Ethical and Unethical Hacking

The goal of this chapter is to provide a conceptual analysis of ethical, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normativelyadequate nomenclature. ‘Ethical hackers’ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackers’ individual ethics in morally debatable, grey zones

A formalized model of the Trace

This work proposes a formalized model, grounded in forensic science, to support a unified understanding of the Trace across scientific disciplines. The model is precisely defined in mathematical terms that reflect the dynamics of an offense as expressed in Locard’s Exchange principle. Specifically, this mathematical ap-proach represents the Trace as the modification of a Scene, subsequently perceptible, resulting from the Event under investigation. Examples are provided to illustrate how this conceptualization applies to for-ensic science, including DNA and digital evidence. Broader implications of this model are presented in the context of COVID-19, emphasizing the value of cohesive scientific study of the Trace. The aim of this work is to stimulate more formalized study of the Trace, both from tangible and abstract perspectives, and to strengthen forensic science as a whole

Do Identities Matter?

It is difficult to overstate the importance of identity in the digital age, as well as the importance of digitized information for identity. In order to advance security, liberty, and privacy in modern society, it is crucial to understand the nuances of what identity means and how it is used and abused. This article defines identity, covering both physical and virtual entities, which is relevant in diverse contexts such as forensic science, cybersecurity, and national security. This article concentrates on the relevance of identity in forensic science, and provides illustrative examples. Approaches and challenges to evaluating and expressing confidence in identity-related conclusions are discussed. Privacy issues are considered along with the rising risks of identity usurpation and impersonation. Relationships between identification of physical and virtual entities are addressed, including the weaknesses and strengths of digital information alone, and the benefits of combining multiple forensic disciplines when assessing identity. This article concludes with a consideration of the benefits for forensic science specifically, and society generally, to take a pluridisciplinary approach to establishing identity

A Framework for Harmonizing Forensic Science Practices and Digital/Multimedia Evidence

Like many other specializations within forensic science, the digital/multimedia discipline has been challenged with respect to demonstrating that the processes, activities, and techniques used are sufficiently scientific. To address this issue, in April 2015, the Organization of Scientific Area Committees for Forensic Science (OSAC) Digital/Multimedia Scientific Area Committee (SAC) established a Task Group (TG). This document summarizes the work of the TG that grew into establishing a harmonizing framework for forensic science practices and digital/multimedia evidence. The TG researched and deliberated on the essential elements of digital/multimedia science, the nature of evidence examined, the overarching scientific principles and reasoning processes, the questions addressed by core forensic processes, and the activities and techniques which support the core forensic processes. It reviewed a large volume of pertinent literature, conducted interviews of practitioners, academics, and other interested parties. Over a three-year period and many hours of debate, more than 40 discussion drafts were produced. The TG determined that digital/multimedia evidence, and other forensic disciplines, would be in a much stronger position to demonstrate their scientific basis as a harmonized forensic science rather than as mere disciplines at the intersection of forensic specialties and other sciences. The value of forensic science as a whole is that it uses scientific reasoning and processes within the framework articulated in this document to address questions – specific to an event or a case – for legal contexts, to provide decision-makers with trustworthy understanding of the traces in order to help them make decisions. The TG considered how the definitions and framework developed in the context of digital/multimedia evidence mesh with forensic science as a whole. The present document describes the concept of traces as the core nature of forensic evidence and the fundamental object of study in forensic science. It proposes a broad definition of forensic science, not limited to legal problems in civil and criminal justice systems (courtroom contexts), and describes the different types of reasoning that play a significant role in forensic science. Then it defines five core forensic processes, seven forensic activities, and three operational techniques. The formalization of forensic science reasoning processes and outcomes in this work leads to increased reliability, repeatability, and validation in forensic results. This, in turn, gives decision-makers increased confidence in and understanding of forensic results. The resulting definitions and framework can be used to harmonize concepts and practices within digital/multimedia science, and are likely applicable to most forensic disciplines. As such, this work may be useful in articulating their scientific basis, and promoting forensic science as one science, which is more than the union of a patchwork of forensic disciplines. The new paradigm created by the digital realm brings a unique opportunity to revisit fundamental definitions in forensic science and to strengthen the identity of forensic science as a whole, unified by common principles and processes that can address questions for legal contexts. This document represents the conclusions and recommendations of the TG as of the date of its writing. The work continues and future versions of this document can be expected to contain new observations and updated conclusions

Canvas White Paper 2 Cybersecurity and Law

This White Paper explores the legal dimensions of the European Union (EU)’s value-driven cybersecurity by investigating the notions of ‘value-driven’ and ‘cybersecurity’ from the perspective of EU law. It starts with a general overview of legal issues in current value-driven cybersecurity debates (Chapter 2), showing how values embedded within the framework of EU governing treaties have evolved during the integration process, and the important role they play in the cybersecurity regulation at EU level. Chapter 3 of the White Paper is devoted to the main critical challenges in this area: 1) the varied and sometimes unclear uses of the term ‘cybersecurity’, 2) the roles of stakeholders and the cooperation between them, and the 3) securitization of EU values and interests through cybersecurity rules. Chapter 4 points out and describes specific controversies concerning cybersecurity regulation in the EU. Ten disputed issues are given particular attention: 1) the functioning of human rights as drivers for EU regulation, 2) the regulation of risks to society through individual risk identification and proactive action, 3) the attribution of roles to different stakeholders, 4) how individuals are being awarded with more rights, 5) controllership of data, 6) copyright protection, 7) regulation of online content, 8) the use of encryption, 9) permissibility of massive and generalised surveillance of individuals and 10) counterterrorism measures. Chapter 5 summarises the main findings of the literature review. The White Paper recognises that legislative and policy measures within the cybersecurity domain challenge EU fundamental rights and principles, stemming from EU values. The White Paper concludes that with the constantly growing number of EU measures governing the cybersecurity domain, the embedment of EU values enshrined in the EU Charter within these measures take place both on an ex ante and an ex post basis