Technology Assessment of Dual-Use ICTs - How to Assess Diffusion, Governance and Design

Technologies that can be used in military and civilian applications are referred to as dual-use. The dual-use nature of many information and communications technologies (ICTs) raises new questions for research and development for national, international, and human security. Measures to deal with the risks associated with the various dual-use technologies, including proliferation control, design approaches, and policy measures, vary widely. For example, Autonomous Weapon Systems (AWS) have not yet been regulated, while cryptographic products are subject to export and import controls. Innovations in artificial intelligence (AI), robotics, cybersecurity, and automated analysis of publicly available data raise new questions about their respective dual-use risks. Dual-use risks have been systematically discussed so far, especially in the life sciences, which have contributed to the development of methods for assessment and risk management. Dual-use risks arise, among other things, from the fact that safety-critical technologies can be easily disseminated or modified, as well as used as part of a weapon system. Therefore, the development and adaptation of robots and software requires an independent consideration that builds on the insights of related dual-use discourses. Therefore, this dissertation considers the management of such risks in terms of the proliferation, regulation, and design of individual dual-use information technologies. Technology Assessment (TA) is the epistemological framework for this work, bringing together the concepts and approaches of Critical Security Studies (CSS) and Human-Computer Interaction (HCI) to help evaluate and shape dual-use technologies. In order to identify the diffusion of dual-use at an early stage, the dissertation first examines the diffusion of dual-use innovations between civilian and military research in expert networks on LinkedIn, as well as on the basis of AI patents in a patent network. The results show low diffusion and tend to confirm existing studies on diffusion in patent networks. In the following section, the regulation of dual-use technologies is examined in the paper through two case studies. The first study uses a discourse analysis to show the value conflicts with regard to the regulation of autonomous weapons systems using the concept of Meaningful Human Control (MHC), while a second study, as a long-term comparative case study, analyzes the change and consequences of the regulation of strong cryptography in the U.S. as well as the programs of intelligence agencies for mass surveillance. Both cases point to the central role of private companies, both in the production of AWS and as intermediaries for the dissemination of encryption, as well as surveillance intermediaries. Subsequently, the dissertation examines the design of a dual-use technology using an Open Source Intelligence System (OSINT) for cybersecurity. For this purpose, conceptual, empirical, and technical studies are conducted as part of the Value-Sensitive Design (VSD) framework. During the studies, implications for research on and design of OSINT were identified. For example, the representative survey of the German population has shown that transparency of use while reducing mistrust is associated with higher acceptance of such systems. Additionally, it has been shown that data sparsity through the use of expert networks has many positive effects, not only improving the performance of the system, but is also preferable for legal and social reasons. Thus, the work contributes to the understanding of specific dual-use risks of AI, the regulation of AWS and cryptography, and the design of OSINT in cybersecurity. By combining concepts from CSS and participatory design methods in HCI, this work provides an interdisciplinary and multi-method contribution

From Conspiracies to Insults: A Case Study of Radicalisation in Social Media Discourse

Online radicalisation is often linked to discourses on social media. In this context, the question arises how populist online discourses radicalise in social media platforms. With a quantitative content analysis of supporters of the German party "Alternative für Deutschland (AfD)" and their contributions on Facebook between March 2014 and May 2017, this preliminary analysis illustrates how the discourse shifts from a dominantly neutral debate to insult-driven and discriminatory contributions. It provides insights into the dynamic of political social media discourses and shows a tendency of correlating language style and topics that can be further studied in Social Media Analytics

Design eines BCM-Dashboards für kleine und mittlere Unternehmen

Business Continuity Management (BCM) ist definiert als ganzheitlicher Managementprozess, der potenzielle Bedrohungen für Organisationen und die Auswirkungen ermittelt, sowie ein Gerüst zum Aufbau der Belastbarkeit einer Organisation bereitstellt. Bereits existierende Ansätze in der Forschung legen den Fokus allerdings auf große Konzerne, während die Umsetzung eines BCM-Konzepts für kleine und mittlere Unternehmen (KMU) oft an den knappen finanziellen und personellen Ressourcen, aber auch an der Komplexität des BCM scheitert. Um KMU bei der Implementierung eines an deren Bedürfnisse angepasstem BCM-Systems (BCMS) zu unterstützen, gibt es in der Forschung nur wenige Lösungsansätze. Dieser Artikel stellt auf Basis einer empirischen Studie, welche Umsetzungsfaktoren für BCM und Anforderungen für BCMS untersucht, das prototypische Design eines BCM-Dashboards vor, welches mit wenig Konfigurationsaufwand möglichst relevante externe und interne Gefahrenquellen in einer kompakten übersicht darzustellen vermag

SentiNet: Twitter-basierter Ansatz zur kombinierten Netzwerk- und Stimmungsanalyse in Katastrophenlagen

Das Forschungsfeld Social Media Analytics untersucht Methoden zur Analyse sozialer Medien nicht nur für Bürger und Unternehmen, sondern auch für Einsatzkräfte in Notsituationen. Zur Unterstützung des Situationsbewusstseins in derartigen Lagen werden unter anderem soziale Netzwerkanalysen angewandt, um Handlungen und die Vernetzung von Helfern nachzuvollziehen, sowie Stimmungsanalysen, um Emotionen der nutzergenerierten Inhalte zu extrahieren. Unsere Literaturstudie zeigt allerdings, dass keine technischen Ansätze existieren, die Netzwerk- und Stimmungsanalysen kombinieren. Dieser Beitrag stellt das Design und die Implementierung einer solchen Web Anwendung auf Basis von Twitter vor, um anschließend Potenziale und Herausforderungen für die Evaluation und Weiterentwicklung des Ansatzes zu diskutieren

Wertekonflikte in der Nutzung sozialer Medien zur Vernetzung ungebundener HelferInnen in Krisensituationen – Ein Value-Sensitive Design Ansatz

Bereits während des Hochwassers in Mitteleuropa 2013 und der Flüchtlingskrise in Europa ab 2015 wurde deutlich, dass freiwillige HelferInnen die Bewältigung von Krisensituationen unterstützen. Durch die vermehrte Koordination der Helfenden, auch unter Einsatz sozialer Medien, kommt es zunehmend zu Konflikten zwischen den teilweise kollidierenden Erwartungshaltungen periodisierter Werte der eingebundenen Akteure. Die Entwicklung von Kollaborationswerkzeugen mit Hilfe der Methode des Value-Sensitive Designs kann bereits im Vorfeld solche Konflikte aufzeigen und gezielt verhindern oder moderieren. Dazu wurde in einer Fallstudie anhand des Hochwassers 2013 induktiv abgeleitet, welche Werte und Erwartungen die unterschiedlichen Stakeholder haben, und welche Konflikte sich daraus im Hinblick auf die Anforderungen ergeben. Diese Studie zeigt insbesondere die Konfliktpotenziale für freiwillige HelferInnen in sozialen Medien in Bezug auf den Schutz der Privatsphäre und vor Diskriminierung auf und leistet damit einen Beitrag für die Konflikt-Optimierung und Akzeptanzsteigerung des Einsatzes sozialer Medien im Katastrophenschutz

Business Continuity Management in Micro Enterprises: Perception, Strategies, and Use of ICT

Small and medium-sized enterprises (SMEs) represent 99% of enterprises in Germany and more than 95% in the European Union. Given the recent increase of natural disasters and man-made crises and emergencies, it seems an important economic goal to ascertain that SMEs are capable of maintaining their work, revenue and profit at an acceptable level. According to ISO 22301, business continuity management (BCM) is a holistic management process which identifies potential threats and their impact to an organization and serves as a framework to increase organizational resilience and response capabilities. Prior research identified that BCM is under-represented in SMEs and that their security level is partially in an uneconomical range. This article presents the analysis of interviews with 19 independent micro enterprises highlighting findings on their low crisis awareness, varying technical dependency, existing action strategies and communication strategies and proposing a categorization of micro enterprises as preventive technicians, data-intensive chains or pragmatic jumpers

CYWARN: Strategy and Technology Development for Cross-Platform Cyber Situational Awareness and Actor-Specific Cyber Threat Communication

Despite the merits of digitisation in private and professional spaces, critical infrastructures and societies are increasingly ex-posed to cyberattacks. Thus, Computer Emergency Response Teams (CERTs) are deployed in many countries and organisations to enhance the preventive and reactive capabilities against cyberattacks. However, their tasks are getting more complex by the increasing amount and varying quality of information dissem-inated into public channels. Adopting the perspectives of Crisis Informatics and safety-critical Human-Computer Interaction (HCI) and based on both a narrative literature review and group discussions, this paper first outlines the research agenda of the CYWARN project, which seeks to design strategies and technolo-gies for cross-platform cyber situational awareness and actor-spe-cific cyber threat communication. Second, it identifies and elabo-rates eight research challenges with regard to the monitoring, analysis and communication of cyber threats in CERTs, which serve as a starting point for in-depth research within the project

Das Internet darf ein cyberfreier Raum sein

Viel wurde bereits über die Natur des Netzes diskutiert. 2010, nachdem Angela Merkel auf dem IT-Gipfel in Dresden im Rahmen der Urheberrechtsdebatte sagte, das Internet dürfe kein rechtsfreier Raum sein. 2013, nachdem Angela Merkel ihren berühmten Satz beiläufig zum Besuch des US-Präsidenten Barack Obama über das #Neuland fallen lies. Die selbstbewusst zur Schau gestellte Ahnungslosigkeit schockierte nicht nur Netzaktivisten und -Experten