Cross Border Data Flows: Could Foreign Protectionism Hurt U.S. Jobs?: Hearing Before the Subcomm. On Commerce, Mfg. & Trade of the H. Comm. on Energy & Commerce, 113th Cong., Sept. 17, 2014 (Statement of Laura K. Donohue)

Documents released over the past year detailing the National Security Agency’s telephony metadata collection program and interception of international content under the Foreign Intelligence Surveillance Act (FISA) directly implicated U.S. high technology companies in government surveillance. The result was an immediate, and detrimental, impact on U.S. firms, the economy, and U.S. national security. The first Snowden documents, printed June 5, 2013, revealed that the U.S. government had served orders on Verizon, directing the company to turn over telephony metadata under Section 215 of the USA PATRIOT Act. The following day, The Guardian published classified slides detailing how the NSA had intercepted international content under Section 702 of the FISA Amendments Act. The type of information obtained ranged from E-mail, video and voice chat, videos, photos, and stored data, to Voice over Internet Protocol, file transfers, video conferencing, notifications of target activity, and online social networking details. The companies involved read like a who’s who of U.S. Internet giants: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. More articles highlighting the extent to which the NSA had become embedded in the U.S. high tech industry followed. In September 2013 ProPublica and the New York Times revealed that the NSA had enjoyed considerable success in cracking commonly-used cryptography. The following month the Washington Post reported that the NSA, without the consent of the companies involved, had obtained millions of customers’ address book data: in one day alone, some 444,743 email addresses from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers. The extent of upstream collection stunned the public – as did slides demonstrating how the NSA had bypassed the companies’ encryption, intercepting data as it transferred between the public Internet and the Google cloud. Further documents suggested that the NSA had helped to promote encryption standards for which it already held the key or whose vulnerabilities the NSA understood but not taken steps to address. Beyond this, press reports indicated that the NSA had at times posed as U.S. companies—without their knowledge—in order to gain access to foreign targets. In November 2013 Der Spiegel reported that the NSA and the United Kingdom’s Government Communications Headquarters (GCHQ) had created bogus versions of Slashdot and LinkedIn, so that when employees from the telecommunications firm Belgacom tried to access the sites from corporate computers, their requests were diverted to the replica sites that then injected malware into their machines. As a result of growing public awareness of these programs, U.S. companies have lost revenues, even as non-U.S. firms have benefited. In addition, numerous countries, concerned about consumer privacy as well as the penetration of U.S. surveillance efforts in the political sphere, have accelerated localization initiatives, begun restricting U.S. companies’ access to local markets, and introduced new privacy protections—with implications for the future of Internet governance and U.S. economic growth. These effects raise attendant concerns about U.S. national security. Congress has an opportunity to redress the current situation in at least three ways. First, and most importantly, reform of the Foreign Intelligence Surveillance Act would provide for greater restrictions on NSA surveillance. Second, new domestic legislation could extend better protections to consumer privacy. These shifts would allow U.S. industry legitimately to claim a change in circumstance, which would help them to gain competitive ground. Third, the integration of economic concerns at a programmatic level within the national security infrastructure would help to ensure that economic matters remain central to national security determinations in the future

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061

The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts

Big data analytics:Computational intelligence techniques and application areas

Big Data has significant impact in developing functional smart cities and supporting modern societies. In this paper, we investigate the importance of Big Data in modern life and economy, and discuss challenges arising from Big Data utilization. Different computational intelligence techniques have been considered as tools for Big Data analytics. We also explore the powerful combination of Big Data and Computational Intelligence (CI) and identify a number of areas, where novel applications in real world smart city problems can be developed by utilizing these powerful tools and techniques. We present a case study for intelligent transportation in the context of a smart city, and a novel data modelling methodology based on a biologically inspired universal generative modelling approach called Hierarchical Spatial-Temporal State Machine (HSTSM). We further discuss various implications of policy, protection, valuation and commercialization related to Big Data, its applications and deployment

PRECEPT: A Framework for Ethical Digital Forensics Investigations.

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability. In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure. The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this. Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced. Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Customs, Immigration, and Rights: Constitutional Limits on Electronic Border Searches

The warrantless search of travelers’ electronic devices as they enter and exit the United States is rapidly increasing. While the Supreme Court has long recognized a border-search exception to the Fourth Amendment’s warrant requirement, it applies to only two interests: promoting the duty regime and preventing contraband from entering the country; and ensuring that individuals are legally admitted. The government’s recent use of the exception goes substantially beyond these matters. U.S. Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) are using it to search electronic devices, and at times the cloud, for evidence of any criminal activity, bypassing the warrant requirement altogether. Searches of these devices implicate privacy concerns well beyond those of the home, which has long been protected even for customs and immigration purposes. This Essay traces the evolution of the border exception, noting the effect of recent Supreme Court decisions, to argue that CBP and ICE are operating outside constitutional constraints. The Essay considers two objections grounded in the legitimate interests of CBP and ICE. It responds, first, that inspection of digital devices differs from the examination of a traveler’s purse or luggage: the level of intrusion and the amount of information obtained changes the quality of the search, triggering Fourth Amendment protections. Second, as an immigration matter, as soon as citizens are identified, absent probable cause, the government does not have the constitutional authority to search their devices at all. Foreigners lacking a substantial connection to the country, however, do not enjoy the same Fourth Amendment protections. It concludes by observing that because of the substance and complexity of the issue, Congress has an important role to play in determining what types of searches are justified

DATUM in Action

This collaborative research data management planning project (hereafter the RDMP project) sought to help a collaborative group of researchers working on an EU FP7 staff exchange project (hereafter the EU project) to define and implement good research data management practice by developing an appropriate DMP and supporting systems and evaluating their initial implementation. The aim was to "improve practice on the ground" through more effective and appropriate systems, tools/solutions and guidance in managing research data. The EU project (MATSIQEL - (Models for Ageing and Technological Solutions For Improving and Enhancing the Quality of Life), funded under the Marie Curie International Research Staff Exchange Scheme, is accumulating expertise for the mathematical and computer modelling of ageing processes with the aim of developing models which can be implemented in technological solutions (e.g. monitors, telecare, recreational games) for improving and enhancing quality of life.1 Marie Curie projects do not fund research per se, so the EU project has no resources to fund commercial tools for research data management. Lead by Professor Maia Angelova, School of Computing, Engineering and Information Sciences (SCEIS) at Northumbria University, it comprises six work packages involving researchers at Northumbria and in Australia, Bulgaria, Germany, Mexico and South Africa. The RDMP project focused on one of its work packages (WP4 Technological Solutions and Implementation) with some reference to another work package lead by the same person at Northumbria University (WP5 Quality of Life). The RDMP project‟s innovation was less about the choice of platform/system, as it began with existing standard office technology, and more about how this can be effectively deployed in a collaborative scenario to provide a fit-for-purpose solution with useful and usable support and guidance. It built on the success of the Datum for Health project by taking it a stage further, moving from a solely health discipline to an interdisciplinary context of health, social care and mathematical/computer modelling, and from a Postgraduate Research Student context to an academic researcher context, with potential to reach beyond the University boundaries. In addition, since the EU project is re-using data from elsewhere as well as creating its own data; a wide range of RDM issues were addressed. The RDMP project assessed the transferability of the DATUM materials and the tailored DATUM DMP