Yelling Fire and Hacking: Why the First Amendment Does Not Permit Distributing DVD Decryption Technology?

One of the consequences of the black-hole "no-hair" theorem in general relativity (GR) is that gravitational radiation (quasi-normal modes) from a perturbed Kerr black hole is uniquely determined by its mass and spin. Thus, the spectrum of quasi-normal mode frequencies have to be all consistent with the same value of the mass and spin. Similarly, the gravitational radiation from a coalescing binary black hole system is uniquely determined by a small number of parameters (masses and spins of the black holes and orbital parameters). Thus, consistency between different spherical harmonic modes of the radiation is a powerful test that the observed system is a binary black hole predicted by GR. We formulate such a test, develop a Bayesian implementation, demonstrate its performance on simulated data and investigate the possibility of performing such a test using previous and upcoming gravitational wave observations

Determination and evaluation of web accessibility

The Web is the most pervasive collaborative technology in widespread use today; however, access to the web and its many applications cannot be taken for granted. Web accessibility encompasses a variety of concerns ranging from societal, political, and economic to individual, physical, and intellectual through to the purely technical. Thus, there are many perspectives from which web accessibility can be understood and evaluated. In order to discuss these concerns and to gain a better understanding of web accessibility, an accessibility framework is proposed using as its base a layered evaluation framework from Computer Supported Co-operative Work research and the ISO standard, ISO/IEC 9126 on software quality. The former is employed in recognition of the collaborative nature of the web and its importance in facilitating communication. The latter is employed to refine and extend the technical issues and to highlight the need for considering accessibility from the viewpoint of the web developer and maintainer as well as the web user. A technically inaccessible web is unlikely to be evolved over time. A final goal of the accessibility framework is to provide web developers and maintainers with a practical basis for considering web accessibility through the development of a set of accessibility factors associated with each identified layer

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Privacy Issues of the W3C Geolocation API

The W3C's Geolocation API may rapidly standardize the transmission of location information on the Web, but, in dealing with such sensitive information, it also raises serious privacy concerns. We analyze the manner and extent to which the current W3C Geolocation API provides mechanisms to support privacy. We propose a privacy framework for the consideration of location information and use it to evaluate the W3C Geolocation API, both the specification and its use in the wild, and recommend some modifications to the API as a result of our analysis

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

Governing Networks and Rule-Making in Cyberspace

The global network environment defies traditional regulatory theories and policymaking practices. At present, policymakers and private sector organizations are searching for appropriate regulatory strategies to encourage and channel the global information infrastructure (“GII”). Most attempts to define new rules for the development of the GII rely on disintegrating concepts of territory and sector, while ignoring the new network and technological borders that transcend national boundaries. The GII creates new models and sources for rules. Policy leadership requires a fresh approach to the governance of global networks. Instead of foundering on old concepts, the GII requires a new paradigm for governance that recognizes the complexity of networks, builds constructive relationships among the various participants (including governments, systems operators, information providers, and citizens), and promotes incentives for the attainment of various public policy objectives in the private sector