3,396 research outputs found
Converging technologies and de-perimeterisation: towards risky active insulation
In converging technologies (Roco and Bainbridge, 2003), boundaries between previously separated technologies become permeable. A similar process is also taking place within information technology. In what is called de-perimeterisation (Jericho Forum, 2005), the boundaries of the information infrastructures of organisations dissolve. Where previously a firewall was used to separate the untrusted outside from the trusted inside, outsourcing of information management and mobility of employees make it impossible to rely on such a clearly located security perimeter. In this paper, we ask the question to what extent these developments represent a similar underlying shift in design assumptions, and how this relates to risk management (cf. Perrow, 1999). We investigate this question from the perspective of the system theory of Niklas Luhmann (1979, 1988, 2005 [1993])
What proof do we prefer? Variants of verifiability in voting
In this paper, we discuss one particular feature of Internet
voting, verifiability, against the background of scientific
literature and experiments in the Netherlands. In order
to conceptually clarify what verifiability is about, we distinguish
classical verifiability from constructive veriability in
both individual and universal verification. In classical individual
verifiability, a proof that a vote has been counted can
be given without revealing the vote. In constructive individual
verifiability, a proof is only accepted if the witness (i.e.
the vote) can be reconstructed. Analogous concepts are de-
fined for universal veriability of the tally. The RIES system
used in the Netherlands establishes constructive individual
verifiability and constructive universal verifiability,
whereas many advanced cryptographic systems described
in the scientific literature establish classical individual
verifiability and classical universal verifiability.
If systems with a particular kind of verifiability continue
to be used successfully in practice, this may influence the
way in which people are involved in elections, and their image
of democracy. Thus, the choice for a particular kind
of verifiability in an experiment may have political consequences.
We recommend making a well-informed democratic
choice for the way in which both individual and universal
verifiability should be realised in Internet voting, in
order to avoid these unconscious political side-effects of the
technology used. The safest choice in this respect, which
maintains most properties of current elections, is classical
individual verifiability combined with constructive universal
verifiability. We would like to encourage discussion
about the feasibility of this direction in scientific research
Vulnerabilities and responsibilities: dealing with monsters in computer security
Purpose – The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.\ud
\ud
Design/methodology/approach – Vulnerabilities in information security are compared to the concept of “monster” introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.\ud
\ud
Findings – It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.\ud
\ud
Research limitations/implications – The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.\ud
\ud
Practical implications – The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.\ud
\ud
Originality/value – This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk
Ethics of e-voting: an essay on requirements and values in Internet elections
In this paper, we investigate ethical issues involved in the development and implementation of
Internet voting technology. From a phenomenological perspective, we describe how voting via the
Internet mediates the relation between people and democracy. In this relation, trust plays a major
role. The dynamics of trust in the relation between people and their world forms the basis for our
analysis of the ethical issues involved. First, we consider established principles of voting,
confirming the identity of our democracy, which function as expectations in current experiments
with online voting in the Netherlands. We investigate whether and how Internet voting can meet
these expectations and thereby earn trust, based on the experiments in the Netherlands. We identify
major challenges, and provide a basis for ethical and political discussion on these issues, especially
the changed relation between public and private. If we decide that we want to vote via the Internet,
more practical matters come into play in the implementation of the technology. The choices
involved here are discussed in relation to the mediating role of concrete voting technologies in the
relation between citizen and state
Vote buying revisited: implications for receipt-freeness
In this paper, we analyse the concept of vote buying based
on examples that try to stretch the meaning of the concept. Which ex-
amples can still be called vote buying, and which cannot? We propose
several dimensions that are relevant to qualifying an action as vote buy-
ing or not. As a means of protection against vote buying and coercion,
the concept of receipt-freeness has been proposed. We argue that, in or-
der to protect against a larger set of vote buying activities, the concept
of receipt-freeness should be interpreted probabilistically. We propose a
general definition of probabilistic receipt-freeness by adapting existing
definitions of probabilistic anonymity to voting
E-voting discourses in the UK and the Netherlands
A qualitative case study of the e-voting discourses in the UK and the Netherlands was performed based on the theory of strategic niche management. In both countries, eight e-voting experts were interviewed on their expectations, risk estimations, cooperation and learning experiences. The results show that differences in these variables can partly explain the variations in the embedding of e-voting in the two countries, from a qualitative point of view
Statically checking confidentiality via dynamic labels
This paper presents a new approach for verifying confidentiality
for programs, based on abstract interpretation. The
framework is formally developed and proved correct in the
theorem prover PVS. We use dynamic labeling functions
to abstractly interpret a simple programming language via
modification of security levels of variables. Our approach
is sound and compositional and results in an algorithm for
statically checking confidentiality
Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain
The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness.
An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means.
This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language
RIES: Internet voting in action
RIES stands for Rijnland Internet Election System. It is an online voting system that was developed by one of the Dutch local authorities on water management. The system has been used twice in the fall of 2004 for in total approximately two million potential voters. In this paper we describe how this system works. Furthermore we do not only describe how the outcome of the elections can be verified but also how it has been verified by us. To conclude the paper we describe some possible points for improvement
La volonté machinale: understanding the electronic voting controversy
Contains fulltext :
32048_voloma.pdf (publisher's version ) (Open Access)Radboud Universiteit Nijmegen, 21 januari 2008Promotor : Jacobs, B.P.F. Co-promotores : Poll, E., Becker, M.226 p
- …