學術產出-學位論文

文章檢視/開啟

書目匯出

Google ScholarTM

政大圖書館

引文資訊

TAIR相關學術產出

題名 行動應用軟體隱私保護標準研究
Study on Mobile Application Privacy Protection Standards
作者 郭淑儀
Kuo, Shu Yi
貢獻者 陳起行
Chen, Chi Shing
郭淑儀
Kuo, Shu Yi
關鍵詞 資訊隱私
行動應用軟體
隱私標準
Information Privacy
Mobile Applications
Mobile Apps
Privacy Standards
日期 2012
上傳時間 1-十一月-2013 11:41:47 (UTC+8)
摘要 行動應用軟體具備適地性、即時性、主動性,可以提供個人化的便利服務。智慧手機普及率上升,亦將帶動行動電子商務風潮,但是消費者對於隱私安全方面的顧慮,卻是推動之阻力。行動應用軟體暗藏隱私隱憂,可能輕易截取隱私資料,包括行動裝置代碼、帳號密碼、文字訊息、照片、影音、連絡資料、行事曆資料、歷史接聽紀錄、網路使用習慣、地理定位資料等。這些隱私資料是屬於我國個資法第二條「其他得以直接或間接方式識別該個人之資料」,為個資法保護之範圍。

手機用戶隱私資訊外洩問題層出不窮,歐盟和美國之爭議案例頻仍,遂於近年陸續提出相關法案和隱私保護措施。歐盟為全方位式立法,著重政府主導功能;美國是部門式規範模式,尊重產業自律。為解決各國或國際組織之個資隱私保護規範不一致問題,透過信賴標章的產業自律規範,發展成為具有效力之民間保護標準,甚至是國家標準,進而與國際標準接軌,至少可為企業降低遵守法規所投入之成本。

標準是可以用來捍衛國內產業競爭力,在國際市場競爭具有相當之重要性。國際標準組織的運作通常採共識決,強調嚴謹和透明化;需要在產業和政府支持下,累積國際標準制定經驗,長期堅持投入,始得取得領先主導標準之先機。最受到矚目的行動軟體隱私標準「不被追蹤」,因與廣告商利益衝突,W3C遲遲不能通過標準定案。在各國行動應用軟體隱私保護規範尚未完備之際,透過國際標準組織、區域組織和產業組織等自律發展,形成隱私保護標準,可彌補相關法令規範未及之處。

建議自法規、隱私標準和隱私標章認證方面推動個資與隱私保護,朝向政府管制和產業自律併進之模式發展。國際行動應用軟體標準發展雖尚在萌芽階段,相關產業仍須密切關注。在科技推陳出新的時代中,個資和隱私保護法制總是趕不上科技變遷,為避免問題反覆發生,標準制定推動者、立法者和執法者皆需與時俱進。
Mobile applications featured with localization, instant responsiveness and proactivenss can provide convenient and personalized services. The widespread adoption of smart phones may drive the next wave of m-commerce(mobile e-commerce), and however, consumer privacy fears limit the growth of m-commerce.

There are concerns over privacy leaks that mobile applications can easily access to privacy-sensitive data, such as UDID, ID/password, text messages, photos, videos, address book, calendar, historical phone records, on-line behavior, geolocation, etc. The privacy information mentioned above should have been covered under Article 2 of Taiwan Personal Information Protection Act “other information which may be used to identify a natural person, both directly and indirectly”.

In response to the increasing privacy leaks in mobile devices and law disputes, privacy protection measures and regulations have been proposed or enforced these years in European Union countries and the United States. European Union establishes a comprehensive legislation focused on government-centric functions, while the United States uses a sectoral approach that relies on industry self-regulation. In order to solve the inconsistent privacy regulations within countries and international organizations, one effective way is to promote privacy seals certified through industry self-regulation, and furthermore, develop to be industry standards, and national standards in line with international standards, and that can at least help enterprises reduce costs for responses to the mandatory regulations.

Standards can be a means to safeguard industrial competitiveness, and are considered to be critically important to outcompete international trade markets. International standard bodies normally use consensus-building process, highlighted with impartiality and transparency. With supports from industry and government on accumulating experiences in international standard setting, and long-term inputs in participation, aim at competing for market dominance. The catching debate over digital advertisers interests to nail down the long overdue Do Not Track standard continues at W3C. While awaiting privacy regulations for mobile applications, self-regulation can be developed within international standard bodies, regional organizations, industry consortia, and privacy protection standards can help patch up the inadequacy of existing regulations.

It is recommended to promote protection of personal data and privacy from aspects of regulations, privacy standards, and privacy seal certification, toward a model combined with government regulation and industry self-regulation. Mobile apps standards are still at the initiative stage, and therefore, the related industries should watch closely. Following by the advancement of technology with each passing day, personal data regulations and privacy laws are in danger of lagging behind technological change. In order to prevent recurring problems, standard setters, regulators, and executors should keep pace with the times.
參考文獻 英文文獻
1.Abdelmounaam Rezgui, Mourad Ouzzani, Athman Bouguettaya, Brahim Medjahed, Preserving Privacy in Web Services, Proceedings of the 4th international workshop on Web information and data management, November 2002
2.Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android Permissions:User Attention, Comprehension, and Behavior, Proceedings of the Eighth Symposium on Usable Privacy and Security, July 2012
3.Ali Grami and Bernadette H. Schell, Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges, Proceedings Second Annual Conference on Privacy, Security and Trust, October 13~15, 2004
4.Andre Charland, Brian LeRoux, Mobile Application Development: Web vs. Native, Association for Computing Machinery, Volume 9, Issue 4, April 2011
5.A standard for standards – Principles of standardization, http://www.bsigroup.com/Documents/standards/bs0-pas0/BSI-BS0-Standard-for-Standards-UK-EN.pdf, BSI Standards Publication, 2011
6.Biometrics and Standards, ITU-T Technology Watch Report, December 2009
7.Bob Toth, Putting the U.S. standardization system into perspective: new insights, StandardView Vol. 4, No. 4, December 1996
8.D. Cracker , "Making standards the IETF Way" in ACM StandardView, Vol.1, No.1, September 1993
9.David Wright, Should privacy impact assessments be mandatory?, Communications of the ACM , Volume 54 Issue 8, August 2011
10.Davies, Simon,“Monitor: Extinguishing Privacy on the Information Superhighway”, Pan Macmillan, Sydney, 1996
11.E-health Standards and Interoperability, ITU-T Technology Watch Report, April 2012
12.Emre Yildirim, Mobile Privacy: Is There An App For That? On smart mobile devices, apps and data protection, 2012
13.Hans Löhr, Ahmad-Reza Sadeghi, Marcel WinandySecuring the E-Health Cloud, IHI `10 Proceedings of the 1st ACM International Health Informatics Symposium, 2010
14.Haris Hamidovic, JOnline: An Introduction to the Privacy Impact Assessment Based on ISO 223, ISACA, Volume 4, 2010, http://www.isaca.org/Journal/Past-Issues/2010/Volume-4/Pages/JOnline-An-Introduction-to-the-Privacy-Impact-Assessment-Based-on-ISO22307.aspx
15.Heejin Lee, Sangjo Oh, The political economy of standards setting by newcomers:China’s WAPI and South Korea’s WIPI, Telecommunication Policy 32, ScienceDirect, 2008
16.HL7 Europe Newsletter , May 2013
17.Ian Reay, Scott Dick, and James Muller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, Transactions on the Web (TWEB) , Volume 3 Issue 2, Article 6, April 2009
18.Ivo Salmre, Writing Mobile Code: Essential Software Engineering for Building Mobile Applications, Addison-Wesley Professional, 2005
19.John Martin Ferris, Privacy Impact Assessment, The ISO PIA Standard for Financial Services, Law, Governance and Technology Series , Volume 6, Springer Netherland, 2012
20.Jonathan A. Morell and Selden Stewart, Standards Development for Information Technology: Best Practices for the United States, StandardView Vol. 4, No. 1, March 1996
21.Kobayashi, M. and Takeda, K, Information retrieval on the web, ACM Computing Surveys (ACM Press) 32 (2), 2000
22.Matthias Finkbeiner, Atsushi Inaba, Reginald Tan, Kim Christiansen, Hans-Jürgen Klüppel, The New International Standards for Life Cycle Assessment: ISO 14040 and ISO 14044, The International Journal of Life Cycle Assessment, Volume 11, Issue 2, March 2006
23.Mobile Applications, ITU-T TechWatch Alert, 1, July 2009
24.Robert M. Gellman, Can Privacy Be Requlated Effectively on a National Level? Thoughts on the Possible Need for International Privacy Rules, Villanova Law Review, Vol. 41, Iss. 1, Art. 2, 1996
25.Robert P. Minch, Privacy Issues in Location-Aware Mobile Devices, Proceedings of the 37th Hawaii International Conference on System Sciences, 2004
26.Ronald Dworkin, Liberty and Liberalism, In Taking Rights Seriously, Cambridge, NA:Harvard University Press, 1977
27.Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, August 2006
28.Shane Greenstein, Victor Stango, Standards and Public Policy, Cambridge University Press, 2007
29.Shirley Chan, Heejin Lee, Sangjo Oh, An International Mobile Security Standard Dispute: From the Actor—Network Perspective, Designing Ubiquitous Information Environments: Socio-Technical Issues and Challenges, IFIP — The International Federation for Information Processing Volume 185, 2005
30.Stephen T. Kent, Internet Privacy Enhanced Mail, Communications of the ACM , Volume 36 Issue 8, August 1993
31.The Inadequacy of Self Regulation within the Internet Behavioral Advertising Industry, Brooklyn Journal of Corporate, Financial & Commercial Law, 7 Brook. J. Corp. Fin. & Com. L. 277, Fall 2012
32.Warren and Brandeis,“The Right to Privacy”, Harvard Law Review, Vol. IV, December 15, 1890
33.Warwick Ford, Advances in Public-key Certificate Standards, SIGSAC Review , Volume 13 Issue 3, July 1995

中文文獻
1.Web Services的應用與省思,鼎新電腦企業通電子報,第46期,2003年8月。
2.刁仁國,淺論美國與歐盟《乘客姓名記錄(PNR)協議》對我國國境執法的啟示第一屆「國境安全與人口移動」學術研討會,2007年。
3.立法院三讀通過「個人資料保護法」,法務部新聞稿,法務部法律事務司,2010年4月27日。
4.行動上網將成主流,比PC革命更偉大,遠見雜誌2011年1月號 第295期。
5.李兆國,標準制定組織及標準專利權之爭議,2003年12月。
6.李震山,電腦處理個人資料保護法之回顧與前瞻,中正法學集刊第14期,2003年12月。
7.周慧蓮,隱私標準保護爭議之國際化,月旦法學雜誌第104期,2004年1月。
8.邱文聰,從資訊自決與資訊隱私的概念區分 - 評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌No.168,2009年5月。
9.翁清坤,論個人資料保護標準之全球化,東吳法律學報第22卷第1期,2010年。
10.財團法人工業技術研究院,經濟部商業交易安全認證前瞻技術研發與應用委外案 網路交易安全問題及企業應變架構之研究期末報告,2009年12月。
11.財團法人中華民國國家資訊基本建設產業發展協進會,深入國際標準化組織,產業技術標準活絡及推廣委辦計畫,經濟部標準檢驗局,2009年6月。
12.財團法人資訊工業策進會,符合W3C標準之網頁製作基本指引結構篇 - XHTML1.0,2006年10月。
13.許孝萱,行動RFID私密性研究,2008年6月。
14.陳起行,資訊隱私法理探討 - 以美國法為中心,政大法學評論,第64期,2000年12月。
15.湯亦敏,標準制定組織之智慧財產保護政策及競爭法問題探討,2006年6月。
16.葉英秋,論個人隱私與公共利益-以警察資料之取得與運用為中心,2008年。
17.詹文男暨MIC研究團隊,2012資通訊產業發展十大趨勢,財團法人資訊工業策進會產業情報研究所(MIC),2012年。
18.廖緯民,論搜尋引擎的隱私權威脅,月旦民商法雜誌第24期。
19.劉靜怡,資訊隱私權保護的國際化爭議 – 從個資保護體制的規範到國際貿易規範的適用,月旦法學雜誌,第86期,2002年。
20.劉靜怡,網際網路時代的資訊使用與隱私權保護規範:個人、政府與市場的拔河,資訊管理研究第四卷第三期,2002年11月。
21.樊國禎、黃健誠,「後檯實名,前檯匿名」與隱私架構初探:根基於ISO/IEC 29100:2011-12-15 標準系列,網路通訊國家型科技計畫簡訊,第50期,2013年4月。
22.蕭文生譯,關於「1983年人口普查法」之判決 - 聯邦憲法法院判決第65輯第1頁以下,西德聯邦憲法法院裁判選輯(一),司法院,1990年10月。

中文網站部份
1."金錢損失"和"隱私洩露" 網路安全亂象如何治?,解放日報,2013年2月13日,http://www.ce.cn/cysc/tech/07hlw/guonei/201302/13/t20130213_21336538.shtml。
2.10萬隱私地雷!近三成Android應用程式越矩取個資,2012年11月5日 ,http://news.cnyes.com/Content/20121105/KFNV4RYTE6QW7.shtml。
3.2012中華民國電子商務年鑑:環境篇,http://eccommerceenvironment.blogspot.tw/2012/11/blog-post_9665.html。
4.BS 10012個資保護標準的10大實務作法,http://www.ithome.com.tw/itadm/article.php?c=62797&s=4。
5.Continua Health Alliance,360°科技,2008年8月4日, http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=10&Cat=20&Cat1=&id=100637#ixzz2VE8jkR1D。
6.Gartner選出2012年十大消費性無線行動應用,2009年12月24日, http://www.ctimes.com.tw/DispNews/tw/LBS/NFC/Gartner/0911241813BO.shtml。
7.GSMA行動經濟報告:全球行動數據營收於2017年超越語音營收,數位時代網站,2012年2月26日, http://www.bnext.com.tw/article/view/cid/128/id/26698http://www.bnext.com.tw/article/view/cid/128/id/26698。
8.LBS結合多元行動應用 再創「打卡」新商機,DIGITIMES中文網,2012年1月18日, http://www.digitimes.com.tw/tw/things/shwnws.asp?cnlid=15&cat=10&cat1=15&id=0000268484_MMX5XIBW715TLV5CCR8QW#ixzz2VKFekulW。
9.TSM平台過關,五銀行卡位搶手機信用卡商機,MoneyDJ 財經知識庫,2013年1月24日,http://www.moneydj.com/kmdj/news/NewsViewer.aspx?a=81b2d9a1-786c-45a2-96b8-d08b5726b294#ixzz2cOJlNSuI。
10.プライバシーマーク制度,http://privacymark.jp/privacy_mark/about/outline_and_purpose.html。
11.中美就WAPI申請國際標準達成一致,2009年6月16日,http://news.mydrivers.com/1/137/137274.htm。
12.王忠,美國網路隱私保護框架之啟示,中國科學基金第2期,頁99~100,http://pub.nsfc.gov.cn/sficcn/ch/reader/view_abstract.aspx?file_no=201302099&flag=1。
13.加拿大與荷蘭指控WhatsApp侵犯個人隱私,2013年1月29日,http://www.ithome.com.tw/itadm/article.php?c=78611。
14.行動支付產業鏈 安全環環相扣,2013年4月9日,http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7393。
15.洪羿漣,透過認證標章減輕法律風險 因應個資規定 適法性最要緊,2012年9月3日, http://www.netadmin.com.tw/article_content.aspx?sn=1208280009
16.面對個資風暴 善設資訊管理機制,DAF 2012 個資防護與網路安全應用研討會,2012年8月27日, http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051A10816&id=0000299295_IFS1RCXBL6BR1O4ZCN1QZ。
17.個人資料保護法Q&A-從NFC手機談個人資料的管制(上),2011年10月1日,http://www.is-law.com/post/4/765;個人資料保護法Q&A-從NFC手機談個人資料的管制(中),2011年10月4日,http://www.is-law.com/post/4/766;個人資料保護法Q&A-從NFC手機談個人資料的管制(下),2011年10月7日,http://www.is-law.com/post/4/767。
18.個資法兩階段施行,經建會網站,2012年10月24日,http://www.cepd.gov.tw/m1.aspx?sNo=0017751&ex=2。
19.個資法通過 誰有可能成為受惠產業?資安人科技網,2010年6月28日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=5786。
20.財團法人台灣網路資訊中心,2011年IETF第82次台北會議活動說明書, http://www.ietf82.tw/2011_IETF82_Taipei-final-chn.pdf,2011年。
21.財團法人臺灣網路資訊中心新聞稿,2012年7月9日,http://www.twnic.net.tw/NEWS4/119.pdf。
22.高易中,以Web技術建立跨行動平台APP, RUN!PC網站,2013年1月9日,http://www.runpc.com.tw/content/content.aspx?id=109324。
23.許舜喨,以新修正個人資料保護法探討病歷資料之保護,2013年02月18日,http://www.ibmi.org.tw/client/ReportDetail.php?REFDOCTYPID=0lgfj8ve17pfj9w5&REFDOCID=0miejmapz7bntxai。
24.國家資通安全會報,國際個資保護發展趨勢與標準規範,2012年4月,http://www.icst.org.tw/docs/Fup/%E8%AD%B0%E9%A1%8C%E4%B8%80%EF%BC%9A%E5%9C%8B%E9%9A%9B%E5%80%8B%E8%B3%87%E4%BF%9D%E8%AD%B7%E7%99%BC%E5%B1%95%E8%B6%A8%E5%8B%A2%E8%88%87%E6%A8%99%E6%BA%96%E8%A6%8F%E7%AF%84-%E6%9B%B4%E6%96%B0%E7%89%88.pdf。
25.許多安卓手機軟體 竊用戶隱私,中央社,2013年3月16日,http://tw.news.yahoo.com/%E8%A8%B1%E5%A4%9A%E5%AE%89%E5%8D%93%E6%89%8B%E6%A9%9F%E8%BB%9F%E9%AB%94-%E7%AB%8A%E7%94%A8%E6%88%B6%E9%9A%B1%E7%A7%81-124426037--finance.html。
26.虛實緊密結合的SoLoMo時代來臨,你準備好了嗎?http://emf.migosoft.com/case/case122.html。
27.新版個資法預計10月正式上路,資訊工業策進會新聞中心,2012年8月8日,http://www.iii.org.tw/service/3_1_1_c.aspx?id=1037。
28.運用個資遮罩,為重要個資穿上金鐘罩- 既保護個資,也讓作業流程不打結,2012年12月19日,http://www.ithome.com.tw/privacylaw/article/77886。
29.廖珮君,TPIPAS開放輔導權 未來有機會成為國家標準?! 資安人,2012年10月8日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7087。
30.簡榮宗,追蹤式廣告與個人資料保護的分界,台灣法律網,http://www.lawtw.com/article.php?template=article_content&area=free_browse&parent_path=,1,561,&job_id=186137&article_category_id=200&article_id=107773。

英文網站部份
1.A High Level Reference Architecture for Mobile Health, GSMA, March 29, 2012, http://www.gsma.com/connectedliving/wp-content/uploads/2012/03/mobilearchitectureinteractive241111.pdf
2.Alex Simonelis, A Concise Guide to the Major Internet Bodies, Magazine Ubiquity, Feburary 2005, http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915
3.Anderson, Chris, The Long Tail, Wired Magazine, 12.10, October 2004, http://www.thelongtail.com/about.html
4.Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, On the deployment of Mobile Trusted Modules, http://sit.sit.fraunhofer.de/smv/publications/download/MTM_deployment_paper.pdf
5.Apple Accused in Suit of Tracking IPad, IPhone User Location , April 26, 2011, http://www.bloomberg.com/news/2011-04-25/apple-accused-in-suit-of-tracking-ipad-iphone-user-location-1-.html
6.Apple Beefs Up Privacy Protections In iOS 7, June13, 2013, http://www.mediapost.com/publications/article/202222/apple-beefs-up-privacy-protections-in-ios-7.html#ixzz2W4zRaWQr
7.Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID, August 19, 2011, http://techcrunch.com/2011/08/19/apple-ios-5-phasing-out-udid/
8.Armin Hornung, Gleb Krivosheev, Noor Singh, Jeff Bilger, Standards War, CSEP 590A: History of Computing, Autumn 2006, http://www.cs.washington.edu/education/courses/csep590/06au/projects/standards-wars.pdf
9.Bill would put mobile app vendors on the hook for privacy in US, May 10, 2013, http://www.computerworlduk.com/news/networking/3446597/bill-would-put-mobile-app-vendors-on-the-hook-for-privacy/
10.Boris Segalis, Mobile Location Privacy Opinion Adopted by Europe’s WP29, May 19, 2011, http://www.infolawgroup.com/2011/05/articles/data-privacy-law-or-regulation/mobile-location-privacy-opinion-adopted-by-europes-wp29/
11.CEN BOSS(Business Operations Support System), http://www.cen.eu/boss/supporting/Guidance%20documents/GD026%20-%20Standards%20and%20Regulations/Pages/default.aspxhttp://www.ithome.com.tw/itadm/article.php?c=78611
12.Chantal Tode, FTC wants mobile firms to do more to protect consumer privacy, February 5, 2013, http://www.mobilemarketer.com/cms/news/legal-privacy/14723.html
13.Chris Brook, FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices, February 4, 2013 , http://threatpost.com/ftc-endorses-new-privacy-guidelines-do-not-track-mobile-apps-devices-020413/
14.http://clicktoverify.truste.com/pvr.php?page=validate&url=www.travelzoo.com&sealid=102&lang=zh-tw
15.Cloud Security Alliance Announces Key Initiative in Development of Cloud Security Standards in Partnership with ISO/IEC, 2011 CSA Press Release, April 20, 2011, https://cloudsecurityalliance.org/csa-news/key-initiative-in-development-of-cloud-security-standards-in-partnership-with-isoiec/
16.Colin Bennett, An International Standard for Privacy Protection: Objections to the Objections, Jurisdiction II: Global Networks/Local Rules, Internet Law and Policy Forum, September 11~12, 2000, http://www.ilpf.org/events/jurisdiction2/presentations/bennett_pr/#f2
17.Colleen Frye, A look at the W3C’s mobile Web application best practices, January 2011, http://searchsoa.techtarget.com/tip/A-look-at-the-W3Cs-mobile-Web-application-best-practices
18.Daneil Castro, Benefits and Limitations of Industry Self-Regulation for Online Behavioral Advertising, The Information Technology & Innovation Fundation, December 2011, http://www.ntia.doc.gov/files/ntia/2011-self-regulation-online-behavioral-advertising.pdf
19.Durlak, Jerry, “Privacy and Security”, Communication for Tomorrow, http://renda.colunato. yorku.ca/com4tomo/1296.html
20.European data protection authorities publish their joint opinion on mobile apps, Press Release, ARTICLE 29 DATA PROTECTION WORKING PARTY, 14 March, 2013, http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/20130314_pr_apps_mobile_en.pdf
21.First California lawsuit over mobile privacy issues crashes, May14, 2013, http://www.computerworlduk.com/news/public-sector/3447146/first-california-lawsuit-over-mobile-privacy-issues-crashes/?intcmp=rel_articles;ntwrkng;link_1
22.First FTC Privacy Action Against Mobile App Publisher Alleging COPPA Violation Results in $50,000 Settlement, August 2011, http://digilaw.edwardswildman.com/blog.aspx?entry=3813 15
23.FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers, December 1, 2010, http://www.ftc.gov/opa/2010/12/privacyreport.shtm
24.FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures, Released by FTC, Feburary 1, 2013, http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm
25.Galen Gruman, http://www.infoworld.com/d/mobile-technology/3-easy-steps-more-secure-iphone-or-ipad-204930, October 16, 2012
26.Gartner Highlights Top Consumer Mobile Applications and Services for Digital Marketing Leaders, October 11, 2012, http://www.gartner.com/newsroom/id/2194115
27.Geolocation API Specification, http://dev.w3.org/geo/api/spec-source.html#security
28.Geolocation Privacy Legislation, April 10, 2013, http://www.gps.gov/policy/legislation/gps-act/
29.GlobalPlatform and TCG to work on mobile security standards, July 3, 2012 http://www.nfcworld.com/2012/07/03/316640/globalplatform-and-tcg-to-work-on-mobile-security-standards/
30.Google Calls for International Standards on Internet Privacy, September 15, 2007, http://www.washingtonpost.com/wp-dyn/content/article/2007/09/13/AR2007091302248.html
31.Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin, Siemens Networks GmbH Co KG, The IETF Geopriv and Presence Architecture Focusing on Location Privacy, October 18, 2006, http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv/
Hans J. Kleinsteuber, Self-regulation, Co-regulation, State Regulation, http://www.osce.org/fom/13844
34.How Mobile Apps are Invading Your Privacy Infographic, May 31, 2012, http://www.veracode.com/blog/2012/05/how-mobile-apps-are-invading-your-privacy-infographic/
35.How secure is your personal health information? ISO provides guidelines for health care organizations, ISO news, September 29, 2004, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref934
36.http://ec.europa.eu/justice/data-protection/document/international-transfers/binding-corporate-rules/index_en.htm
37.http://en.wikipedia.org/wiki/Privatus
38.http://isotc.iso.org/livelink/livelink?func=ll&objId=8862396&objAction=browse&sort=name
39.http://standards.ieee.org/develop/
40.http://uddi.xml.org
41.http://welcome.hp.com/country/tw/zh/privacy/p3p_popup.html
42.http://www.bsigroup.tw/;http://www.bsigroup.com
43.http://www.cgmopen.org
44.http://www.dcml.org
45.http://www.ehealth.scot.nhs.uk/
46.http://www.gs1tw.org/twct/web/gs1_wordshowdetail.jsp?MID=DT200606068
47.http://www.gsma.com
48.http://www.hl7.org.tw/about.htm
49.http://www.hl7.org/implement/standards/index.cfm?ref=nav
50.http://www.hl7.org/implement/standards/nocost.cfm
51.http://www.ietf.org
52.http://www.iso.org
53.http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/jtc1_home/jtc1_sc37_home.htm
54.http://www.itu.int
55.http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx
56.http://www.legalxml.org
57.http://www.mefmobile.org/about-mef
58.http://www.mefmobile.org/activities-and-analytics/analytics/global-privacy-survey-2013
59.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/ASC_X9
60.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/webinar-driving-mobile-security-standards-in-m-commerce
61.http://www.oasis-pki.org/
62.http://www.rsa.com/rsalabs/node.asp?id=2306
63.http://www.tpipas.org.tw
64.http://www.truste.com/consumer-privacy/about-oba/
65.http://www.trustedcomputinggroup.org/about_tcg
66.http://www.w3.org/
67.http://www.w3.org/2005/10/Process-20051014/tr
68.http://www.w3.org/TR/mwabp/
69.http://www.w3.org/TR/ws-arch/#whatis
70.https://cloudsecurityalliance.org/research/mobile/
71.https://www.oasis-open.org
72.https://www.pcisecuritystandards.org
73.https://www.x9.org/about/
74.Industry Renews Plea To Keep "Do Not Track" Off By Default, April 29, 2013, http://www.adexchanger.com/online-advertising/industry-renews-plea-to-set-do-not-track-off-by-default/
75.Inside iOS 5: privacy change kills app developers` access to UDID, 19 August, 2011, http://appleinsider.com/articles/11/08/19/inside_ios_5_privacy_change_kills_app_developers_access_to_udid
76.ISO 22857:2004, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=36522
77.ISO/IEC 15944-8:2012(E) Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions, first edition 2012/04/01
78.ISO/IEC 24745:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=52946
79.ISO/IEC 24760, first Edition 2011/12/15, http://webstore.iec.ch/preview/info_isoiec24760-1%7Bed1.0%7Den.pdf
80.ISO/IEC 24760-1:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=57914
81.ISO/IEC 27018, http://www.iso27001security.com/html/27018.html
82.ISO/IEC 29100:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45123
83.ISO/IEC 29176 Information technology — Mobile item identification and management — Consumer privacy-protection protocol for Mobile RFID services, first edition 2011/10/15
84.ISO/IEC 29176:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45255
85.ISO/IEC 29187-1 ed1.0, Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET) -- Part 1: Framework and reference model
86.ISO/IEC 29187-1:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45266
87.ISO/IEC Directives Supplement — Procedures specific to JTC 1, First edition, 2010
88.ISO/IEC Directives, Part 1, Ninth edition, 2012, http://www.iec.ch/members_experts/refdocs/iec/isoiecdir-1%7Bed9.0%7Den.pdf
89.ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems
90.ISO/TC 68 Financial services, http://www.iso.org/iso/iso_technical_committee.html?commid=49650
91.ISO/TR 12859:2009, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=52052
92.ISO/TS 13582:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54037
93.ISO/TS 21547:2010, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44479
94.ISO/TS 25237:2008, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42807
95.Jason Cipriani, How to control Your Privacy Settings on iOS 6, http://howto.cnet.com/8301-11310_39-57507698-285/how-to-control-your-privacy-settings-on-ios-6/, September 19, 2012
96.Jim Brock, Do Not Track arrives for mobile apps, courtesy of Apple and Google (really) , September 27, 2012 , http://blog.privacychoice.org/2012/09/27/do-not-track-arrives-for-mobile-apps-courtesy-of-apple-and-google-really/
97.John J. Altorelli and Amy L. Rosenberg , California Enacts Nation’s First State Online Privacy Protection Act, December 2003, http://www.paulhastings.com/Resources/Upload/Publications/256.pdf
98.Kai Rannenberg , A framework for identity management (ISO/IEC 24760) , Mobile Business & Multilateral Security, June 2006, http://fg-secmgt.gi.de/fileadmin/gliederungen/fb-sec/Workshops_neu/WS_2012-06_IdentityMgmt/6_Rannenberg_framework_for_identity_management.pdf
Katy Bachman, What Exactly Does `Do Not Track` Mean? Digital Advertising Alliance is fighting misinformation, May 6, 2013, http://www.adweek.com/news/technology/what-exactly-does-do-not-track-mean-149149
99.Location-based mobile services are profiting but need to do more to ease privacy fears, March 22, 2013, http://www.computerworlduk.com/news/mobile-wireless/3346389/location-based-mobile-services-are-profiting-but-need-ease-privacy-fears/
Mathew J. Schwartz, W3C Proposes Do Not Track Privacy Standard, November 14, 2011, http://www.informationweek.com/security/privacy/w3c-proposes-do-not-track-privacy-standa/231902974
100.MEF joins ASC X9 to develop essential standards for advancing Mobile Commerce (M-Commerce) in the US, May 10, 2011, http://www.mefmobile.org/News/mef-news/21/mef-joins-asc-x9-to-develop-essential-standards-for-advancing-mobile-commerce-m-commerce-in-the-us
101.MEF launches App Privacy Initiative to build Consumer Trust around User Data Collection , April 25, 2012, http://www.mefmobile.org/News/mef-news/197/mef-launches-app-privacy-initiative-to-build-consumer-trust-around-user-data-collection
102.MEF tackles Mobile Threats and Security implications as next phase of its m-Commerce Initiative, May 14, 2012, http://internetretailing.net/2012/05/mef-tackles-mobile-threats-and-security-implications-as-next-phase-of-its-m-commerce-initiative/
103.Mike Clendenin, ISO rejects China`s WLAN standard, December 3, 2006, http://www.eetimes.com/electronics-news/4059133/ISO-rejects-China-s-WLAN-standard
104.Minutes of JTC1 Ad Hoc Meeting, January 19, 2012, https://mentor.ieee.org/802.11/dcn/12/11-12-0199-00-0jtc-jacksonville-minutes-jan-2012.doc
105.Mobile and Privacy, GSM Association 2012, February 2012, http://www.gsma.com/publicpolicy/wp-content/uploads/2012/03/gsmaprivacydesignguidelinesformobileapplicationdevelopmentv1.pdf
Mobile App Developers: Start with Security, February 2013,
http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security
106.Mobile Apps Developer Settles FTC Charges It Violated Children`s Privacy Rule, August 15, 2011, http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm
107.Mobile Privacy Disclosures:Building Trust Through Transparency , FTC Staff Report, February 2013, http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pd
108.Mobile Web Standards (OMA, BONDI, GSMA OneAPI, HTML5), https://developer.att.com/developer/tierNpage.jsp?passedItemId=2400412
109.Opinion 02/2013 on apps on smart devices, ARTICLE 29 DATA PROTECTION WORKING PARTY, Adopted on February27, 2013, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf
110.P3P and Privacy:An Update for the Privacy Community, March 2009, http://www.ipc.on.ca/images/Resources/p3p.pdf
111.Paper, Plastic... or Mobile? An FTC Workshop on Mobile, March 2013, Paymentshttp://www.ftc.gov/os/2013/03/130306mobilereport.pdf
112.Pareto principle, http://www.businessdictionary.com/definition/Pareto-principle.html
113.PCI Mobile Payment Acceptance Security Guidelines for Developers, September 2012, https://www.pcisecuritystandards.org/documents/Mobile_Payment_Security_Guidelines_Developers_v1.pdf
114.PCI Security Standards Council Releases Gudiance for Merchants on Mobile Payment Acceptance Security, February 14, 2013, https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf
115.Peter Fleischer , The need for global privacy standards, September 14, 2007, http://portal.unesco.org/ci/fr/files/25452/11909026951Fleischer-Peter.pdf/Fleischer-Peter.pdf
116.Privacy Requirements for Mobile Services, Approved Version 1.0.1 – 07 Aug 2007, http://technical.openmobilealliance.org/technical/release_program/docs/Privacy/V1_0-20070807-A/OMA-RD-Privacy-V_1_0_1-20070807-A.pdf
117.Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25.1.2012, COM(2012) 11 final, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
118.Rockefeller Reintroduces, Do Not Track Act Privacy heats up again in Congress , Febuary 28, 2013, http://www.adweek.com/news/technology/rockefeller-reintroduces-do-not-track-act-147610
119.Ron Kim, Trusted Platform Module and Privacy:Promises and Limitations, http://www.cs.auckland.ac.nz/compsci725s2c/archive/termpapers/skim.pdf
120.Rajnish Tiwari1, Stephan Buse and Cornelius Herstatt, From Electronic to Mobile Commerce: Technology Convegence Enables Innovative Business Services, http://www.mobile-prospects.com/publications/files/E2M-Commerce.pdf
121.Richard Santalesa , W3C Publishes Draft “Do-Not-Track” Standard, November 18, 2011, http://www.infolawgroup.com/2011/11/articles/privacy-law/w3c-publishes-draft-donottrack-standards/
122.S. Thrum and Y. Kane, Your Apps are Watching You, Wall Street Journal, http://online.wsj.com/, 2010
123.Scott Bradner, IETF Structure and Internet Standards Process, 62nd IETF, March 2005, http://www.ietf.org/newcomers.html
124.Standards for Web Applications on Mobile: current state and roadmap, May 2012, http://www.w3.org/2012/05/mobile-web-app-state/
125.The History of the Do Not Track Header, January 21, 2011, http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html
126.TECH SENSE: What “Do Not Track” Means for Advertisers, February 21, 2013, http://blog.pointroll.com/aducation/tech-sense-what-do-not-track-means-for-advertisers/
127.ITU-T Report, “Measuring and Reducing the Standards Gap” , December 4, 2009, http://itu.int/en/ITU-T/gap
128.The Application Privacy, Protection, and Security (APPS) Act of 2013 (Discussion Draft), http://hankjohnson.house.gov/sites/hankjohnson.house.gov/files/documents/APPS_Act_Key_Provisions.pdf
129.The APPS Act – a proposal to protect users’ mobile privacy, May 17, 2013, http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/
130.The New Firefox Cookie Policy, Feburary 22, 2013, http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/
131.The Rise of China in Technology Standards: New Norms in Old Institutions, January 16, 2013, http://origin.www.uscc.gov/sites/default/files/Research/RiseofChinainTechnologyStandards.pdf
132.Tracking Preference Expression (DNT), W3C Working Draft, April 30, 2013, http://www.w3.org/TR/2013/WD-tracking-dnt-20130430/
133.United States of America (For the Federal Trade Commission), Plaintiff, v. Path, Inc., Defendant (United States District Court for the Northern District of California, San Francisco Division), Case No. C 13 0448, FTC File No. 122 3158, http://www.ftc.gov/opa/2013/02/path.shtm
134.United States of America, Plaintiff v. W3 Innovations, LLC, also d/b/a Broken Thumbs Apps, and Justin Maples, individually and as an officer of W3 Innovations, LLC, Defendants (United States District Court for the Northern District of California) Case No. CV-11-03958-PSG, FTC File No. 102 3251, http://ftc.gov/os/caselist/1023251/
135.US regulators probe mobile app developing firms over violation of children`s privacy, http://appdev.cbronline.com/news/us-regulators-probe-mobile-app-developing-firms-over-violation-of-childrens-privacy-111212, December 11, 2012
136.W3C Workshop: Do Not Track and Beyond, November 26~27, 2012, http://www.w3.org/2012/dnt-ws/report
137.Why Europe’s Do Not Track stance could spark a trade war, March 22, 2013, http://lastwatchdog.com/europes-track-stance-spark-trade-war/
138.http://www.sans.org/reading-room/whitepapers/privacy/comparison-online-privacy-seal-programs-685
139.Xinwen Zhang, Onur Acıiçmez, and Jean-Pierre Seifert, A Trusted Mobile Phone Reference Architecture via Secure Kernel, 2007, http://profsandhu.com/zhang/pub/zhang-stc07.pdf
描述 碩士
國立政治大學
法學院碩士在職專班
99961011
101
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0099961011
資料類型 thesis
dc.contributor.advisor 陳起行zh_TW
dc.contributor.advisor Chen, Chi Shingen_US
dc.contributor.author (作者) 郭淑儀zh_TW
dc.contributor.author (作者) Kuo, Shu Yien_US
dc.creator (作者) 郭淑儀zh_TW
dc.creator (作者) Kuo, Shu Yien_US
dc.date (日期) 2012en_US
dc.date.accessioned 1-十一月-2013 11:41:47 (UTC+8)-
dc.date.available 1-十一月-2013 11:41:47 (UTC+8)-
dc.date.issued (上傳時間) 1-十一月-2013 11:41:47 (UTC+8)-
dc.identifier (其他 識別碼) G0099961011en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/61477-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 法學院碩士在職專班zh_TW
dc.description (描述) 99961011zh_TW
dc.description (描述) 101zh_TW
dc.description.abstract (摘要) 行動應用軟體具備適地性、即時性、主動性,可以提供個人化的便利服務。智慧手機普及率上升,亦將帶動行動電子商務風潮,但是消費者對於隱私安全方面的顧慮,卻是推動之阻力。行動應用軟體暗藏隱私隱憂,可能輕易截取隱私資料,包括行動裝置代碼、帳號密碼、文字訊息、照片、影音、連絡資料、行事曆資料、歷史接聽紀錄、網路使用習慣、地理定位資料等。這些隱私資料是屬於我國個資法第二條「其他得以直接或間接方式識別該個人之資料」,為個資法保護之範圍。

手機用戶隱私資訊外洩問題層出不窮,歐盟和美國之爭議案例頻仍,遂於近年陸續提出相關法案和隱私保護措施。歐盟為全方位式立法,著重政府主導功能;美國是部門式規範模式,尊重產業自律。為解決各國或國際組織之個資隱私保護規範不一致問題,透過信賴標章的產業自律規範,發展成為具有效力之民間保護標準,甚至是國家標準,進而與國際標準接軌,至少可為企業降低遵守法規所投入之成本。

標準是可以用來捍衛國內產業競爭力,在國際市場競爭具有相當之重要性。國際標準組織的運作通常採共識決,強調嚴謹和透明化;需要在產業和政府支持下,累積國際標準制定經驗,長期堅持投入,始得取得領先主導標準之先機。最受到矚目的行動軟體隱私標準「不被追蹤」,因與廣告商利益衝突,W3C遲遲不能通過標準定案。在各國行動應用軟體隱私保護規範尚未完備之際,透過國際標準組織、區域組織和產業組織等自律發展,形成隱私保護標準,可彌補相關法令規範未及之處。

建議自法規、隱私標準和隱私標章認證方面推動個資與隱私保護,朝向政府管制和產業自律併進之模式發展。國際行動應用軟體標準發展雖尚在萌芽階段,相關產業仍須密切關注。在科技推陳出新的時代中,個資和隱私保護法制總是趕不上科技變遷,為避免問題反覆發生,標準制定推動者、立法者和執法者皆需與時俱進。
zh_TW
dc.description.abstract (摘要) Mobile applications featured with localization, instant responsiveness and proactivenss can provide convenient and personalized services. The widespread adoption of smart phones may drive the next wave of m-commerce(mobile e-commerce), and however, consumer privacy fears limit the growth of m-commerce.

There are concerns over privacy leaks that mobile applications can easily access to privacy-sensitive data, such as UDID, ID/password, text messages, photos, videos, address book, calendar, historical phone records, on-line behavior, geolocation, etc. The privacy information mentioned above should have been covered under Article 2 of Taiwan Personal Information Protection Act “other information which may be used to identify a natural person, both directly and indirectly”.

In response to the increasing privacy leaks in mobile devices and law disputes, privacy protection measures and regulations have been proposed or enforced these years in European Union countries and the United States. European Union establishes a comprehensive legislation focused on government-centric functions, while the United States uses a sectoral approach that relies on industry self-regulation. In order to solve the inconsistent privacy regulations within countries and international organizations, one effective way is to promote privacy seals certified through industry self-regulation, and furthermore, develop to be industry standards, and national standards in line with international standards, and that can at least help enterprises reduce costs for responses to the mandatory regulations.

Standards can be a means to safeguard industrial competitiveness, and are considered to be critically important to outcompete international trade markets. International standard bodies normally use consensus-building process, highlighted with impartiality and transparency. With supports from industry and government on accumulating experiences in international standard setting, and long-term inputs in participation, aim at competing for market dominance. The catching debate over digital advertisers interests to nail down the long overdue Do Not Track standard continues at W3C. While awaiting privacy regulations for mobile applications, self-regulation can be developed within international standard bodies, regional organizations, industry consortia, and privacy protection standards can help patch up the inadequacy of existing regulations.

It is recommended to promote protection of personal data and privacy from aspects of regulations, privacy standards, and privacy seal certification, toward a model combined with government regulation and industry self-regulation. Mobile apps standards are still at the initiative stage, and therefore, the related industries should watch closely. Following by the advancement of technology with each passing day, personal data regulations and privacy laws are in danger of lagging behind technological change. In order to prevent recurring problems, standard setters, regulators, and executors should keep pace with the times.
en_US
dc.description.tableofcontents 第一章 緒論 1
第一節 研究範圍與架構 1
第一項 研究範圍 1
第二項 研究架構 2
第二節 研究方法 2

第二章 行動應用軟體與資訊隱私 4
第一節 資訊隱私 4
第二節 行動應用軟體與隱私保護 6
第三節 行動軟體侵犯隱私問題 9
第一項 不當取得隱私資料問題 9
第二項 行動上網行為追蹤問題 11
第三項 行動應用軟體侵犯隱私案例 13

第三章 隱私保護標準組織發展與挑戰 16
第一節 產業自律、標準與法規 16
第二節 隱私保護相關標準組織 21
第一項 BSI 21
第二項 IETF 23
第三項 ISO 27
第四項 ITU-T 34
第五項 PCI SSC 37
第六項 OASIS 38
第七項 W3C 41
第八項 TCG 46
第九項 GSMA 47
第十項 MEF 48
第三節 隱私保護標準發展之挑戰 49
第一項 標準制定之複雜性 49
第二項 標準發展生命循環 51
第三項 標準發展之鴻溝 52
第四節 隱私保護標準爭議案例 52

第四章 隱私保護標準 55
第一節 個人資料保護標準 55
第一項 個資管理系統標準 55
第二項 隱私架構標準 57
第三項 身分隱私保護標準 58
第四項 生物辨識資料保護標準 59
第二節 網際網路隱私保護標準 60
第三節 資訊系統隱私保護標準 61
第一項 智慧交通系統隱私保護標準 61
第二項 ICT學習系統隱私保護標準 61
第四節 金融隱私保護標準 62
第五節 醫療隱私保護標準 64
第一項 ISO 22857:2004 65
第二項 ISO/TS 25237:2008 65
第三項 ISO/TS 21547:2010 66
第四項 ISO/TS 13582:2013 67
第五項 OASIS醫療隱私標準 67
第六項 蘇格蘭國民保健服務行動資料保護標準 67
第六節 Web隱私保護標準 68
第七節 雲端隱私保護標準 69
第八節 行動RFID服務隱私保護標準 70
第九節 行動隱私保護標準 71

第五章 行動應用軟體隱私保護標準 73
第一節 不被追蹤隱私標準 73
第一項 FTC不被追蹤隱私標準建議 73
第二項 W3C不被追蹤隱私標準 74
第三項 Google和Apple不被追蹤隱私標準 77
第二節 地理定位隱私保護標準 78
第一項 W3C地理定位隱私標準 80
第二項 IETF地理位置隱私和展現架構隱私標準 80
第三節 行動金融隱私標準 81
第四節 行動應用軟體隱私標準倡議 83
第一項 W3C行動Web倡議 83
第二項 GSMA行動應用發展隱私設計指南 84
第三項 MEF行動應用軟體隱私倡議 85

第六章 結論與建議 87
第一節 行動應用軟體隱私標準發展趨勢 87
第一項 國際隱私標準發展趨勢 87
第二項 隱私保護標準之全球化發展 88
第三項 行動應用軟體隱私保護標準之折衝發展 90
第四項 行動應用軟體隱私保護標準有助因應法規 92
第二節 我國發展個資管理標準與國際接軌 93
第三節 對我國行動軟體隱私保護法制之建議 96

參考文獻 99
zh_TW
dc.format.extent 1220246 bytes-
dc.format.mimetype application/pdf-
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0099961011en_US
dc.subject (關鍵詞) 資訊隱私zh_TW
dc.subject (關鍵詞) 行動應用軟體zh_TW
dc.subject (關鍵詞) 隱私標準zh_TW
dc.subject (關鍵詞) Information Privacyen_US
dc.subject (關鍵詞) Mobile Applicationsen_US
dc.subject (關鍵詞) Mobile Appsen_US
dc.subject (關鍵詞) Privacy Standardsen_US
dc.title (題名) 行動應用軟體隱私保護標準研究zh_TW
dc.title (題名) Study on Mobile Application Privacy Protection Standardsen_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) 英文文獻
1.Abdelmounaam Rezgui, Mourad Ouzzani, Athman Bouguettaya, Brahim Medjahed, Preserving Privacy in Web Services, Proceedings of the 4th international workshop on Web information and data management, November 2002
2.Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android Permissions:User Attention, Comprehension, and Behavior, Proceedings of the Eighth Symposium on Usable Privacy and Security, July 2012
3.Ali Grami and Bernadette H. Schell, Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges, Proceedings Second Annual Conference on Privacy, Security and Trust, October 13~15, 2004
4.Andre Charland, Brian LeRoux, Mobile Application Development: Web vs. Native, Association for Computing Machinery, Volume 9, Issue 4, April 2011
5.A standard for standards – Principles of standardization, http://www.bsigroup.com/Documents/standards/bs0-pas0/BSI-BS0-Standard-for-Standards-UK-EN.pdf, BSI Standards Publication, 2011
6.Biometrics and Standards, ITU-T Technology Watch Report, December 2009
7.Bob Toth, Putting the U.S. standardization system into perspective: new insights, StandardView Vol. 4, No. 4, December 1996
8.D. Cracker , "Making standards the IETF Way" in ACM StandardView, Vol.1, No.1, September 1993
9.David Wright, Should privacy impact assessments be mandatory?, Communications of the ACM , Volume 54 Issue 8, August 2011
10.Davies, Simon,“Monitor: Extinguishing Privacy on the Information Superhighway”, Pan Macmillan, Sydney, 1996
11.E-health Standards and Interoperability, ITU-T Technology Watch Report, April 2012
12.Emre Yildirim, Mobile Privacy: Is There An App For That? On smart mobile devices, apps and data protection, 2012
13.Hans Löhr, Ahmad-Reza Sadeghi, Marcel WinandySecuring the E-Health Cloud, IHI `10 Proceedings of the 1st ACM International Health Informatics Symposium, 2010
14.Haris Hamidovic, JOnline: An Introduction to the Privacy Impact Assessment Based on ISO 223, ISACA, Volume 4, 2010, http://www.isaca.org/Journal/Past-Issues/2010/Volume-4/Pages/JOnline-An-Introduction-to-the-Privacy-Impact-Assessment-Based-on-ISO22307.aspx
15.Heejin Lee, Sangjo Oh, The political economy of standards setting by newcomers:China’s WAPI and South Korea’s WIPI, Telecommunication Policy 32, ScienceDirect, 2008
16.HL7 Europe Newsletter , May 2013
17.Ian Reay, Scott Dick, and James Muller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, Transactions on the Web (TWEB) , Volume 3 Issue 2, Article 6, April 2009
18.Ivo Salmre, Writing Mobile Code: Essential Software Engineering for Building Mobile Applications, Addison-Wesley Professional, 2005
19.John Martin Ferris, Privacy Impact Assessment, The ISO PIA Standard for Financial Services, Law, Governance and Technology Series , Volume 6, Springer Netherland, 2012
20.Jonathan A. Morell and Selden Stewart, Standards Development for Information Technology: Best Practices for the United States, StandardView Vol. 4, No. 1, March 1996
21.Kobayashi, M. and Takeda, K, Information retrieval on the web, ACM Computing Surveys (ACM Press) 32 (2), 2000
22.Matthias Finkbeiner, Atsushi Inaba, Reginald Tan, Kim Christiansen, Hans-Jürgen Klüppel, The New International Standards for Life Cycle Assessment: ISO 14040 and ISO 14044, The International Journal of Life Cycle Assessment, Volume 11, Issue 2, March 2006
23.Mobile Applications, ITU-T TechWatch Alert, 1, July 2009
24.Robert M. Gellman, Can Privacy Be Requlated Effectively on a National Level? Thoughts on the Possible Need for International Privacy Rules, Villanova Law Review, Vol. 41, Iss. 1, Art. 2, 1996
25.Robert P. Minch, Privacy Issues in Location-Aware Mobile Devices, Proceedings of the 37th Hawaii International Conference on System Sciences, 2004
26.Ronald Dworkin, Liberty and Liberalism, In Taking Rights Seriously, Cambridge, NA:Harvard University Press, 1977
27.Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, August 2006
28.Shane Greenstein, Victor Stango, Standards and Public Policy, Cambridge University Press, 2007
29.Shirley Chan, Heejin Lee, Sangjo Oh, An International Mobile Security Standard Dispute: From the Actor—Network Perspective, Designing Ubiquitous Information Environments: Socio-Technical Issues and Challenges, IFIP — The International Federation for Information Processing Volume 185, 2005
30.Stephen T. Kent, Internet Privacy Enhanced Mail, Communications of the ACM , Volume 36 Issue 8, August 1993
31.The Inadequacy of Self Regulation within the Internet Behavioral Advertising Industry, Brooklyn Journal of Corporate, Financial & Commercial Law, 7 Brook. J. Corp. Fin. & Com. L. 277, Fall 2012
32.Warren and Brandeis,“The Right to Privacy”, Harvard Law Review, Vol. IV, December 15, 1890
33.Warwick Ford, Advances in Public-key Certificate Standards, SIGSAC Review , Volume 13 Issue 3, July 1995

中文文獻
1.Web Services的應用與省思,鼎新電腦企業通電子報,第46期,2003年8月。
2.刁仁國,淺論美國與歐盟《乘客姓名記錄(PNR)協議》對我國國境執法的啟示第一屆「國境安全與人口移動」學術研討會,2007年。
3.立法院三讀通過「個人資料保護法」,法務部新聞稿,法務部法律事務司,2010年4月27日。
4.行動上網將成主流,比PC革命更偉大,遠見雜誌2011年1月號 第295期。
5.李兆國,標準制定組織及標準專利權之爭議,2003年12月。
6.李震山,電腦處理個人資料保護法之回顧與前瞻,中正法學集刊第14期,2003年12月。
7.周慧蓮,隱私標準保護爭議之國際化,月旦法學雜誌第104期,2004年1月。
8.邱文聰,從資訊自決與資訊隱私的概念區分 - 評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌No.168,2009年5月。
9.翁清坤,論個人資料保護標準之全球化,東吳法律學報第22卷第1期,2010年。
10.財團法人工業技術研究院,經濟部商業交易安全認證前瞻技術研發與應用委外案 網路交易安全問題及企業應變架構之研究期末報告,2009年12月。
11.財團法人中華民國國家資訊基本建設產業發展協進會,深入國際標準化組織,產業技術標準活絡及推廣委辦計畫,經濟部標準檢驗局,2009年6月。
12.財團法人資訊工業策進會,符合W3C標準之網頁製作基本指引結構篇 - XHTML1.0,2006年10月。
13.許孝萱,行動RFID私密性研究,2008年6月。
14.陳起行,資訊隱私法理探討 - 以美國法為中心,政大法學評論,第64期,2000年12月。
15.湯亦敏,標準制定組織之智慧財產保護政策及競爭法問題探討,2006年6月。
16.葉英秋,論個人隱私與公共利益-以警察資料之取得與運用為中心,2008年。
17.詹文男暨MIC研究團隊,2012資通訊產業發展十大趨勢,財團法人資訊工業策進會產業情報研究所(MIC),2012年。
18.廖緯民,論搜尋引擎的隱私權威脅,月旦民商法雜誌第24期。
19.劉靜怡,資訊隱私權保護的國際化爭議 – 從個資保護體制的規範到國際貿易規範的適用,月旦法學雜誌,第86期,2002年。
20.劉靜怡,網際網路時代的資訊使用與隱私權保護規範:個人、政府與市場的拔河,資訊管理研究第四卷第三期,2002年11月。
21.樊國禎、黃健誠,「後檯實名,前檯匿名」與隱私架構初探:根基於ISO/IEC 29100:2011-12-15 標準系列,網路通訊國家型科技計畫簡訊,第50期,2013年4月。
22.蕭文生譯,關於「1983年人口普查法」之判決 - 聯邦憲法法院判決第65輯第1頁以下,西德聯邦憲法法院裁判選輯(一),司法院,1990年10月。

中文網站部份
1."金錢損失"和"隱私洩露" 網路安全亂象如何治?,解放日報,2013年2月13日,http://www.ce.cn/cysc/tech/07hlw/guonei/201302/13/t20130213_21336538.shtml。
2.10萬隱私地雷!近三成Android應用程式越矩取個資,2012年11月5日 ,http://news.cnyes.com/Content/20121105/KFNV4RYTE6QW7.shtml。
3.2012中華民國電子商務年鑑:環境篇,http://eccommerceenvironment.blogspot.tw/2012/11/blog-post_9665.html。
4.BS 10012個資保護標準的10大實務作法,http://www.ithome.com.tw/itadm/article.php?c=62797&s=4。
5.Continua Health Alliance,360°科技,2008年8月4日, http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=10&Cat=20&Cat1=&id=100637#ixzz2VE8jkR1D。
6.Gartner選出2012年十大消費性無線行動應用,2009年12月24日, http://www.ctimes.com.tw/DispNews/tw/LBS/NFC/Gartner/0911241813BO.shtml。
7.GSMA行動經濟報告:全球行動數據營收於2017年超越語音營收,數位時代網站,2012年2月26日, http://www.bnext.com.tw/article/view/cid/128/id/26698http://www.bnext.com.tw/article/view/cid/128/id/26698。
8.LBS結合多元行動應用 再創「打卡」新商機,DIGITIMES中文網,2012年1月18日, http://www.digitimes.com.tw/tw/things/shwnws.asp?cnlid=15&cat=10&cat1=15&id=0000268484_MMX5XIBW715TLV5CCR8QW#ixzz2VKFekulW。
9.TSM平台過關,五銀行卡位搶手機信用卡商機,MoneyDJ 財經知識庫,2013年1月24日,http://www.moneydj.com/kmdj/news/NewsViewer.aspx?a=81b2d9a1-786c-45a2-96b8-d08b5726b294#ixzz2cOJlNSuI。
10.プライバシーマーク制度,http://privacymark.jp/privacy_mark/about/outline_and_purpose.html。
11.中美就WAPI申請國際標準達成一致,2009年6月16日,http://news.mydrivers.com/1/137/137274.htm。
12.王忠,美國網路隱私保護框架之啟示,中國科學基金第2期,頁99~100,http://pub.nsfc.gov.cn/sficcn/ch/reader/view_abstract.aspx?file_no=201302099&flag=1。
13.加拿大與荷蘭指控WhatsApp侵犯個人隱私,2013年1月29日,http://www.ithome.com.tw/itadm/article.php?c=78611。
14.行動支付產業鏈 安全環環相扣,2013年4月9日,http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7393。
15.洪羿漣,透過認證標章減輕法律風險 因應個資規定 適法性最要緊,2012年9月3日, http://www.netadmin.com.tw/article_content.aspx?sn=1208280009
16.面對個資風暴 善設資訊管理機制,DAF 2012 個資防護與網路安全應用研討會,2012年8月27日, http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051A10816&id=0000299295_IFS1RCXBL6BR1O4ZCN1QZ。
17.個人資料保護法Q&A-從NFC手機談個人資料的管制(上),2011年10月1日,http://www.is-law.com/post/4/765;個人資料保護法Q&A-從NFC手機談個人資料的管制(中),2011年10月4日,http://www.is-law.com/post/4/766;個人資料保護法Q&A-從NFC手機談個人資料的管制(下),2011年10月7日,http://www.is-law.com/post/4/767。
18.個資法兩階段施行,經建會網站,2012年10月24日,http://www.cepd.gov.tw/m1.aspx?sNo=0017751&ex=2。
19.個資法通過 誰有可能成為受惠產業?資安人科技網,2010年6月28日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=5786。
20.財團法人台灣網路資訊中心,2011年IETF第82次台北會議活動說明書, http://www.ietf82.tw/2011_IETF82_Taipei-final-chn.pdf,2011年。
21.財團法人臺灣網路資訊中心新聞稿,2012年7月9日,http://www.twnic.net.tw/NEWS4/119.pdf。
22.高易中,以Web技術建立跨行動平台APP, RUN!PC網站,2013年1月9日,http://www.runpc.com.tw/content/content.aspx?id=109324。
23.許舜喨,以新修正個人資料保護法探討病歷資料之保護,2013年02月18日,http://www.ibmi.org.tw/client/ReportDetail.php?REFDOCTYPID=0lgfj8ve17pfj9w5&REFDOCID=0miejmapz7bntxai。
24.國家資通安全會報,國際個資保護發展趨勢與標準規範,2012年4月,http://www.icst.org.tw/docs/Fup/%E8%AD%B0%E9%A1%8C%E4%B8%80%EF%BC%9A%E5%9C%8B%E9%9A%9B%E5%80%8B%E8%B3%87%E4%BF%9D%E8%AD%B7%E7%99%BC%E5%B1%95%E8%B6%A8%E5%8B%A2%E8%88%87%E6%A8%99%E6%BA%96%E8%A6%8F%E7%AF%84-%E6%9B%B4%E6%96%B0%E7%89%88.pdf。
25.許多安卓手機軟體 竊用戶隱私,中央社,2013年3月16日,http://tw.news.yahoo.com/%E8%A8%B1%E5%A4%9A%E5%AE%89%E5%8D%93%E6%89%8B%E6%A9%9F%E8%BB%9F%E9%AB%94-%E7%AB%8A%E7%94%A8%E6%88%B6%E9%9A%B1%E7%A7%81-124426037--finance.html。
26.虛實緊密結合的SoLoMo時代來臨,你準備好了嗎?http://emf.migosoft.com/case/case122.html。
27.新版個資法預計10月正式上路,資訊工業策進會新聞中心,2012年8月8日,http://www.iii.org.tw/service/3_1_1_c.aspx?id=1037。
28.運用個資遮罩,為重要個資穿上金鐘罩- 既保護個資,也讓作業流程不打結,2012年12月19日,http://www.ithome.com.tw/privacylaw/article/77886。
29.廖珮君,TPIPAS開放輔導權 未來有機會成為國家標準?! 資安人,2012年10月8日, http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7087。
30.簡榮宗,追蹤式廣告與個人資料保護的分界,台灣法律網,http://www.lawtw.com/article.php?template=article_content&area=free_browse&parent_path=,1,561,&job_id=186137&article_category_id=200&article_id=107773。

英文網站部份
1.A High Level Reference Architecture for Mobile Health, GSMA, March 29, 2012, http://www.gsma.com/connectedliving/wp-content/uploads/2012/03/mobilearchitectureinteractive241111.pdf
2.Alex Simonelis, A Concise Guide to the Major Internet Bodies, Magazine Ubiquity, Feburary 2005, http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915
3.Anderson, Chris, The Long Tail, Wired Magazine, 12.10, October 2004, http://www.thelongtail.com/about.html
4.Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, On the deployment of Mobile Trusted Modules, http://sit.sit.fraunhofer.de/smv/publications/download/MTM_deployment_paper.pdf
5.Apple Accused in Suit of Tracking IPad, IPhone User Location , April 26, 2011, http://www.bloomberg.com/news/2011-04-25/apple-accused-in-suit-of-tracking-ipad-iphone-user-location-1-.html
6.Apple Beefs Up Privacy Protections In iOS 7, June13, 2013, http://www.mediapost.com/publications/article/202222/apple-beefs-up-privacy-protections-in-ios-7.html#ixzz2W4zRaWQr
7.Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID, August 19, 2011, http://techcrunch.com/2011/08/19/apple-ios-5-phasing-out-udid/
8.Armin Hornung, Gleb Krivosheev, Noor Singh, Jeff Bilger, Standards War, CSEP 590A: History of Computing, Autumn 2006, http://www.cs.washington.edu/education/courses/csep590/06au/projects/standards-wars.pdf
9.Bill would put mobile app vendors on the hook for privacy in US, May 10, 2013, http://www.computerworlduk.com/news/networking/3446597/bill-would-put-mobile-app-vendors-on-the-hook-for-privacy/
10.Boris Segalis, Mobile Location Privacy Opinion Adopted by Europe’s WP29, May 19, 2011, http://www.infolawgroup.com/2011/05/articles/data-privacy-law-or-regulation/mobile-location-privacy-opinion-adopted-by-europes-wp29/
11.CEN BOSS(Business Operations Support System), http://www.cen.eu/boss/supporting/Guidance%20documents/GD026%20-%20Standards%20and%20Regulations/Pages/default.aspxhttp://www.ithome.com.tw/itadm/article.php?c=78611
12.Chantal Tode, FTC wants mobile firms to do more to protect consumer privacy, February 5, 2013, http://www.mobilemarketer.com/cms/news/legal-privacy/14723.html
13.Chris Brook, FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices, February 4, 2013 , http://threatpost.com/ftc-endorses-new-privacy-guidelines-do-not-track-mobile-apps-devices-020413/
14.http://clicktoverify.truste.com/pvr.php?page=validate&url=www.travelzoo.com&sealid=102&lang=zh-tw
15.Cloud Security Alliance Announces Key Initiative in Development of Cloud Security Standards in Partnership with ISO/IEC, 2011 CSA Press Release, April 20, 2011, https://cloudsecurityalliance.org/csa-news/key-initiative-in-development-of-cloud-security-standards-in-partnership-with-isoiec/
16.Colin Bennett, An International Standard for Privacy Protection: Objections to the Objections, Jurisdiction II: Global Networks/Local Rules, Internet Law and Policy Forum, September 11~12, 2000, http://www.ilpf.org/events/jurisdiction2/presentations/bennett_pr/#f2
17.Colleen Frye, A look at the W3C’s mobile Web application best practices, January 2011, http://searchsoa.techtarget.com/tip/A-look-at-the-W3Cs-mobile-Web-application-best-practices
18.Daneil Castro, Benefits and Limitations of Industry Self-Regulation for Online Behavioral Advertising, The Information Technology & Innovation Fundation, December 2011, http://www.ntia.doc.gov/files/ntia/2011-self-regulation-online-behavioral-advertising.pdf
19.Durlak, Jerry, “Privacy and Security”, Communication for Tomorrow, http://renda.colunato. yorku.ca/com4tomo/1296.html
20.European data protection authorities publish their joint opinion on mobile apps, Press Release, ARTICLE 29 DATA PROTECTION WORKING PARTY, 14 March, 2013, http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/20130314_pr_apps_mobile_en.pdf
21.First California lawsuit over mobile privacy issues crashes, May14, 2013, http://www.computerworlduk.com/news/public-sector/3447146/first-california-lawsuit-over-mobile-privacy-issues-crashes/?intcmp=rel_articles;ntwrkng;link_1
22.First FTC Privacy Action Against Mobile App Publisher Alleging COPPA Violation Results in $50,000 Settlement, August 2011, http://digilaw.edwardswildman.com/blog.aspx?entry=3813 15
23.FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers, December 1, 2010, http://www.ftc.gov/opa/2010/12/privacyreport.shtm
24.FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures, Released by FTC, Feburary 1, 2013, http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm
25.Galen Gruman, http://www.infoworld.com/d/mobile-technology/3-easy-steps-more-secure-iphone-or-ipad-204930, October 16, 2012
26.Gartner Highlights Top Consumer Mobile Applications and Services for Digital Marketing Leaders, October 11, 2012, http://www.gartner.com/newsroom/id/2194115
27.Geolocation API Specification, http://dev.w3.org/geo/api/spec-source.html#security
28.Geolocation Privacy Legislation, April 10, 2013, http://www.gps.gov/policy/legislation/gps-act/
29.GlobalPlatform and TCG to work on mobile security standards, July 3, 2012 http://www.nfcworld.com/2012/07/03/316640/globalplatform-and-tcg-to-work-on-mobile-security-standards/
30.Google Calls for International Standards on Internet Privacy, September 15, 2007, http://www.washingtonpost.com/wp-dyn/content/article/2007/09/13/AR2007091302248.html
31.Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin, Siemens Networks GmbH Co KG, The IETF Geopriv and Presence Architecture Focusing on Location Privacy, October 18, 2006, http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv/
Hans J. Kleinsteuber, Self-regulation, Co-regulation, State Regulation, http://www.osce.org/fom/13844
34.How Mobile Apps are Invading Your Privacy Infographic, May 31, 2012, http://www.veracode.com/blog/2012/05/how-mobile-apps-are-invading-your-privacy-infographic/
35.How secure is your personal health information? ISO provides guidelines for health care organizations, ISO news, September 29, 2004, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref934
36.http://ec.europa.eu/justice/data-protection/document/international-transfers/binding-corporate-rules/index_en.htm
37.http://en.wikipedia.org/wiki/Privatus
38.http://isotc.iso.org/livelink/livelink?func=ll&objId=8862396&objAction=browse&sort=name
39.http://standards.ieee.org/develop/
40.http://uddi.xml.org
41.http://welcome.hp.com/country/tw/zh/privacy/p3p_popup.html
42.http://www.bsigroup.tw/;http://www.bsigroup.com
43.http://www.cgmopen.org
44.http://www.dcml.org
45.http://www.ehealth.scot.nhs.uk/
46.http://www.gs1tw.org/twct/web/gs1_wordshowdetail.jsp?MID=DT200606068
47.http://www.gsma.com
48.http://www.hl7.org.tw/about.htm
49.http://www.hl7.org/implement/standards/index.cfm?ref=nav
50.http://www.hl7.org/implement/standards/nocost.cfm
51.http://www.ietf.org
52.http://www.iso.org
53.http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/jtc1_home/jtc1_sc37_home.htm
54.http://www.itu.int
55.http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx
56.http://www.legalxml.org
57.http://www.mefmobile.org/about-mef
58.http://www.mefmobile.org/activities-and-analytics/analytics/global-privacy-survey-2013
59.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/ASC_X9
60.http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steering_Committee/webinar-driving-mobile-security-standards-in-m-commerce
61.http://www.oasis-pki.org/
62.http://www.rsa.com/rsalabs/node.asp?id=2306
63.http://www.tpipas.org.tw
64.http://www.truste.com/consumer-privacy/about-oba/
65.http://www.trustedcomputinggroup.org/about_tcg
66.http://www.w3.org/
67.http://www.w3.org/2005/10/Process-20051014/tr
68.http://www.w3.org/TR/mwabp/
69.http://www.w3.org/TR/ws-arch/#whatis
70.https://cloudsecurityalliance.org/research/mobile/
71.https://www.oasis-open.org
72.https://www.pcisecuritystandards.org
73.https://www.x9.org/about/
74.Industry Renews Plea To Keep "Do Not Track" Off By Default, April 29, 2013, http://www.adexchanger.com/online-advertising/industry-renews-plea-to-set-do-not-track-off-by-default/
75.Inside iOS 5: privacy change kills app developers` access to UDID, 19 August, 2011, http://appleinsider.com/articles/11/08/19/inside_ios_5_privacy_change_kills_app_developers_access_to_udid
76.ISO 22857:2004, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=36522
77.ISO/IEC 15944-8:2012(E) Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions, first edition 2012/04/01
78.ISO/IEC 24745:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=52946
79.ISO/IEC 24760, first Edition 2011/12/15, http://webstore.iec.ch/preview/info_isoiec24760-1%7Bed1.0%7Den.pdf
80.ISO/IEC 24760-1:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=57914
81.ISO/IEC 27018, http://www.iso27001security.com/html/27018.html
82.ISO/IEC 29100:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45123
83.ISO/IEC 29176 Information technology — Mobile item identification and management — Consumer privacy-protection protocol for Mobile RFID services, first edition 2011/10/15
84.ISO/IEC 29176:2011, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45255
85.ISO/IEC 29187-1 ed1.0, Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET) -- Part 1: Framework and reference model
86.ISO/IEC 29187-1:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45266
87.ISO/IEC Directives Supplement — Procedures specific to JTC 1, First edition, 2010
88.ISO/IEC Directives, Part 1, Ninth edition, 2012, http://www.iec.ch/members_experts/refdocs/iec/isoiecdir-1%7Bed9.0%7Den.pdf
89.ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems
90.ISO/TC 68 Financial services, http://www.iso.org/iso/iso_technical_committee.html?commid=49650
91.ISO/TR 12859:2009, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=52052
92.ISO/TS 13582:2013, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54037
93.ISO/TS 21547:2010, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44479
94.ISO/TS 25237:2008, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42807
95.Jason Cipriani, How to control Your Privacy Settings on iOS 6, http://howto.cnet.com/8301-11310_39-57507698-285/how-to-control-your-privacy-settings-on-ios-6/, September 19, 2012
96.Jim Brock, Do Not Track arrives for mobile apps, courtesy of Apple and Google (really) , September 27, 2012 , http://blog.privacychoice.org/2012/09/27/do-not-track-arrives-for-mobile-apps-courtesy-of-apple-and-google-really/
97.John J. Altorelli and Amy L. Rosenberg , California Enacts Nation’s First State Online Privacy Protection Act, December 2003, http://www.paulhastings.com/Resources/Upload/Publications/256.pdf
98.Kai Rannenberg , A framework for identity management (ISO/IEC 24760) , Mobile Business & Multilateral Security, June 2006, http://fg-secmgt.gi.de/fileadmin/gliederungen/fb-sec/Workshops_neu/WS_2012-06_IdentityMgmt/6_Rannenberg_framework_for_identity_management.pdf
Katy Bachman, What Exactly Does `Do Not Track` Mean? Digital Advertising Alliance is fighting misinformation, May 6, 2013, http://www.adweek.com/news/technology/what-exactly-does-do-not-track-mean-149149
99.Location-based mobile services are profiting but need to do more to ease privacy fears, March 22, 2013, http://www.computerworlduk.com/news/mobile-wireless/3346389/location-based-mobile-services-are-profiting-but-need-ease-privacy-fears/
Mathew J. Schwartz, W3C Proposes Do Not Track Privacy Standard, November 14, 2011, http://www.informationweek.com/security/privacy/w3c-proposes-do-not-track-privacy-standa/231902974
100.MEF joins ASC X9 to develop essential standards for advancing Mobile Commerce (M-Commerce) in the US, May 10, 2011, http://www.mefmobile.org/News/mef-news/21/mef-joins-asc-x9-to-develop-essential-standards-for-advancing-mobile-commerce-m-commerce-in-the-us
101.MEF launches App Privacy Initiative to build Consumer Trust around User Data Collection , April 25, 2012, http://www.mefmobile.org/News/mef-news/197/mef-launches-app-privacy-initiative-to-build-consumer-trust-around-user-data-collection
102.MEF tackles Mobile Threats and Security implications as next phase of its m-Commerce Initiative, May 14, 2012, http://internetretailing.net/2012/05/mef-tackles-mobile-threats-and-security-implications-as-next-phase-of-its-m-commerce-initiative/
103.Mike Clendenin, ISO rejects China`s WLAN standard, December 3, 2006, http://www.eetimes.com/electronics-news/4059133/ISO-rejects-China-s-WLAN-standard
104.Minutes of JTC1 Ad Hoc Meeting, January 19, 2012, https://mentor.ieee.org/802.11/dcn/12/11-12-0199-00-0jtc-jacksonville-minutes-jan-2012.doc
105.Mobile and Privacy, GSM Association 2012, February 2012, http://www.gsma.com/publicpolicy/wp-content/uploads/2012/03/gsmaprivacydesignguidelinesformobileapplicationdevelopmentv1.pdf
Mobile App Developers: Start with Security, February 2013,
http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security
106.Mobile Apps Developer Settles FTC Charges It Violated Children`s Privacy Rule, August 15, 2011, http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm
107.Mobile Privacy Disclosures:Building Trust Through Transparency , FTC Staff Report, February 2013, http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pd
108.Mobile Web Standards (OMA, BONDI, GSMA OneAPI, HTML5), https://developer.att.com/developer/tierNpage.jsp?passedItemId=2400412
109.Opinion 02/2013 on apps on smart devices, ARTICLE 29 DATA PROTECTION WORKING PARTY, Adopted on February27, 2013, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf
110.P3P and Privacy:An Update for the Privacy Community, March 2009, http://www.ipc.on.ca/images/Resources/p3p.pdf
111.Paper, Plastic... or Mobile? An FTC Workshop on Mobile, March 2013, Paymentshttp://www.ftc.gov/os/2013/03/130306mobilereport.pdf
112.Pareto principle, http://www.businessdictionary.com/definition/Pareto-principle.html
113.PCI Mobile Payment Acceptance Security Guidelines for Developers, September 2012, https://www.pcisecuritystandards.org/documents/Mobile_Payment_Security_Guidelines_Developers_v1.pdf
114.PCI Security Standards Council Releases Gudiance for Merchants on Mobile Payment Acceptance Security, February 14, 2013, https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf
115.Peter Fleischer , The need for global privacy standards, September 14, 2007, http://portal.unesco.org/ci/fr/files/25452/11909026951Fleischer-Peter.pdf/Fleischer-Peter.pdf
116.Privacy Requirements for Mobile Services, Approved Version 1.0.1 – 07 Aug 2007, http://technical.openmobilealliance.org/technical/release_program/docs/Privacy/V1_0-20070807-A/OMA-RD-Privacy-V_1_0_1-20070807-A.pdf
117.Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25.1.2012, COM(2012) 11 final, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
118.Rockefeller Reintroduces, Do Not Track Act Privacy heats up again in Congress , Febuary 28, 2013, http://www.adweek.com/news/technology/rockefeller-reintroduces-do-not-track-act-147610
119.Ron Kim, Trusted Platform Module and Privacy:Promises and Limitations, http://www.cs.auckland.ac.nz/compsci725s2c/archive/termpapers/skim.pdf
120.Rajnish Tiwari1, Stephan Buse and Cornelius Herstatt, From Electronic to Mobile Commerce: Technology Convegence Enables Innovative Business Services, http://www.mobile-prospects.com/publications/files/E2M-Commerce.pdf
121.Richard Santalesa , W3C Publishes Draft “Do-Not-Track” Standard, November 18, 2011, http://www.infolawgroup.com/2011/11/articles/privacy-law/w3c-publishes-draft-donottrack-standards/
122.S. Thrum and Y. Kane, Your Apps are Watching You, Wall Street Journal, http://online.wsj.com/, 2010
123.Scott Bradner, IETF Structure and Internet Standards Process, 62nd IETF, March 2005, http://www.ietf.org/newcomers.html
124.Standards for Web Applications on Mobile: current state and roadmap, May 2012, http://www.w3.org/2012/05/mobile-web-app-state/
125.The History of the Do Not Track Header, January 21, 2011, http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html
126.TECH SENSE: What “Do Not Track” Means for Advertisers, February 21, 2013, http://blog.pointroll.com/aducation/tech-sense-what-do-not-track-means-for-advertisers/
127.ITU-T Report, “Measuring and Reducing the Standards Gap” , December 4, 2009, http://itu.int/en/ITU-T/gap
128.The Application Privacy, Protection, and Security (APPS) Act of 2013 (Discussion Draft), http://hankjohnson.house.gov/sites/hankjohnson.house.gov/files/documents/APPS_Act_Key_Provisions.pdf
129.The APPS Act – a proposal to protect users’ mobile privacy, May 17, 2013, http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/
130.The New Firefox Cookie Policy, Feburary 22, 2013, http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/
131.The Rise of China in Technology Standards: New Norms in Old Institutions, January 16, 2013, http://origin.www.uscc.gov/sites/default/files/Research/RiseofChinainTechnologyStandards.pdf
132.Tracking Preference Expression (DNT), W3C Working Draft, April 30, 2013, http://www.w3.org/TR/2013/WD-tracking-dnt-20130430/
133.United States of America (For the Federal Trade Commission), Plaintiff, v. Path, Inc., Defendant (United States District Court for the Northern District of California, San Francisco Division), Case No. C 13 0448, FTC File No. 122 3158, http://www.ftc.gov/opa/2013/02/path.shtm
134.United States of America, Plaintiff v. W3 Innovations, LLC, also d/b/a Broken Thumbs Apps, and Justin Maples, individually and as an officer of W3 Innovations, LLC, Defendants (United States District Court for the Northern District of California) Case No. CV-11-03958-PSG, FTC File No. 102 3251, http://ftc.gov/os/caselist/1023251/
135.US regulators probe mobile app developing firms over violation of children`s privacy, http://appdev.cbronline.com/news/us-regulators-probe-mobile-app-developing-firms-over-violation-of-childrens-privacy-111212, December 11, 2012
136.W3C Workshop: Do Not Track and Beyond, November 26~27, 2012, http://www.w3.org/2012/dnt-ws/report
137.Why Europe’s Do Not Track stance could spark a trade war, March 22, 2013, http://lastwatchdog.com/europes-track-stance-spark-trade-war/
138.http://www.sans.org/reading-room/whitepapers/privacy/comparison-online-privacy-seal-programs-685
139.Xinwen Zhang, Onur Acıiçmez, and Jean-Pierre Seifert, A Trusted Mobile Phone Reference Architecture via Secure Kernel, 2007, http://profsandhu.com/zhang/pub/zhang-stc07.pdf
zh_TW