Persistent Surveillance

Persistent surveillance technologies grant police vast new investigative capabilities. The technologies both monitor targeted areas and generate databases of searchable information about people, places, and patterns that can be connected and accessed for criminal prosecutions. In the face of this growing police surveillance, courts have struggled to make sense of a fragmented Fourth Amendment doctrine. The Supreme Court has offered some clues that “digital may be different” when it comes to surveillance, but lower courts have been left struggling to apply old law to new technologies. Warrantless use of persistent surveillance technologies raises hard questions about when a “search” occurs and whether the Fourth Amendment should limit overbroad police collection. This Article attempts to solve the persistent surveillance puzzle. First, it defines persistent surveillance technologies and explains why these policing systems represent a different privacy and security threat— one constitutionally distinguishable from traditional policing tools. Second, the Article examines the legal questions courts must ask in evaluating the Fourth Amendment implications of new persistent surveillance technologies used without a warrant. This Part synthesizes lessons learned from recent Supreme Court cases on digital surveillance and offers a new framework for future analysis. Third, this Article examines the technological framing questions courts must ask in evaluating these networked systems. Revealingly, how courts choose to define the scope, scale, and capacity of the technology itself— what I call the unit of surveillance—will shape the Fourth Amendment answers. The long-term goal of this Article is to offer a Fourth Amendment framework for all future persistent surveillance technologies. The short-term project applies these principles to two vexing persistent surveillance puzzles recently before the federal courts involving aerial surveillance planes and long-term pole cameras

Burying Our Heads in the Sand: Lack of Knowledge, Knowledge Avoidance, and the Persistent Problem of Campus Peer Sexual Violence

This article discusses why two laws that seek to prevent and end sexual violence between students on college campuses, Title IX of the Educational Amendments of 1972 ( Title IX ) and the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act ( Clery Act ), are failing to fulfill that goal and how these legal regimes can be improved to reach this goal. It explicates how Title IX and the Clery Act ignore or exacerbate a series of information problems that create incentives for schools to bury their heads in the sand with regard to campus peer sexual violence. These information problems include: 1) the damage to a school\u27s public image that can come from increased reporting of the violence; 2) the persistent myth that such violence is committed mainly by strangers; 3) the lack of awareness by most school officials about the violence and a school\u27s legal obligations with regard to preventing the violence; and 4) the prohibitively expensive broad-based education and training that correcting such information problems would require. Several legal deficiencies emerge from this examination, including: 1) problems arising from the actual notice prong of the test created by the Supreme Court in Gebser v. Lago Vista Independent School District and Davis v. Monroe County Board of Education; 2) problems related to the Department of Education\u27s administrative enforcement of Title IX; and 3) problems with the campus crime reporting provisions of the Clery Act. The article discusses each deficiency in turn, how each serves to enable schools\u27 lack of knowledge and avoidance of knowledge about peer sexual violence, and how each fails to solve or exacerbates the information problems faced by schools, students, and parents. Finally, the article concludes with a series of recommendations for changes that should be made to Title IX, the Clery Act, and their enforcement regimes to address these information problems and ultimately to prevent and end the persistent problem of campus peer sexual violence

A Private Enforcement Remedy for Information Misuse

Misuse of users’ personally identifiable information is persistent and pervasive. This Article addresses two questions: why is information misuse so common and so severe and how could domestic law change to make it less so? I use a simple model to illustrate that companies externalize information misuse costs onto users, which has two related but distinct effects: chronic underinvestment in information security and excessive retention of user data. I then seize on this observation to propose a specific legal vehicle at the heart of this Article—a private enforcement remedy. This private enforcement remedy has four essential features. First, the remedy must be created under state law. State law provides a viable alternative when federal courts have used the constitutional standing doctrine to express overt hostility to privacy harms. Second, the law should impose a fiduciary duty on entities that collect or retain users’ information. Structuring the remedy this way insulates it from attack by a weaponized First Amendment. Third, breach of an information fiduciary’s duty should be a strict liability tort. The arguments for strict liability in products liability cases apply with even greater force to informational harms. Fourth, the statute that creates this private enforcement remedy should prescribe a schedule that begins with nominal damages and attorney’s fees for strict liability, and it should increase monetary penalties with a defendant’s culpability. The remedy’s central purpose is to reshape incentives, so the damages schedule should not be unduly punitive or effect a windfall for plaintiffs’ attorneys

A Measure for Ending Hunger in the United States

Hunger is a persistent problem in the United States. In 1999, three percent of U.S. households (more than 7.5 million people) were food insecure with hunger.2(p7) An additional seven percent of households (more than 23 million people) were food insecure without hunger. In all, 31 million Americans, including 12 million children, did not have enough food to meet their basic needs.In response, PARTNERS IN ENDING HUNGER (a grass-roots organization with over 17 years of experience) has declared itself an organization accountable for providing communities with the tools and training necessary to create and implement effective action plans for ending hunger (see Appendix A). Two essential tools for this work are: (1) a direct and accurate way to measure hunger in a community and (2) criteria that define when hunger has ended.The hunger measure PARTNERS has chosen is the U.S. Household Food Security Measure. It is a survey instrument and severity scale developed under the joint leadership of the U.S. Departments of Agriculture (USDA) and Health and Human Services (HHS). It has been used to measure the extent of hunger at national and state levels since 1995 and was specifically designed to be used at the local level as well.Building on distinctions and definitions presented in the U.S. Household Food Security Measure, PARTNERS has established criteria that define when hunger in a community has ended. According to PARTNERS' criteria, a community has ended hunger when, for two consecutive years, the results of the U.S. Household Food Security Measure show that none of the community's households have members who experience hunger and four percent or fewer of the community's households experience food insecurity. PARTNERS asserts that when communities meet these criteria and sustain these results over time, they have ended the persistence of hunger. These communities will then serve as models and catalysts for other communities to do the same

How to design browser security and privacy alerts

Browser security and privacy alerts must be designed to ensure they are of value to the end-user, and communicate risks efficiently. We performed a systematic literature review, producing a list of guidelines from the research. Papers were analysed quantitatively and qualitatively to formulate a comprehensive set of guidelines. Our findings seek to provide developers and designers with guidance as to how to construct security and privacy alerts. We conclude by providing an alert template, highlighting its adherence to the derived guidelines

AntibIoTic: Protecting IoT Devices Against DDoS Attacks

The 2016 is remembered as the year that showed to the world how dangerous Distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DDoS attacks perpetrated through IoT devices

Reaction to New Security Threat Class

Each new identified security threat class triggers new research and development efforts by the scientific and professional communities. In this study, we investigate the rate at which the scientific and professional communities react to new identified threat classes as it is reflected in the number of patents, scientific articles and professional publications over a long period of time. The following threat classes were studied: Phishing; SQL Injection; BotNet; Distributed Denial of Service; and Advanced Persistent Threat. Our findings suggest that in most cases it takes a year for the scientific community and more than two years for industry to react to a new threat class with patents. Since new products follow patents, it is reasonable to expect that there will be a window of approximately two to three years in which no effective product is available to cope with the new threat class

Conversational Sensing

Recent developments in sensing technologies, mobile devices and context-aware user interfaces have made it possible to represent information fusion and situational awareness as a conversational process among actors - human and machine agents - at or near the tactical edges of a network. Motivated by use cases in the domain of security, policing and emergency response, this paper presents an approach to information collection, fusion and sense-making based on the use of natural language (NL) and controlled natural language (CNL) to support richer forms of human-machine interaction. The approach uses a conversational protocol to facilitate a flow of collaborative messages from NL to CNL and back again in support of interactions such as: turning eyewitness reports from human observers into actionable information (from both trained and untrained sources); fusing information from humans and physical sensors (with associated quality metadata); and assisting human analysts to make the best use of available sensing assets in an area of interest (governed by management and security policies). CNL is used as a common formal knowledge representation for both machine and human agents to support reasoning, semantic information fusion and generation of rationale for inferences, in ways that remain transparent to human users. Examples are provided of various alternative styles for user feedback, including NL, CNL and graphical feedback. A pilot experiment with human subjects shows that a prototype conversational agent is able to gather usable CNL information from untrained human subjects