Information Security Commons^™

Reducing Food Scarcity: The Benefits Of Urban Farming, S.A. Claudell, Emilio Mejia

Journal of Nonprofit Innovation

Urban farming can enhance the lives of communities and help reduce food scarcity. This paper presents a conceptual prototype of an efficient urban farming community that can be scaled for a single apartment building or an entire community across all global geoeconomics regions, including densely populated cities and rural, developing towns and communities. When deployed in coordination with smart crop choices, local farm support, and efficient transportation then the result isn’t just sustainability, but also increasing fresh produce accessibility, optimizing nutritional value, eliminating the use of ‘forever chemicals’, reducing transportation costs, and fostering global environmental benefits.

Imagine Doris, who is …

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Some Legal And Practical Challenges In The Investigation Of Cybercrime, Ritz Carr

Cybersecurity Undergraduate Research Showcase

According to the Internet Crime Complaint Center (IC3), in 2021, the United States lost around $6.9 billion to cybercrime. In 2022, that number grew to over $10.2 billion (IC3, 2022). In one of many efforts to combat cybercrimes, at least 40 states “introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity” with 24 states officially enacting a total of 41 bills (National Conference on State Legislatures, 2022).

The world of cybercrime evolves each day. Nevertheless, challenges arise when we investigate and prosecute cybercrime, which will be examined in the following collection of essays that highlight …

Layered Fiduciaries In The Information Age, Zhaoyi Li

Articles

Technology companies such as Facebook have long been criticized for abusing customers’ personal information and monetizing user data in a manner contrary to customer expectations. Some commentators suggest fiduciary law could be used to restrict how these companies use their customers’ data. Under this framework, a new member of the fiduciary family called the “information fiduciary” was born. The concept of an information fiduciary is that a company providing network services to “collect, analyze, use, sell, and distribute personal information” owes customers and end-users a fiduciary duty to use the collected data to promote their interests, thereby assuming fiduciary liability …

A Qualitative Look Into Repair Practices, Jumana Labib

Undergraduate Student Research Internships Conference

This research poster is based on a working research paper which moves beyond the traditional scope of repair and examines the Right to Repair movement from a smaller, more personal lens by detailing the 6 categorical impediments as dubbed by Dr. Alissa Centivany (design, law, economic/business strategy, material asymmetry, informational asymmetry, and social impediments) have continuously inhibited repair and affected repair practices, which has consequently had larger implications (environmental, economic, social, etc.) on ourselves, our objects, and our world. The poster builds upon my research from last year (see "The Right to Repair: (Re)building a better future"), this time pulling …

Data Vu: Why Breaches Involve The Same Stories Again And Again, Woodrow Hartzog, Daniel Solove

Shorter Faculty Works

In the classic comedy Groundhog Day, protagonist Phil, played by Bill Murray, asks “What would you do if you were stuck in one place and every day was exactly the same, and nothing that you did mattered?” In this movie, Phil is stuck reliving the same day over and over, where the events repeat in a continual loop, and nothing he does can stop them. Phil’s predicament sounds a lot like our cruel cycle with data breaches.

Every year, organizations suffer more data spills and attacks, with personal information being exposed and abused at alarming rates. While Phil …

Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo

Research Collection Yong Pung How School Of Law

In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …

Unreasonable: A Strict Liability Solution To The Ftc’S Data Security Problem, James C. Cooper, Bruce H. Kobayashi

Michigan Technology Law Review

For over two decades, the FTC creatively employed its capacious statute to police against shoddy data practices. Although the FTC’s actions were arguably needed at the time to fill a gap in enforcement, there are reasons to believe that its current approach has outlived its usefulness and is in serious need of updating. In particular, our analysis shows that the FTC’s current approach to data security is unlikely to instill anything close to optimal incentives for data holders. These shortcomings cannot be fixed through changes to the FTC enforcement approach, as they are largely generated by a mismatch between the …

The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood

Publications and Research

Image-based sexual abuse (IBSA), commonly known as revenge pornography, is a type of cyberharassment that often results in detrimental effects to an individual's career and livelihood. Although there exists valuable research concerning cyberharassment in the workplace generally, there is little written about specifically IBSA and the workplace. This chapter examines current academic research on IBSA, the issues with defining this type of abuse, victim blaming, workplace policy, and challenges to victim-survivors' redress. The authors explore monetary motivation for websites that host revenge pornography and unpack how the dark web presents new challenges to seeking justice. Additionally, this chapter presents recommendations …

Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik

Research Collection Yong Pung How School Of Law

This chapter discusses the hearing of essential and urgent court matters in the Singapore courts during the COVID-19 pandemic. On 27 march 2020, the Singapore judiciary notified courst users that remote hearings were to be implemented for certain types of hearings by means of video and telephone conferencing facilities. Court users were also provided with indicative lists of matters which might be considered essential and urgent.

Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik

Research Collection Yong Pung How School Of Law

This chapter discusses the hearing of essential and urgent court matters in the Singapore courts during the COVID-19 pandemic. On 27 march 2020, the Singapore judiciary notified courst users that remote hearings were to be implemented for certain types of hearings by means of video and telephone conferencing facilities. Court users were also provided with indicative lists of matters which might be considered essential and urgent.

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the …

Should Judges Have A Duty Of Tech Competence?, John G. Browning

St. Mary's Journal on Legal Malpractice & Ethics

In an era in which lawyers are increasingly held to a higher standard of “tech competence” in their representation of clients, shouldn’t we similarly require judges to be conversant in relevant technology? Using real world examples of judicial missteps with or refusal to use technology, and drawn from actual cases and judicial disciplinary proceedings, this Article argues that in today’s Digital Age, judicial technological competence is necessary. At a time when courts themselves have proven vulnerable to cyberattacks, and when courts routinely tackle technology related issues like data privacy and the admissibility of digital evidence, Luddite judges are relics that …

The Use Of Digital Millenium Copyright Act To Stifle Speech Through Non-Copyright Related Takedowns, Miller Freeman

Seattle Journal of Technology, Environmental, & Innovation Law

In 1998, Congress passed the Digital Millennium Copyright Act. This law provided new methods of protecting copyright in online media. These protections shift the normal judicial process that would stop the publication of infringing materials to private actors: the online platforms. As a result, online platforms receive notices of infringement and issue takedowns of allegedly copyrighted works without the judicial process which normally considers the purpose of the original notice of infringement. In at least one case, discussed in detail below, this has resulted in a notice and takedown against an individual for reasons not related to the purpose of …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Regulation Of Algorithmic Tools In The United States, Christopher S. Yoo, Alicia Lai

All Faculty Scholarship

Policymakers in the United States have just begun to address regulation of artificial intelligence technologies in recent years, gaining momentum through calls for additional research funding, piece-meal guidance, proposals, and legislation at all levels of government. This Article provides an overview of high-level federal initiatives for general artificial intelligence (AI) applications set forth by the U.S. president and responding agencies, early indications from the incoming Biden Administration, targeted federal initiatives for sector-specific AI applications, pending federal legislative proposals, and state and local initiatives. The regulation of the algorithmic ecosystem will continue to evolve as the United States continues to search …

Legal And Technical Issues For Text And Data Mining In Greece, Maria Kanellopoulou - Botti, Marinos Papadopoulos, Christos Zampakolas, Paraskevi Ganatsiou

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Web harvesting and archiving pertains to the processes of collecting from the web and archiving of works that reside on the Web. Web harvesting and archiving is one of the most attractive applications for libraries which plan ahead for their future operation. When works retrieved from the Web are turned into archived and documented material to be found in a library, the amount of works that can be found in said library can be far greater than the number of works harvested from the Web. The proposed participation in the 2019 CEPE Conference aims at presenting certain issues related to …

Informed Trading And Cybersecurity Breaches, Joshua Mitts, Eric L. Talley

Faculty Scholarship

Cybersecurity has become a significant concern in corporate and commercial settings, and for good reason: a threatened or realized cybersecurity breach can materially affect firm value for capital investors. This paper explores whether market arbitrageurs appear systematically to exploit advance knowledge of such vulnerabilities. We make use of a novel data set tracking cybersecurity breach announcements among public companies to study trading patterns in the derivatives market preceding the announcement of a breach. Using a matched sample of unaffected control firms, we find significant trading abnormalities for hacked targets, measured in terms of both open interest and volume. Our results …

Paul Baran, Network Theory, And The Past, Present, And Future Of Internet, Christopher S. Yoo

All Faculty Scholarship

Paul Baran’s seminal 1964 article “On Distributed Communications Networks” that first proposed packet switching also advanced an underappreciated vision of network architecture: a lattice-like, distributed network, in which each node of the Internet would be homogeneous and equal in status to all other nodes. Scholars who have subsequently embraced the concept of a lattice-like network approach have largely overlooked the extent to which it is both inconsistent with network theory (associated with the work of Duncan Watts and Albert-László Barabási), which emphasizes the importance of short cuts and hubs in enabling networks to scale, and the actual way, the Internet …

Lowering Legal Barriers To Rpki Adoption, Christopher S. Yoo, David A. Wishnick

All Faculty Scholarship

Across the Internet, mistaken and malicious routing announcements impose significant costs on users and network operators. To make routing announcements more reliable and secure, Internet coordination bodies have encouraged network operators to adopt the Resource Public Key Infrastructure (“RPKI”) framework. Despite this encouragement, RPKI’s adoption rates are low, especially in North America.

This report presents the results of a year-long investigation into the hypothesis—widespread within the network operator community—that legal issues pose barriers to RPKI adoption and are one cause of the disparities between North America and other regions of the world. On the basis of interviews and analysis of …

Cyber Law And Espionage Law As Communicating Vessels, Asaf Lubin

Books & Book Chapters by Maurer Faculty

Professor Lubin's contribution is "Cyber Law and Espionage Law as Communicating Vessels," pp. 203-225.

Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws …

The New Writs Of Assistance, Ian Samuel

Articles by Maurer Faculty

The providers of network services (and the makers of network devices) know an enormous amount about our lives. Because they do, these network intermediaries are being asked with increasing frequency to assist the government in solving crimes or gathering intelligence. Given how much they know about us, if the government can secure the assistance of these intermediaries, it will enjoy a huge increase in its theoretical capacity for surveillance—the ability to learn, in principle, almost anything about anyone. That has the potential to create serious social harm, even assuming that the government continues to adhere to ordinary democratic norms and …

Legislative Requirements For Cyber Peacekeeping, Nikolay Akatyev, Joshua I. James

Journal of Digital Forensics, Security and Law

Cyber Peacekeeping strives for the prevention, mitigation and cessation of cyber and physical conflicts. The creation of a Cyber Peacekeeping organization, however, has major legal and political implications. In this work we review current international legislation applicable for functions of Cyber Peacekeeping. Specifically, we analyze prominent works which contribute to definitions, law and ethics regulating cyber conflicts from the perspective of the creation of a CPK organization. Legislative and terminological foundations are analyzed and adopted from current practice. Further, this work analyzes guiding principles of global organizations such as ITU IMPACT, INTERPOL and regional organizations such as NATO and the …

Reasonable Expectations Of Privacy Settings: Social Media And The Stored Communications Act, David Thaw, Christopher Borchert, Fernando Pinguelo

Articles

In 1986, Congress passed the Stored Communications Act (“SCA”) to provide additional protections for individuals’ private communications content held in electronic storage by third parties. Acting out of direct concern for the implications of the Third-Party Records Doctrine — a judicially created doctrine that generally eliminates Fourth Amendment protections for information entrusted to third parties — Congress sought to tailor the SCA to electronic communications sent via and stored by third parties. Yet, because Congress crafted the SCA with language specific to the technology of 1986, courts today have struggled to apply the SCA consistently with regard to similar private …

Framing The Question, "Who Governs The Internet?", Robert J. Domanski

Publications and Research

There remains a widespread perception among both the public and elements of academia that the Internet is “ungovernable”. However, this idea, as well as the notion that the Internet has become some type of cyber-libertarian utopia, is wholly inaccurate. Governments may certainly encounter tremendous difficulty in attempting to regulate the Internet, but numerous types of authority have nevertheless become pervasive. So who, then, governs the Internet? This book will contend that the Internet is, in fact, being governed, that it is being governed by specific and identifiable networks of policy actors, and that an argument can be made as to …

The (Data Privacy) Law Hasn't Even Checked In When Technology Takes Off, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …

When Machines Are Watching: How Warrantless Use Of Gps Surveillance Technology Violates The Fourth Amendment Right Against Unreasonable Searches, David Thaw, Priscilla Smith, Nabiha Syed, Albert Wong

Articles

Federal and state law enforcement officials throughout the nation are currently using Global Positioning System (GPS) technology for automated, prolonged surveillance without obtaining warrants. As a result, cases are proliferating in which criminal defendants are challenging law enforcement’s warrantless uses of GPS surveillance technology, and courts are looking for direction from the Supreme Court. Most recently, a split has emerged between the Ninth and D.C. Circuit Courts of Appeal on the issue. In United States v. Pineda-Moreno, the Ninth Circuit relied on United States v. Knotts — which approved the limited use of beeper technology without a warrant — to …