289 research outputs found

    Privacy Nicks: How the Law Normalizes Surveillance

    Get PDF
    Privacy law is failing to protect individuals from being watched and exposed, despite stronger surveillance and data protection rules. The problem is that our rules look to social norms to set thresholds for privacy violations, but people can get used to being observed. In this article, we argue that by ignoring de minimis privacy encroachments, the law is complicit in normalizing surveillance. Privacy law helps acclimate people to being watched by ignoring smaller, more frequent, and more mundane privacy diminutions. We call these reductions “privacy nicks,” like the proverbial “thousand cuts” that lead to death.Privacy nicks come from the proliferation of cameras and biometric sensors on doorbells, glasses, and watches, and the drift of surveillance and data analytics into new areas of our lives like travel, exercise, and social gatherings. Under our theory of privacy nicks as the Achilles heel of surveillance law, invasive practices become routine through repeated exposures that acclimate us to being vulnerable and watched in increasingly intimate ways. With acclimation comes resignation, and this shift in attitude biases how citizens and lawmakers view reasonable measures and fair tradeoffs.Because the law looks to norms and people’s expectations to set thresholds for what counts as a privacy violation, the normalization of these nicks results in a constant re-negotiation of privacy standards to society’s disadvantage. When this happens, the legal and social threshold for rejecting invasive new practices keeps getting redrawn, excusing ever more aggressive intrusions. In effect, the test of what privacy law allows is whatever people will tolerate. There is no rule to stop us from tolerating everything. This article provides a new theory and terminology to understand where privacy law falls short and suggests a way to escape the current surveillance spiral

    Cognitive Machine Individualism in a Symbiotic Cybersecurity Policy Framework for the Preservation of Internet of Things Integrity: A Quantitative Study

    Get PDF
    This quantitative study examined the complex nature of modern cyber threats to propose the establishment of cyber as an interdisciplinary field of public policy initiated through the creation of a symbiotic cybersecurity policy framework. For the public good (and maintaining ideological balance), there must be recognition that public policies are at a transition point where the digital public square is a tangible reality that is more than a collection of technological widgets. The academic contribution of this research project is the fusion of humanistic principles with Internet of Things (IoT) technologies that alters our perception of the machine from an instrument of human engineering into a thinking peer to elevate cyber from technical esoterism into an interdisciplinary field of public policy. The contribution to the US national cybersecurity policy body of knowledge is a unified policy framework (manifested in the symbiotic cybersecurity policy triad) that could transform cybersecurity policies from network-based to entity-based. A correlation archival data design was used with the frequency of malicious software attacks as the dependent variable and diversity of intrusion techniques as the independent variable for RQ1. For RQ2, the frequency of detection events was the dependent variable and diversity of intrusion techniques was the independent variable. Self-determination Theory is the theoretical framework as the cognitive machine can recognize, self-endorse, and maintain its own identity based on a sense of self-motivation that is progressively shaped by the machine’s ability to learn. The transformation of cyber policies from technical esoterism into an interdisciplinary field of public policy starts with the recognition that the cognitive machine is an independent consumer of, advisor into, and influenced by public policy theories, philosophical constructs, and societal initiatives

    Cybersecurity applications of Blockchain technologies

    Get PDF
    With the increase in connectivity, the popularization of cloud services, and the rise of the Internet of Things (IoT), decentralized approaches for trust management are gaining momentum. Since blockchain technologies provide a distributed ledger, they are receiving massive attention from the research community in different application fields. However, this technology does not provide cybersecurity by itself. Thus, this thesis first aims to provide a comprehensive review of techniques and elements that have been proposed to achieve cybersecurity in blockchain-based systems. The analysis is intended to target area researchers, cybersecurity specialists and blockchain developers. We present a series of lessons learned as well. One of them is the rise of Ethereum as one of the most used technologies. Furthermore, some intrinsic characteristics of the blockchain, like permanent availability and immutability made it interesting for other ends, namely as covert channels and malicious purposes. On the one hand, the use of blockchains by malwares has not been characterized yet. Therefore, this thesis also analyzes the current state of the art in this area. One of the lessons learned is that covert communications have received little attention. On the other hand, although previous works have analyzed the feasibility of covert channels in a particular blockchain technology called Bitcoin, no previous work has explored the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. To foster further defence-oriented research, two novel mechanisms are presented on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility and cost. Our experiments show that Zephyrus, in the best case, can embed 40 Kbits in 0.57 s. for US1.64,andretrievethemin2.8s.Smart−Zephyrus,however,isabletohidea4Kbsecretin41s.Whilebeingexpensive(aroundUS 1.64, and retrieve them in 2.8 s. Smart-Zephyrus, however, is able to hide a 4 Kb secret in 41 s. While being expensive (around US 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore, these two mechanisms can be combined to increase capacity and reduce costs.Debido al aumento de la conectividad, la popularizaciĂłn de los servicios en la nube y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la gestiĂłn de la confianza estĂĄn cobrando impulso. Dado que las tecnologĂ­as de cadena de bloques (blockchain) proporcionan un archivo distribuido, estĂĄn recibiendo una atenciĂłn masiva por parte de la comunidad investigadora en diferentes campos de aplicaciĂłn. Sin embargo, esta tecnologĂ­a no proporciona ciberseguridad por sĂ­ misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisiĂłn exhaustiva de las tĂ©cnicas y elementos que se han propuesto para lograr la ciberseguridad en los sistemas basados en blockchain. Este anĂĄlisis estĂĄ dirigido a investigadores del ĂĄrea, especialistas en ciberseguridad y desarrolladores de blockchain. A su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge de Ethereum como una de las tecnologĂ­as mĂĄs utilizadas. Asimismo, algunas caracterĂ­sticas intrĂ­nsecas de la blockchain, como la disponibilidad permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente como canal encubierto y con fines maliciosos. Por una parte, aĂșn no se ha caracterizado el uso de la blockchain por parte de malwares. Por ello, esta tesis tambiĂ©n analiza el actual estado del arte en este ĂĄmbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones encubiertas han recibido poca atenciĂłn. Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los canales encubiertos en una tecnologĂ­a blockchain concreta llamada Bitcoin, ningĂșn trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto considerando todos los campos de transacciĂłn y contratos inteligentes. Con el objetivo de fomentar una mayor investigaciĂłn orientada a la defensa, en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes. En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalĂșa, tambiĂ©n, la viabilidad y el coste de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s. Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si bien es cierto que es caro (alrededor de 1,82 dĂłlares por bit), el sigilo proporcionado podrĂ­a valer la pena para los atacantes. AdemĂĄs, estos dos mecanismos pueden combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y TecnologĂ­a InformĂĄtica por la Universidad Carlos III de MadridPresidente: JosĂ© Manuel EstĂ©vez Tapiador.- Secretario: Jorge Blasco AlĂ­s.- Vocal: Luis HernĂĄndez Encina

    Grounds for a Third Place : The Starbucks Experience, Sirens, and Space

    Get PDF
    My goal in this dissertation is to help demystify or “filter” the “Starbucks Experience” for a post-pandemic world, taking stock of how a multi-national company has long outgrown its humble beginnings as a wholesale coffee bean supplier to become a digitally-integrated and hypermodern cafĂ©. I look at the role Starbucks plays within the larger cultural history of the coffee house and also consider how Starbucks has been idyllically described in corporate discourse as a comfortable and discursive “third place” for informal gathering, a term that also prescribes its own radical ethos as a globally recognized customer service platform. Attempting to square Starbucks’ iconography and rhetoric with a new critical methodology, in a series of interdisciplinary case studies, I examine the role Starbucks’ “third place” philosophy plays within larger conversations about urban space and commodity culture, analyze Starbucks advertising, architecture and art, and trace the mythical rise of the Starbucks Siren (and the reiterations and re-imaginings of the Starbucks Siren in art and media). While in corporate rhetoric Starbucks’ “third place” is depicted as an enthralling adventure, full of play, discovery, authenticity, or “romance,” I draw on critical theory to discuss how it operates today as a space of distraction, isolation, and loss

    Cybersecurity: Past, Present and Future

    Full text link
    The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

    D2WFP: A Novel Protocol for Forensically Identifying, Extracting, and Analysing Deep and Dark Web Browsing Activities

    Full text link
    The use of the un-indexed web, commonly known as the deep web and dark web, to commit or facilitate criminal activity has drastically increased over the past decade. The dark web is an in-famously dangerous place where all kinds of criminal activities take place [1-2], despite advances in web forensics techniques, tools, and methodologies, few studies have formally tackled the dark and deep web forensics and the technical differences in terms of investigative techniques and artefacts identification and extraction. This research proposes a novel and comprehensive protocol to guide and assist digital forensics professionals in investigating crimes committed on or via the deep and dark web, The protocol named D2WFP establishes a new sequential approach for performing investigative activities by observing the order of volatility and implementing a systemic approach covering all browsing related hives and artefacts which ultimately resulted into improv-ing the accuracy and effectiveness. Rigorous quantitative and qualitative research has been conducted by assessing D2WFP following a scientifically-sound and comprehensive process in different scenarios and the obtained results show an apparent increase in the number of artefacts re-covered when adopting D2WFP which outperform any current industry or opensource browsing forensics tools. The second contribution of D2WFP is the robust formulation of artefact correlation and cross-validation within D2WFP which enables digital forensics professionals to better document and structure their analysis of host-based deep and dark web browsing artefacts

    Security Attacks and Countermeasures in Smart Homes

    Get PDF
    The Internet of Things (IoT) application is visible in all aspects of humans’ day-to-day affairs. The demand for IoT is growing at an unprecedented rate, from wearable wristwatches to autopilot cars. The smart home has also seen significant advancements to improve the quality of lifestyle. However, the security and privacy of IoT devices have become primary concerns as data is shared among intelligent devices and over the internet in a smart home network. There are several attacks - node capturing attack, sniffing attack, malware attack, boot phase attack, etc., which are conducted by adversaries to breach the security of smart homes. The security breach has a negative impact on the tenants\u27 privacy and prevents the availability of smart home services. This article presents smart homes\u27 most common security attacks and mitigation techniques

    D2WFP: a novel protocol for forensically identifying, extracting, and analysing deep and dark web browsing activities

    Get PDF
    The use of the unindexed web, commonly known as the deep web and dark web, to commit or facilitate criminal activity has drastically increased over the past decade. The dark web is a dangerous place where all kinds of criminal activities take place, Despite advances in web forensic techniques, tools, and methodologies, few studies have formally tackled dark and deep web forensics and the technical differences in terms of investigative techniques and artefact identification and extraction. This study proposes a novel and comprehensive protocol to guide and assist digital forensic professionals in investigating crimes committed on or via the deep and dark web. The protocol, named D2WFP, establishes a new sequential approach for performing investigative activities by observing the order of volatility and implementing a systemic approach covering all browsing-related hives and artefacts which ultimately resulted in improving the accuracy and effectiveness. Rigorous quantitative and qualitative research has been conducted by assessing the D2WFP following a scientifically sound and comprehensive process in different scenarios and the obtained results show an apparent increase in the number of artefacts recovered when adopting the D2WFP which outperforms any current industry or opensource browsing forensic tools. The second contribution of the D2WFP is the robust formulation of artefact correlation and cross-validation within the D2WFP which enables digital forensic professionals to better document and structure their analysis of host-based deep and dark web browsing artefacts

    Manipulating, Lying, and Engineering the Future

    Get PDF
    Decision-making should reflect personal autonomy. Yet, it is not entirely an autonomous process. Influencing individuals’ decision-making is not new. It is and always has been the engine that drives markets, politics, and debates. However, in the digital marketplace of ideas the nature of influence is different in scale, scope, and depth. The asymmetry of information shapes a new model of surveillance capitalism. This model promises profits gained by behavioral information collected from consumers and personal targeting. The Internet of Things, Big Data and Artificial Intelligence open a new dimension for manipulation. In the age of Metaverse that would be mediated through virtual spaces and augmented reality manipulation is expected to get stronger. Such manipulation could be performed by either commercial corporations or governments, though this Article primarily focuses on the former, rather than the latter. Surveillance capitalism must depend on technology but also on marketing, as commercial entities push their goods and agendas unto their consumers. This new economic order presents benefits in the form of improved services, but it also has negative consequences: it treats individuals as instruments; it may infringe on individuals’ autonomy and future development; and it manipulates consumers to make commercial choices that could potentially harm their own welfare. Moreover, it may also hinder individuals’ free speech and erode some of the privileges enshrined in a democracy. What can be done to limit the negative consequences of hyper-manipulation in digital markets? Should the law impose limitations on digital influence? If so, how and when? This Article aims to answer these questions in the following manner: First, this Article demonstrates how companies influence decisions by collecting, analyzing, and manipulating information. Understanding the tools of the new economic order is the first step in developing legal policy that mitigates harm. Second, this Article analyzes the concept of manipulation. It explains how digital manipulation differs from traditional commercial influences in scope, scale, and depth. Since there are many forms of manipulation, an outright ban on manipulation is not possible, nor is it encouraged since it could undermine the very basis of free markets and even free speech. As a result, this Article proposes a limiting principle on entities identified in literature as “powerful commercial speakers,” focusing on regulating lies and misrepresentations of these entities. This Article outlines disclosure obligations of contextual elements of advertisements and imposes a duty of avoiding false information. In addition to administrative enforcement of commercial lies and misrepresentations, this Article advocates for a new remedy of compensation for autonomy infringement when a powerful speaker lies or disobeys mandated disclosure on products. Third, this Article proposes a complementary solution for long-term effects of manipulation. This solution does not focus on the manipulation itself, but rather offers limitations on data retention for commercial purposes. Such limitations can mitigate the depth of manipulation and may prevent commercial entities from shackling individuals to their past decisions. Fourth, this Article addresses possible objections to the proposed solutions, by demonstrating that they are not in conflict with the First Amendment, but rather promote freedom of expression
    • 

    corecore