957 research outputs found
Proximity Tracing in an Ecosystem of Surveillance Capitalism
Proximity tracing apps have been proposed as an aide in dealing with the
COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons
from mobile devices to build a record of proximate encounters between a pair of
device owners. The underlying protocols are known to suffer from false positive
and re-identification attacks. We present evidence that the attacker's
difficulty in mounting such attacks has been overestimated. Indeed, an attacker
leveraging a moderately successful app or SDK with Bluetooth and location
access can eavesdrop and interfere with these proximity tracing systems at no
hardware cost and perform these attacks against users who do not have this app
or SDK installed. We describe concrete examples of actors who would be in a
good position to execute such attacks. We further present a novel attack, which
we call a biosurveillance attack, which allows the attacker to monitor the
exposure risk of a smartphone user who installs their app or SDK but who does
not use any contact tracing system and may falsely believe that they have opted
out of the system.
Through traffic auditing with an instrumented testbed, we characterize
precisely the behaviour of one such SDK that we found in a handful of
apps---but installed on more than one hundred million mobile devices. Its
behaviour is functionally indistinguishable from a re-identification or
biosurveillance attack and capable of executing a false positive attack with
minimal effort. We also discuss how easily an attacker could acquire a position
conducive to such attacks, by leveraging the lax logic for granting permissions
to apps in the Android framework: any app with some geolocation permission
could acquire the necessary Bluetooth permission through an upgrade, without
any additional user prompt. Finally we discuss motives for conducting such
attacks
Understanding the social in a digital age
Datafication, algorithms, social media and their various assemblages enable massive connective processes, enriching personal interaction and amplifying the scope and scale of public networks. At the same time, surveillance capitalists and the social quantification sector are committed to monetizing every aspect of human communication, all of which threaten ideal social qualities, such as togetherness and connection. This Special Issue brings together a range of voices and provocations around ‘the social’, all of which aim to critically interrogate mediated human connection and their contingent socialities. Conventional methods may no longer be adequate, and we must rethink not only the fabric of the social but the very tools we use to make sense of our changing social formations. This Special Issue raises shared concerns with what the social means today, unpicking and rethinking the seams between digitization and social life that characterize today’s digital age
Principles for the socially responsible use of conservation monitoring technology and data
Wildlife conservation and research benefits enormously from automated and interconnected monitoring tools. Some of these tools, such as drones, remote cameras, and social media, can collect data on humans, either accidentally or deliberately. They can therefore be thought of as conservation surveillance technologies (CSTs). There is increasing evidence that CSTs, and the data they yield, can have both positive and negative impacts on people, raising ethical questions about how to use them responsibly. CST use may accelerate because of the COVID-19 pandemic, adding urgency to addressing these ethical challenges. We propose a provisional set of principles for the responsible use of such tools and their data: (a) recognize and acknowledge CSTs can have social impacts; (b) deploy CSTs based on necessity and proportionality relative to the conservation problem; (c) evaluate all potential impacts of CSTs on people; (d) engage with and seek consent from people who may be observed and/or affected by CSTs; (e) build transparency and accountability into CST use; (f) respect peoples' rights and vulnerabilities; and (g) protect data in order to safeguard privacy. These principles require testing and could conceivably benefit conservation efforts, especially through inclusion of people likely to be affected by CSTs.Peer reviewe
Market research & the ethics of big data
The term ‘big data’ has recently emerged to describe a range of technological and
commercial trends enabling the storage and analysis of huge amounts of customer data,
such as that generated by social networks and mobile devices. Much of the commercial
promise of big data is in the ability to generate valuable insights from collecting new
types and volumes of data in ways that were not previously economically viable. At the
same time a number of questions have been raised about the implications for individual
privacy. This paper explores key perspectives underlying the emergence of big data and
considers both the opportunities and ethical challenges raised for market research
Towards a Sustainable Governance of Information Systems: Devising a Maturity Assessment Tool of Eco-Responsibility Inspired by the Balanced Scorecard
Part 3: Section 2: Sustainable and Responsible InnovationInternational audienceThe assessment of the maturity of Information System (IS) regarding its contribution to corporate social responsibility policy is considered as a stake for organizations. However, few research efforts have been dedicated to this evaluation and even less to the elaboration of a management tool. This paper adopts an engineering perspective to develop a performance assessment approach in this field. Theoretically, this communication (1) mobilizes the methodology of engineering research to build a measurement system of the IS maturity in relation to the economic, social and environmental performance, (2) extends the researches about the sustainable balanced scorecard (SBSC) to the field of IS governance. Practically, this study provides organizations with a global approach to this complex phenomenon as well as a guide to assess it. The originality of this research lies in the application of the conceptual framework of the SBSC to a new research domain
Identity and technology: Organizational control of knowledge-intensive work
Much has been written about the functioning of managerial ideologies in identity-based organizational control. However, less attention has been given to the role of information and communication technologies (ICTs) and identity defined by a technological discourse in regulating knowledge-intensive work. The purpose of this research is to examine the roles of identity and ICTs in the control of knowledge-intensive work. A case study of a technology service organization reveals that the construction and consumption of a technologist identity operate as organizational control, and that ICTs enable the functioning of a dialectic of technological control. This study also demonstrates the paradoxical nature of work knowledge that both empowers and controls knowledge-workers
Recommended from our members
The ownership of digital infrastructure: Exploring the deployment of software libraries in a digital innovation cluster
Boundary resources have been shown to enable the arm’s-length relationships between platform owners and third-party developers that underlie digital innovation in platform ecosystems. While boundary resources that are owned by open-source communities and smaller-scale software vendors are also critical components in the digital infrastructure, their role in digital innovation has yet to be systematically explored. In particular, software libraries are popular boundary resources that provide functionality without the need for continued interaction with their owners. They are used extensively by commercial vendors to enable customization of their software products, by communities to disseminate open-source software, and by big-tech platform owners to provide functionality that does not involve control. This paper reports on the deployment of such software libraries in the web and mobile (Android) contexts by 107 startup companies in London. Our findings show that libraries owned by big-tech companies, product vendors, and communities coexist; that the deployment of big-tech libraries is unaffected by the scale of the deploying startup; and that context evolution paths are consequential for library deployment. These findings portray a balanced picture of digital infrastructure as neither the community-based utopia of early open-source research nor the dystopia of the recent digital dominance literature
- …