Reining in the Big Promise of Big Data: Transparency, Inequality, and New Regulatory Frontiers

The growing differentiation of services based on Big Data harbors the potential for both greater societal inequality and for greater equality. Anti-discrimination law and transparency alone, however, cannot do the job of curbing Big Data’s negative externalities while fostering its positive effects. To rein in Big Data’s potential, we adapt regulatory strategies from behavioral economics, contracts and criminal law theory. Four instruments stand out: First, active choice may be mandated between data collecting-services (paid by data) and data-free services (paid by money). Our suggestion provides concrete estimates for the price range of a data-free option, sheds new light on the monetization of data-collecting services, and proposes an “inverse predatory pricing” instrument to limit excessive pricing of the data-free option. Second, we propose using the doctrine of unconscionability to prevent contracts that unreasonably favor data-collecting companies. Third, we suggest democratizing data collection by regular user surveys and data compliance officers partially elected by users. Finally, we trace back new Big Data personalization techniques to the old Hartian precept of treating like cases alike and different cases – differently. If it is true that a speeding ticket over $50 is less of a disutility for a millionaire than for a welfare recipient, the income and wealth-responsive fines powered by Big Data that we suggest offer a glimpse into the future of the mitigation of economic and legal inequality by personalized law. Throughout these different strategies, we show how salience of data collection can be coupled with attempts to prevent discrimination and exploitation of users. Finally, we discuss all four proposals in the context of different test cases: social media, student education software and credit and cell phone markets. Many more examples could and should be discussed. In the face of increasing unease about the asymmetry of power between Big Data collectors and dispersed users, about differential legal treatment, and about the unprecedented dimensions of economic inequality, this paper proposes a new regulatory framework and research agenda to put the powerful engine of Big Data to the benefit of both the individual and societies adhering to basic notions of equality and non-discrimination

Cyber Infrastructure Protection: Vol. II

View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nation’s mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp

Internet Copyright Infringement and Service Providers: The Case for a Negotiated Rulemaking Alternative

The Internet has dramatically increased the ease of copyright infringement. A popular proposal recommends that Internet service providers (ISP) be held liable for the harms, including copyright infringements, of their users. ISPs reject this approach, warning that it will hamper the expansion of the Internet. This article recommends a regulatory approach to ISP liability for copyright infringement. A technical introduction to the Internet is given, pointing to difficulties that courts have had navigating this conceptually new and complex subject. Arguments in favor or strict liability of ISPs are presented, with an analysis of their likely economic and social consequences. The author concludes with a regulatory solution designed to minimize losses both to service providers and content providers

Aspects of internet security: identity management and online child protection

This thesis examines four main subjects; consumer federated Internet Identity Management (IdM), text analysis to detect grooming in Internet chat, a system for using steganographed emoticons as ‘digital fingerprints’ in instant messaging and a systems analysis of online child protection. The Internet was never designed to support an identity framework. The current username / password model does not scale well and with an ever increasing number of sites and services users are suffering from password fatigue and using insecure practises such as using the same password across websites. In addition users are supplying personal information to vast number of sites and services with little, if any control over how that information is used. A new identity metasystem promises to bring federated identity, which has found success in the enterprise to the consumer, placing the user in control and limiting the disclosure of personal information. This thesis argues though technical feasible no business model exists to support consumer IdM and without a major change in Internet culture such as a breakdown in trust and security a new identity metasystem will not be realised. Is it possible to detect grooming or potential grooming from a statistical examination of Internet chat messages? Using techniques from speaker verification can grooming relationships be detected? Can this approach improve on the leading text analysis technique – Bayesian trigram analysis? Using a novel feature extraction technique and Gaussian Mixture Models (GMM) to detect potential grooming proved to be unreliable. Even with the benefit of extensive tuning the author doubts the technique would match or improve upon Bayesian analysis. Around 80% of child grooming is blatant with the groomer disguising neither their age nor sexual intent. Experiments conducted with Bayesian trigram analysis suggest this could be reliably detected, detecting the subtle, devious remaining 20% is considerably harder and reliable detection is questionable especially in systems using teenagers (the most at risk group). Observations of the MSN Messenger service and protocol lead the author to discover a method by which to leave digitally verifiable files on the computer of anyone who chats with a child by exploiting the custom emoticon feature. By employing techniques from steganography these custom emoticons can be made to appear innocuous. Finding and removing custom emoticons is a non-trivial matter and they cannot be easily spoofed. Identification is performed by examining the emoticon (file) hashes. If an emoticon is recovered e.g. in the course of an investigation it can be hashed and the hashed compared against a database of registered users and used to support non-repudiation and confirm if an individual has indeed been chatting with a child. Online child protection has been described as a classic systems problem. It covers a broad range of complex, and sometimes difficult to research issues including technology, sociology, psychology and law, and affects directly or indirectly the majority of the UK population. Yet despite this the problem and the challenges are poorly understood, thanks in no small part to mawkish attitudes and alarmist media coverage. Here the problem is examined holistically; how children use technology, what the risks are, and how they can best be protected – based not on idealism, but on the known behaviours of children. The overall protection message is often confused and unrealistic, leaving parents and children ill prepared to protect themselves. Technology does have a place in protecting children, but this is secondary to a strong and understanding parent/child relationship and education, both of the child and parent

Service-Oriented Foreign Direct Investment: Legal and Policy Frameworks Protecting Digital Assets in Offshoring Information Technology (IT) - Enabled Services

This thesis examines challenges caused by global cyberspace, which continues to undermine the ability of regulatory instruments aimed at cyber security and deterring cybercrime so that digital assets including those associated with Foreign Direct Investment (FDI) are protected. Progress in information and communication technology (ICT) has brought about both challenges and opportunities for mankind. While ICT has enabled seamless communication on cyberspace, it has also made every phenomenon, positive or negative on cyberspace possible. The good side of ICT is the endless opportunities provided to harness multiple features and capabilities of associated technologies while its side effect being the enormous security challenge on cyberspace. Legal and policy frameworks are needed to help mitigate cyber security threats and safeguard digital assets against such threats while promoting the benefits of ICT. To this end nations attempt to regulate cyberspace within their territories, but may quickly find out that issues on cyberspace are both global and national at the same time, and as such not fully controllable at national levels only. If nations cannot fully regulate ICT and cyberspace, this will have negative implications for digital investor’s assets in their territories as well. That is investor’s information assets may not be adequately safeguarded by means of national legal instruments. This dissertation seeks to analyze the question as to whether it is entirely possible for nation-states to address the multifaceted challenges introduced by cyberspace with appropriate national legal and policy frameworks alone to protect digital investments. This dissertation argues that, on the one hand, nations are behind in providing proper regulatory coverage for cyberspace, while, on the other hand, existing regulations have largely been unsuccessful in containing cyber security threats primarily due to complications caused by the ubiquitous global presence of cyberspace per se. Consequently, investor’s digital assets are more susceptible to unauthorized access and use, or destruction, all of which cannot be fully accounted for with currently available legal or technical means. There is a strong indication that digital investor assets demand more protection efforts from both investors and forum nations alike compared to what is needed to protect and promote traditional FDI

Rapid Response Command and Control (R2C2): a systems engineering analysis of scaleable communications for Regional Combatant Commanders

Includes supplementary materialDisaster relief operations, such as the 2005 Tsunami and Hurricane Katrina, and wartime operations, such as Operation Enduring Freedom and Operation Iraqi Freedom, have identified the need for a standardized command and control system interoperable among Joint, Coalition, and Interagency entities. The Systems Engineering Analysis Cohort 9 (SEA-9) Rapid Response Command and Control (R2C2) integrated project team completed a systems engineering (SE) process to address the military’s command and control capability gap. During the process, the R2C2 team conducted mission analysis, generated requirements, developed and modeled architectures, and analyzed and compared current operational systems versus the team’s R2C2 system. The R2C2 system provided a reachback capability to the Regional Combatant Commander’s (RCC) headquarters, a local communications network for situational assessments, and Internet access for civilian counterparts participating in Humanitarian Assistance/Disaster Relief operations. Because the team designed the R2C2 system to be modular, analysis concluded that the R2C2 system was the preferred method to provide the RCC with the required flexibility and scalability to deliver a rapidly deployable command and control capability to perform the range of military operations

Governing Cyberspace: Behavior, Power and Diplomacy

Cyber norms and other ways to regulate responsible state behavior in cyberspace is a fast-moving political and diplomatic field. The academic study of these processes is varied and interdisciplinary, but much of the literature has been organized according to discipline. Seeking to cross disciplinary boundaries, this timely book brings together researchers in fields ranging from international law, international relations, and political science to business studies and philosophy to explore the theme of responsible state behavior in cyberspace. . Divided into three parts, Governing Cyberspace first looks at current debates in and about international law and diplomacy in cyberspace. How does international law regulate state behaviour and what are its limits? How do cyber superpowers like China and Russia shape their foreign policy in relation to cyberspace? The second focuses on power and governance. What is the role for international organisations like NATO or for substate actors like intelligence agencies? How do they adapt to the realities of cyberspace and digital conflict? How does the classic balance of power play out in cyberspace and how do different states position themselves? The third part takes a critical look at multistakeholder and corporate diplomacy. How do global tech companies shape their role as norm entrepreneurs in cyberspace, and how do their cyber diplomatic efforts relate to their corporate identity