Paper #:[4.3.3 LP] #2 Title: "Framework for Security and Privacy in Automotive Telematics" by Sastry Drui, etc. PROBLEM With the advent of more sensors being placed in automobiles, the desire to utilize this information in a more useful manner has evolved. However, in order to use this information it must be shared with other sources. With this need comes apprehension because the user does not know if the sources that will use the data will be trustworthy and not misuse the data after the user has received the service. In addition, the service provider must be concerned with whether or not the data that they receive from the user's automobile is accurate. This concern is similar to that of when the Web was becoming mainstream and users were apprehensive to share personal data. NEW IDEAS AND STRENGTHS *The authors proposed a system where the automobile aggregates the data and sends it to the Telematics Service Provider. Then, different application service providers may access the data through the Telematics Service Provider in order to increase privacy and security. *The solution does a good job of allowing services to only have access to needed data without the user data when it is still possible to provide useful services without the user data. *The solution allows the customer to select the best privacy policy for him. This is good because when it comes to humans, there is hardly ever a "one-size-fits all" policy possible to make everybody happy. WEAKNESSES AND EXTENSIONS *The paper mentions that the TSP is used to help ensure data accuracy. However, where is the check to ensure that the TSP is giving accurate data to the ASP's. For example, with the insurance example, how does the user know that the proper data is being reported the ASP. *One weakness to the solution is that it is hard to ensure that the aggregate applications are not abusing the information given to them. At this time, there isn't a clear way to prevent this. *While it is a good idea to have user-defined policies. An extension might be appropriate to ensure that the policies are not asking for consent to the extent that they are annoying.