• Selected
• Entire List

Abstract:
We examine privacy-enhancing technologies based on the consistency of the business plans, technology, stated objectives, and the concept of privacy as embedded in the technologies. Three distinct trust models result from the three distinct concepts of privacy: a right of autonomy, a right to seclusion and a right to property. We use these trust models to segment the privacy market and classify the privacy-enhancing technologies. The Anonymizer and Zero Knowledge's Freedom were built as technologies to enhance autonomy, while Privada Control, iPrivacy, and Incogno SafeZone are built to provide seclusion. Microsoft's Passport is built with an assumption of privacy as a tradable property right.

Security, privacy, and authentication are intertwined and sometimes confused in the privacy market. We argue that the creation of new trusted third party is not an effective strategy. In the case of creating a trusted third party, autonomy-based products have been more successful than seclusion-based products, despite the wider array of services offered by seclusion services.

trust, security, privacy, e-commerce

Abstract:
The technological challenges of securing networks are great, as recently witnessed in widespread denial of service and virus attacks. The human reaction to these attacks may be either a loss of trust or a willingness to tolerate increasing risk having weathered one assault. Examining human and computer interaction with a focus on evaluations the human response to loss of trust is a key part of the search for more secure networks. The success of current efforts to design appropriate security mechanisms depends as much on an understanding of human extensions of trust to computers as it does on an understanding of underlying mathematics. However, the former has not been sufficiently examined.

In this work we survey the findings in social psychology and philosophy with respect to trust. We introduce three hypotheses that remain unanswered with respect to the manner in which humans react to computers. We discuss potential design revisions in light of findings from other disciplines. Then we conclude by noting that research which empowers users in order to be their own security manager may be based on a fundamentally flawed view of human-computer interaction. We close by encouraging designers of computer security systems to examine the humans, which these systems are intended to empower, and recommend that any security system be built on the basis of understanding of human trust provided by the social sciences.

information technology

Abstract:
The governance of a network society is tightly bound to the nature of property rights created for information. The establishment of a market involves the development of a bundle of rights that both create property and define the rules under which property-based transactions might occur. The fundamental thesis of this work is that the creation of property through licensing offers different views of the governance of the network society.

Thus this article offers distinct views of the network society drawn from examinations of the various forms of governance currently applied to code, namely: open code licensing, public domain code, proprietary licenses, and the Uniform Computer Information Transactions Act (UCITA). The open code licenses addressed here are the GNU Public License, the BSD license, the artistic license, and the Mozilla license.

We posit that the licenses are alternative viewpoints (or even conflicting forces) with respect to the nature of the network society, and that each has its own hazards. We describe the concepts of openness: free redistribution, source availability, derivations, integrity, non-discrimination, non-specificity, and non-contamination. We examine how each license meets or conflicts with these conditions.

We conclude that each of these dimensions has a parallel in the dimension of governance. Within our conclusions we identify how the concept of code as law, first described by Stallman and popularized by Lessig, fails when the particulars of open code are examined. However, we explore the ways that licenses together with code provide a governance framework, and how different licenses combined with code provide a range of visions for governance of the information society. We go on to consider the fundamentally different governance model outlined by UCITA, and comment on the philosophical implications and hazards of such a framework for the world of code.

Business and Government Policy, Information Technology

Abstract:
The economics of information security is an emerging area of study. The economics of information security is cross-disciplinary as much as interdisciplinary. Economics of information security is the explicit combination of primary disciplines.

Economics of informations security has the potential to inform security from policy and economics perspectives. Following its now confirmed tradition of cross-disciplinary publication, economics of information security is unified as an intellectual endeavor by a series of workshops. The best from those workshops develops into journal special issues and texts. This works reviews the organization and findings of economics of information security.

economics, security, privacy, economics of security

Abstract:
Net Trust is a system that embeds social context in web-based trust decisions by combining individual histories, social networks, and explicit ratings. The social context embedded in Net Trust allows an individual to select their own trusted sources of information and rate particular sites as trustworthy (or not). The system as proposed leverages pre-existing social networks to explicitly embed social and organizational context in the virtual realm. Net Trust allows an individual to select their own trusted sources of information from a market of ratings agencies and combine that with their individual social network. Social networks are needed to undermine the efficacy of social engineering. The design is informed by previous work in reputation systems, interaction design, social networks, social browsing, computer security, and peer production of knowledge.

Trust, phishing, Internet, usability, social capital, reputation

Abstract:
Net Trust is a system that embeds social context in web-based trust decisions by combining individual histories, social networks, and explicit ratings. The social context embedded in Net Trust allows an individual to select their own trusted sources of information and rate particular sites as trustworthy (or not). The system as proposed leverages pre-existing social networks to explicitly embed social and organizational context in the virtual realm. Net Trust allows an individual to select their own trusted sources of information from a market of ratings agencies and combine that with their individual social network. Social networks are needed to undermine the efficacy of social engineering. The design is informed by previous work in reputation systems, interaction design, social networks, social browsing, computer security, and peer production of knowledge.

Trust, phishing, Internet, usability, social capital, reputation

Abstract:
Copyright is a legal system embedded in a larger technological system. In order to examine the functions of copyright it is critical to examine the larger technological context of copyright: analog media and printed paper in particular. The copyright system includes both the explicit mechanisms implemented by law construct and the implicit mechanisms resulting from the technologically determinant features of paper and print. Specifically the copyright system did not address issues of physical integrity, binding of author's name, and authentication.

Digital rights management should address both the legal and technologically determined elements of the copyright system. An examination of that entire system yields a return to first principles for the design of digital rights management systems.

Information Technology

Abstract:
If code is law then standards bodies are governments. This flawed but powerful metaphor suggests the need to examine more closely those standards bodies that are defining standards for the Internet. In this paper we examine the International Telecommunications Union, the Institute for Electrical and Electronics Engineers Standards Association, the Internet Engineering Task Force, and the World Wide Web Consortium. We compare the organizations on the basis of participation, transparency, authority, openness, security and interoperability. We conclude that the IETF and the W3C are becoming increasingly similar. We also conclude that the classical distinction between standards and implementations is decreasingly useful as standards are embodies in code - itself a form of speech or documentation. recent Internet standards bodies have flourished in part by discarding or modifying the implementation/standards distinction.

We illustrate that no single model is superior on all dimensions. The IETF is not effectively scaling, struggling with its explosive growth with the creation of thousands of working groups. The IETF coordinating body, the Internet Society, addressed growth by reorganization that removed democratic oversight. The W3C, initially the most closed, is becoming responsive to criticism and now includes open code participants. The IEEE SA and ITU have institutional controls appropriate for hardware but too constraining for code. Each organization has much to learn from the others.

Design for values, governance, intellectual property, Internet, open code, privacy, security, standards, technology and society

Abstract:
Designing for trust requires identification of the sometimes subtle manner in which trust can be embedded in a system. Defining trust as the intersection of privacy, security and reliability can enable or simplify the identification of trust as embedded in a technical design. Yet while this definition simplifies, it also illuminates a sometimes overlooked problem. Because privacy is an element of trust, purely operational definitions of trust are inadequate for developing systems to enable humans to extend trust across the network. Privacy is both operational (in the sharing of data) and internal (based on user perception of privacy). Designing trust metrics for the next generation Internet, and indeed implementing designs that embed trust, requires an understanding of not only the technical nuances of security but also the human subtleties of trust perception.

Trust, privacy, consumer protection, security, information security

Abstract:
Before there was the digital divide there was the analog divide - and universal service was the attempt to close that analog divide. Universal service is becoming ever more complex in terms of regulatory design as it becomes the digital divide. In order to evaluate the promise of the next generation Internet with respect to the digital divide this work looks backwards as well as forwards in time. By evaluating why previous universal service mechanisms failed and succeeded this work identifies specific characteristics of communications systems - in particular in billing and managing uncertainty - and argues that these characteristics underlie success or failure in terms of technological ubiquity.

Developing a set of characteristics of services rather than a set of services is a fundamental break with the tradition of universal service. In fact, the implications of our proposal is that basic characteristics in the offering of the service rather than the absolute price are critical to close the digital divide: certainty of total charge, ability to avoid deposits or disconnection via best effort service, and payer-based control of all charges. While all of these principles sound obvious in fact none of these hold in the telephony network.

Business and Government Policy, Information Technology, Welfare/Health Care/Social Policy

Abstract:
The mental models method is a mechanism for risk communication that was pioneered in environmental risk communication, and is being used to improve medical risk communication. This paper proposes that mental models as a method of risk communication can be used to improve communication to end users about computer security risks. In fact, there exist at least five mental models that are currently being used to communicate in an atheoretical, and thus arguably suboptimal, manner.

Understanding why mental models is sometimes preferable to direct quantifiable risk information requires an introduction to risk perception. There are well-known heuristics of individual risk perception, validated by decades of experimental economics. Thus this work begins with an introduction to risk perception. Then, an introduction to mental models and some familiarity with computer security brings to the fore a set of mental models that are applicable to and already implied in computer security. Each of these models is discussed as being (in)appropriate to computer security.

Consistent communication using already extant (but inchoate) mental models is a promising method of risk communication for computer security. Yet continuing to use the mental models as metaphors has risks of its own.

privacy, security, usability

Abstract:
We argue that provision of computer security in a networked environment is an externality and subject to market failures. However, regulatory regimes or a pricing schemes can causes parties to internalize the externalities and provide more security. The current mechanisms for dealing with security are security analysis firms; publications of vulnerabilities; the provision of emergency assistance through incident response teams; and the option of seeking civil redress through the courts. The overall effectiveness of these mechanisms is questionable. The foundation of environmental economics supports building a market as a solution to the problem of widespread vulnerabilities. In this work we propose a market for vulnerability credits.

This paper is a first step to developing a pricing scheme for vulnerabilities to increase infrastructure security. We begin by arguing that security is an externality and one which could be priced. We examine security taxonomies in terms of their usefulness for pricing security vulnerabilities. We discuss the parallel with pricing pollution. We address the issue of jump-starting the market. Regulatory mechanisms for collection are not extensively addressed, although pricing without payment is meaningless, the problem must be parsed to be solvable.

trust, security, privacy, e-commerce

Abstract:
The purpose of this paper is to address the question of whether computer source code is speech protected by the First Amendment to the United States Constitution or whether it is merely functional, a "machine," designed to fulfill a set task and therefore bereft of protection. The answer to this question is a complex one. Unlike all other forms of "speech," computer source code holds a unique place in the law: it can be copyrighted, like a book, and it can be patented, like a machine or process. Case law, intellectual property law and encryption export regulations all reflect this contradictory dichotomy. There are currently three cases before three separate federal courts that address as their core issue whether code is speech. The three cases are Bernstein v. US Dept. of Justice, Junger v. Daley and Karn v. US Dept. of State. Both a Federal District court and a Federal Appeals court have heard each of the three cases. To date the courts have been split, with Bernstein having initially won First Amendment protection for his code in the Ninth Circuit Court of Appeals before being remanded for an en banc rehearing; Junger having won First Amendment protection for his code and been granted a remand back to the lower court for rehearing after winning his appeal before the Sixth Circuit Court of Appeals; and Karn having been remanded back to the lower court for rehearing due to a change in the law.

Business and Government Policy, Information Technology

Abstract:
Identity and identifiers are tightly linked when both are confirmed on paper. In a world of paper, verified pseudonyms and conditional anonymity are impossibilities. Assumptions based on the paper identity system lead to flawed decisions in modern uses of failure-prone identifiers.

In this paper I begin by arguing that the use of the word, "identity", masks important social and technical complexities in developing digital identifiers. I describe how identity functions in a paper realm. I use the case of a traffic stop to illustrate how assertions of identity can increase rather than mitigate risks when the distinctions between identification, attribute verification and identity are confused. I conclude that misuses of identifiers are decreasing, not increasing, security.

Privacy, security, cybersecurity

Abstract:
In designing ubiquitous computing (ubicomp) systems the common practice is to select a framing of privacy from the range of definitions, and to use that to inform design. Yet this framing may not be the choice made by those who will interact with the design. We propose utilizing the design for values approach in order to leverage the complexity of privacy to improve designs. In design for values, also called value-sensitive design, every party that interacts with a system participates in developing a values statement. Design for values conceives of participants in ubicomp as stakeholders rather than as users and designers, while acknowledging that the interaction between different parties is limited by domain-specific knowledge. To support value-sensitive design in ubicomp and enhance the construction of a values statement, the paper presents an abbreviated overview of the various legal and philosophical constructs of privacy.

In summary, this paper discusses privacy in ubicomp as a design, social, technical, and policy issue; outlines research challenges presented by the technical and social dimensions of using sensor networks as a monitoring technology; offers a survey of the possible definitions of privacy; and justifies the need for a methodology for designing for privacy in ubicomp.

computers and society, public policy issues, privacy, security, information contrtol, data protection

Abstract:
In the near term there will be no available, unallocated IPv4 addresses. From original estimates of IPv4 exhaustion in 2037, the most widely-cited current estimates for ARIN IPv4 address depletion is now at 2013. This deadline gives a particular importance to IPv6 adoption. The goals of this work were to identify valid measures of IPv6 diffusion and use classic diffusion models to bound the uncertainty in those measures. With these measures and simple models we can bound best case, current projection and reasonably optimistic cases for the adoption of the IPv6 protocol. For these ends, the work discusses previous analysis of IPv6 routes and ASN data from ARIN to quantify the current adoption rate. We conclude that there is no reasonable case for diffusion of IPv6 before IPv4 full allocation. The second significant contribution, besides measurement and bounding uncertainty, that is provided in this paper is to what extent the now well established fundamental findings of the economics of computer security can apply to the diffusion of IPv6. The second significant but unanswered question is if the creation of a transferrable property interest in IPv4 addresses, informed by computer security economics, will hinder or galvanize IPv6 adoption. In order to address these questions the paper provides some non-trivial insights on IPv6 through presenting sketches of four scenarios: no action, IPv4 market creation, coordination government action and registrar- only management. As much as conclusions, this paper offers a set of questions that are critical to consider.

IPv6, security, privacy, diffusion, internet governance

Abstract:
In the nineties the disconnection between physical experience and the digital networked experience was celebrated - individuals were said to move into cyberspace, become virtual and leave the constraints of the physical realm. Despite the very real existence of tracking and surveillance software, it remains the case that identity assertions online remain problematic at best. While there are many benefits to this relative anonymity online, it also creates a serious problem of distinguishing between valid merchants and criminal enterprises, between reliable web sites and sites that install malware. The paucity of information exacerbates poor understanding of the risks involved in particular transactions, exposing users to losses and driving out parties who would otherwise engage in productive behavior.

This paper describes a mechanism to create highly usable economic signals that enable users to evaluate sites on the Internet, and in particular to specifically identify masquerade attacks. By integrating both peer production and centralized information, the system utilizes both personal local histories and centralized information sources. Limiting the distribution of personal histories to user-defined social networks enables users to constrain and control their own information.

privacy, trust, signaling, security

Abstract:
Proof of work (POW) is a set of cryptographic mechanisms which increase the cost of initiating a connection. Currently recipients bear as much or more cost per connection as initiators. The design goal of POW is to reverse the economics of connection initiation on the Internet. In the case of spam, the first economic examination of POW argued that POW would not, in fact, work. This result was based on the difference in production cost between legitimate and criminal enterprises. We illustrate that the difference in production costs enabled by zombies does not remove the efficacy of POW when work requirements are weighted. We illustrate that POW will work with a reputation system modeled on the systems currently used by commercial anti-spam companies. We also discuss how the variation on POW changes the nature of corresponding proofs from token currency to a notational currency.

Abstract:
As governmental processes and judgments are increasingly digital, the transparency of digital systems that implement the processes of government becomes increasingly important. Open code is a necessary but not sufficient prerequisite for maintaining transparency as democracy becomes digitized, and complete openness of process is not appropriate for every domain. This chapter explores some of the complexities in the relationship between openness of code and democratic government.

Business and Government Policy, Information Technology, Open Source, Open Code, free software, Peer production, Transparency

Abstract:
Detailed notes from the event Security and Human Behavior. From the conference description:

Security is both a feeling and a reality, and they're different. There are several different research communities: technologists who study security systems, and psychologists who study people, not to mention economists, anthropologists and others. Increasingly these worlds are colliding.

security, privacy, psychology, trust, spam, phishing, regulation