Computer Engineering Commons^™

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

The Exigency And How To Improve And Implement International Humanitarian Legislations More Advantageously In Times Of Both Cyber-Warfare And Cyberspace, Shawn J. Lalman

Doctoral Dissertations and Master's Theses

This study provides a synopsis of the following topics: the prospective limiters levied on cyber-warfare by present–day international legislation; significant complexities and contentions brought up in the rendering & utilization of International Humanitarian Legislation against cyber-warfare; feasible repercussions of cyber-warfare on humanitarian causes. It is also to be contended and outlined in this research study that non–state actors can be held accountable for breaches of international humanitarian legislation committed using cyber–ordnance if sufficient resources and skill are made available. It details the factors that prosecutors and investigators must take into account when organizing investigations into major breaches of humanitarian legislation …

Spotlight Report #6: Proffering Machine-Readable Personal Privacy Research Agreements: Pilot Project Findings For Ieee P7012 Wg, Noreen Y. Whysel, Lisa Levasseur

Publications and Research

What if people had the ability to assert their own legally binding permissions for data collection, use, sharing, and retention by the technologies they use? The IEEE P7012 has been working on an interoperability specification for machine-readable personal privacy terms to support this ability since 2018. The premise behind the work of IEEE P7012 is that people need technology that works on their behalf—i.e. software agents that assert the individual’s permissions and preferences in a machine-readable format.

Thanks to a grant from the IEEE Technical Activities Board Committee on Standards (TAB CoS), we were able to explore the attitudes of …

Metasoftware: Building Blocks For Legal Technology, Houman Shadab

Seattle Journal of Technology, Environmental, & Innovation Law

This Article develops a novel concept in information technology called “metasoftware.” It then applies the concept of metasoftware to developing legal technology.

Metasoftware enables users to create the software of their choosing and stands in sharp contrast to traditional, functional. Functional software is the default type of software that is currently produced and includes word processing, email, social networking, enterprise resource management, online marketplaces, and video game software. Metasoftware, by contrast, is not functional. Metasoftware presents the user with a blank slate upon which to build functional software.

I argue that software is metasoftware to that extent that (1) it …

Designing Respectful Tech: What Is Your Relationship With Technology?, Noreen Y. Whysel

Publications and Research

According to research at the Me2B Alliance, people feel they have a relationship with technology. It’s emotional. It’s embodied. And it’s very personal. We are studying digital relationships to answer questions like “Do people have a relationship with technology?” “What does that relationship feel like?” And “Do people understand the commitments that they are making when they explore, enter into and dissolve these relationships?” There are parallels between messy human relationships and the kinds of relationships that people develop with technology. As with human relationships, we move through states of discovery, commitment and breakup with digital applications as well. Technology …

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

What Is The Relationship Between Language And Thought?: Linguistic Relativity And Its Implications For Copyright, Christopher S. Yoo

All Faculty Scholarship

To date, copyright scholarship has almost completely overlooked the linguistics and cognitive psychology literature exploring the connection between language and thought. An exploration of the two major strains of this literature, known as universal grammar (associated with Noam Chomsky) and linguistic relativity (centered around the Sapir-Whorf hypothesis), offers insights into the copyrightability of constructed languages and of the type of software packages at issue in Google v. Oracle recently decided by the Supreme Court. It turns to modularity theory as the key idea unifying the analysis of both languages and software in ways that suggest that the information filtering associated …

Administrative Law In The Automated State, Cary Coglianese

All Faculty Scholarship

In the future, administrative agencies will rely increasingly on digital automation powered by machine learning algorithms. Can U.S. administrative law accommodate such a future? Not only might a highly automated state readily meet longstanding administrative law principles, but the responsible use of machine learning algorithms might perform even better than the status quo in terms of fulfilling administrative law’s core values of expert decision-making and democratic accountability. Algorithmic governance clearly promises more accurate, data-driven decisions. Moreover, due to their mathematical properties, algorithms might well prove to be more faithful agents of democratic institutions. Yet even if an automated state were …

The First Amendment, Common Carriers, And Public Accommodations: Net Neutrality, Digital Platforms, And Privacy, Christopher S. Yoo

All Faculty Scholarship

Recent prominent judicial opinions have assumed that common carriers have few to no First Amendment rights and that calling an actor a common carrier or public accommodation could justify limiting its right to exclude and mandating that it provide nondiscriminatory access. A review of the history reveals that the underlying law is richer than these simple statements would suggest. The principles for determining what constitutes a common carrier or a public accommodation and the level of First Amendment protection both turn on whether the actor holds itself out as serving all members of the public or whether it asserts editorial …

The Ftc And Ai Governance: A Regulatory Proposal, Michael Spiro

Seattle Journal of Technology, Environmental, & Innovation Law

No abstract provided.

Network Effects In Action, Christopher S. Yoo

All Faculty Scholarship

This Chapter begins by examining and exploring the theoretical and empirical limits of the possible bases of network effects, paying particular attention to the most commonly cited framework known as Metcalfe’s Law. It continues by exploring the concept of network externalities, defined as the positive external consumption benefits that the decision to join a network creates for the other members of the network, which is more ambiguous than commonly realized. It then reviews the structural factors needed for models based on network effects to have anticompetitive effects and identifies other factors that can dissipate those effects. Finally, it identifies alternative …

Poland’S Challenge To Eu Directive 2019/790: Standing Up To The Destruction Of European Freedom Of Expression, Michaela Cloutier

Dickinson Law Review (2017-Present)

In 2019, the European Parliament and Council passed Directive 2019/790. The Directive’s passage marked the end of a fouryear- long legislative attempt to impose more liability for copyright violations on Online Service Providers, an effort which was controversial from the start. Online Service Providers fear that the 2019 Directive, especially its Article 17, will completely change the structure of liability on the Internet, forcing providers to adopt expensive content filtering systems. Free speech advocates fear that ineffective filtering technology will infringe upon Internet users’ rights to express themselves, and legal scholars have pointed out the Directive’s inconsistency with prior European …

The Law Of Black Mirror - Syllabus, Yafit Lev-Aretz, Nizan Packin

Open Educational Resources

Using episodes from the show Black Mirror as a study tool - a show that features tales that explore techno-paranoia - the course analyzes legal and policy considerations of futuristic or hypothetical case studies. The case studies tap into the collective unease about the modern world and bring up a variety of fascinating key philosophical, legal, and economic-based questions.

Tech Policy And Legal Theory Syllabus, Yafit Lev-Aretz, Nizan Packin

Open Educational Resources

Technology has changed dramatically over the last couple of decades. Currently, virtually all business industries are powered by large quantities of data. The potential as well as actual uses of business data, which oftentimes includes personal user data, raise complex issues of informed consent and data protection. This course will explore many of these complex issues, with the goal of guiding students into thinking about tech policy from a broad ethical perspective as well as preparing students to responsibly conduct themselves in different areas and industries in a world growingly dominated by technology.

The Data Market: A Proposal To Control Data About You, David Shaw, Daniel W. Engels

SMU Data Science Review

The current legal and economic infrastructure facilitating data collection practices and data analysis has led to extreme over-collection of data and the overall loss of personal privacy. Data over-collection has led to a secondary market for consumer data that is invisible to the consumer and results in a person's data being distributed far beyond their knowledge or control. In this paper, we propose a Data Market framework and design for personal data management and privacy protection in which the individual controls and profits from the dissemination of their data. Our proposed Data Market uses a market-based approach utilizing blockchain distributed …

Geopolitics And The Digital Domain: How Cyberspace Is Impacting International Security, Georgia Wood

Independent Study Project (ISP) Collection

The digital domain is the emerging environment for which the internet and data connectivity exists. This new domain is challenging the traditional place for geopolitics to exist, and creating new challenges to international relations. The use of cyberweapons through direct cyberattacks, such as the possibility of an attack on the U.S. power grid, or misinformation campaigns, such as the one launched by Russia against the 2016 U.S. Presidential election, can expand the international threat landscape. While these new threats increase, states are widely not prepared to address the new challenges in the digital domain. This paper will use three primary …

Internet Of Things For Sustainability: Perspectives In Privacy, Cybersecurity, And Future Trends, Abdul Salam

Faculty Publications

In the sustainability IoT, the cybersecurity risks to things, sensors, and monitoring systems are distinct from the conventional networking systems in many aspects. The interaction of sustainability IoT with the physical world phenomena (e.g., weather, climate, water, and oceans) is mostly not found in the modern information technology systems. Accordingly, actuation, the ability of these devices to make changes in real world based on sensing and monitoring, requires special consideration in terms of privacy and security. Moreover, the energy efficiency, safety, power, performance requirements of these device distinguish them from conventional computers systems. In this chapter, the cybersecurity approaches towards …

Privacidad Digital En Ecuador: El Papel De La Vigilancia, La Jurisprudencia Y Los Derechos Humanos, Giselle Valdez

Independent Study Project (ISP) Collection

Este documento es un estudio de caso sobre la privacidad digital en Ecuador, cómo se protege y cómo se debe mejorar las protecciones. Comienzo presentando la falta de privacidad de la persona en Ecuador, a través de la reciente violación de datos y las tecnologías de vigilancia en todo el país desde China. Luego, para analizar la jurisprudencia y la falta de protección de la privacidad en la ley, hago la transición a un análisis legal de la privacidad de datos en Ecuador a través de la Constitución de 2008. Cuando establezco que falta privacidad digital en Ecuador, demuestro una …

Paul Baran, Network Theory, And The Past, Present, And Future Of Internet, Christopher S. Yoo

All Faculty Scholarship

Paul Baran’s seminal 1964 article “On Distributed Communications Networks” that first proposed packet switching also advanced an underappreciated vision of network architecture: a lattice-like, distributed network, in which each node of the Internet would be homogeneous and equal in status to all other nodes. Scholars who have subsequently embraced the concept of a lattice-like network approach have largely overlooked the extent to which it is both inconsistent with network theory (associated with the work of Duncan Watts and Albert-László Barabási), which emphasizes the importance of short cuts and hubs in enabling networks to scale, and the actual way, the Internet …

The Tao Of The Dao: Taxing An Entity That Lives On A Blockchain, David J. Shakow

All Faculty Scholarship

In this report, Shakow explains how a decentralized autonomous organization functions and interacts with the U.S. tax system and presents the many tax issues that these structures raise. The possibility of using smart contracts to allow an entity to operate totally autonomously on a blockchain platform seems attractive. However, little thought has been given to how such an entity can comply with the requirements of a tax system. The DAO, the first major attempt to create such an organization, failed because of a programming error. If successful examples proliferate in the future, tax authorities will face significant problems in getting …

Lowering Legal Barriers To Rpki Adoption, Christopher S. Yoo, David A. Wishnick

All Faculty Scholarship

Across the Internet, mistaken and malicious routing announcements impose significant costs on users and network operators. To make routing announcements more reliable and secure, Internet coordination bodies have encouraged network operators to adopt the Resource Public Key Infrastructure (“RPKI”) framework. Despite this encouragement, RPKI’s adoption rates are low, especially in North America.

This report presents the results of a year-long investigation into the hypothesis—widespread within the network operator community—that legal issues pose barriers to RPKI adoption and are one cause of the disparities between North America and other regions of the world. On the basis of interviews and analysis of …

Common Carriage’S Domain, Christopher S. Yoo

All Faculty Scholarship

The judicial decision invalidating the Federal Communications Commission's first Open Internet Order has led advocates to embrace common carriage as the legal basis for network neutrality. In so doing, network neutrality proponents have overlooked the academic literature on common carriage as well as lessons from its implementation history. This Essay distills these learnings into five factors that play a key role in promoting common carriage's success: (1) commodity products, (2) simple interfaces, (3) stability and uniformity in the transmission technology, (4) full deployment of the transmission network, and (5) stable demand and market shares. Applying this framework to the Internet …

An Unsung Success Story: A Forty-Year Retrospective On U.S. Communications Policy, Christopher S. Yoo

All Faculty Scholarship

Looking backwards on the occasion of Telecommunications Policy’s fortieth anniversary reveals just how far U.S. communications policy has come. All of the major challenges of 1976, such as promoting competition in customer premises equipment, long distance, and television networking, have largely been overcome. Moreover, new issues that emerged later, such as competition in local telephone service and multichannel video program distribution, have also largely been solved. More often than not, the solution has been the result of structural changes that enhanced facilities-based competition rather than agency-imposed behavioral requirements. Moreover, close inspection reveals that in most cases, prodding by the courts …

The Tax Treatment Of Tokens: What Does It Betoken?, David J. Shakow

All Faculty Scholarship

Digital tokens have been used to raise substantial amounts of money. But little attention has been paid to the tax consequences surrounding their issuance and sale. There are significant potential tax liabilities lurking in the use of digital tokens. But, because of the anonymity inherent in the blockchain structures used for the issuance of tokens and payments for them, there is a significant question as to whether those tax liabilities will ever be collected.

Legal Mechanisms For Governing The Transition Of Key Domain Name Functions To The Global Multi-Stakeholder Community, Christopher S. Yoo, Aaron Shull, Paul Twomey

All Faculty Scholarship

This Chapter proposes an alternative approach to the IANA transition that migrates the existing core contractual requirements imposed by the US government to the existing IANA functions customers. It also advances modest internal accountability revisions that could be undertaken within ICANN’s existing structure. Specifically, it advocates that the Independent Review Tribunal charged with reviewing certain ICANN board of directors-related decisions be selected by a multi-stakeholder committee rather than being subject to approval by ICANN and expanding the grounds for review to cover all of the rubrics recommended by ICANN’s “Improving Institutional Confidence” process in 2008-2009, including fairness, fidelity to the …

Violating Of Individual Privacy: Moroccan Perceptions Of The Ban Of Voip Services, Tyler Delhees

Independent Study Project (ISP) Collection

On January 6, 2016, the Moroccan telecommunications regulatory agency, the ANRT, announced a ban onVoice Over Internet Protocol(VoIP) calling services such as Skype, WhatsApp, and Viber. The ban triggered sweeping opposition among the Moroccan public, opening discussion of digital rights, censorship, and Internet governance. Considering liberal democratic rights in the 2011 Moroccan Constitution and a history of censorship, this study analyzes the official justification of the ANRT alongside additional explanations involving business interests and the security services. The purpose of this study is to gauge the perceptions of Moroccans on the decision of the ANRT and provide a holistic explanation. …

Modularity Theory And Internet Regulation, Christopher S. Yoo

All Faculty Scholarship

Modularity is often cited as one of the foundations for the Internet’s success. Unfortunately, academic discussions about modularity appearing in the literature on Internet policy are undertheorized. The persistence of nonmodular architectures for some technologies underscores the need for some theoretical basis for determining when modularity is the preferred approach. Even when modularity is desirable, theory must provide some basis for making key design decisions, such as the number of modules, the location of the interfaces between the modules, and the information included in those interfaces.

The literature on innovation indicates that modules should be determined by the nature of …

Cyber Espionage Or Cyber War?: International Law, Domestic Law, And Self-Protective Measures, Christopher S. Yoo

All Faculty Scholarship

Scholars have spent considerable effort determining how the law of war (particularly jus ad bellum and jus in bello) applies to cyber conflicts, epitomized by the Tallinn Manual on the International Law Applicable to Cyber Warfare. Many prominent cyber operations fall outside the law of war, including the surveillance programs that Edward Snowden has alleged were conducted by the National Security Agency, the distributed denial of service attacks launched against Estonia and Georgia in 2007 and 2008, the 2008 Stuxnet virus designed to hinder the Iranian nuclear program, and the unrestricted cyber warfare described in the 1999 book by …