Posts

Research Roundup 4: The Finals!

by

Of the NBA and NHL, that is, and, being from the Bay Area, we’re going to revel in this moment. The Sharks have ascended to the grandest stage in hockey probably just to disappoint us in the grandest possible way and pave the way for The Warriors to convert us from primarily hockey fans to primarily basketball fans.

Perhaps you’ll watch some finals on cable. So will future governance of the Internet of Things (IOT) allow your IoT-enhanced set top box realize this and automatically record the show for you? Maybe you’re just a shark when it comes to cyber-security economics or a warrior for expectations of privacy in social media. No matter what topics you root for, it promises to be a hell of a roundup.

Remember: no matter how these series turn out, sports are just games,[1] and any opinions in these research papers are those of the authors – not necessarily ours.

 

IoT safety and security as shared responsibility

As more devices—or “things,” as the phrase “Internet of Things” suggests—connect to the internet, balancing privacy, cybersecurity, and the economic value that comes from collecting and using consumers’ data becomes increasingly challenging. Take two-factor authentication as an example: while the technology makes user data more secure, requiring a second device like a cellphone or USB stick to authenticate adds a small yet meaningful obstacle to adoption. Is that a worthwhile tradeoff?

Different countries and governing bodies have their own rules and mandates which broadly control consumer privacy. While the Internet Governance Forum (IGF), a multi-stakeholder advisory group led by a chairman appointed by the UN Department for Economic and Social Affairs, has so far called the IoT a specific application of the internet and therefore does not need specific governance, it is a potential forum to address these issues in the future. The authors believe the multi-stakeholder nature of the IGF allows it to adapt more quickly to changing technology than a top-down governance approach. Likewise, the mix of participants will help ensure that the forum addresses governance from all angles. The authors continue, arguing that the “social” layer (human error such as identity theft and authentication problems) and “content” layer (software, apps, and operating systems) of the IoT are particularly ripe to be governed, as these are the layers that users interact with. The authors recommend that Computer Emergency Response Teams (CERTs) be integrally involved in shaping any policy for these layers, as they are organizations focused on security and threat mitigation. A plethora of other governing bodies will undoubtedly play a role in shaping governance of these layers and the “logical” (protocols and standards) and the infrastructure layer, such as W3C, ICANN, and ISOC

 

AUTHOR WRITTEN ABSTRACTS:

IoT safety and security as shared responsibility

Cerf, Vinton G. and Ryan, Patrick S. and Senges, Max and Whitt, Richard S., IoT Safety and Security as Shared Responsibility (February 21, 2016). Journal of Business Informatics, Number 1, Issue 35 (2016), pp 7-19.

What happens when everyday standalone devices and machines acquire network interfaces? The somewhat obvious result will be an unprecedented number of “things” connected to the Internet. It is less obvious what this means for the governance of the Internet when this occurs. With the “Internet of Things” (IoT) the Internet’s loosely coupled governance structures are already adapting to accommodate the evolution of the Internet’s use. As the governance structure continues to develop, users’ safety must be the first priority for all hardware and software providers. In the context of the Internet of Things, this paper proposes a definition of digital safety as distinct from security and discusses how multistakeholder governance can be applied to address safety challenges. The paper also considers the integration of “old” industries and the transformation of their governance into the multistakeholder model as their products and services are coming online. We consider how the thousands of manufacturers who traditionally produced analog, not-connected physical “things” adapt to become stakeholders in the Internet and how that changes the way that we think about Internet Governance. The particular interest of this paper is how to address safety issues that become much more prominent with the spread of Internet-enabled physical environments.

 

State-of-the-art of the Economics of Cyber-security and Privacy

Jentzsch, Nicola, State-of-the-Art of the Economics of Cyber-Security and Privacy (February 1, 2016). IPACSO Deliverable D4.1.

This IPACSO report gives a broad, but in-depth overview of the research fields of the economics of cyber-security and privacy. It includes an introduction to economic incentivization, economic decision-making, as well as failures in markets for cyber-security and privacy products and services.

 

Privacy in Public Spaces: What Expectations of Privacy do we have in Social Media Intelligence?

Edwards, Lilian and Urquhart, Lachlan, Privacy in Public Spaces: What Expectations of Privacy Do We Have in Social Media Intelligence? (December 11, 2015).

In this paper we give a basic introduction to the transition in contemporary surveillance from top down traditional police surveillance to profiling and “pre-crime” methods. We then review in more detail the rise of open source (OSINT) and social media (SOCMINT) intelligence and its use by law enforcement and security authorities. Following this we consider what if any privacy protection is currently given in UK law to SOCMINT. Given the largely negative response to the above question, we analyze what reasonable expectations of privacy there may be for users of public social media, with reference to existing case law on art 8 of the ECHR. Two factors are in particular argued to be supportive of a reasonable expectation of privacy in open public social media communications: first, the failure of many social network users to perceive the environment where they communicate as “public”; and secondly, the impact of search engines (and other automated analytics) on traditional conceptions of structured dossiers as most problematic for state surveillance. Lastly, we conclude that existing law does not provide adequate protection for open SOCMINT and that this will be increasingly significant as more and more personal data is disclosed and collected in public without well-defined expectations of privacy.

 

 

[1] Although, to be fair, games worth almost $4 billion (NHL) and $5 billion (NBA) annually.