Secure and Verifiable Electronic Voting in Practice: the use of vVote in the Victorian State Election

The November 2014 Australian State of Victoria election was the first statutory political election worldwide at State level which deployed an end-to-end verifiable electronic voting system in polling places. This was the first time blind voters have been able to cast a fully secret ballot in a verifiable way, and the first time a verifiable voting system has been used to collect remote votes in a political election. The code is open source, and the output from the election is verifiable. The system took 1121 votes from these particular groups, an increase on 2010 and with fewer polling places

Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices

The ever-increasing number of third-party applications developed for Android devices has resulted in a growing interest in the secondary activities that these applications perform and how they affect a user’s privacy. Unfortunately, users continue to install these applications without any concrete knowledge of the breadth of these activities; hence, they have little insight into the sensitive information and resources accessed by these applications. In this paper, we explore users’ perception and reaction when presented with a visual analysis of Android applications activities and their security implications. This study uses interactive visual schemas to communicate the effect of applications activities in order to support users with more understandable information about the risks they face from such applications. Through findings from a user-based experiment, we demonstrate that when visuals diagrams about application activities are presented to users, they became more aware and sensitive to the privacy intrusiveness of certain applications. This awareness and sensitivity stems from the fact that some of these applications were accessing a significant number of resources and sensitive information, and transferring data out of the devices, even when they arguably had little reason to do so

Subjective visualization experiences: impact of visual design and experimental design

In contrast to objectively measurable aspects (such as accuracy, reading speed, or memorability), the subjective experience of visualizations has only recently gained importance, and we have less experience how to measure it. We explore how subjective experience is affected by chart design using multiple experimental methods. We measure the effects of changes in color, orientation, and source annotation on the perceived readability and trustworthiness of simple bar charts. Three different experimental designs (single image rating, forced choice comparison, and semi-structured interviews) provide similar but different results. We find that these subjective experiences are different from what prior work on objective dimensions would predict. Seemingly inconsequential choices, like orientation, have large effects for some methods, indicating that study design alters decision-making strategies. Next to insights into the effect of chart design, we provide methodological insights, such as a suggested need to carefully isolate individual elements in charts to study subjective experiences.Comment: 19 pages, 5 figures, 2 table

Legal Design Perspectives

Over the last few years, Legal Design has grown as a field of research and practice. The potential of design in the legal domain has been investigated and experimented in various sectors such as access to justice, dispute resolution, privacy indicators, policy prototyping, contractual negotiation. Being an interdisciplinary area of study, Legal Design combines different disciplines and methodologies and relies on insights from legal practice. This book intends to contribute to the study and advancement of Legal Design by presenting different voices and perspectives from scholars and practitioners active in this field. The volume brings together critical essays on the nature and methods of Legal Design and illustrations from the practice. The contributions provide the readers with the state of the art of Legal Design and a prospective outline of its future development.illustrato

Legal Design Perspectives : Theoretical and Practical Insights from the Field

This publication and its release in gold open access has been made possible thanks to the support of the Erasmus+ Jean Monnet Module grant 599987-EPP-1-2018-1-BE-EPPJMO-MODULE for the course “European IT Law by Design”. The European Commission’s support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.Publisher PD

Modern Socio-Technical Perspectives on Privacy

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book’s primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teacherscan assign (parts of) the book for a “professional issues” course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academicswho are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects

Volitional Cybersecurity

This dissertation introduces the “Volitional Cybersecurity” (VCS) theory as a systematic way to think about adoption and manage long-term adherence to cybersecurity approaches. The validation of VCS has been performed in small- and medium-sized enterprises or businesses (SMEs/SMBs) context. The focus on volitional activities promotes theoretical viewpoints. Also, it aids in demystifying the aspects of cybersecurity behaviour in heterogeneous contexts that have neither been systematically elaborated in prior studies nor embedded in cybersecurity solutions. Abundant literature demonstrates a lack of adoption of manifold cybersecurity remediations. It is still not adequately clear how to select and compose cybersecurity approaches into solutions for meeting the needs of many diverse cybersecurity-adopting organisations. Moreover, the studied theories in this context mainly originated from disciplines other than information systems and cybersecurity. The constructs were developed based on data, for instance, in psychology or criminology, that seem not to fit properly for the cybersecurity context. Consequently, discovering new methods and theories that can be of help in active and volitional forms of cybersecurity behaviour in diverse contexts may be conducive to a better quality of cybersecurity engagement. This leads to the main research question of this dissertation: How can we support volitional forms of behaviour with a self-paced tool to increase the quality of cybersecurity engagement? The main contribution of this dissertation is the VCS theory. VCS is a cybersecurity-focused theory structured around the core concept of volitional cybersecurity behaviour. It suggests that a context can be classified based on the cybersecurity competence of target groups and their distinct requirements. This classification diminishes the complexity of the context and is predictive of improvement needs for each class. Further, the theory explicates that supporting three factors: A) personalisation, B) cybersecurity competence, and C) connectedness to cybersecurity expertise affect the adoption of cybersecurity measures and better quality of cybersecurity engagement across all classes of the context. Therefore, approaches that ignore the personalisation of cybersecurity solutions, the cybersecurity competence of target groups, and the connectedness of recipients to cybersecurity expertise may lead to poorer acceptance of the value or utility of solutions. Subsequently, it can cause a lack of motivation for adopting cybersecurity solutions and adherence to best practices. VCS generates various implications. It has implications for cybersecurity research in heterogeneous contexts to transcend the common cybersecurity compliance approaches. Building on VCS, researchers could develop interventions looking for volitional cybersecurity behaviour change. Also, it provides knowledge that can be useful in the design of self-paced cybersecurity tools. VCS explains why the new self-paced cybersecurity tool needs specific features. The findings of this dissertation have been subsequently applied to the follow-up project design. Further, it has implications for practitioners and service providers to reach out to the potential end-users of their solutions

Modern Socio-Technical Perspectives on Privacy

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book’s primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teacherscan assign (parts of) the book for a “professional issues” course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academicswho are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects

Animating the Ethical Demand:Exploring user dispositions in industry innovation cases through animation-based sketching

This paper addresses the challenge of attaining ethical user stances during the design process of products and services and proposes animation-based sketching as a design method, which supports elaborating and examining different ethical stances towards the user. The discussion is qualified by an empirical study of Responsible Research and Innovation (RRI) in a Triple Helix constellation. Using a three-week long innovation workshop, UCrAc, involving 16 Danish companies and organisations and 142 students as empirical data, we discuss how animation-based sketching can explore not yet existing user dispositions, as well as create an incentive for ethical conduct in development and innovation processes. The ethical fulcrum evolves around Løgstrup's Ethical Demand and his notion of spontaneous life manifestations. From this, three ethical stances are developed; apathy, sympathy and empathy. By exploring both apathetic and sympathetic views, the ethical reflections are more nuanced as a result of actually seeing the user experience simulated through different user dispositions. Exploring the three ethical stances by visualising real use cases with the technologies simulated as already being implemented makes the life manifestations of the users in context visible. We present and discuss how animation-based sketching can support the elaboration and examination of different ethical stances towards the user in the product and service development process. Finally we present a framework for creating narrative representations of emerging technology use cases, which invite to reflection upon the ethics of the user experience.</jats:p