The Impact of Information Security Technologies Upon Society

This paper's aims are concerned with the effects of information security technologies upon society in general and civil society organisations in particular. Information security mechanisms have the potential to act as enablers or disablers for the work of civil society groups. Recent increased emphasis on national security issues by state actors, particularly 'anti-terrorism' initiatives, have resulted in legislative instruments that impinge upon the civil liberties of many citizens and have the potential to restrict the free flow of information vital for civil society actors. The nascent area of cyberactivism, or hactivism, is at risk of being labelled cyberterrorism, with the accompanying change of perception from a legitimate form of electronic civil disobedience to an abhorrent crime. Biometric technology can be an invasive intrusion into citizens' privacy. Internet censorship and surveillance is widespread and increasing. These implementations of information security technology are becoming more widely deployed with profound implications for the type of societies that will result

What\u27s It Worth to Keep a Secret?

This article is the first major study of protection and valuation of trade secrets under federal criminal law. Trade secrecy is more important than ever as an economic complement and substitute for other intellectual property protections, particularly patents. Accordingly, U.S. public policy correctly places a growing emphasis on characterizing the scope of trade secrets, creating incentives for their productive use, and imposing penalties for their theft. Yet amid this complex ecosystem of legal doctrine, economic policy, commercial strategy, and enforcement, there is little research or consensus on how to assign value to trade secrets. One reason for this gap is that intangible assets in general are notoriously difficult to value, and trade secrecy by its opaque nature is ill-suited to the market-signaling mechanisms that offer at least some traction in other forms of valuation. Another reason is that criminal trade secret law is relatively young, and the usual corrective approaches to valuation in civil trade secrecy are not synonymous with the greater distributive concerns of criminal law. To begin to fill this gap, we examine over a decade of trade secret protection and valuation under the U.S. Economic Espionage Act of 1996. From original data on EEA prosecutions, we show that trade secret valuations are lognormally distributed as predicted by Gibrat’s Law, with valuations typically low on the order of $5 million but reaching as high as$250 million. There is no notable difference among estimates from various valuation methods, but a difference between high and low estimates on one hand and the sentencing estimates on the other. These findings suggest that the EEA has not been used to its full capacity, a conclusion buttressed by recent Congressional actions to strengthen the EEA

What's it worth to keep a secret?

This article is the first major study of protection and valuation of trade secrets under federal criminal law. Trade secrecy is more important than ever as an economic complement and substitute for other intellectual property protections, particularly patents. Accordingly, U.S. public policy correctly places a growing emphasis on characterizing the scope of trade secrets, creating incentives for their productive use, and imposing penalties for their theft. Yet amid this complex ecosystem of legal doctrine, economic policy, commercial strategy, and enforcement, there is little research or consensus on how to assign value to trade secrets. One reason for this gap is that intangible assets in general are notoriously difficult to value, and trade secrecy by its opaque nature is ill-suited to the market-signaling mechanisms that offer at least some traction in other forms of valuation. Another reason is that criminal trade secret law is relatively young, and the usual corrective approaches to valuation in civil trade secrecy are not synonymous with the greater distributive concerns of criminal law. To begin to fill this gap, we examine over a decade of trade secret protection and valuation under the U.S. Economic Espionage Act of 1996. From original data on EEA prosecutions, we show that trade secret valuations are lognormally distributed as predicted by Gibrat’s Law, with valuations typically low on the order of $5 million but reaching as high as$250 million. There is no notable difference among estimates from various valuation methods, but a difference between high and low estimates on one hand and the sentencing estimates on the other. These findings suggest that the EEA has not been used to its full capacity, a conclusion buttressed by recent Congressional actions to strengthen the EEA

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

A Lockean Theory of Intellectual Property Revisited

The primary, and perhaps sole, function of government according to Locke was to secure and protect the lives, liberties, and property of individuals who consented, explicitly or tacitly, to a specific political union. The question that I will address in this Article, and one that I took up over fifteen years ago, is: should we consider intellectual works to be the proper subjects of Lockean property claims? My answer then and now is “yes,” with the acknowledgement that such a view may require substantial revisions to Anglo-American systems of intellectual property. I will argue that intellectual property rights are no different from rights to lives, liberties, and estates—that is, intellectual property rights should not be seen as state-created entities offered as an inducement to bring forth new knowledge. The upshot of viewing intellectual property rights as state-created monopolies, far too often controlled by the powerful and well-connected, is the seemingly pervasive opinion that systems of intellectual property represent the mafia family on a global scale. In my view, to be justified and to warrant worldwide coercion, systems of intellectual property should be grounded in a Lockean theory of property—a theory that acknowledges and protects the natural rights of authors and inventors. Part II of this Article will present the main outlines of a Lockean theory of intellectual property. Part III will take up several specific objections that have been leveled against my preferred view. Finally, Part IV will consider several general objections to intellectual property

The Soul\u27s Response to Surveillance: A Foucaldian Investigation Into the Economy of Power Created by Contemporary Surveillance Techniques and the Conditioning of the Post 9/11 Subject

This work examines the effects of the contemporary American surveillance apparatus and situates these effects within the classical negative liberal tradition. Using Michele Foucault’s analysis of disciplinary power, I demonstrate how surveillance techniques, particularly those established post 9/11, affect American subjects. Further, I situate the mechanisms of power operating as a consequence of contemporary American surveillance within the classical liberal tradition. For this analysis, I draw upon negative notions of liberty such as the harm principle established by John Stuart Mill. This entire work reveals what type of power, in a Foucaldian sense, is presently functioning in America as a consequence of surveillance, in addition to determining whether this new regime of power is consistent with the most fundamental notions of American liberty

Who Owns Data? Constitutional Division in Cyberspace

Privacy emerged as a concern as soon as the internet became commercial. In early 1995, Lawrence Lessig warned that the internet, though giving us extraordinary potential, was “not designed to protect individuals against this extraordinary potential for others to abuse.” The same technology can “destroy the very essence of what now defines individuality.” Lessig urged that “a constitutional balance will have to be drawn between these increasingly important interests in privacy, and the competing interest in collective security.” Lessig envisioned that creating property rights in data would help individuals by giving them control of their data. As utopian as property rights in data seemed, it was a shared vision before September 11, 2001 (hereinafter September 11). For convenience, I will call this school of thought the “data subject’s property” (DSP) theory of data. DSP builds on the foundation of Katz v. United States, where the United States Supreme Court declared that the Fourth Amendment “protects people, not places.” .... This Article does not attempt to make an additional argument following the normative line of DSP. Rather, it asks what happened to the DSP theory of data and why has it been sidelined? For this purpose, this Article proposes to examine privacy in cyberspace by tracking the competition between DSP and its rival theories in defining privacy. Samuel Warren and Louis Brandeis initially proposed that privacy be a personal right, much like DSP; however, Olmstead v. United States shifted this view, finding the right of privacy attached to a defendant’s property, not to her person. This decision was the product of an era of government expansion, when the police, tax bureau, or liquor agency were the data collectors. The second shift came when the Warren Court ruled in Katz that privacy was personal, not based on property; however, the Burger Court soon created the third-party doctrine, under which voluntarily submitting information to a third-party, such as a telephone company or bank, defeats the privacy right. The third-party doctrine is a claim that data are the property of the collector. The third shift developed in the era of the internet and social media; despite the warnings of Lessig and Balkin, as well as occasional protests from tech companies, the Roberts Court brought the third-party doctrine to cyberspace through Jones and Carpenter. This time the data collectors are familiar digital platforms. Therefore, throughout the history of privacy, the DSP was met with a rival theory called “data collector’s property” (DCP) theory. The DSP-DCP competition is a powerful thread in revealing the internal logic of a surveillance state in the United States where data collectors—whether they be government agencies, private companies, or digital platforms—have dominated and defined privacy