After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem

Takeover Litigation: the US does it more than the UK, but why and does it matter?

This thesis begins by describing the regulatory regimes of takeovers in the UK and US, and maps the litigation landscapes of both jurisdictions. In order to first map or describe the litigation landscapes, data was collected to reveal the extent of the UK’s propensity to litigate during takeovers. Although data ascertaining takeover litigation levels existed in the US no current study had yet established the levels in the UK. It is revealed that in the US 87 percent of takeovers are subject to litigation, whilst in the UK the figure is less than one percent. Current literature has not yet attempted to explain exactly why the US and UK differ so widely, considering their very similar market systems. The focus of this thesis is then to explain this difference and debunk some of the more obvious presumed explanations (i.e. “the US is just more aggressively litigious”) and identify some lesser known reasons. As the main instigators of US litigation are target shareholders alleging their directors have breached a fiduciary duty a number of explanations inevitably arise from this particular scenario. A simplistic uni-causal explanation is therefore rejected and instead this thesis offers four candidates for explaining the disparity. These are, firstly, that US shareholders benefit from more extensive “causes of action.” The second explanation encompasses the different “forms of action” that are available to shareholders in the UK and US to pursue these causes of action; in the US the class action is the favoured form whereas in the UK shareholders are limited to the derivative claim. The third explanation concerns the role played by the existence of the Code, and its administration by the Panel. It is argued that these UK institutions do much to suppress takeover litigation in general. The fourth and final explanation is the rather amorphous concept of “litigation culture.” Finally, the impacts of the diverging propensities to litigate on factors such as cost and speed on the takeover process are then evaluated

Three Studies on Cybersecurity Disclosure and Assurance

This dissertation comprises three experimental studies that explore how management\u27s financial disclosure behavior and security strategies influence the costs associated with cybersecurity breaches. The first study examines the cost of litigation in connection with cybersecurity incidents. The purpose of this study is to determine how the characteristics and content of cybersecurity incidents\u27 disclosure affects jurors\u27 liability assessments. Specifically, this study explores how jurors react to management timeliness in disclosing the incident and the plausibility of the explanations provided to justify the disclosure strategy. The second and third studies explore the value relevance of cybersecurity risk management (CRM) assurance. In particular, the second study examines whether engagement in voluntary assurance over CRM before the occurrence of an incident affects investors\u27 reactions after the incident, and whether these reactions differ based on whether assurance is expected or not expected based on industry norms. The third study scrutinizes how perceptions of disclosure timeliness affect investor decisions and explores the use of CRM assurance as a potential tool to mitigate the deleterious effects of delayed disclosures of cybersecurity incidents. Overall, the results reported in this dissertation suggest that timely disclosure of a cybersecurity breach reduces liability, improves management credibility assessments, and results in higher valuation judgments. Moreover, the findings reveal that CRM assurance further leads to enhanced management credibility assessments and valuation judgments and that the impact of CRM assurance is particularly beneficial when not necessarily expected for the industry. In combination, these three studies address calls for research exploring the costs of cybersecurity and inform regulators currently engaged in developing both cybersecurity disclosure requirements and voluntary assurance services designed to address stakeholders\u27 information needs regarding companies\u27 cybersecurity activities. These studies also add to the literature and theory documenting the link between disclosure timeliness and litigation risk, and the value of voluntary assurance services

Aggregate quasi rents and auditor independence : evidence from audit firm mergers in China

Using a sample of audit firm mergers in China\u27s audit market, this paper provides evidence on the way auditor independence can be improved following audit firm mergers as a result of a change in the aggregate quasi rents that are exposed to risk (i.e., the quasi rents at stake). This setting allows us to examine the relationship between auditor independence and the aggregate quasi rents at stake directly after controlling for the confounding effects of auditor competence, audit firm brand name, and the self-selection problem that may exist in previous studies. We hypothesize that auditors become more independent in the post-merger period only if the mergers increase the aggregate quasi rents at stake. Proxying audit quality by the frequency of modified audit opinions (MAOs) and using a \u27\u27difference-in-differences\u27\u27 research design, we conduct separate tests for two types of mergers under the institutional arrangements in China: one with an increase in the aggregate quasi rents at stake and the other with little change in these rents. Consistent with our hypothesis, we observe an improvement in auditor independence, but only for mergers that increase auditors\u27 aggregate quasi rents at stake. Moreover, the post-merger increase in the propensity for MAOs in this type of merger is positively associated with the magnitude of the change in the aggregate quasi rents at stake. Our empirical findings support the theory that auditor independence is a positive function of the aggregate quasi rents at stake

Resolving the Crisis in U.S. Merger Regulation: A Transatlantic Alternative to the Perpetual Litigation Machine

Regulation by litigation has driven U.S. merger regulation to crisis. The reliance on private lawsuits to police disclosures and potential conflicts of interest in mergers, takeovers, and other control transactions has resulted in the filing of claims after every major transaction. However, it has failed to achieve meaningful benefits for shareholders and has instead deprived them of potentially valuable rights. Regulation by litigation has devolved into attorney rent-seeking, and the raft of substantive and procedural reforms aimed at resolving the crisis has failed. There is an alternative to regulation by litigation. Drawing upon the code and panel-based models of merger regulation in the United Kingdom and Ireland, this Article explores whether a regulatory model might be better at protecting shareholder interests in merger transactions. A regulatory alternative holds a number of significant advantages, including greater speed, responsiveness, certainty, and lower administrative costs. In light of these potential advantages, it is remarkable that no U.S. state has experimented with a code and panel-based model of merger regulation. We explain the persistent difference between the U.S. and Anglo-Irish models by reference to interest group politics and, in particular, the power of the bar to influence corporate law reforms in the United States

Earnings management using classification shifting: Are pro forma earnings and debt explanatory factors?

Masteroppgave i revisjon og regnskap - Nord universitet 202