Abstract Eliciting Confidentiality Requirements in Practice

Confidentiality, the protection of unauthorized disclosure of information, plays an important role in information security of software systems. Security researchers have developed numerous approaches on how to implement confidentiality, typically based on cryptographic algorithms and tight access control. However, less work has been done on defining systematic methods on how to elicit and define confidentiality requirements in the first place. Moreover, most of these approaches are illustrated with simulated examples that do not capture the richness of real world experience. This paper reports on our experiences eliciting confidentiality requirements in a real world project in the health care area. The method applied originates from the M.Sc. thesis of one of the authors and is still considered work in progress. Still, valuable insight into issues of confidentiality requirements engineering can be gained Copyright c ○ 2005 S. Güerses and all other authors named above. Permission to copy is hereby granted provided the original copyright notice is reproduced in copies made. from this case study and we expect that its publication will become a basis for discussion and the definition of a further research agenda in this area.

Crypto and empire: the contradictions of counter-surveillance advocacy

Since Edward Snowden’s revelations of US and UK surveillance programs, privacy advocates, progressive security engineers, and policy makers have been seeking to win majority support for countering surveillance. The problem is framed as the replacement of targeted surveillance with mass surveillance programs, and the solutions put forward are predominantly technical and involve the use of encryption – or ‘crypto’ – as a defense mechanism. The counter-surveillance movement is timely and deserves widespread support. However, as this article will argue and illustrate, raising the specter of an Orwellian system of mass surveillance, shifting the discussion to the technical domain, and couching that shift in economic terms undermine a political reading that would attend to the racial, gendered, classed, and colonial aspects of the surveillance programs. Our question is as follows: how can this specific discursive framing of counter-surveillance be re-politicized and broadened to enable a wider societal debate informed by the experiences of those subjected to targeted surveillance and associated state violence

Laws on Robots, Laws by Robots, Laws in Robots:Regulating Robot Behaviour by Design

Speculation about robot morality is almost as old as the concept of a robot itself. Asimov’s three laws of robotics provide an early and well-discussed example of moral rules robots should observe. Despite the widespread influence of the three laws of robotics and their role in shaping visions of future robo-dense worlds, these laws have been neglected as futuristic by hands-on roboticists who have been busy with addressing less abstract questions about robots’ behaviour concerning space locomotion, obstacles avoidance, automatic learning, among others. Between morality and function lies a vast gap. When robots enter our everyday lives they will have to observe social and legal norms. For example, social robots in the hospitals are expected to observe social rules (they should not interrupt a mourning family) and robotic dust cleaners scouring the streets for waste as well as automated cars will have to observe traffic regulation. In this article we elaborate on the various ways in which robotic behaviour is regulated. We distinguish between imposing regulations on robots, imposing regulation by robots, and imposing regulation in robots. In doing this, we distinguish regulation that aims at influencing human behaviour and regulation whose scope is robots’ behaviour. We claim that the artificial agency of robots requires designers and regulators to look at the question of how to regulate robots’ behaviour in a way that renders it compliant with legal norms. Regulation by design offers a means for this. We further explore this idea through the example of automated cars