Information technology: gateway to direct democracy in China and the world

The world watches as China moves towards greater democracy. The question in everyone's minds, including Chinese themselves, is “what model will China arrive at, at the journey's end?” There are many lessons to be learnt from other countries, some positive (Tanzania) and some negative (Laos). The United States has no doubts about the “goodness” of its own model but their unthinking belief in the superiority of their model should not be accepted at face value. The Chinese government and people will understandably be considering various different models very carefully, so that they can choose the best possible model for their country, and their own context. In this paper we will consider why current Western models of constitution should be viewed with caution by China as it attempts to move towards an improved socialist democracy. The paper considers the electronic voting system used in the US presidential elections, and draws attention to the opportunities for vote rigging that this type of electronic voting facilitates. It also looks at models of democracy used in the ancient world, and compares these with modern systems. Finally, it presents a secure and anonymous mechanism for electronic voting on issues of concern to the population. We conclude by sounding a note of caution about the dangers of plebiscites being used as rubber stamps by dictators if there are inadequate controls over who puts issues to the vote

HandiVote: simple, anonymous, and auditable electronic voting

We suggest a set of procedures utilising a range of technologies by which a major democratic deficit of modern society can be addressed. The mechanism, whilst it makes limited use of cryptographic techniques in the background, is based around objects and procedures with which voters are currently familiar. We believe that this holds considerable potential for the extension of democratic participation and control

An algorithm for automatically choosing distractors for recognition based authentication using minimal image types

<p>When a user logs on to a recognition based authentication system, he or she is presented with a number of images, one of which is their pass image and the others are distractors. The user must recognise and select their own image to enter the system. If any of the distractors is too similar to the target, the user is likely to become confused and may well choose a distractor by mistake.</p> <p>It is simple for humans to rule on image similarity but such a labour intensive approach hinders the wider uptake of these mechanisms. Automating image similarity detection is a challenging problem but somewhat easier when the images being used are minimal image types such as hand drawn doodles and Mikons constructed using a computer tool.</p> <p>We have developed an algorithm, which has been reported earlier, to automatically detect if two doodle images are similar. This paper reports a new experiment to discover the amount of similarity in collections of doodles and Mikons, from a human perspective. This information is used to improve the algorithm and confirm that it also works well with Mikons.</p&gt

Tailoring e-commerce sites to ease recovery after disruptions

Developers of e-commerce applications are often unrealistic about how their Web site is going to be used, and about possible outcomes during site usage. The most commonly considered outcomes of a user's visit to a site are firstly that the visit culminates in a sale, and secondly that the user leaves the site without buying anything - perhaps to return later. In the second case, sites often "remember" any accumulated items so that a shopper can return at a later stage to resume shopping. In this paper, we consider certain disruptions, such as breakdowns, problems caused by human errors and interruptions, which could affect the outcome of the e-commerce shopping experience. These events have definite and possibly long-lasting effects on users, and applications should therefore be developed to cater for these eventualities so as to enhance the usability of the site and encourage further usage. We develop a model for analysing e-commerce application usage and, using this model, propose an evaluation strategy for determining whether an e-commerce site is resistant to such factors. The proposed evaluation mechanism is applied to three sites to arrive at what we call a "disruption-resistance score"

POINTER:a GDPR-compliant framework for human pentesting (for SMEs)

Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs

Electronic plebiscites

We suggest a technology and set of procedures by which a major democratic de?cit of modern society can be addressed. The mechanism, whilst it makes limited use of cryptographic techniques in the background, is based around objects and procedures with which voters are currently familiar. We believe that systems like this hold considerable potential for the extension of democratic participation and control

Patterns of information security postures for socio-technical systems and systems-of-systems

This paper describes a proposal to develop patterns of security postures for computer based socio-technical systems and systems-of-systems. Such systems typically span many organisational boundaries, integrating multiple computer systems, infrastructures and organisational processes. The paper describes the motivation for the proposed work, and our approach to the development, specification, integration and validation of security patterns for socio-technical and system-of-system scale systems

Memorable And Secure: How Do You Choose Your PIN?

Managing all your PINs is difficult. Banks acknowledge this by allowing and facilitating PIN changes. However, choosing secure PINs is a difficult task for humans as they are incapable of consciously generating randomness. This leads to certain PINs being chosen more frequently than others, which in turn increases the danger of someone else guessing correctly. We investigate different methods of supporting PIN changes and report on an evaluation of these methods in a study with 152 participants. Our contribution is twofold: We introduce an alternative to system-generated random PINs, which considers people’s preferred memorisation strategy, and, secondly, we provide indication that presenting guidance on how to avoid insecure PINs does indeed nudge people towards more secure PIN choices when they are in the process of changing their PINs

Climate change adaptation and vulnerability assessment of water resources systems in developing countries: a generalized framework and a feasibility study in Bangladesh

Water is the primary medium through which climate change influences the Earth’s ecosystems and therefore people’s livelihoods and wellbeing. Besides climatic change, current demographic trends, economic development and related land use changes have direct impact on increasing demand for freshwater resources. Taken together, the net effect of these supply and demand changes is affecting the vulnerability of water resources. The concept of ‘vulnerability’ is not straightforward as there is no universally accepted approach for assessing vulnerability. In this study, we review the evolution of approaches to vulnerability assessment related to water resources. From the current practices, we identify research gaps, and approaches to overcome these gaps a generalized assessment framework is developed. A feasibility study is then presented in the context of the Lower Brahmaputra River Basin (LBRB). The results of the feasibility study identify the current main constraints (e.g., lack of institutional coordination) and opportunities (e.g., adaptation) of LBRB. The results of this study can be helpful for innovative research and management initiatives and the described framework can be widely used as a guideline for the vulnerability assessment of water resources systems, particularly in developing countries

Experience with statically-generated proxies for facilitating Java runtime specialisation

Issues pertaining to mechanisms which can be used to change the behaviour of Java classes at runtime are discussed. The proxy mechanism is compared to, and contrasted with other standard approaches to this problem. Some of the problems the proxy mechanism is subject to are expanded upon. The question of whether statically-developed proxies are a viable alternative to bytecode rewriting was investigated by means of the JavaCloak system, which uses statically-generated proxies to alter the runtime behaviour of externally-developed code. The issues addressed include ensuring the type safety, dealing with the self problem, object encapsulation, and issues of object identity and equality. Some performance figures are provided which demonstrate the load the JavaCloak proxy mechanism places on the system