Academic literature on the topic 'Cybersecurity and privacy not elsewhere classified'

The Internet of Things (IoT) interconnects physical and virtual objects embedded with sensors, software, and other technologies, which exchange data using the Internet. This technology allows billions of devices and people to communicate, share data, and personalize services to make our lives easier. Despite the multiple benefits offered by IoT, it may also represent a critical issue due its lack of information security. Since the number of IoT devices has been rapidly increasing all over the world, they have become a target for many attackers, who try to steal sensitive information and compromise people’s privacy. As part of the IoT environment, data and services should be protected with features such as confidentiality, accuracy, comprehensiveness, authentication, access control, availability, and privacy. Cybersecurity threats are unique to the Internet of Things, which has unique characteristics and limitations. In consideration of this, a variety of threats and attacks are being launched daily against IoT. Therefore, it is important to identify these types of threats and find solutions to mitigate their risks. Therefore, in this paper, we reviewed and identified the most common threats in the IoT environment, and we classified these threats based on three layers of IoT architecture. In addition, we discussed the most common countermeasures to control the IoT threats and mitigation techniques that can be used to mitigate these threats by reviewing the related publications, as well as analyzing the popular application-layer protocols employed in IoT environments and their security risks and challenges.

The purpose of the work is to consider the theoretical and practical aspects of fraud in the Internet sphere and on this basis to identify ways to ensure the confidentiality and cybersecurity of private users and commercial organizations. The methodological basis of the work is the use of general and special methods of scientific knowledge. Methods of combining analysis and synthesis, induction and deduction have been used to identify different types of fraud in the Internet. Generalization methods, logical and empirical, were used in determining the directions of development of the national cyber defense system and ensuring confidentiality. The main results of the work: The most common methods of fraud with the use of bank payment cards are identified, among which: a fake poll on social networks with a prize draw; a phone call to obtain classified information; SIM card replacement for access to online banking; online payments on unsecured sites; phishing; copying card data when handed over; unsecured WI-Fi networks; computers in public places; skimming for card data theft; unauthorized micropayments; ATM fraud; use of malicious programs (viruses), fake sites in order to compromise the details of electronic payment instruments and/or logins/passwords for access to Internet/mobile banking systems; dissemination (sale, dissemination) of information on compromised data; terminal network fraud; fraud in remote service systems; social engineering. Basic security rules are defined to prevent fraud. The experience of European countries in the field of cybersecurity is analyzed. The directions of adaptation of the current legislation on cybersecurity to the EU standards are outlined and the directions of development of the national system of cybersecurity are defined. The practical significance of the results is to deepen the understanding of the nature and mechanism of various types of fraud in the Internet. The recommendations proposed in the paper can form a methodological and theoretical basis for the development of economic policy of the state to ensure the confidentiality and cybersecurity of private users and commercial organizations. Conclusions. The state should establish an effective oversight body in the field of personal data protection, but security measures and online restrictions should comply with international standards. The use of encryption should not be prohibited at the legislative level, as such restrictions reduce the ability of citizens to protect themselves from illegal intrusions into privacy. In addition, the state policy in the Internet should be aimed at promoting the development and operation of secure Internet technologies and the formation of mechanisms to protect against services and protocols that threaten the technical functioning of the Internet from viruses, phishing and more.

Exports of technology and items containing technical information are regulated by the United States government. United States export control regulations exist to help protect national security, economic, and political interests. United States defense industry companies manufacture products and develop technologies and information that the United States has a particular interest in protecting. Therefore, defense industry companies must comply with United States export control regulations when exporting items and information to their international partners and customers. An “export” not only includes shipments of hardware or other tangible assets to foreign end-users but also includes the sharing of certain types of information with foreign recipients in the form of phone conversations, emails, meetings, conferences, presentations, and so on. Many employees of defense industry companies travel internationally with company issued laptops and cellphones containing company information that could be viewed by foreign persons. All of these activities are considered exports and may require prior authorization from the United States government under export control regulations. Failure to follow export regulations could result in a violation requiring a report to the United States government that may result in civil penalties or criminal charges. Additionally, intentional as well as unintentional releases of information to certain foreign persons could be detrimental to a defense industry company’s business and reputation and may even result in security concerns for the United States. Although the government has an interest in regulating defense industry companies’ technology and information, critics argue that strong export control regulations may result in invasions of privacy, violations of free speech, and a displacement of the United States as a leader in a world of technological advancement. However, despite current regulations, defense industry information is still at risk of cyberattacks and inadvertent data releases, creating potential threats to national security and the security of company technology and information. In an effort to secure company and sensitive information while exporting, defense industry companies utilize encryption and other cybersecurity measures. Advancing technologies in cybersecurity can help the government and defense industry companies by bolstering the security of their information. These same advancements can also aid attackers in breaking through cybersecurity defenses. Some advances in technology are even preventing law enforcement from gathering necessary information to conduct investigations when cyber-attacks occur, making it difficult to identify criminal actors and seek justice.The United States government faces challenges in creating and up- dating regulations to keep up with consistently advancing technology. Likewise, defense industry companies must adhere to government regulations by creating robust compliance programs, but they should also implement security and compliance measures above and beyond what the government requires to ensure more effective security for their technology and information. This Article discusses the effect of advancing cyber technology; United States export regulations; reporting requirements related to the export of encrypted items; and encryption technology in the defense industry. First, the Article defines encryption and encrypted items. Second, the Article explains United States regulations of ex- ports and specifically, regulations related to encryption and encrypted items. Third, the Article explains the need for defense industry companies to export and to use encrypted items. Fourth, the Article analyzes criticisms of export regulations and the differing views on United States controls. Fifth, the Article will discuss the complexities of com- plying with export regulations and defense industry compliance pro- grams. Sixth, the Article examines the outlook for encryption technology, the future of regulations related to cybersecurity, and the outlook for defense industry security measures and compliance with regulations. The United States government is beginning to recognize the need for more advanced security measures to protect domestically produced technology and information, especially information that puts national security at risk. Specifically, the technology and information produced by United States defense industry companies should be protected from getting into the hands of our foreign adversaries at all costs. In response to the growing need for security measures, the United States government has implemented new programs, commissions, agencies, and projects to create more robust security systems and regulations. The United States should employ the most talented and experienced cybersecurity professionals to innovate and produce security systems that protect our nation’s most sensitive information. The government should then provide these systems to its defense industry companies at minimal cost and should require companies to use the best technology in its security measures. With or without the government’s assistance, defense industry companies within the United States must also implement their own measures of protection. Current policies offer little protection of sensitive and export controlled information including encrypted items and in- formation. In addition, the government should also provide the defense industry companies better guidance and access to resources in order to assist them in protecting the important information and encrypted items.207 For example, any new systems or software purchased by the United States should be made available to defense industry companies as the standard. If the government truly wishes to protect its most important technology and information, it should provide the new systems at minimal cost to the defense industry. Advancements in security programs should be shared with defense industry companies as soon as they are available and ready for use. Nevertheless, the government may not want to provide defense industry companies with the best security technology because in the event that the government needs to conduct an investigation, a company utilizing strong cyber- security and encryption software is much more difficult to investigate. Alternatively, the United States could update current regulations to require that defense industry companies must utilize specific security measures or face a penalty for failing to do so. Such regulation could require defense companies to implement more robust security pro- grams with updated security software. This is a less effective solution as the advancement in cyberattack technology increases so rapidly, and reformed regulations will likely be outdated as soon as they are implemented. It makes more sense to require that defense companies must implement the most updated software and programs determined by government security experts and cyber-security experts. Also, by allowing defense companies to decide which security companies it will work with, the defense companies obtain the option to shop for the best and most expensive program, or the company could choose the cheapest option, resulting in less efficient security. Cybersecurity regulations that are too specific run the risk of being outdated quickly, whereas broad requirements leave the option for companies to implement the lowest of security measures. Even if the government declines these suggested measures, defense industry companies should make the protection of their sensitive in- formation and encrypted items top priority. This method would re- quire complete buy-in from the senior management within the company and a thorough flow-down of cultural beliefs among its employees. A change in norms must be implemented, and defense industry personnel should be inundated with reminders on the importance of information security. Companies should provide employees with easy access to guidance, training, and assistance in handling, sharing, protecting, and exporting sensitive and export controlled information. Changing company culture takes time, and failure to change personnel beliefs will result in a lack of understanding and potential violations of export control regulations. In the worst cases, data spills and cyberattacks could result in the loss of sensitive or even classified in- formation that could jeopardize national security. Huge unauthorized data releases of sensitive information will negatively affect a company’s reputation thus affecting its ability to generate revenue. The risks in using and exporting encryption technology and sensitive information should be a major concern for defense industry companies. This concern should motivate the government to invest significant resources into compliance programs. Resources such as dedicated and qualified personnel can create policy and procedure to ensure compliance with United States government regulations, and the procedures will provide guidance and training to all employees. In addition, companies should employ IT security, data security, and counterintelligence personnel to work with the compliance team in innovating preventive measures and in addressing any potential data releases and export violations. Immediate actions and counter measures should be prioritized not just among the compliance and security teams but should be a known, expected response from all employees. In other words, cybersecurity norms should be instilled company-wide and thoroughly policed from within the company. How a company chooses to implement such measures remains discretionary, but a better resourced compliance department dedicated to implementing effective policies and responding quickly to potential issues will prevent export control violations and data releases of important information. Defense industry companies transfer export controlled information that may subject the United States to security risks. The United States responds to this risk by implementing regulations to control the high- risk exports. Defense industry companies must comply with these regulations. Therefore, defense industry companies should approach exports and cybersecurity from the standpoint that technology is always advancing—failure to simultaneously advance security and compliance measures will leave the country and the company vulnerable to attack.

As the distinction between disclosure-fuelled celebrity and lasting fame becomes difficult to discern, the “based on a true story” label has gained a particular traction among readers and viewers. This is despite much public approbation and private angst sometimes resulting from such disclosure as “little in the law or in society protects people from the consequences of others’ revelations about them” (Smith 537). Even fiction writers can stray into difficult ethical and artistic territory when they disclose the private facts of real lives—that is, recognisably biographical information—in their work, with autoethnographic fiction where authors base their fiction on their own lives (Davis and Ellis) not immune as this often discloses others’ stories (Ellis) as well. F. Scott Fitzgerald famously counselled writers to take their subjects from life and, moreover, to look to the singular, specific life, although this then had to be abstracted: “Begin with an individual, and before you know it, you find that you have created a type; begin with a type, and you find that you have created—nothing” (139). One of the problems when assessing fiction through this lens, however, is that, although many writers are inspired in their work by an actual life, event or historical period, the resulting work is usually ultimately guided by literary concerns—what writers often term the quest for aesthetic truth—rather than historical accuracy (Owen et al. 2008). In contrast, a biography is, and continues to be, by definition, an accurate account of a real persons’ life. Despite postmodern assertions regarding the relativity of truth and decades of investigation into the incorporation of fiction into biography, other non-fiction texts and research narratives (see, for instance: Wyatt), many biographers attest to still feeling irrevocably tied to the factual evidence in a way that novelists and the scriptors of biographically-based fictional television drama, movies and theatrical pieces do not (Wolpert; Murphy; Inglis). To cite a recent example, Louis Nowra’s Ice takes the life of nineteenth-century self-made entrepreneur and politician Malcolm McEacharn as its base, but never aspires to be classified as creative nonfiction, history or biography. The history in a historical novel is thus often, and legitimately, skewed or sidelined in order to achieve the most satisfying work of art, although some have argued that fiction may uniquely represent the real, as it is able to “play […] in the gap between the narratives of history and the actualities of the past” (Nelson n.p.). Fiction and non-fictional forms are, moreover, increasingly intermingling and intertwining in content and intent. The ugly word “faction” was an attempt to suggest that the two could simply be elided but, acknowledging wide-ranging debates about whether literature can represent the complexities of life with any accuracy and post-structuralist assertions that the idea of any absolute truth is outmoded, contemporary authors play with, and across, these boundaries, creating hybrid texts that consciously slide between invention and disclosure, but which publishers, critics and readers continue to define firmly as either fiction or biography. This dancing between forms is not particularly new. A striking example was Marion Halligan’s 2001 novel The Fog Garden which opens with a personal essay about the then recent death of her own much-loved husband. This had been previously published as an autobiographical memoir, “Cathedral of Love,” and again in an essay collection as “Lapping.” The protagonist of the novel is a recently widowed writer named Clare, but the inclusion of Halligan’s essay, together with the book’s marketing campaign which made much of the author’s own sadness, encourages readers to read the novel as a disclosure of the author’s own personal experience. This is despite Halligan’s attempt to keep the two separate: “Clare isn’t me. She’s like me. Some of her experience, terrors, have been mine. Some haven’t” (Fog Garden 9). In such acts of disclosure and denial, fiction and non-fiction can interrogate, test and even create each other, however quite vicious criticism can result when readers feel the boundaries demarking the two are breached. This is most common when authors admit to some dishonesty in terms of self-disclosure as can be seen, for instance, in the furore surrounding highly inflated and even wholly fabricated memoirs such as James Frey’s A Million Little Pieces, Margaret B. Jones’s Love and Consequences and Misha Defonseca’s A Mémoire of the Holocaust Years. Related problems and anxieties arise when authors move beyond incorporating and disclosing the facts of their own lives in memoir or (autobiographical) fiction, to using the lives of others in this way. Daphne Patai sums up the difference: “A person telling her life story is, in a sense, offering up her self for her own and her listener’s scrutiny […] Whether we should appropriate another’s life in this way becomes a legitimate question” (24–5). While this is difficult but seemingly manageable for non-fiction writers because of their foundational reliance on evidence, this anxiety escalates for fiction writers. This seems particularly extreme in relation to how audience expectations and prior knowledge of actual events can shape perceptions and interpretations of the resulting work, even when those events are changed and the work is declared to be one of fiction. I have discussed elsewhere, for instance, the difficult terrain of crafting fiction from well-known criminal cases (Brien, “Based on a True Story”). The reception of such work shows how difficult it is to dissociate creative product from its source material once the public and media has made this connection, no matter how distant that finished product may be from the original facts.As the field of biography continues to evolve for writers, critics and theorists, a study of one key text at a moment in that evolution—Jill Shearer’s play Georgia and its reliance on disclosing the life of artist Georgia O’Keeffe for its content and dramatic power—reveals not only some of the challenges and opportunities this close relationship offers to the writers and readers of life stories, but also the pitfalls of attempting to dissemble regarding artistic intention. This award-winning play has been staged a number of times in the past decade but has attracted little critical attention. Yet, when I attended a performance of Georgia at La Boite Theatre in Brisbane in 1999, I was moved by the production and admiring of Shearer’s writing which was, I told anyone who would listen, a powerfully dramatic interpretation of O’Keeffe’s life, one of my favourite artists. A full decade on, aspects of the work and its performance still resonate through my thinking. Author of more than twenty plays performed throughout Australia and New Zealand as well as on Broadway, Shearer was then (and is) one of Australia’s leading playwrights, and I judged Georgia to be a major, mature work: clear, challenging and confident. Reading the Currency Press script a year or so after seeing the play reinforced for me how distinctive and successful a piece of theatre Shearer had created utilising a literary technique which has been described elsewhere as fictionalised biography—biography which utilises fictional forms in its presentation but stays as close to the historical record as conventional biography (Brien, The Case of Mary Dean).The published version of the script indeed acknowledges on its title page that Georgia is “inspired by the later life of the American artist Georgia O’Keeffe” (Shearer). The back cover blurb begins with a quote attributed to O’Keeffe and then describes the content of the play entirely in terms of biographical detail: The great American artist Georgia O’Keeffe is physically, emotionally and artistically debilitated by her failing eyesight. Living amidst the Navajo spiritual landscape in her desert home in New Mexico, she becomes prey to the ghosts of her past. Her solitude is broken by Juan, a young potter, whose curious influence on her life remains until her death at 98 (Georgia back cover). This short text ends by unequivocally reinforcing the relation between the play and the artist’s life: “Georgia is a passionate play that explores with sensitivity and wry humour the contradictions and the paradoxes of the life of Georgia O’Keeffe” (Georgia back cover). These few lines of plot synopsis actually contain a surprisingly large number of facts regarding O’Keeffe’s later life. After the death of her husband (the photographer and modern art impresario Alfred Steiglitz whose ghost is a central character in the play), O’Keeffe did indeed relocate permanently to Abiquiú in New Mexico. In 1971, aged 84, she was suffering from an irreversible degenerative disease, had lost her central vision and stopped painting. One autumn day in 1973, Juan Hamilton, a young potter, appeared at her adobe house looking for work. She hired him and he became her lover, closest confidante and business manager until her death at 98. These facts form not only the background story but also much of the riveting content for Georgia which, as the published script’s introduction states, takes as its central themes: “the dilemma of the artist as a an older woman; her yearning to create against the fear of failing artistic powers; her mental strength and vulnerability; her sexuality in the face of physical deterioration; her need for companionship and the paradoxical love of solitude” (Rider vii). These issues are not only those which art historians identify as animating the O’Keeffe’s later life and painting, but ones which are discussed at length in many of the biographies of the artist published from 1980 to 2007 (see, for instance: Arrowsmith and West; Berry; Calloway and Bry; Castro; Drohojowska-Philp; Eisler; Eldredge; Harris; Hogrefe; Lisle; Peters; Reily; Robinson).Despite this clear focus on disclosing aspects of O’Keeffe’s life, both the director’s and playwright’s notes prefacing the published script declare firmly that Georgia is fiction, not biography. While accepting that these statements may be related to copyright and privacy concerns, the stridency of the denials of the biography label with its implied intention of disclosing the facts of a life, are worthy of analysis. Although noting that Georgia is “about the American artist Georgia O’Keeffe”, director of the La Boite production Sue Rider asserts that not only that the play moves “beyond the biographical” (vii) but, a few pages later, that it is “thankfully not biography” (xii). This is despite Rider’s own underscoring of the connection to O’Keeffe by setting up an exhibition of the artist’s work adjacent to the theatre. Shearer, whose research acknowledgments include a number of works about O’Keeffe, is even more overtly strident in her denial of any biographical links stating that her characters, “this Juan, Anna Marie and Dorothy Norman are a work of dramatic fiction, as is the play, and should be taken as such” (xiii).Yet, set against a reading of the biographies of the artist, including those written in the intervening decade, Georgia clearly and remarkably accurately discloses the tensions and contradictions of O’Keeffe’s life. It also draws on a significant amount of documented biographical data to enhance the dramatic power of what is disclosed by the play for audiences with this knowledge. The play does work as a coherent narrative for a viewer without any prior knowledge of O’Keeffe’s life, but the meaning of the dramatic action is enhanced by any biographical knowledge the audience possesses. In this way, the play’s act of disclosure is reinforced by this externally held knowledge. Although O’Keeffe’s oeuvre is less well known and much anecdotal detail about her life is not as familiar for Australian viewers as for those in the artist’s homeland, Shearer writes for an international as well as an Australian audience, and the program and adjacent exhibition for the Brisbane performance included biographical information. It is also worth noting that large slabs of biographical detail are also omitted from the play. These omissions to disclosure include O’Keeffe’s early life from her birth in 1887 in Wisconsin to her studies in Chicago and New York from 1904 to 1908, as well as her work as a commercial artist and art teacher in Texas and other Southern American states from 1912 to 1916. It is from this moment in 1916, however, that the play (although opening in 1946) constructs O’Keeffe’s life right through to her death in 1986 by utilising such literary devices as flashbacks, dream sequences and verbal and visual references.An indication of the level of accuracy of the play as biographical disclosure can be ascertained by unpacking the few lines of opening stage directions, “The Steiglitz’s suite in the old mid-range Shelton Hotel, New York, 1946 ... Georgia, 59, in black, enters, dragging a coffin” (1). In 1946, when O’Keeffe was indeed aged 59, Steiglitz died. The couple had lived part of every year at the Shelton Towers Hotel at 525 Lexington Avenue (now the New York Marriott East Side), a moderately priced hotel made famous by its depiction in O’Keeffe’s paintings and Steiglitz’s photographs. When Stieglitz suffered a cerebral thrombosis, O’Keeffe was spending the summer in New Mexico, but she returned to New York where her husband died on 13 July. This level of biographical accuracy continues throughout Georgia. Halfway through the first page “Anita, 52” enters. This character represents Anita Pollitzer, artist, critic and O’Keeffe’s lifelong friend. The publication of her biography of O’Keeffe, A Woman on Paper, and Georgia’s disapproval of this, is discussed in the play, as are their letters, which were collected and published in 1990 as Lovingly, Georgia (Gibiore). Anita’s first lines in the play after greeting her friend refer to this substantial correspondence: “You write beautifully. I always tell people: “I have a friend who writes the most beautiful letters” (1). In the play, as in life, it is Anita who introduces O’Keeffe’s work to Stieglitz who is, in turn, accurately described as: “Gallery owner. Two Nine One, Fifth Avenue. Leader of the New York avant-garde, the first to bring in the European moderns” (6). The play also chronicles how (unknown to O’Keeffe) Steiglitz exhibited the drawings Pollitzer gave him under the incorrect name, a scene which continues with Steiglitz persuading Georgia to allow her drawings to remain in his gallery (as he did in life) and ends with a reference to his famous photographs of her hands and nude form. Although the action of a substantial amount of real time is collapsed into a few dramatic minutes and, without doubt, the dialogue is invented, this invention achieves the level of aesthetic truth aimed for by many contemporary biographers (Jones)—as can be assessed when referring back to the accepted biographical account. What actually appears to have happened was that, in the autumn 1915, while teaching art in South Carolina, O’Keeffe was working on a series of abstract charcoal drawings that are now recognised as among the most innovative in American art of that time. She mailed some of these drawings to Pollitzer, who showed them Steiglitz, who exhibited ten of them in April 1916, O’Keeffe only learning of this through an acquaintance. O’Keeffe, who had first visited 291 in 1908 but never spoken to Stieglitz, held his critical opinion in high regard, and although confronting him over not seeking her permission and citing her name incorrectly, eventually agreed to let her drawings hang (Harris). Despite Shearer’s denial, the other characters in Georgia are also largely biographical sketches. Her “Anna Marie”, who never appears in the play but is spoken of, is Juan’s wife (in real life Anna Marie Hamilton), and “Dorothy Norman” is the character who has an affair with Steiglitz—the discovery of which leads to Georgia’s nervous breakdown in the play. In life, while O’Keeffe was in New Mexico, Stieglitz became involved with the much younger Norman who was, he claimed, only his gallery assistant. When O’Keeffe discovered Norman posing nude for her husband (this is vividly imagined in Georgia), O’Keeffe moved out of the Shelton and suffered from the depression that led to her nervous breakdown. “ Juan,” who ages from 26 to 39 in the play, represents the potter Juan Hamilton who encouraged the nearly blind O’Keeffe to paint again. In the biographical record there is much conjecture about Hamilton’s motives, and Shearer sensitively portrays her interpretation of this liaison and the difficult territory of sexual desire between a man and a much older woman, as she also too discloses the complex relationship between O’Keeffe and the much older Steiglitz.This complexity is described through the action of the play, but its disclosure is best appreciated if the biographical data is known. There are also a number of moments of biographical disclosure in the play that can only be fully understood with biographical knowledge in hand. For instance, Juan refers to Georgia’s paintings as “Beautiful, sexy flowers [... especially] the calla lilies” (24). All attending the play are aware (from the exhibition, program and technical aspects of the production) that, in life, O’Keeffe was famous for her flower paintings. However, knowing that these had brought her fame and fortune early in her career with, in 1928, a work titled Calla Lily selling for U.S. $25,000, then an enormous sum for any living American artist, adds to the meaning of this line in the play. Conversely, the significant level of biographical disclosure throughout Georgia does not diminish, in any way, the power or integrity of Shearer’s play as a literary work. Universal literary (and biographical) themes—love, desire and betrayal—animate Georgia; Steiglitz’s spirit haunts Georgia years after his death and much of the play’s dramatic energy is generated by her passion for both her dead husband and her younger lover, with some of her hopeless desire sublimated through her relationship with Juan. Nadia Wheatley reads such a relationship between invention and disclosure in terms of myth—relating how, in the process of writing her biography of Charmain Clift, she came to see Clift and her husband George Johnson take on a larger significance than their individual lives: “They were archetypes; ourselves writ large; experimenters who could test and try things for us; legendary figures through whom we could live vicariously” (5). In this, Wheatley finds that “while myth has no real beginning or end, it also does not bother itself with cause and effect. Nor does it worry about contradictions. Parallel tellings are vital to the fabric” (5). In contrast with both Rider and Shearer’s insistence that Georgia was “not biography”, it could be posited that (at least part of) Georgia’s power arises from the creation of such mythic value, and expressly through its nuanced disclosure of the relevant factual (biographical) elements in parallel to the development of its dramatic (invented) elements. Alongside this, accepting Georgia as such a form of biographical disclosure would mean that as well as a superbly inventive creative work, the highly original insights Shearer offers to the mass of O’Keeffe biography—something of an American industry—could be celebrated, rather than excused or denied. ReferencesArrowsmith, Alexandra, and Thomas West, eds. Georgia O’Keeffe & Alfred Stieglitz: Two Lives—A Conversation in Paintings and Photographs. Washington DC: HarperCollins and Calloway Editions, and The Phillips Collection, 1992.Berry, Michael. Georgia O’Keeffe. New York: Chelsea House, 1988.Brien, Donna Lee. The Case of Mary Dean: Sex, Poisoning and Gender Relations in Australia. Unpublished PhD Thesis. Queensland University of Technology, 2004. –––. “‘Based on a True Story’: The Problem of the Perception of Biographical Truth in Narratives Based on Real Lives”. TEXT: Journal of Writers and Writing Programs 13.2 (Oct. 2009). 19 Oct. 2009 < http://www.textjournal.com.au >.Calloway, Nicholas, and Doris Bry, eds. Georgia O’Keeffe in the West. New York: Knopf, 1989.Castro, Jan G. The Art and Life of Georgia O’Keeffe. New York: Crown Publishing, Random House, 1985.Davis, Christine S., and Carolyn Ellis. “Autoethnographic Introspection in Ethnographic Fiction: A Method of Inquiry.” In Pranee Liamputtong and Jean Rumbold, eds. Knowing Differently: Arts-Based and Collaborative Research. New York: Nova Science, 2008. 99–117.Defonseca, Misha. Misha: A Mémoire of the Holocaust Years. Bluebell, PA: Mt. Ivy Press, 1997.Drohojowska-Philp, Hunter. Full Bloom: The Art and Life of Georgia O’Keeffe. New York: WW Norton, 2004.Ellis, Carolyn. “Telling Secrets, Revealing Lives: Relational Ethics in Research with Intimate Others.” Qualitative Inquiry 13.1 (2007): 3–29. Eisler, Benita. O’Keeffe and Stieglitz: An American Romance. New York: Doubleday, 1991.Eldredge, Charles C. Georgia O’Keeffe: American and Modern. New Haven: Yale UP, 1993.Fitzgerald, F. Scott. The Diamond as Big as the Ritz and Other Stories. Harmondsworth, U.K.: Penguin, 1962.Frey, James. A Million Little Pieces. New York: N.A. Talese/Doubleday, 2003.Gibiore, Clive, ed. Lovingly, Georgia. New York: Simon and Schuster, 1990.Halligan, Marion. “Lapping.” In Peter Craven, ed. Best Australian Essays. Melbourne: Bookman P, 1999. 208–13.Halligan, Marion. The Fog Garden. Sydney: Allen and Unwin, 2001.Halligan, Marion. “The Cathedral of Love.” The Age 27 Nov. 1999: Saturday Extra 1.Harris, J. C. “Georgia O’Keeffe at 291”. Archives of General Psychiatry 64.2 (Feb. 2007): 135–37.Hogrefe, Jeffrey. O’Keeffe: The Life of an American Legend. New York: Bantam, 1994.Inglis, Ian. “Popular Music History on Screen: The Pop/Rock Biopic.” Popular Music History 2.1 (2007): 77–93.Jones, Kip. “A Biographic Researcher in Pursuit of an Aesthetic: The Use of Arts-Based (Re)presentations in “Performative” Dissemination of Life Stories”. Qualitative Sociology Review 2.1 (Apr. 2006): 66–85. Jones, Margaret B. Love and Consequences: A Memoir of Hope and Survival. New York: Riverhead Books, 2008.Lisle, Laurie. Portrait of an Artist: A Biography of Georgia O’Keeffe. New York: Seaview Books, 1980.Murphy, Mary. “Limited Lives: The Problem of the Literary Biopic”. Kinema 17 (Spr. 2002): 67–74. Nelson, Camilla. “Faking It: History and Creative Writing.” TEXT: Journal of Writing and Writing Courses 11.2 (Oct. 2007). 19 Oct. 2009 < http://www.textjournal.com.au/oct07/nelson.htm >.Nowra, Louis. Ice. Crows Nest: Allen and Unwin, 2008.Owen, Jillian A. Tullis, Chris McRae, Tony E. Adams, and Alisha Vitale. “Truth Troubles.” Qualitative Inquiry 15.1 (2008): 178–200.Patai, Daphne. “Ethical Problems of Personal Narratives, or, Who Should Eat the Last Piece of Cake.” International Journal of Oral History 8 (1987): 5–27.Peters, Sarah W. Becoming O’Keeffe. New York: Abbeville Press, 1991.Pollitzer, Anita. A Woman on Paper. New York: Simon and Schuster, 1988.Reily, Nancy Hopkins. Georgia O’Keeffe. A Private Friendship, Part II. Santa Fe, NM: Sunstone Press, 2009.Rider, Sue. “Director’s Note.” Georgia [playscript]. Sydney: Currency Press, 2000. vii–xii.Robinson, Roxana. Georgia O’Keeffe: A Life. London: Bloomsbury Publishing, 1990. Shearer, Jill. Georgia [playscript]. Sydney: Currency Press, 2000.Smith, Thomas R. “How Our Lives Become Stories: Making Selves [review]”. Biography 23.3 (2000): 534–38.Wheatley, Nadia. The Life and Myth of Charmian Clift. Sydney: Flamingo, 2001.Wolpert, Stanley. “Biography as History: A Personal Reflection”. Journal of Interdisciplinary History 40.3 (2010): 399–412. Pub. online (Oct. 2009). 19 Oct. 2009 < http://www.mitpressjournals.org/toc/jinh/40/3 >.Wyatt, Jonathan. “Research, Narrative and Fiction: Conference Story”. The Qualitative Report 12.2 (Jun. 2007): 318–31.

This thesis undertakes to research the development of domestic legal protection for privacy rights within employment. Unusually for a current work, it does this by returning to the genesis of the protections. The work challenges pervasive arguments that the notion of confidence did not protect privacy and exceptionally argues that the earliest incarnation of the notion of confidence was well equipped to protect private and personal information against disclosure. The thesis puts forward the novel view that the problems that have arisen in providing domestic protection for such information, in the absence of a right to privacy, are the result of an unfortunate narrowing of the original notion. This position is underpinned by the contention that a number of cases misinterpreted the nature of the original tort and did not fully recognise the requirement to provide protection against the acquisition of personal information. The historical analysis contributes to current knowledge by providing an alternative interpretation of the historical legal framework. This analysis provides an unorthodox assessment of the opportunities provided to the courts by the notion of confidence, to enhance both the theory and practical impact of the protection of privacy rights within employment Furthermore the thesis evaluates a broad range of case law from the European Court of Human Rights. These include general privacy cases, those involving wrongdoers as well as general employment cases. These cases are used to identify any consistent themes or conflicts in the application of the right to privacy. The evaluation produces a highly developed analysis and uncovers the latent significance of employment policies in both the protection of and the intrusion into, an employee's privacy. Most notably and distinctively the thesis identifies the important role that a well-crafted policy can have in augmenting an insubstantial legislative framework, provided that some legal basis provides the foundation for the policy. This evaluation also exposes the implications of any policy, which provides the basis for an interference with an employee's privacy and unconventionally highlights that the mere existence of such a policy can of itself amount to an intrusion, whether or not it is put into practice. Moreover, the thesis considers whether the incorporation of the right to privacy into domestic law has any impact upon private sector employers and employees. It heightens knowledge of the positive obligations placed upon the state and the courts to protect the right to privacy of all individuals against intrusions by the state and significantly against intrusions by other individuals or private sector organisations. The thesis therefore provides a valuable addition to current understanding of the interventionist and rigorous protections for privacy rights within employment, provided by the Strasbourg Court. This in turn provides the foundation for the unique evaluation of how effectively the right to privacy is incorporated into current domestic law. The thesis has taken the valuable opportunity provided by the tenth anniversary of the publication of the Human Rights Act 1998 to consider its impact upon privacy rights within employment. It takes advantage of the occasion to re-evaluate the categories of confidence and privacy and to analyse the principles underpinning the notions within domestic courts. The work exceptionally compares the development of domestic employment law with the development of general civil and criminal cases. This is an effective structure, which facilitates the development of arguments outlining how privacy rights within employment can be more effectively recognised and protected. The thesis does not shirk the challenges posed by the complex and difficult piece of legislation known as the Regulation of Investigatory Powers Act 2000, a particularly puzzling statute'. 1 It singularly and painstakingly reviews its provisions and questions whether accepted interpretations are correct or workable. The work offers an independent analysis of the rationale and application of its terms and brings to light the finding that despite its name Part II of the Act does not provide any powers and does not regulate the use of any existing powers but merely provides a framework, by which, intrusions may be undertaken by public authorities 'in accordance with the law' where there is no other statutory basis for the interference. The thesis makes an interesting case that other than where it creates criminal offences and civil liabilities for the interception of communications2, it has little if any effect upon the monitoring of employees, whether in the public or private sectors. The thesis also evaluates the Data Protection Act 1998 and The Employment Practices Code. It originally asserts that the Act and the Code provide the statutory basis for employers to intrude into the private lives of employees and prospective employees 'in accordance with the law' where it is necessary and proportionate to so; providing the employer has established and published policies that make the intrusion foreseeable in the circumstances. The fact that these arguments need to be evaluated and explained, naturally leads to the explicit conclusion that the incorporation of the rights protected by Article 8 in the statutory framework have failed to supply the necessary clarity to provide forseeability or to give, strengthen or explicitly restrict privacy rights within employment. Additionally, the creative comparison with the general privacy and criminal cases brings to light the evident disparity in the development of the case law in these areas compared with the development within employment cases. The thesis sets out the &adual but definite maturing of the protection noticeable in general privacy and criminal cases, particularly in v W [2003] EWCA Crim 1632 p. 98 2 Which themselves are modified by the Telecommunication (Lawful Business Practice) (Interception of Communications) Regulations, 2000 L1 relation to wrongdoing and rehabilitation, arguing that this has yet to filter into the employment cases. This leads to proposals for reform to remove the evident confusion for employers, employees, legal advisors, those providing oversight and commentators. The proposals encourage the judiciary to embrace the challenges and possibilities provided by the Human Rights Act 1998 to provide appropriate protections for privacy rights within employment. The thesis provides a platform for further research within this area and makes recommendations as to how the findings could be developed by both empirical research or by further comparative studies. The unusual approach to the research, the original nature of the findings and proposals for reform provide a valuable contribution to knowledge of the domestic legal framework, both statutory and common law suggesting both how it may be more effectively applied and how it could profitably be developed and clarified for both employers and employees. The thesis has thereby moved the debate to a different theoretical place from the established view of the ability of domestic law to effectively protect privacy rights within employment.

Security of online transactions is a key factor that affects a potential buyer's decision to make purchases online. In Thailand, security has been identified as the main reason for consumers' reluctance in purchasing products online. E-commerce rates in Thailand are considerably lower than those of other countries in the same region. However, this could be interpreted as a potential for e-commerce growth in Thailand. This study aims to identify the main factors affecting the low rates of e-commerce activity in Thailand and explores the social and cultural aspects of online shoppers here. Through a survey of Thais who shop online, this research aims to understand consumers' behaviours and their opinions relevant to security of online transactions. The research employs a qualitative approach and a questionnaire survey to collect pertinent data.

Results show a strong association between confidence in online security and the number of potential online buyers. E-commerce in Thailand can grow fully when appropriate security strategies have been developed. This can make potential buyers more confident about making online purchases. This finding has been confirmed using knowledge from across disciplines. Mathematical equations (adding test value, recalculating and mathematically reconstructing the data structure) and the laws of physics have been used to help explain this social behaviour as a conceptual idea of Mode-2 society. Following an in depth, trans-disciplinary analysis of the research data, some recommendations for the online industry and government entities have also been presented. The findings of the study and its recommendations focus on online trading activity can help in reducing fear or reluctance associated with online transactions among Internet users in Thailand and possibly leads to an increase in revenues from online shopping for the country.

With the growing popularity of using smartphones in business environments, it is increasingly likely that phones will be the target of attacks and sources of evidence in cyber forensic investigations. It will often be important to identify who was using the phone at the time an incident occurred. This can be very difficult as phones are easily misplaced, borrowed, or stolen. Previous research has attempted to find ways to identify computer users based on behavioral analysis. Current research into user profiling requires highly invasive examinations of potentially sensitive user data that the user might not be comfortable with people inspecting or could be against company policy to store. This study developed user profiles based on changes in a mobile phone's underlying block structure. By examining where and when changes occur, a user profile can be developed that is comparable to more traditional intrusion detection models, but without the need to use invasive data sets. These profiles can then be used to determine user masquerading efforts or detect when a compromise has occurred. This study included 35 participants that used Samsung Galaxy S3s for three months. The results of the study show that this method has a high accuracy of classifying a phone's actual sessions correctly when using 2-class models. Results from the 1-class models were not as accurate, but the Sigmoid SVM was able to correctly classify actual user sessions from attack sessions.