Open challenges in vetting the internet‐of‐things

Internet‐of‐Thing (IoT) is a rapid‐emerging technology that exploits the concept of internetwork to connect things such as physical devices and objects together. A huge number of things (6.4 billion are in use in 2016) are already acting without direct human control raising a lot of concerns about the readiness and appropriateness of existing security practices, techniques, and tools to secure the data collected and protect people\u27s private lives. As a first step, this paper presses the importance of having a dedicated process for vetting IoT (by analogy to vetting mobile apps) with focus on exposing things\u27 vulnerabilities that could be the primary source of attacks. These vulnerabilities are identified according to things\u27 duties decomposed into sensing, actuating, and communicating. A set of questions shed light on things\u27 vulnerabilities per type of duty

Open Challenges in Vetting the Internet-of-Things

Internet-of-Thing (IoT) is a rapid-emerging technology that exploits the concept of inter-network to connect things such as physical devices and objects together. A huge number of things (6.4 billion are in use in 2016) are already acting without direct human control raising a lot of concerns about the readiness and appropriateness of existing security practices, techniques, and tools to secure the data collected and protect people’s private lives. As a first step, this paper presses the importance of having a dedicated process for vetting IoT (by analogy to vetting mobile apps) with focus on exposing things’ vulnerabilities that could be the primary source of attacks. These vulnerabilities are identified according to things’ duties decomposed into sensing, actuating, and communicating. A set of questions shed light on things’ vulnerabilities per type of duty

Algorithmic Jim Crow

This Article contends that current immigration- and security-related vetting protocols risk promulgating an algorithmically driven form of Jim Crow. Under the “separate but equal” discrimination of a historic Jim Crow regime, state laws required mandatory separation and discrimination on the front end, while purportedly establishing equality on the back end. In contrast, an Algorithmic Jim Crow regime allows for “equal but separate” discrimination. Under Algorithmic Jim Crow, equal vetting and database screening of all citizens and noncitizens will make it appear that fairness and equality principles are preserved on the front end. Algorithmic Jim Crow, however, will enable discrimination on the back end in the form of designing, interpreting, and acting upon vetting and screening systems in ways that result in a disparate impact

Investigating people: a qualitative analysis of the search behaviours of open-source intelligence analysts

The Internet and the World Wide Web have become integral parts of the lives of many modern individuals, enabling almost instantaneous communication, sharing and broadcasting of thoughts, feelings and opinions. Much of this information is publicly facing, and as such, it can be utilised in a multitude of online investigations, ranging from employee vetting and credit checking to counter-terrorism and fraud prevention/detection. However, the search needs and behaviours of these investigators are not well documented in the literature. In order to address this gap, an in-depth qualitative study was carried out in cooperation with a leading investigation company. The research contribution is an initial identification of Open-Source Intelligence investigator search behaviours, the procedures and practices that they undertake, along with an overview of the difficulties and challenges that they encounter as part of their domain. This lays the foundation for future research in to the varied domain of Open-Source Intelligence gathering

Global Employee Engagement Report: A Corporate Responsibility Practitioner's Guide

This is a Corporate Responsibility Practitioner's Guide designed to provide practical information to companies looking to expand their employee engagement programs internationally. The report explores the employee engagement landscape in five countries: China, Brazil, India, South Africa and the United Kingdom. SVCF surveyed existing literature (global and country-specific) and conducted in-depth interviews with 65 corporate and nonprofit practitioners who have direct experience with employee engagement programs in the five countries studied. The report identifies cultural nuances, policies and trends that practitioners should be aware of as they design locally relevant programs

The New News: Journalism We Want and Need

Economic pressures on one hand and continuing democratization of news on the other have already changed the news picture in Chicago, as elsewhere in the U.S. The Chicago Tribune and Chicago Sun-Times are in bankruptcy, and local broadcast news programs also face economic pressures. Meanwhile, it seems every week brings a new local news entrepreneur from Gapers Block to Beachwood Reporter to Chi-Town Daily News to Windy Citizen to The Printed Blog.In response to these changes, the Knight Foundation is actively supporting a national effort to explore innovations in how information, especially at the local community level, is collected and disseminated to ensure that people find the information they need to make informed decisions about their community's future. The Chicago Community Trust is fortunate to have been selected as a partner working with the Knight Foundation in this effort through the Knight Community Information Challenge. For 94 years, the Trust has united donors to create charitable resources that respond to the changing needs of our community -- meeting basic needs, enriching lives and encouraging innovative ways to improve our neighborhoods and communities.Understanding how online information and communications are meeting, or not, the needs of the community is crucial to the Trust's project supported by the Knight Foundation. To this end, the Trust commissioned the Community Media Workshop to produce The New News: Journalism We Want and Need. We believe this report is a first of its kind resource offering an inventory and assessment of local news coverage for the region by utilizing the interactive power of the internet. Essays in this report also provide insightful perspectives on the opportunities and challenges

Investigating the tension between cloud-related actors and individual privacy rights

Historically, little more than lip service has been paid to the rights of individuals to act to preserve their own privacy. Personal information is frequently exploited for commercial gain, often without the person’s knowledge or permission. New legislation, such as the EU General Data Protection Regulation Act, has acknowledged the need for legislative protection. This Act places the onus on service providers to preserve the confidentiality of their users’ and customers’ personal information, on pain of punitive fines for lapses. It accords special privileges to users, such as the right to be forgotten. This regulation has global jurisdiction covering the rights of any EU resident, worldwide. Assuring this legislated privacy protection presents a serious challenge, which is exacerbated in the cloud environment. A considerable number of actors are stakeholders in cloud ecosystems. Each has their own agenda and these are not necessarily well aligned. Cloud service providers, especially those offering social media services, are interested in growing their businesses and maximising revenue. There is a strong incentive for them to capitalise on their users’ personal information and usage information. Privacy is often the first victim. Here, we examine the tensions between the various cloud actors and propose a framework that could be used to ensure that privacy is preserved and respected in cloud systems

Scholarly communication: The quest for Pasteur's Quadrant

The scholarly communication system is sustained by its functions of a) registration, b) certification or legitimization, c) dissemination and awareness d) archiving or curation and e) reward. These functions have remained stable during the development of scholarly communication but the means through which they are achieved have not. It has been a long journey from the days when scientists communicated primarily through correspondence. The impact of modern-day technological changes is significant and has destabilized the scholarly communication system to some extent because many more options have become available to communicate scholarly information with. Pasteur's Quadrant was articulated by Donald E Stokes in his book Pasteur's Quadrant Basic Science and Technological Innovation. It is the idea that basic science (as practiced by Niels Bohr) and applied science (as exemplified by Thomas Edison) can be brought together to create a synergy that will produce results of significant benefit, as Louis Pasteur did. Given the theory (fundamental understanding) we have of scholarly communication and given how modern-day technological advances can be applied, a case can be made that use-inspired basic research (Pasteur's Quadrant) should be the focus for current research in scholarly communication. In doing so the different types of digital scholarly resources and their characteristics must be investigated to determine how the fundamentals of scholarly communication are being supported. How libraries could advocate for and contribute to the improvement of scholarly communication is also noted. These resources could include: e-journals, repositories, reviews, annotated content, data, pre -print and working papers servers, blogs, discussion forums, professional and academic hubs

How to design browser security and privacy alerts

Browser security and privacy alerts must be designed to ensure they are of value to the end-user, and communicate risks efficiently. We performed a systematic literature review, producing a list of guidelines from the research. Papers were analysed quantitatively and qualitatively to formulate a comprehensive set of guidelines. Our findings seek to provide developers and designers with guidance as to how to construct security and privacy alerts. We conclude by providing an alert template, highlighting its adherence to the derived guidelines