Current, September 08, 2003

https://irl.umsl.edu/current2000s/1162/thumbnail.jp

The Utah Statesman, April 14, 2000

Weekly student newspaper of Utah State University in Logan.https://digitalcommons.usu.edu/newspapers/2641/thumbnail.jp

Bowdoin Orient v.138, no.1-25 (2008-2009)

https://digitalcommons.bowdoin.edu/bowdoinorient-2000s/1009/thumbnail.jp

Privacy and Security in the Cloud: Some Realism About Technical Solutions to Transnational Surveillance in the Post-Snowden Era

Since June 2013, the leak of thousands of classified documents regarding highly sensitive U.S. surveillance activities by former National Security Agency (NSA) contractor Edward Snowden has greatly intensified discussions of privacy, trust, and freedom in relation to the use of global computing and communication services. This is happening during a period of ongoing transition to cloud computing services by organizations, businesses, and individuals. There has always been a question of inherent in this transition: are cloud services sufficiently able to guarantee the security of their customers’ data as well s the proper restrictions on access by third parties, including governments? While worries over government access to data in the cloud is a predominate part of the ongoing debate over the use of cloud serives, the Snowden revelations highlight that intelligence agency operations pose a unique threat to the ability of services to keep their customers’ data out of the hands of domestic as well as foreign governments. The search for a proper response is ongoing, from the perspective of market players, governments, and civil society. At the technical and organizational level, industry players are responding with the wider and more sophisticated deployment of encryption as well as a new emphasis on the use of privacy enhancing technologies and innovative architectures for securing their services. These responses are the focus of this Article, which contributes to the discussion of transnational surveillance by looking at the interaction between the relevant legal frameworks on the one hand, and the possible technical and organizational responses of cloud service providers to such surveillance on the other. While the Article’s aim is to contribute to the debate about government surveillance with respect to cloud services in particular, much of the discussion is relevant for Internet services more broadly

Abstracts 2015: Highlights of Student Research and Creative Endeavors

https://csuepress.columbusstate.edu/abstracts/1007/thumbnail.jp

Mass surveillance or licence to operate: a Critical Discourse Analysis of UK newspaper reporting on The Investigatory Powers Act 2016

Introduced in parliament in November 2015, the Draft Investigatory Powers Bill was the most recent version of legislation written to provide a statutory basis for a range of powers providing police and security services with various means of capturing or intercepting electronic communications. Previous efforts at legislating for these powers attracted widespread criticism, and provoked political and legal opposition, and this Bill reprised concerns over what some felt to be the excessive scope of the powers included. This research seeks to examine UK national newspaper reporting of the legislation, published around the dates of the publication of the draft version of the bill, and when the legislation passed into law as The Investigatory Powers Act 2016, in order to evaluate the quality of this reporting. Using the methodology of Critical Discourse Analysis to examine reports from a representative selection of UK national newspapers, the study aims to identify the dominant ways in which the issues are constructed in the news, and the range of sources which are drawn upon to demonstrate the disparate perspectives available. Working from the basis that newspapers represent a significant source of public information on important contemporary social issues, the research seeks to evaluate the effectiveness of newspaper reporting in providing a full and informative depiction of such matters

Towards internet voting in the state of Qatar

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

A framework to evaluate user experience of end user application security features

The use of technology in society moved from satisfying the technical needs of users to giving a lasting user experience while interacting with the technology. The continuous technological advancements have led to a diversity of emerging security concerns. It is necessary to balance security issues with user interaction. As such, designers have adapted to this reality by practising user centred design during product development to cater for the experiential needs of user - product interaction. These User Centred Design best practices and standards ensure that security features are incorporated within End User Programs (EUP). The primary function of EUP is not security, and interaction with security features while performing a program related task does present the end user with an extra burden. Evaluation mechanisms exist to enumerate the performance of the EUP and the user’s experience of the product interaction. Security evaluation standards focus on the program code security as well as on security functionalities of programs designed for security. However, little attention has been paid to evaluating user experience of functionalities offered by embedded security features. A qualitative case study research using problem based and design science research approaches was used to address the lack of criteria to evaluate user experience with embedded security features. User study findings reflect poor user experience with EUP security features, mainly as a result of low awareness of their existence, their location and sometimes even of their importance. From the literature review of the information security and user experience domains and the user study survey findings, four components of the framework were identified, namely: end user characteristics, information security, user experience and end user program security features characteristics. This thesis focuses on developing a framework that can be used to evaluate the user experience of interacting with end user program security features. The framework was designed following the design science research method and was reviewed by peers and experts for its suitability to address the problem. Subject experts in the fields of information security and human computer interaction were engaged, as the research is multidisciplinary. This thesis contributes to the body of knowledge on information security and on user experience elements of human computer interaction security regarding how to evaluate user experience of embedded InfoSec features. The research adds uniquely to the literature in the area of Human Computer Interaction Security evaluation and measurement in general, and is specific to end user program security features. The proposed metrics for evaluating UX of interacting with EUP security features were used to propose intervention to influence UX in an academic setup. The framework, besides presenting UX evaluation strategies for EUP security features, also presents a platform for further academic research on human factors of information security. The impact can be evaluated by assessing security behaviour, and successful security breaches, as well as user experience of interaction with end user programs