Converging technologies and de-perimeterisation: towards risky active insulation

In converging technologies (Roco and Bainbridge, 2003), boundaries between previously separated technologies become permeable. A similar process is also taking place within information technology. In what is called de-perimeterisation (Jericho Forum, 2005), the boundaries of the information infrastructures of organisations dissolve. Where previously a firewall was used to separate the untrusted outside from the trusted inside, outsourcing of information management and mobility of employees make it impossible to rely on such a clearly located security perimeter. In this paper, we ask the question to what extent these developments represent a similar underlying shift in design assumptions, and how this relates to risk management (cf. Perrow, 1999). We investigate this question from the perspective of the system theory of Niklas Luhmann (1979, 1988, 2005 [1993])

What proof do we prefer? Variants of verifiability in voting

In this paper, we discuss one particular feature of Internet voting, verifiability, against the background of scientific literature and experiments in the Netherlands. In order to conceptually clarify what verifiability is about, we distinguish classical verifiability from constructive veriability in both individual and universal verification. In classical individual verifiability, a proof that a vote has been counted can be given without revealing the vote. In constructive individual verifiability, a proof is only accepted if the witness (i.e. the vote) can be reconstructed. Analogous concepts are de- fined for universal veriability of the tally. The RIES system used in the Netherlands establishes constructive individual verifiability and constructive universal verifiability, whereas many advanced cryptographic systems described in the scientific literature establish classical individual verifiability and classical universal verifiability. If systems with a particular kind of verifiability continue to be used successfully in practice, this may influence the way in which people are involved in elections, and their image of democracy. Thus, the choice for a particular kind of verifiability in an experiment may have political consequences. We recommend making a well-informed democratic choice for the way in which both individual and universal verifiability should be realised in Internet voting, in order to avoid these unconscious political side-effects of the technology used. The safest choice in this respect, which maintains most properties of current elections, is classical individual verifiability combined with constructive universal verifiability. We would like to encourage discussion about the feasibility of this direction in scientific research

Vulnerabilities and responsibilities: dealing with monsters in computer security

Purpose – The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.\ud \ud Design/methodology/approach – Vulnerabilities in information security are compared to the concept of “monster” introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.\ud \ud Findings – It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.\ud \ud Research limitations/implications – The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.\ud \ud Practical implications – The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.\ud \ud Originality/value – This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk

Ethics of e-voting: an essay on requirements and values in Internet elections

In this paper, we investigate ethical issues involved in the development and implementation of Internet voting technology. From a phenomenological perspective, we describe how voting via the Internet mediates the relation between people and democracy. In this relation, trust plays a major role. The dynamics of trust in the relation between people and their world forms the basis for our analysis of the ethical issues involved. First, we consider established principles of voting, confirming the identity of our democracy, which function as expectations in current experiments with online voting in the Netherlands. We investigate whether and how Internet voting can meet these expectations and thereby earn trust, based on the experiments in the Netherlands. We identify major challenges, and provide a basis for ethical and political discussion on these issues, especially the changed relation between public and private. If we decide that we want to vote via the Internet, more practical matters come into play in the implementation of the technology. The choices involved here are discussed in relation to the mediating role of concrete voting technologies in the relation between citizen and state

Vote buying revisited: implications for receipt-freeness

In this paper, we analyse the concept of vote buying based on examples that try to stretch the meaning of the concept. Which ex- amples can still be called vote buying, and which cannot? We propose several dimensions that are relevant to qualifying an action as vote buy- ing or not. As a means of protection against vote buying and coercion, the concept of receipt-freeness has been proposed. We argue that, in or- der to protect against a larger set of vote buying activities, the concept of receipt-freeness should be interpreted probabilistically. We propose a general definition of probabilistic receipt-freeness by adapting existing definitions of probabilistic anonymity to voting

E-voting discourses in the UK and the Netherlands

A qualitative case study of the e-voting discourses in the UK and the Netherlands was performed based on the theory of strategic niche management. In both countries, eight e-voting experts were interviewed on their expectations, risk estimations, cooperation and learning experiences. The results show that differences in these variables can partly explain the variations in the embedding of e-voting in the two countries, from a qualitative point of view

Statically checking confidentiality via dynamic labels

This paper presents a new approach for verifying confidentiality for programs, based on abstract interpretation. The framework is formally developed and proved correct in the theorem prover PVS. We use dynamic labeling functions to abstractly interpret a simple programming language via modification of security levels of variables. Our approach is sound and compositional and results in an algorithm for statically checking confidentiality

Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language

RIES: Internet voting in action

RIES stands for Rijnland Internet Election System. It is an online voting system that was developed by one of the Dutch local authorities on water management. The system has been used twice in the fall of 2004 for in total approximately two million potential voters. In this paper we describe how this system works. Furthermore we do not only describe how the outcome of the elections can be verified but also how it has been verified by us. To conclude the paper we describe some possible points for improvement

La volonté machinale: understanding the electronic voting controversy

Contains fulltext : 32048_voloma.pdf (publisher's version ) (Open Access)Radboud Universiteit Nijmegen, 21 januari 2008Promotor : Jacobs, B.P.F. Co-promotores : Poll, E., Becker, M.226 p