.ntia.doc.gov/files/ntia/2011-self-regulation-online-behavioral-advertising.pdf19.Durlak, Jerry, “Privacy and Security”, Communication for Tomorrow, http://renda.colunato. yorku.ca/com4tomo/1296.html20.European data protection authorities publish their joint opinion on mobile apps, Press Release, ARTICLE 29 DATA PROTECTION WORKING PARTY, 14 March, 2013, http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/20130314_pr_apps_mobile_en.pdf21.First California lawsuit over mobile privacy issues crashes, May14, 2013, http://www.computerworlduk.com/news/public-sector/3447146/first-california-lawsuit-over-mobile-privacy-issues-crashes/?intcmp=rel_articles;ntwrkng;link_122.First FTC Privacy Action Against Mobile App Publisher Alleging COPPA Violation Results in $50,000 Settlement, August 2011, http://digilaw.edwardswildman.com/blog.aspx?entry=3813 1523.FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers, December 1, 2010, http://www.ftc.gov/opa/2010/12/privacyreport.shtm24.FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures, Released by FTC, Feburary 1, 2013, http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm25.Galen Gruman, http://www.infoworld.com/d/mobile-technology/3-easy-steps-more-secure-iphone-or-ipad-204930, October 16, 201226.Gartner Highlights Top Consumer Mobile Applications and Services for Digital Marketing Leaders, October 11, 2012, http://www.gartner.com/newsroom/id/219411527.Geolocation API Specification, http://dev.w3.org/geo/api/spec-source.html#security28.Geolocation Privacy Legislation, April 10, 2013, http://www.gps.gov/policy/legislation/gps-act/29.GlobalPlatform and TCG to work on mobile security standards, July 3, 2012 http://www.nfcworld.com/2012/07/03/316640/globalplatform-and-tcg-to-work-on-mobile-security-standards/30.Google Calls for International Standards on Internet Privacy, September 15, 2007, http://www.washingtonpost.com/wp-dyn/content/article/2007/09/13/AR2007091302248.html31.Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin, Siemens Networks GmbH Co KG, The IETF Geopriv and Presence Architecture Focusing on Location Privacy, October 18, 2006, http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv/Hans J. Kleinsteuber, Self-regulation, Co-regulation, State Regulation, http://www.osce.org/fom/1384434.How Mobile Apps are Invading Your Privacy Infographic, May 31, 2012, http://www.veracode.com/blog/2012/05/how-mobile-apps-are-invading-your-privacy-infographic/35.How secure is your personal health information? ISO provides guidelines for health care organizations, ISO news, September 29, 2004, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref93436.http://ec.europa.eu/justice/data-protection/document/international-transfers/binding-corporate-rules/index_en.htm 37.http://en.wikipedia.org/wiki/Privatus38.http://isotc.iso.org/livelink/livelink?func=ll&objId=8862396&objAction=browse&sort=name39.http://standards.ieee.org/develop/40.http://uddi.xml.org41.http://welcome.hp.com/country/tw/zh/privacy/p3p_popup.html42.http://www.bsigroup.tw/;http://www.bsigroup.com43.http://www.cgmopen.org44.http://www.dcml.org45.http://www.ehealth.scot.nhs.uk/46.http://www.gs1tw.org/twct/web/gs1_wordshowdetail.jsp?MID=DT20060606847.http://www.gsma.com48.http://www.hl7.org.tw/about.htm49.http://www.hl7.org/implement/standards/index.cfm?ref=nav50.http://www.hl7.org/implement/standards/nocost.cfm51.http://www.ietf.org52.http://www.iso.org53.http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/jtc1_home/jtc1_sc37_home.htm54.http://www.itu.int55.http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx56.http://www.legalxml.org57.http://www.mefmobile.org/about-mef58.http://www.mefmobile.org/activities-and-analytics/analytics/global-privacy-survey-201359.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/ASC_X960.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/webinar-driving-mobile-security-standards-in-m-commerce61.http://www.oasis-pki.org/62.http://www.rsa.com/rsalabs/node.asp?id=230663.http://www.tpipas.org.tw64.http://www.truste.com/consumer-privacy/about-oba/65.http://www.trustedcomputinggroup.org/about_tcg66.http://www.w3.org/67.http://www.w3.org/2005/10/Process-20051014/tr68.http://www.w3.org/TR/mwabp/69.http://www.w3.org/TR/ws-arch/#whatis70.https://cloudsecurityalliance.org/research/mobile/71.https://www.oasis-open.org72.https://www.pcisecuritystandards.org73.https://www.x9.org/about/74.Industry Renews Plea To Keep "Do Not Track" Off By Default, April 29, 2013, http://www.adexchanger.com/online-advertising/industry-renews-plea-to-set-do-not-track-off-by-default/ 75.Inside iOS 5: privacy change kills app developers` access to UDID, 19 August, 2011, http://appleinsider.com/articles/11/08/19/inside_ios_5_privacy_change_kills_app_developers_access_to_udid76.ISO 22857:2004, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=3652277.ISO/IEC 15944-8:2012(E) Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions, first edition 2012/04/0178.ISO/IEC 24745:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5294679.ISO/IEC 24760, first Edition 2011/12/15, http://webstore.iec.ch/preview/info_isoiec24760-1%7Bed1.0%7Den.pdf80.ISO/IEC 24760-1:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5791481.ISO/IEC 27018, http://www.iso27001security.com/html/27018.html82.ISO/IEC 29100:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4512383.ISO/IEC 29176 Information technology — Mobile item identification and management — Consumer privacy-protection protocol for Mobile RFID services, first edition 2011/10/1584.ISO/IEC 29176:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4525585.ISO/IEC 29187-1 ed1.0, Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET) -- Part 1: Framework and reference model86.ISO/IEC 29187-1:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4526687.ISO/IEC Directives Supplement — Procedures specific to JTC 1, First edition, 201088.ISO/IEC Directives, Part 1, Ninth edition, 2012, http://www.iec.ch/members_experts/refdocs/iec/isoiecdir-1%7Bed9.0%7Den.pdf89.ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems90.ISO/TC 68 Financial services, http://www.iso.org/iso/iso_technical_committee.html?commid=4965091.ISO/TR 12859:2009, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5205292.ISO/TS 13582:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5403793.ISO/TS 21547:2010, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4447994.ISO/TS 25237:2008, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4280795.Jason Cipriani, How to control Your Privacy Settings on iOS 6, http://howto.cnet.com/8301-11310_39-57507698-285/how-to-control-your-privacy-settings-on-ios-6/, September 19, 201296.Jim Brock, Do Not Track arrives for mobile apps, courtesy of Apple and Google (really) , September 27, 2012 , http://blog.privacychoice.org/2012/09/27/do-not-track-arrives-for-mobile-apps-courtesy-of-apple-and-google-really/97.John J. Altorelli and Amy L. Rosenberg , California Enacts Nation’s First State Online Privacy Protection Act, December 2003, http://www.paulhastings.com/Resources/Upload/Publications/256.pdf98.Kai Rannenberg , A framework for identity management (ISO/IEC 24760) , Mobile Business & Multilateral Security, June 2006, http://fg-secmgt.gi.de/fileadmin/gliederungen/fb-sec/Workshops_neu/WS_2012-06_IdentityMgmt/6_Rannenberg_framework_for_identity_management.pdfKaty Bachman, What Exactly Does `Do Not Track` Mean? Digital Advertising Alliance is fighting misinformation, May 6, 2013, http://www.adweek.com/news/technology/what-exactly-does-do-not-track-mean-14914999.Location-based mobile services are profiting but need to do more to ease privacy fears, March 22, 2013, http://www.computerworlduk.com/news/mobile-wireless/3346389/location-based-mobile-services-are-profiting-but-need-ease-privacy-fears/Mathew J. Schwartz, W3C Proposes Do Not Track Privacy Standard, November 14, 2011, http://www.informationweek.com/security/privacy/w3c-proposes-do-not-track-privacy-standa/231902974100.MEF joins ASC X9 to develop essential standards for advancing Mobile Commerce (M-Commerce) in the US, May 10, 2011, http://www.mefmobile.org/News/mef-news/21/mef-joins-asc-x9-to-develop-essential-standards-for-advancing-mobile-commerce-m-commerce-in-the-us101.MEF launches App Privacy Initiative to build Consumer Trust around User Data Collection , April 25, 2012, http://www.mefmobile.org/News/mef-news/197/mef-launches-app-privacy-initiative-to-build-consumer-trust-around-user-data-collection102.MEF tackles Mobile Threats and Security implications as next phase of its m-Commerce Initiative, May 14, 2012, http://internetretailing.net/2012/05/mef-tackles-mobile-threats-and-security-implications-as-next-phase-of-its-m-commerce-initiative/103.Mike Clendenin, ISO rejects China`s WLAN standard, December 3, 2006, http://www.eetimes.com/electronics-news/4059133/ISO-rejects-China-s-WLAN-standard104.Minutes of JTC1 Ad Hoc Meeting, January 19, 2012, https://mentor.ieee.org/802.11/dcn/12/11-12-0199-00-0jtc-jacksonville-minutes-jan-2012.doc105.Mobile and Privacy, GSM Association 2012, February 2012, http://www.gsma.com/publicpolicy/wp-content/uploads/2012/03/gsmaprivacydesignguidelinesformobileapplicationdevelopmentv1.pdfMobile App Developers: Start with Security, February 2013, http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security106.Mobile Apps Developer Settles FTC Charges It Violated Children`s Privacy Rule, August 15, 2011, http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm107.Mobile Privacy Disclosures:Building Trust Through Transparency , FTC Staff Report, February 2013, http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pd108.Mobile Web Standards (OMA, BONDI, GSMA OneAPI, HTML5), https://developer.att.com/developer/tierNpage.jsp?passedItemId=2400412109.Opinion 02/2013 on apps on smart devices, ARTICLE 29 DATA PROTECTION WORKING PARTY, Adopted on February27, 2013, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf110.P3P and Privacy:An Update for the Privacy Community, March 2009, http://www.ipc.on.ca/images/Resources/p3p.pdf111.Paper, Plastic... or Mobile? An FTC Workshop on Mobile, March 2013, Paymentshttp://www.ftc.gov/os/2013/03/130306mobilereport.pdf112.Pareto principle, http://www.businessdictionary.com/definition/Pareto-principle.html113.PCI Mobile Payment Acceptance Security Guidelines for Developers, September 2012, https://www.pcisecuritystandards.org/documents/Mobile_Payment_Security_Guidelines_Developers_v1.pdf114.PCI Security Standards Council Releases Gudiance for Merchants on Mobile Payment Acceptance Security, February 14, 2013, https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf115.Peter Fleischer , The need for global privacy standards, September 14, 2007, http://portal.unesco.org/ci/fr/files/25452/11909026951Fleischer-Peter.pdf/Fleischer-Peter.pdf116.Privacy Requirements for Mobile Services, Approved Version 1.0.1 – 07 Aug 2007, http://technical.openmobilealliance.org/technical/release_program/docs/Privacy/V1_0-20070807-A/OMA-RD-Privacy-V_1_0_1-20070807-A.pdf117.Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25.1.2012, COM(2012) 11 final, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf118.Rockefeller Reintroduces, Do Not Track Act Privacy heats up again in Congress , Febuary 28, 2013, http://www.adweek.com/news/technology/rockefeller-reintroduces-do-not-track-act-147610119.Ron Kim, Trusted Platform Module and Privacy:Promises and Limitations, http://www.cs.auckland.ac.nz/compsci725s2c/archive/termpapers/skim.pdf120.Rajnish Tiwari1, Stephan Buse and Cornelius Herstatt, From Electronic to Mobile Commerce: Technology Convegence Enables Innovative Business Services, http://www.mobile-prospects.com/publications/files/E2M-Commerce.pdf121.Richard Santalesa , W3C Publishes Draft “Do-Not-Track” Standard, November 18, 2011, http://www.infolawgroup.com/2011/11/articles/privacy-law/w3c-publishes-draft-donottrack-standards/122.S. Thrum and Y. Kane, Your Apps are Watching You, Wall Street Journal, http://online.wsj.com/, 2010123.Scott Bradner, IETF Structure and Internet Standards Process, 62nd IETF, March 2005, http://www.ietf.org/newcomers.html124.Standards for Web Applications on Mobile: current state and roadmap, May 2012, http://www.w3.org/2012/05/mobile-web-app-state/125.The History of the Do Not Track Header, January 21, 2011, http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html126.TECH SENSE: What “Do Not Track” Means for Advertisers, February 21, 2013, http://blog.pointroll.com/aducation/tech-sense-what-do-not-track-means-for-advertisers/ 127.ITU-T Report, “Measuring and Reducing the Standards Gap” , December 4, 2009, http://itu.int/en/ITU-T/gap128.The Application Privacy, Protection, and Security (APPS) Act of 2013 (Discussion Draft), http://hankjohnson.house.gov/sites/hankjohnson.house.gov/files/documents/APPS_Act_Key_Provisions.pdf 129.The APPS Act – a proposal to protect users’ mobile privacy, May 17, 2013, http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/130.The New Firefox Cookie Policy, Feburary 22, 2013, http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/131.The Rise of China in Technology Standards: New Norms in Old Institutions, January 16, 2013, http://origin.www.uscc.gov/sites/default/files/Research/RiseofChinainTechnologyStandards.pdf132.Tracking Preference Expression (DNT), W3C Working Draft, April 30, 2013, http://www.w3.org/TR/2013/WD-tracking-dnt-20130430/133.United States of America (For the Federal Trade Commission), Plaintiff, v. Path, Inc., Defendant (United States District Court for the Northern District of California, San Francisco Division), Case No. C 13 0448, FTC File No. 122 3158, http://www.ftc.gov/opa/2013/02/path.shtm134.United States of America, Plaintiff v. W3 Innovations, LLC, also d/b/a Broken Thumbs Apps, and Justin Maples, individually and as an officer of W3 Innovations, LLC, Defendants (United States District Court for the Northern District of California) Case No. CV-11-03958-PSG, FTC File No. 102 3251, http://ftc.gov/os/caselist/1023251/135.US regulators probe mobile app developing firms over violation of children`s privacy, http://appdev.cbronline.com/news/us-regulators-probe-mobile-app-developing-firms-over-violation-of-childrens-privacy-111212, December 11, 2012136.W3C Workshop: Do Not Track and Beyond, November 26~27, 2012, http://www.w3.org/2012/dnt-ws/report137.Why Europe’s Do Not Track stance could spark a trade war, March 22, 2013, http://lastwatchdog.com/europes-track-stance-spark-trade-war/ 138.http://www.sans.org/reading-room/whitepapers/privacy/comparison-online-privacy-seal-programs-685 139.Xinwen Zhang, Onur Acıiçmez, and Jean-Pierre Seifert, A Trusted Mobile Phone Reference Architecture via Secure Kernel, 2007, http://profsandhu.com/zhang/pub/zhang-stc07.pdf zh_TW