Computer Law Commons^™

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Governing Smart Cities As Knowledge Commons - Introduction, Chapter 1 & Conclusion, Brett M. Frischmann, Michael J. Madison, Madelyn Sanfilippo

Book Chapters

Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds …

Swipe Right Into A Disciplinary Hearing: How The Use Of Dating Apps Could Earn An Attorney More Than A Bad First Date, Zachary S. Aman

Catholic University Journal of Law and Technology

The Model Rules of Professional Conduct seek to police the conduct of attorneys. Each jurisdiction adopts its own rules of professional conduct to apply to the attorneys licensed within it. Notably, the model rules prohibit any sexual relationship between the attorney and client unless that relationship precedes the attorney-client relationship. Traditionally, defining a "sexual relationship" was simple, particularly if the attorney and client engaged in sexual intercourse. The introduction of dating apps, however, has blurred the line.

This article outlines the inherent risks of attorneys using dating apps at a time when most newly-licensed attorneys make up the majority of …

Disorderly Content, Ari Waldman

Washington Law Review

Content moderation plays an increasingly important role in the creation and dissemination of expression, thought, and knowledge. And yet, throughout the social media ecosystem, nonnormative and LGBTQ+ sexual expression is disproportionately taken down, restricted, and banned. The current sociolegal literature, which focuses on content moderation as a whole and sees echoes of formal law in the evolution of its values and mechanics, insufficiently captures the ways in which those principles and practices are not only discriminatory, but also resemble structures of power that have long been used to police queer sexual behavior in public spaces.

This Article contributes to the …

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Too Much Of A Good Thing? A Governing Knowledge Commons Review Of Abundance In Context, Michael J. Madison, Brett M. Frischmann, Madelyn Sanfilippo, Katherine J. Strandburg

Articles

The economics of abundance, along with the sociology of abundance, the law of abundance, and so forth, should be re-framed, linked, and situated in a common context for empirical rather than conceptual research. Abundance may seem to be a new, big thing, between anxiety over information overload, Big Data, and related technological disruptions. But scholars know that abundance is an ancient phenomenon, which only seemed to disappear as twentieth century social science focused on scarcity instead. Restoring the study of abundance, and figuring out how to solve the problems that abundance might create, means shedding disciplinary blinders and going back …

Government By Code? Blockchain Applications To Public Sector Governance, Pedro Bustamante, Meina Cai, Marcela Gomez, Colin Harris, Prashabnt Krishnamurthy, Wilson Law, Michael J. Madison, Ilia Murtazashvili, Jennifer Brick Murtazashvili, Tymofiy Mylovanov, Nataliia Shapoval, Annette Vee, Martin B. H. Weiss

Articles

Studies of blockchain governance can be divided into analyses of the governance of blockchains (such as rules and power dynamics within a given network) and governance by blockchains (such as how blockchains can be implemented to improve self-governance of community-based peer production networks). Less emphasis has been placed on applications of distributed ledgers to public sector governance. Our review clarifies that the decentralization and distributive features that enable blockchains to link up loosely connected private organizations and public agencies to improve efficiency and transparency of government transactions. However, most blockchain applications lack clear advantages over the conventional digital recording of …

Anatomy Of An Internet Hijack And Interception Attack: A Global And Educational Perspective, Ben A. Scott, Michael N. Johnstone, Patryk Szewczyk

Annual ADFSL Conference on Digital Forensics, Security and Law

The Internet’s underlying vulnerable protocol infrastructure is a rich target for cyber crime, cyber espionage and cyber warfare operations. The stability and security of the Internet infrastructure are important to the function of global matters of state, critical infrastructure, global e-commerce and election systems. There are global approaches to tackle Internet security challenges that include governance, law, educational and technical perspectives. This paper reviews a number of approaches to these challenges, the increasingly surgical attacks that target the underlying vulnerable protocol infrastructure of the Internet, and the extant cyber security education curricula; we find the majority of predominant cyber security …

A Low-Cost Machine Learning Based Network Intrusion Detection System With Data Privacy Preservation, Jyoti Fakirah, Lauhim Mahfuz Zishan, Roshni Mooruth, Michael L. Johnstone, Wencheng Yang

Annual ADFSL Conference on Digital Forensics, Security and Law

Network intrusion is a well-studied area of cyber security. Current machine learning-based network intrusion detection systems (NIDSs) monitor network data and the patterns within those data but at the cost of presenting significant issues in terms of privacy violations which may threaten end-user privacy. Therefore, to mitigate risk and preserve a balance between security and privacy, it is imperative to protect user privacy with respect to intrusion data. Moreover, cost is a driver of a machine learning-based NIDS because such systems are increasingly being deployed on resource-limited edge devices. To solve these issues, in this paper we propose a NIDS …

Detection Of Overlapping Passive Manipulation Techniques In Image Forensics, Gianna S. Lint, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

With a growing number of images uploaded daily to social media sites, it is essential to understand if an image can be used to trace its origin. Forensic investigations are focusing on analyzing images that are uploaded to social media sites resulting in an emphasis on building and validating tools. There has been a strong focus on understanding active manipulation or tampering techniques and building tools for analysis. However, research on manipulation is often studied in a vacuum, involving only one technique at a time. Additionally, less focus has been placed on passive manipulation, which can occur by simply uploading …

Human-Controlled Fuzzing With Afl, Maxim Grishin, Igor Korkin, Phd

Annual ADFSL Conference on Digital Forensics, Security and Law

Fuzzing techniques are applied to reveal different types of bugs and vulnerabilities. American Fuzzy Lop (AFL) is a free most popular software fuzzer used by many other fuzzing frameworks. AFL supports autonomous mode of operation that uses the previous step output into the next step, as a result fuzzer spends a lot of time analyzing minor code sections. By making fuzzing process more focused and human controlled security expert can save time and find more bugs in less time. We designed a new module that can fuzz only the specified functions. As a result, the chosen ones will be inspected …

The Amorphous Nature Of Hackers: An Exploratory Study, Kento Yasuhara, Daniel Walnycky, Ibrahim Baggili, Ahmed Alhishwan

Annual ADFSL Conference on Digital Forensics, Security and Law

In this work, we aim to better understand outsider perspectives of the hacker community through a series of situation based survey questions. By doing this, we hope to gain insight into the overall reputation of hackers from participants in a wide range of technical and non-technical backgrounds. This is important to digital forensics since convicted hackers will be tried by people, each with their own perception of who hackers are. Do cyber crimes and national security issues negatively affect people’s perceptions of hackers? Does hacktivism and information warfare positively affect people’s perception of hackers? Do individual personality factors affect one’s …

Smart Home Forensics: Identifying Ddos Attack Patterns On Iot Devices, Samuel Ho, Hope Greeson, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Smart homes are becoming more common as more people integrate IoT devices into their home environment. As such, these devices have access to personal data on their homeowners’ networks. One of the advantages of IoT devices is that they are compact. However, this limits the incorporation of security measures in their hardware. Misconfigured IoT devices are commonly the target of malicious attacks. Additionally, distributed denial-of-service attacks are becoming more common due to applications and software that provides users with easy-to-use user interfaces. Since one vulnerable device is all an attacker needs to launch an attack on a network, in regards …

Digital Forensics For Mobility As A Service Platform: Analysis Of Uber Application On Iphone And Cloud, Nina Matulis, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Uber is a ride-hailing smartphone application (app) that allows users to order a ride in a highly efficient manner. The Uber app provides Mobility as a Service and allows users to easily order a ride in a private car with just a few clicks. Uber stores large amounts of data on both the mobile device the app is being used on, and in the cloud. Examples of this data include geolocation data, date/time, origin/destination addresses, departure/arrival times, and distance. Uber geolocation data has been previously researched to investigate the privacy of the Uber app; however, there is minimal research relating …

The Application Of The Right To Be Forgotten In The Machine Learning Context: From The Perspective Of European Laws, Zeyu Zhao

Catholic University Journal of Law and Technology

The right to be forgotten has been evolving for decades along with the progress of different statutes and cases and, finally, independently enacted by the General Data Protection Regulation, making it widely applied across Europe. However, the related provisions in the regulation fail to enable machine learning systems to realistically forget the personal information which is stored and processed therein.

This failure is not only because existing European rules do not stipulate standard codes of conduct and corresponding responsibilities for the parties involved, but they also cannot accommodate themselves to the new environment of machine learning, where specific information can …

Microsoft Defender Will Be Defended: Memoryranger Prevents Blinding Windows Av, Denis Pogonin, Igor Korkin, Phd

Annual ADFSL Conference on Digital Forensics, Security and Law

Windows OS is facing a huge rise in kernel attacks. An overview of popular techniques that result in loading kernel drivers will be presented. One of the key targets of modern threats is disabling and blinding Microsoft Defender, a default Windows AV. The analysis of recent driver-based attacks will be given, the challenge is to block them. The survey of user- and kernel-level attacks on Microsoft Defender will be given. One of the recently published attackers’ techniques abuses Mandatory Integrity Control (MIC) and Security Reference Monitor (SRM) by modifying Integrity Level and Debug Privileges for the Microsoft Defender via syscalls. …

A Lightweight Reliably Quantified Deepfake Detection Approach, Tianyi Wang, Kam Pui Chow

Annual ADFSL Conference on Digital Forensics, Security and Law

Deepfake has brought huge threats to society such that everyone can become a potential victim. Current Deepfake detection approaches have unsatisfactory performance in either accuracy or efficiency. Meanwhile, most models are only evaluated on different benchmark test datasets with different accuracies, which could not imitate the real-life Deepfake unknown population. As Deepfake cases have already been raised and brought challenges at the court, it is disappointed that no existing work has studied the model reliability and attempted to make the detection model act as the evidence at the court. We propose a lightweight Deepfake detection deep learning approach using the …

Timestamp Estimation From Outdoor Scenes, Tawfiq Salem, Jisoo Hwang, Rafael Padilha

Annual ADFSL Conference on Digital Forensics, Security and Law

The increasing availability of smartphones allowed people to easily capture and share images on the internet. These images are often associated with metadata, including the image capture time (timestamp) and the location where the image was captured (geolocation). The metadata associated with images provides valuable information to better understand scenes and events presented in these images. The timestamp can be manipulated intentionally to provide false information to convey a twisted version of reality. Images with manipulated timestamps are often used as a cover-up for wrongdoing or broadcasting false claims and competing views on the internet. Estimating the time of capture …

Blockchain Networks As Knowledge Commons, Ilia Murtazashvili, Jennifer Brick Murtazashvili, Martin B. H. Weiss, Michael J. Madison

Articles

Researchers interested in blockchains are increasingly attuned to questions of governance, including how blockchains relate to government, the ways blockchains are governed, and ways blockchains can improve prospects for successful self-governance. Our paper joins this research by exploring the implications of the Governing Knowledge Commons (GKC) framework to analyze governance of blockchains. Our novel contributions are making the case that blockchain networks represent knowledge commons governance, in the sense that they rely on collectively-managed technologies to pool and manage distributed information, illustrating the usefulness and novelty of the GCK methodology with an empirical case study of the evolution of Bitcoin, …

Discourse On Digital Government And Regulation: A Bibliometric Analysis, Prakoso Bhairawa Putera, Amelya Gustina

Library Philosophy and Practice (e-journal)

This study aims to discuss digital government and regulation, analyzed through the bibliometric approach with the Scopus database for the last 20 years and visualized through the VOSviewer software version 1.6.16. The results indicate that the topic of e-government has become essentially prominent and has been the most discussed in the past two decades. Approximately 41.1% of digital government and regulation articles are classified under the subject area of 'Computer Science', continued by Social Sciences (18.3%), and Business, Management and Accounting (10.2%), with the majority of being 'All Open Access' (46%). The trend of publication in this field includes the …

Fair Play: Notes On The Algorithmic Soccer Referee, Michael J. Madison

Articles

The soccer referee stands in for a judge. Soccer’s Video Assistant Referee (“VAR”) system stands in for algorithms that augment human deciders. Fair play stands in for justice. They are combined and set in a polycentric system of governance, with implications for designing, administering, and assessing human-machine combinations.

Administrative Law In The Automated State, Cary Coglianese

All Faculty Scholarship

In the future, administrative agencies will rely increasingly on digital automation powered by machine learning algorithms. Can U.S. administrative law accommodate such a future? Not only might a highly automated state readily meet longstanding administrative law principles, but the responsible use of machine learning algorithms might perform even better than the status quo in terms of fulfilling administrative law’s core values of expert decision-making and democratic accountability. Algorithmic governance clearly promises more accurate, data-driven decisions. Moreover, due to their mathematical properties, algorithms might well prove to be more faithful agents of democratic institutions. Yet even if an automated state were …

Tech Policy And Legal Theory Syllabus, Yafit Lev-Aretz, Nizan Packin

Open Educational Resources

Technology has changed dramatically over the last couple of decades. Currently, virtually all business industries are powered by large quantities of data. The potential as well as actual uses of business data, which oftentimes includes personal user data, raise complex issues of informed consent and data protection. This course will explore many of these complex issues, with the goal of guiding students into thinking about tech policy from a broad ethical perspective as well as preparing students to responsibly conduct themselves in different areas and industries in a world growingly dominated by technology.

Literature Review: How U.S. Government Documents Are Addressing The Increasing National Security Implications Of Artificial Intelligence, Bert Chapman

Libraries Faculty and Staff Scholarship and Research

This article emphasizes the increasing importance of artificial intelligence (AI) in military and national security policy making. It seeks to inform interested individuals about the proliferation of publicly accessible U.S. government and military literature on this multifaceted topic. An additional objective of this endeavor is encouraging greater public awareness of and participation in emerging public policy debate on AI's moral and national security implications..

Backing Up Into Advocacy: The Case Of Smartphone Driver Distraction, Robert Rosenberger

The Journal of Sociotechnical Critique

For the last decade, I’ve been studying the topic of the driving impairment of smartphones. While this began as an exclusively academic project, it has increasingly compelled public engagement. One example of this came in an opinion piece I wrote in 2018 in response to a new traffic law. I take the opportunity here to fill out the academic backstory of this particular op-ed, reflect on how this larger project has evolved to include an unanticipated public-facing edge, and abstract some lessons about public writing.

Forensic Analysis Of Spy Applications In Android Devices, Shinelle Hutchinson, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Smartphones with Google's Android operating system are becoming more and more popular each year, and with this increased user base, comes increased opportunities to collect more of these users' private data. There have been several instances of malware being made available via the Google Play Store, which is one of the predominant means for users to download applications. One effective way of collecting users' private data is by using Android Spyware. In this paper, we conduct a forensic analysis of a malicious Android spyware application and present our findings. We also highlight what information the application accesses and what it …

Behavioral Finance, Decumulation, And The Regulatory Strategy For Robo-Advice, Tom Baker, Benedict Dellaert

All Faculty Scholarship

This working paper surveys the decumulation services offered by investment robo-advisors as a case study with which to examine regulatory and market structure issues raised by automated financial advice. We provide a short introduction to decumulation, describing some of the uncertainties involved in identifying optimal decumulation strategies and sketching a few of the ‘rules of thumb’ that financial advisors have developed in this area in the face of this uncertainty. Next we describe behavioral effects that could inhibit consumers from following an optimal decumulation strategy, concluding that, left to their own devices, consumers are likely to make sub-optimal decumulation decisions. …

Can Accessibility Liberate The "Lost Ark" Of Scholarly Work?: University Library Institutional Repositories Are "Places Of Public Accommodation”, 52 Uic J. Marshall L. Rev. 327 (2019), Raizel Liebler, Gregory Cunningham

UIC Law Review

For any body of knowledge – an ark of power or a corpus of scholarship – to be studied and used by people, it needs to be accessible to those seeking information. Universities, through their libraries, now aim to make more of the scholarship produced available for free to all through institutional repositories. However, the goal of being truly open for an institutional repository is more than the traditional definition of open access. It also means openness in a more general sense. Creating a scholarship-based online space also needs to take into consideration potential barriers for people with disabilities. This …

The Tao Of The Dao: Taxing An Entity That Lives On A Blockchain, David J. Shakow

All Faculty Scholarship

In this report, Shakow explains how a decentralized autonomous organization functions and interacts with the U.S. tax system and presents the many tax issues that these structures raise. The possibility of using smart contracts to allow an entity to operate totally autonomously on a blockchain platform seems attractive. However, little thought has been given to how such an entity can comply with the requirements of a tax system. The DAO, the first major attempt to create such an organization, failed because of a programming error. If successful examples proliferate in the future, tax authorities will face significant problems in getting …

Contents, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.