63 research outputs found
Cybersecurity Stovepiping
I. Introduction
II. The Concept of Stovepiping
III. Stovepiping in Cybersecurity ... A. Policy Making, Complexity, and Change ... B. Complex Passwords: A Case Study ... 1. Fundamentals of Password Complexity ... 2. “Guessability”—the False Assumption ... a. Password Guessing via Authentication (Login) Interfaces ... b. Password Guessing via Unprotected/Unsanitized Service ... c. Offline Password Attacks ... 3. “Defense in Depth”—Measuring Marginal Benefit
IV. Implications of the Stovepiping Disjuncture ... A. Addressing the Same Question … B. Overcoming Policy Entrenchment ... C. Risk-Analytic Framework for Cybersecurity
V. Conclusio
Criminalizing Hacking, not Dating: Reconstructing the CFAA Intent Requirement
Cybercrime is a growing problem in the United States and worldwide. Many questions remain unanswered as to the proper role and scope of criminal law in addressing socially-undesirable actions affecting and conducted through the use of computers and modern information technologies. This Article tackles perhaps the most exigent question in U.S. cybercrime law, the scope of activities that should be subject to criminal sanction under the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute.
At the core of current CFAA debate is the question of whether private contracts, such as website Terms of Use or organizational Acceptable Use Policies should be able to define the limits of authorization and access for purposes of criminal sanction under the CFAA. Many scholars and activists argue that such contracts should not, because they may result in ridiculous consequences such as the criminalization of misrepresenting one\u27s desirability on an online dating website. Critics of such arguments rebut that failing to allow contract-based restrictions opens the door for hackers to engage in many types of activity not otherwise subject to criminal sanction.
This Article examines the tension between these two positions, both from the standpoint of current U.S. jurisprudence and scholarship, and from the standpoint of the respective purposes of criminal and tort law in deterring and punishing socially-undesirable behavior. The Article concludes by proposing a legislative revision to the CFAA that substantially mitigates the risk of overbroad criminalization, while leaving intact the ability of the law to deter and punish the most serious acts affecting and utilizing computers
Enlightened Regulatory Capture
Regulatory capture generally evokes negative images of private interests exerting excessive influence on government action to advance their own agendas at the expense of the public interest. There are some cases, however, where this conventional wisdom is exactly backwards. This Article explores the first verifiable case, taken from healthcare cybersecurity, where regulatory capture enabled regulators to harness private expertise to advance exclusively public goals. Comparing this example to other attempts at harnessing industry expertise reveals a set of characteristics under which regulatory capture can be used in the public interest: (1) legislatively mandated adoption of recommendations by an advisory committee comprising private interests and “reduced-bias” subject matter experts; (2) relaxed procedural constraints for committee action to prevent internal committee capture; and (3) opportunities for committee participation to be worthwhile for representatives of private parties beyond the mere opportunity to advance their own interests. This Article presents recommendations based on those characteristics as to how and when legislatures may endeavor to replicate this success in other industries to improve both the legitimacy and efficacy of the regulatory process
Enlightened Regulatory Capture
Regulatory capture generally evokes negative images of private interests exerting excessive influence on government action to advance their own agendas at the expense of the public interest. There are some cases, however, where this conventional wisdom is exactly backwards. This Article explores the first verifiable case, taken from healthcare cybersecurity, where regulatory capture enabled regulators to harness private expertise to advance exclusively public goals. Comparing this example to other attempts at harnessing industry expertise reveals a set of characteristics under which regulatory capture can be used in the public interest: (1) legislatively mandated adoption of recommendations by an advisory committee comprising private interests and “reduced-bias” subject matter experts; (2) relaxed procedural constraints for committee action to prevent internal committee capture; and (3) opportunities for committee participation to be worthwhile for representatives of private parties beyond the mere opportunity to advance their own interests. This Article presents recommendations based on those characteristics as to how and when legislatures may endeavor to replicate this success in other industries to improve both the legitimacy and efficacy of the regulatory process
Surveillance at the Source
Contemporary discussions concerning surveillance focus predominantly on government activity. These discussions are important for a variety of reasons, but they generally ignore a critical aspect of the surveillance--harm calculus--the source from which government entities derive the information they use. The source of surveillance data is the information gathering activity itself which is where harms like chilling of speech and behavior begin.
Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals\u27 activities. Private entities operate social networks, instant messaging, e-mail, and other information systems, which now are the predominant means through which people communicate. Private entities likewise control the physical and wireless networks over which these systems communicate.
This short Article separates surveillance into information gathering activities and information usage activities and examines the distinct, standalone privacy-harming potential of each. It then argues that while modern government surveillance focuses primarily on usage activities, private corporations engage in information gathering activities and separately use that information in their profitable business activity. Additionally, the fact that they possess such information makes private corporations a logical feed for information used in government surveillance.
Profit-making efforts, unlike public functions, must advance the interests of shareholder return, and can only consider privacy or similar concerns to the extent that those concerns are subject to regulation or can be justified as market-competitive. This Article argues that since neither exception is common, the primary incentives of private corporations are to gather and use as much information as possible, thereby increasing the probability of chilling effects.
Failure to examine the role of private corporations in surveillance scholarship thus creates both an incomplete discussion of the harms of government surveillance and fails to include an essential element of harm. This Article briefly examines notable examples of contemporary surveillance and argues for the inclusion ofprivate actors in surveillance-harm analysis
Influence of the international theme in the novels of Sinclair Lewis.
The International Theme in literature arose as a result of real-life confrontations between Americans and Europeans. Conflict was inevitable as the feudal tradition of England with its emphasis on social caste met head-on with the democratic traditions of a ew nation. By definition the international theme focused on the conflict of manners between two citizens of different nations who disagree on the correct way of behaving in a given situation. For example, the titled nobility of Europe feel that some deference should be shown to them due to their rank and not because they have accomplished something of merit. Particularly, in the early history of the American nation, ordinary folk felt that to show homage to European nobility was incorrect. To be obsequious to decadent Europe was unthinkable to many of the common people of the United States.
Although many Americans felt that Europe was corrupt, there still was much curiosity about England, and some interest in France and Italy.
Prior to the Civil War there were only a few travelers to England and other European countries--mostly students, scholars, and artists. With cessation of hostilities and improved steamship transportation, more travelers began to cross the Atlantic. They differed from the first group of people in that they were mainly tourists seeking some diversion from Reconstruction and some escape from the bustling nature of the American nature. For many from the prosperous North, it was a Mark Twain called it, the Gilded Age . It was a time when the wealthy spent their money is a conspicuous way. One way was to tour Europe and flaunt their untaxed wealth on the natives
- …