Proximity Tracing in an Ecosystem of Surveillance Capitalism

Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks. We further present a novel attack, which we call a biosurveillance attack, which allows the attacker to monitor the exposure risk of a smartphone user who installs their app or SDK but who does not use any contact tracing system and may falsely believe that they have opted out of the system. Through traffic auditing with an instrumented testbed, we characterize precisely the behaviour of one such SDK that we found in a handful of apps---but installed on more than one hundred million mobile devices. Its behaviour is functionally indistinguishable from a re-identification or biosurveillance attack and capable of executing a false positive attack with minimal effort. We also discuss how easily an attacker could acquire a position conducive to such attacks, by leveraging the lax logic for granting permissions to apps in the Android framework: any app with some geolocation permission could acquire the necessary Bluetooth permission through an upgrade, without any additional user prompt. Finally we discuss motives for conducting such attacks

Understanding the social in a digital age

Datafication, algorithms, social media and their various assemblages enable massive connective processes, enriching personal interaction and amplifying the scope and scale of public networks. At the same time, surveillance capitalists and the social quantification sector are committed to monetizing every aspect of human communication, all of which threaten ideal social qualities, such as togetherness and connection. This Special Issue brings together a range of voices and provocations around ‘the social’, all of which aim to critically interrogate mediated human connection and their contingent socialities. Conventional methods may no longer be adequate, and we must rethink not only the fabric of the social but the very tools we use to make sense of our changing social formations. This Special Issue raises shared concerns with what the social means today, unpicking and rethinking the seams between digitization and social life that characterize today’s digital age

Principles for the socially responsible use of conservation monitoring technology and data

Wildlife conservation and research benefits enormously from automated and interconnected monitoring tools. Some of these tools, such as drones, remote cameras, and social media, can collect data on humans, either accidentally or deliberately. They can therefore be thought of as conservation surveillance technologies (CSTs). There is increasing evidence that CSTs, and the data they yield, can have both positive and negative impacts on people, raising ethical questions about how to use them responsibly. CST use may accelerate because of the COVID-19 pandemic, adding urgency to addressing these ethical challenges. We propose a provisional set of principles for the responsible use of such tools and their data: (a) recognize and acknowledge CSTs can have social impacts; (b) deploy CSTs based on necessity and proportionality relative to the conservation problem; (c) evaluate all potential impacts of CSTs on people; (d) engage with and seek consent from people who may be observed and/or affected by CSTs; (e) build transparency and accountability into CST use; (f) respect peoples' rights and vulnerabilities; and (g) protect data in order to safeguard privacy. These principles require testing and could conceivably benefit conservation efforts, especially through inclusion of people likely to be affected by CSTs.Peer reviewe

Market research & the ethics of big data

The term ‘big data’ has recently emerged to describe a range of technological and commercial trends enabling the storage and analysis of huge amounts of customer data, such as that generated by social networks and mobile devices. Much of the commercial promise of big data is in the ability to generate valuable insights from collecting new types and volumes of data in ways that were not previously economically viable. At the same time a number of questions have been raised about the implications for individual privacy. This paper explores key perspectives underlying the emergence of big data and considers both the opportunities and ethical challenges raised for market research

Towards a Sustainable Governance of Information Systems: Devising a Maturity Assessment Tool of Eco-Responsibility Inspired by the Balanced Scorecard

Part 3: Section 2: Sustainable and Responsible InnovationInternational audienceThe assessment of the maturity of Information System (IS) regarding its contribution to corporate social responsibility policy is considered as a stake for organizations. However, few research efforts have been dedicated to this evaluation and even less to the elaboration of a management tool. This paper adopts an engineering perspective to develop a performance assessment approach in this field. Theoretically, this communication (1) mobilizes the methodology of engineering research to build a measurement system of the IS maturity in relation to the economic, social and environmental performance, (2) extends the researches about the sustainable balanced scorecard (SBSC) to the field of IS governance. Practically, this study provides organizations with a global approach to this complex phenomenon as well as a guide to assess it. The originality of this research lies in the application of the conceptual framework of the SBSC to a new research domain

Identity and technology: Organizational control of knowledge-intensive work

Much has been written about the functioning of managerial ideologies in identity-based organizational control. However, less attention has been given to the role of information and communication technologies (ICTs) and identity defined by a technological discourse in regulating knowledge-intensive work. The purpose of this research is to examine the roles of identity and ICTs in the control of knowledge-intensive work. A case study of a technology service organization reveals that the construction and consumption of a technologist identity operate as organizational control, and that ICTs enable the functioning of a dialectic of technological control. This study also demonstrates the paradoxical nature of work knowledge that both empowers and controls knowledge-workers

The ownership of digital infrastructure: Exploring the deployment of software libraries in a digital innovation cluster

Boundary resources have been shown to enable the arm’s-length relationships between platform owners and third-party developers that underlie digital innovation in platform ecosystems. While boundary resources that are owned by open-source communities and smaller-scale software vendors are also critical components in the digital infrastructure, their role in digital innovation has yet to be systematically explored. In particular, software libraries are popular boundary resources that provide functionality without the need for continued interaction with their owners. They are used extensively by commercial vendors to enable customization of their software products, by communities to disseminate open-source software, and by big-tech platform owners to provide functionality that does not involve control. This paper reports on the deployment of such software libraries in the web and mobile (Android) contexts by 107 startup companies in London. Our findings show that libraries owned by big-tech companies, product vendors, and communities coexist; that the deployment of big-tech libraries is unaffected by the scale of the deploying startup; and that context evolution paths are consequential for library deployment. These findings portray a balanced picture of digital infrastructure as neither the community-based utopia of early open-source research nor the dystopia of the recent digital dominance literature