An Affective Model for Unauthorized Sharing of Software

Software piracy has been studied by academics, software firms, law enforcement agents and policy makers for many years. Previous research in software piracy either did not differentiate between unauthorized copying and unauthorized sharing, or focused only on unauthorized copying. We believe the motivating factors behind the two behaviors are quite different because beneficiaries of the behaviors are different. In this paper, we consider unauthorized sharing as a kind of helping behavior and draw on relevant literature to see if the motivations behind unauthorized sharing can be better appreciated from an affective perspective. We tested the affective model of unauthorized sharing based on empirical data obtained from a large-scale survey. We found from the survey that both perceived affordability and perceived convenience could arouse sympathy or annoyance with the unauthorized copier, and their effects were mediated by perceived controllability of the need of unauthorized copying. Our results support the strong effects of affective factors on the moral obligation of unauthorized sharing

Configuring the Networked Citizen

Among legal scholars of technology, it has become commonplace to acknowledge that the design of networked information technologies has regulatory effects. For the most part, that discussion has been structured by the taxonomy developed by Lawrence Lessig, which classifies code as one of four principal regulatory modalities, alongside law, markets, and norms. As a result of that framing, questions about the applicability of constitutional protections to technical decisions have taken center stage in legal and policy debates. Some scholars have pondered whether digital architectures unacceptably constrain fundamental liberties, and what public design obligations might follow from such a conclusion. Others have argued that code belongs firmly on the private side of the public/private divide because it originates in the innovative activity of private actors. In a forthcoming book, the author argues that the project of situating code within one or another part of the familiar constitutional landscape too often distracts legal scholars from more important questions about the quality of the regulation that networked digital architectures produce. The gradual, inexorable embedding of networked information technologies has the potential to alter, in largely invisible ways, the interrelated processes of subject formation and culture formation. Within legal scholarship, the prevailing conceptions of subjectivity tend to be highly individualistic, oriented around the activities of speech and voluntary affiliation. Subjectivity also tends to be understood as definitionally independent of culture. Yet subjectivity is importantly collective, formed by the substrate within which individuality emerges. People form their conceptions of the good in part by reading, listening, and watching—by engaging with the products of a common culture—and by interacting with one another. Those activities are socially and culturally mediated, shaped by the preexisting communities into which individuals are born and within which they develop. They are also technically mediated, shaped by the artifacts that individuals encounter in common use. The social and cultural patterns that mediate the activities of self-constitution are being reconfigured by the pervasive adoption of technical protocols and services that manage the activities of content delivery, search, and social interaction. In developed countries, a broad cross-section of the population routinely uses networked information technologies and communications devices in hundreds of mundane, unremarkable ways. We search for information, communicate with each other, and gain access to networked resources and services. For the most part, as long as our devices and technologies work as expected, we give little thought to how they work; those questions are understood to be technical questions. Such questions are better characterized as sociotechnical. As networked digital architectures increasingly mediate the ordinary processes of everyday life, they catalyze gradual yet fundamental social and cultural change. This chapter—originally published in Imagining New Legalities: Privacy and Its Possibilities in the 21st Century, edited by Austin Sarat, Lawrence Douglas, and Martha Merrill Umphrey (2012)—considers two interrelated questions that flow from understanding sociotechnical change as (re)configuring networked subjects. First, it revisits the way that legal and policy debates locate networked information technologies with respect to the public/private divide. The design of networked information technologies and communications devices is conventionally treated as a private matter; indeed, that designation has been the principal stumbling block encountered by constitutional theorists of technology. The classification of code as presumptively private has effects that reach beyond debates about the scope of constitutional guarantees, shaping views about the extent to which regulation of technical design decisions is normatively desirable. This chapter reexamines that discursive process, using lenses supplied by literatures on third-party liability and governance. Second, this chapter considers the relationship between sociotechnical change and understandings of citizenship. The ways that people think, form beliefs, and interact with one another are centrally relevant to the sorts of citizens that they become. The gradual embedding of networked information technologies into the practice of everyday life therefore has important implications for both the meaning and the practice of citizenship in the emerging networked information society. If design decisions are neither merely technical nor presumptively private, then they should be subject to more careful scrutiny with regard to the kind of citizen they produce. In particular, policy-makers cannot avoid engaging with the particular values that are encoded

On XACML\u27s adequacy to specify and to enforce HIPAA

In the medical sphere, personal and medical informa-tion is collected, stored, and transmitted for various pur-poses, such as, continuity of care, rapid formulationof diagnoses, and billing. Many of these operationsmust comply with federal regulations like the HealthInsurance Portability and Accountability Act (HIPAA).To this end, we need a specification language that canprecisely capture the requirements of HIPAA. We alsoneed an enforcement engine that can enforce the pri-vacy policies specified in the language. In the currentwork, we evaluate eXtensible Access Control MarkupLanguage (XACML) as a candidate specification lan-guage for HIPAA privacy rules. We evaluate XACMLbased on the set of features required to sufficiently ex-press HIPAA, proposed by a prior work. We also discusswhich of the features necessary for expressing HIPAAare missing in XACML. We then present high level de-signs of how to enhance XACM

Pervasively Distributed Copyright Enforcement

In an effort to control flows of unauthorized information, the major copyright industries are pursuing a range of strategies designed to distribute copyright enforcement functions across a wide range of actors and to embed these functions within communications networks, protocols, and devices. Some of these strategies have received considerable academic and public scrutiny, but much less attention has been paid to the ways in which all of them overlap and intersect with one another. This article offers a framework for theorizing this process. The distributed extension of intellectual property enforcement into private spaces and throughout communications networks can be understood as a new, hybrid species of disciplinary regime that locates the justification for its pervasive reach in a permanent state of crisis. This hybrid regime derives its force neither primarily from centralized authority nor primarily from decentralized, internalized norms, but instead from a set of coordinated processes for authorizing flows of information. Although the success of this project is not yet assured, its odds of success are by no means remote as skeptics have suggested. Power to implement crisis management in the decentralized marketplace for digital content arises from a confluence of private and public interests and is amplified by the dynamics of technical standards processes. The emergent regime of pervasively distributed copyright enforcement has profound implications for the production of the networked information society

Managing the radio spectrum : framework for reform in developing countries

Bringing management of the radio spectrum closer to markets is long overdue. The radio spectrum is a major component of the infrastructure that underpins the information society. Spectrum management, however, has not kept up with major changes in technology, business practice, and economic policy that have taken place worldwide during the last two decades. For many years traditional government administration of the spectrum worked reasonably well, but more recently it has led to growing technical and economic inefficiencies as well as obstacles to technological innovation. Two alternative approaches to spectrum management are being tried in several countries, one driven by the market (tradable spectrum rights) and another driven by technology innovation (spectrum commons). This paper discusses the basic features, advantages and limitations, scope of application, and requirements for implementation of these three approaches. The paper then discusses how these approaches can be made to work under conditions that typically prevail in developing countries, including weak rule of law, limited markets, and constrained fiscal space. Although spectrum reform strategies for individual countries must be developed case by case, several broadly applicable strategic options are outlined. The paper proposes a phased approach to addressing spectrum reform in a country. It ends by discussing aspects of institutional design, managing the transition, and addressing high-level changes such as the transition to digital television, the path to third-generation mobile services, launching of wireless fixed broadband services, and releasing military spectrum. The paper is extensively annotated and referenced.E-Business,Roads&Highways,Telecommunications Infrastructure,Climate Change,ICT Policy and Strategies

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure