Vulnerable Software: Product-Risk Norms and the Problem of Unauthorized Access

Unauthorized access to online information costs billions of dollars per year. Software vulnerabilities are a key. Software currently contains an unacceptable number of vulnerabilities. The standard solution notes that the typical software business strategy is to keep costs down and be the first to market even if that means the software has significant vulnerabilities. Many endorse the following remedy: make software developers liable for negligent or defective design. This remedy is unworkable. We offer an alternative based on an appeal to product-risk norms. Product-risk norms are social norms that govern the sale of products. A key feature of such norms is that they ensure that the design and manufacture of products impose only acceptable risks on buyers. Unfortunately, mass-market software sales are not governed by appropriate product-risk norms; as result, market conditions exist in which sellers profitably offer vulnerability-ridden software. This analysis entails a solution: ensure that appropriate norms exist. We contend that the best way to do so is a statute based on best practices for software development, and we define the conditions under which the statute would give rise to the desired norm. Why worry about creating the norm? Why not just legally require that software developers conform to best practices. The answer is that enforcement of legal’s requirement can be difficult, costly, and uncertain; once the norm is in place, however, buyers and software developers conform on their own initiative

Self, Privacy, and Power: Is It All Over?

The realization of a multifaceted self is an ideal one strives to realize. One realizes such a self in large part through interaction with others in various social roles. Such realization requires a significant degree of informational privacy. Informational privacy is the ability to determine for yourself when others may collect and how they may use your information. The realization of multifaceted selves requires informational privacy in public. There is no contradiction here: informational privacy is a matter of control, and you can have such control in public. Current information processing practices greatly reduce privacy in public thereby threatening the realization of multifaceted selves. To understand way this is happening and to figure out how to respond, we analyze the foundations of privacy in public. Privacy in public consists in privacy by obscurity and privacy by voluntary restraint. Privacy by obscurity is essentially a matter of getting lost in the crowd. Privacy by voluntary restraint was perhaps first explicitly discussed by the great nineteen century sociologist, Georg Simmel. He was impressed by the fact that people voluntary limit their knowledge of each other as interact in various social roles. Merchants and customers, students and teachers, restaurant customers and waiters, for example, typically exchange only the information necessary to their interaction in those roles and voluntarily refrain from requesting, disclosing, or otherwise discovering more. Advances in information processing have greatly reduced both privacy by obscurity and privacy by voluntary restraint. We focus on the latter. One reason is that, as privacy by obscurity declines, the need for privacy in public by voluntary restraint increases. We confine our attention to the private sector; however, given the current corporate-government surveillance partnership, constraining private information processing is an essential part of constraining governmental processing. Unlike privacy by obscurity, you need the cooperation of others to realize privacy by voluntary restraint. We explain the cooperation by appeal to informational norms, norms that define contextually varying permissions and restrictions on the collection, use, and distribution of information. Norm-implemented coordination is essential to privacy in public (in the form of voluntary restraint), and it is this coordination that advances in information processing and related business practices undermined. This happens in two ways. First, businesses exploit existing norms to create a debased form of “coordination” that serves their interests while eroding privacy in public. Second, technology-driven business innovation has created new forms of interaction not governed by relevant information norms. This lack of norms means the lack the coordination essential to privacy in public. As privacy in public disappears, multifaceted selves face the threat of disappearing—literally—from the scene. The solution is to establish norms that ensure sufficient privacy in public. We conclude by considering the prospects for doing so. Our results are highly relevant to the proper legal approach to privacy. A critical task for legal regulation, as well as public policy generally, is the creation of appropriate informational norms. One of our primary motives is to reorient privacy regulation toward that task

Vulnerable Software: Product-Risk Norms and the Problem of Unauthorized Access

Unauthorized access to online information costs billions of dollars per year. Software vulnerabilities are a key. Software currently contains an unacceptable number of vulnerabilities. The standard solution notes that the typical software business strategy is to keep costs down and be the first to market even if that means the software has significant vulnerabilities. Many endorse the following remedy: make software developers liable for negligent or defective design. This remedy is unworkable. We offer an alternative based on an appeal to product-risk norms. Product-risk norms are social norms that govern the sale of products. A key feature of such norms is that they ensure that the design and manufacture of products impose only acceptable risks on buyers. Unfortunately, mass-market software sales are not governed by appropriate product-risk norms; as result, market conditions exist in which sellers profitably offer vulnerability-ridden software. This analysis entails a solution: ensure that appropriate norms exist. We contend that the best way to do so is a statute based on best practices for software development, and we define the conditions under which the statute would give rise to the desired norm. Why worry about creating the norm? Why not just legally require that software developers conform to best practices. The answer is that enforcement of legal’s requirement can be difficult, costly, and uncertain; once the norm is in place, however, buyers and software developers conform on their own initiative

The Self, the Stasi, the NSA: Privacy, Knowledge, and Complicity in the Surveillance State

We focus on privacy in public. The notion dates back over a century, at least to the work of the German sociologist, Georg Simmel. Simmel observed that people voluntarily limit their knowledge of each other as they interact in a wide variety of social and commercial roles, thereby making certain information private relative to the interaction even if it is otherwise publicly available. Current governmental surveillance in the US (and elsewhere) reduces privacy in public. But to what extent? The question matters because adequate self-realization requires adequate privacy in public. That in turn depends on informational norms, social norms that govern the collection, use, and distribution of information. Adherence to such norms is constitutive of a variety of relationships in which parties coordinate their use of information. Examples include student/teacher, and journalist/confidential source. Current surveillance undermines privacy in public by undermining norm-enabled coordination. The 1950 to 1990 East German Stasi illustrates the threat to self-realization. The “hidden, but for every citizen tangible omnipresence of the Stasi, damaged the very basic conditions for individual and societal creativity and development: Sense of one’s self, Trust, Spontaneity.” The United States is not East Germany, but it is on the road that leads there. And that raises the question of how far down that road it has traveled. To support the “on the road” claim and answer the “how far” question, we turn to game-theoretic studies of the Assurance Game (more popularly known as the Stag Hunt). We combine our analysis of that game with a characterization of current governmental surveillance that in terms of five concepts: knowledge, use, merely knowing, complicity, and uncertainty. All five combine to undermine norm-enabled coordination. The Assurance Game shows how use—both legitimate and not legitimate—leads to discoordination. Enough discoordination would lead to a Stasi-like world. But will that happen? A comparison with the Stasi shows cause for concern. The United States possess a degree of knowledge about its citizens that the Stasi could only dream of. Moreover—perhaps—it arguably surpasses the Stasi in complicity, even though Stasi informants “spied on friends, workmates, neighbours and family members. Husbands spied on wives.” The Stasi only clearly exceeded the United States in repressive use. While it is difficult to predict the future of surveillance, we conclude with three probable scenarios. In only one is there an adequate degree of privacy in public

Multilevel Quasi-Monte Carlo Methods for Lognormal Diffusion Problems

In this paper we present a rigorous cost and error analysis of a multilevel estimator based on randomly shifted Quasi-Monte Carlo (QMC) lattice rules for lognormal diffusion problems. These problems are motivated by uncertainty quantification problems in subsurface flow. We extend the convergence analysis in [Graham et al., Numer. Math. 2014] to multilevel Quasi-Monte Carlo finite element discretizations and give a constructive proof of the dimension-independent convergence of the QMC rules. More precisely, we provide suitable parameters for the construction of such rules that yield the required variance reduction for the multilevel scheme to achieve an $\varepsilon$-error with a cost of $\mathcal{O}(\varepsilon^{-\theta})$ with $\theta < 2$, and in practice even $\theta \approx 1$, for sufficiently fast decaying covariance kernels of the underlying Gaussian random field inputs. This confirms that the computational gains due to the application of multilevel sampling methods and the gains due to the application of QMC methods, both demonstrated in earlier works for the same model problem, are complementary. A series of numerical experiments confirms these gains. The results show that in practice the multilevel QMC method consistently outperforms both the multilevel MC method and the single-level variants even for non-smooth problems.Comment: 32 page