Digital Smartphone Tracking for COVID-19: Public Health and Civil Liberties in Tension

This Viewpoint compares manual and digital strategies for coronavirus disease 2019 (COVID-19) contact tracing, describes how countries in Asia and Europe have used smartphone tracking, and discusses privacy and discrimination concerns and strategies for balancing public health and civil liberties in the US

Municipal cyber risk modeling using cryptographic computing to inform cyber policymaking

Municipalities are vulnerable to cyberattacks with devastating consequences, but they lack key information to evaluate their own risk and compare their security posture to peers. Using data from 83 municipalities collected via a cryptographically secure computation platform about their security posture, incidents, security control failures, and losses, we build data-driven cyber risk models and cyber security benchmarks for municipalities. We produce benchmarks of the security posture in a sector, the frequency of cyber incidents, forecasted annual losses for organizations based on their defensive posture, and a weighting of cyber controls based on their individual failure rates and associated losses. Combined, these four items can help guide cyber policymaking by quantifying the cyber risk in a sector, identifying gaps that need to be addressed, prioritizing policy interventions, and tracking progress of those interventions over time. In the case of the municipalities, these newly derived risk measures highlight the need for continuous measured improvement of cybersecurity readiness, show clear areas of weakness and strength, and provide governments with some early targets for policy focus such as security education, incident response, and focusing efforts first on municipalities at the lowest security levels that have the highest risk reduction per security dollar invested.Comment: Working Draft for Presentation at the Cybersecurity Law and Policy Scholars Conference - September 29, 202

AUDIT: Practical Accountability of Secret Processes

The US federal court system is exploring ways to improve the accountability of electronic surveillance, an opaque process often involving cases sealed from public view and tech companies subject to gag orders against informing surveilled users. One judge has proposed publicly releasing some metadata about each case on a paper cover sheet as a way to balance the competing goals of (1) secrecy, so the target of an investigation does not discover and sabotage it, and (2) accountability, to assure the public that surveillance powers are not misused or abused. Inspired by the courts\u27 accountability challenge, we illustrate how accountability and secrecy are simultaneously achievable when modern cryptography is brought to bear. Our system improves configurability while preserving secrecy, offering new tradeoffs potentially more palatable to the risk-averse court system. Judges, law enforcement, and companies publish commitments to surveillance actions, argue in zero-knowledge that their behavior is consistent, and compute aggregate surveillance statistics by multi-party computation (MPC). We demonstrate that these primitives perform efficiently at the scale of the federal judiciary. To do so, we implement a hierarchical form of MPC that mirrors the hierarchy of the court system. We also develop statements in succinct zero-knowledge (SNARKs) whose specificity can be tuned to calibrate the amount of information released. All told, our proposal not only offers the court system a flexible range of options for enhancing accountability in the face of necessary secrecy, but also yields a general framework for accountability in a broader class of secret information processes

Interacting with eHealth - Towards grand challenges for HCI

While health records are increasingly stored electronically, we, as citizens, have little access to this data about ourselves. We are not used to thinking of these official records either as ours or as useful to us. We increasingly turn to the Web, however, to query any ache, pain or health goal we may have before consulting with health care professionals. Likewise, for proactive health care such as nutrition or fitness, or to find fellow-sufferers for post diagnosis support, we turn to online resources. There is a potential disconnect between points at which professional and lay eHealth data and resources intersect for preventative or proactive health care. Such gaps in information sharing may have direct impact on practices we decide to take up, the care we seek, or the support professionals offer. In this panel, we consider several places within proactive, preventative health care in particular HCI has a role towards enhancing health knowledge discovery and health support interaction. Our goal is to demonstrate how now is the time for eHealth to come to the forefront of the HCI research agenda

Web Science

Our understanding of the Web has not kept pace with its development. It is engineered using formally specified languages and protocols, but has large scale effects on society. Certain human activities – including education – have been altered irretrievably. This article argues for the development of the discipline of Web Science, to understand the reciprocal relationship between the Web and society at a number of scales, from technical protocols to emergent social behaviour, to ensure that the Web’s growth will continue, and will benefit society. The need for both analysis and engineering demands an inherently interdisciplinary approach. With this in mind, a new Web Science Research Initiative is briefly described