Computer Law Commons^™

Improving Ethics Surrounding Collegiate-Level Hacking Education: Recommended Implementation Plan & Affiliation With Peer-Led Initiatives, Shannon Morgan, Dr. Sanjay Goel

Military Cyber Affairs

Cybersecurity has become a pertinent concern, as novel technological innovations create opportunities for threat actors to exfiltrate sensitive data. To meet the demand for professionals in the workforce, universities have ramped up their academic offerings to provide a broad range of cyber-related programs (e.g., cybersecurity, informatics, information technology, digital forensics, computer science, & engineering). As the tactics, techniques, and procedures (TTPs) of hackers evolve, the knowledge and skillset required to be an effective cybersecurity professional have escalated accordingly. Therefore, it is critical to train cyber students both technically and theoretically to actively combat cyber criminals and protect the confidentiality, integrity, …

Using Digital Twins To Protect Biomanufacturing From Cyberattacks, Brenden Fraser-Hevlin, Alec W. Schuler, B. Arda Gozen, Bernard J. Van Wie

Military Cyber Affairs

Understanding of the intersection of cyber vulnerabilities and bioprocess regulation is critical with the rise of artificial intelligence and machine learning in manufacturing. We detail a case study in which we model cyberattacks on network-mediated signals from a novel bioreactor, where it is important to control medium feed rates to maintain cell proliferation. We use a digital twin counterpart reactor to compare glucose and oxygen sensor signals from the bioreactor to predictions from a kinetic growth model, allowing discernment of faulty sensors from hacked signals. Our results demonstrate a successful biomanufacturing cyberattack detection system based on fundamental process control principles.

Characterizing Advanced Persistent Threats Through The Lens Of Cyber Attack Flows, Logan Zeien, Caleb Chang, Ltc Ekzhin Ear, Dr. Shouhuai Xu

Military Cyber Affairs

Effective cyber defense must build upon a deep understanding of real-world cyberattacks to guide the design and deployment of appropriate defensive measures against current and future attacks. In this abridged paper (of which the full paper is available online), we present important concepts for understanding Advanced Persistent Threats (APTs), our methodology to characterize APTs through the lens of attack flows, and a detailed case study of APT28 that demonstrates our method’s viability to draw useful insights. This paper makes three technical contributions. First, we propose a novel method of constructing attack flows to describe APTs. This abstraction allows technical audiences, …

Commercial Enablers Of China’S Cyber-Intelligence And Information Operations, Ethan Mansour, Victor Mukora

Military Cyber Affairs

In a globally commercialized information environment, China uses evolving commercial enabler networks to position and project its goals. They do this through cyber, intelligence, and information operations. This paper breaks down the types of commercial enablers and how they are used operationally. It will also address the CCP's strategy to gather and influence foreign and domestic populations throughout cyberspace. Finally, we conclude with recommendations for mitigating the influence of PRC commercial enablers.

Introduction To The Symposium On Digital Evidence, Melinda (M.J.) Durkee, Megiddo Tamar

Scholarship@WashULaw

The past few decades have seen radical advances in the availability and use of digital evidence in multiple areas of international law. Witnesses snap cellphone photos of unfolding atrocities and post them online, while others share updates in real time through messaging apps. Immigration officers search cell phones. Private citizens launch open-source online investigations. Investigators scrape social media posts. Digital experts verify authenticity with satellite geolocation. These new types of evidence and digitally facilitated methods and patterns of evidence gathering and analysis are revolutionizing the everyday practice of international law, drawing in an ever-wider circle of actors who can contribute …

Introduction To The Symposium On Digital Evidence, Melinda (M.J.) Durkee, Tamar Megiddo

Scholarship@WashULaw

The past few decades have seen radical advances in the availability and use of digital evidence in multiple areas of international law. Witnesses snap cellphone photos of unfolding atrocities and post them online, while others share updates in real time through messaging apps. Immigration officers search cell phones. Private citizens launch open-source online investigations. Investigators scrape social media posts. Digital experts verify authenticity with satellite geolocation. These new types of evidence and digitally facilitated methods and patterns of evidence gathering and analysis are revolutionizing the everyday practice of international law, drawing in an ever-wider circle of actors who can contribute …

The Unreasonable Effectiveness Of Large Language Models In Zero-Shot Semantic Annotation Of Legal Texts, Jaromir Savelka, Kevin D. Ashley

Articles

The emergence of ChatGPT has sensitized the general public, including the legal profession, to large language models' (LLMs) potential uses (e.g., document drafting, question answering, and summarization). Although recent studies have shown how well the technology performs in diverse semantic annotation tasks focused on legal texts, an influx of newer, more capable (GPT-4) or cost-effective (GPT-3.5-turbo) models requires another analysis. This paper addresses recent developments in the ability of LLMs to semantically annotate legal texts in zero-shot learning settings. Given the transition to mature generative AI systems, we examine the performance of GPT-4 and GPT-3.5-turbo(-16k), comparing it to the previous …

How To Understand China's Approach To Central Bank Digital Currency?, Heng Wang

Research Collection Yong Pung How School Of Law

China's central bank digital currency (CBDC), digital yuan or e-CNY, is likely to profoundly affect the international financial system. China's CBDC is fast evolving. Understanding the influencing factors of China's CBDC will likely be crucial to explore its future direction. Major influencing factors include (i) China's perception and conception of regulation and technology, (ii) complementarity between China's preferences and CBDC development, (iii) domestic and international legitimacy, and (iv) institutional development. This paper argues that these influencing factors contribute to China's likely approach of selectively reshaping the international financial system. Given the potential wide-ranging implications of the introduction of CBDC globally, …

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

Enhancing The Battleverse: The People’S Liberation Army’S Digital Twin Strategy, Joshua Baughman

Military Cyber Affairs

No abstract provided.

Operationalizing Deterrence By Denial In The Cyber Domain, Gentry Lane

Military Cyber Affairs

No abstract provided.

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Some Legal And Practical Challenges In The Investigation Of Cybercrime, Ritz Carr

Cybersecurity Undergraduate Research Showcase

According to the Internet Crime Complaint Center (IC3), in 2021, the United States lost around $6.9 billion to cybercrime. In 2022, that number grew to over $10.2 billion (IC3, 2022). In one of many efforts to combat cybercrimes, at least 40 states “introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity” with 24 states officially enacting a total of 41 bills (National Conference on State Legislatures, 2022).

The world of cybercrime evolves each day. Nevertheless, challenges arise when we investigate and prosecute cybercrime, which will be examined in the following collection of essays that highlight …

Governing Smart Cities As Knowledge Commons - Introduction, Chapter 1 & Conclusion, Brett M. Frischmann, Michael J. Madison, Madelyn Sanfilippo

Book Chapters

Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds …

Swipe Right Into A Disciplinary Hearing: How The Use Of Dating Apps Could Earn An Attorney More Than A Bad First Date, Zachary S. Aman

Catholic University Journal of Law and Technology

The Model Rules of Professional Conduct seek to police the conduct of attorneys. Each jurisdiction adopts its own rules of professional conduct to apply to the attorneys licensed within it. Notably, the model rules prohibit any sexual relationship between the attorney and client unless that relationship precedes the attorney-client relationship. Traditionally, defining a "sexual relationship" was simple, particularly if the attorney and client engaged in sexual intercourse. The introduction of dating apps, however, has blurred the line.

This article outlines the inherent risks of attorneys using dating apps at a time when most newly-licensed attorneys make up the majority of …

Disorderly Content, Ari Waldman

Washington Law Review

Content moderation plays an increasingly important role in the creation and dissemination of expression, thought, and knowledge. And yet, throughout the social media ecosystem, nonnormative and LGBTQ+ sexual expression is disproportionately taken down, restricted, and banned. The current sociolegal literature, which focuses on content moderation as a whole and sees echoes of formal law in the evolution of its values and mechanics, insufficiently captures the ways in which those principles and practices are not only discriminatory, but also resemble structures of power that have long been used to police queer sexual behavior in public spaces.

This Article contributes to the …

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Too Much Of A Good Thing? A Governing Knowledge Commons Review Of Abundance In Context, Michael J. Madison, Brett M. Frischmann, Madelyn Sanfilippo, Katherine J. Strandburg

Articles

The economics of abundance, along with the sociology of abundance, the law of abundance, and so forth, should be re-framed, linked, and situated in a common context for empirical rather than conceptual research. Abundance may seem to be a new, big thing, between anxiety over information overload, Big Data, and related technological disruptions. But scholars know that abundance is an ancient phenomenon, which only seemed to disappear as twentieth century social science focused on scarcity instead. Restoring the study of abundance, and figuring out how to solve the problems that abundance might create, means shedding disciplinary blinders and going back …

Government By Code? Blockchain Applications To Public Sector Governance, Pedro Bustamante, Meina Cai, Marcela Gomez, Colin Harris, Prashabnt Krishnamurthy, Wilson Law, Michael J. Madison, Ilia Murtazashvili, Jennifer Brick Murtazashvili, Tymofiy Mylovanov, Nataliia Shapoval, Annette Vee, Martin B. H. Weiss

Articles

Studies of blockchain governance can be divided into analyses of the governance of blockchains (such as rules and power dynamics within a given network) and governance by blockchains (such as how blockchains can be implemented to improve self-governance of community-based peer production networks). Less emphasis has been placed on applications of distributed ledgers to public sector governance. Our review clarifies that the decentralization and distributive features that enable blockchains to link up loosely connected private organizations and public agencies to improve efficiency and transparency of government transactions. However, most blockchain applications lack clear advantages over the conventional digital recording of …

Defensive Industrial Policy: Cybersecurity Interventions To Reduce Intellectual Property Theft, Dr. Chad Dacus, Dr. Carl (Cj) Horn

Military Cyber Affairs

Through cyber-enabled industrial espionage, China has appropriated what Keith Alexander, the former Director of the National Security Agency, dubbed “the largest transfer of wealth in history.” Although China disavows intellectual property (IP) theft by its citizens and has set self-sustained research and development as an important goal, it is unrealistic to believe IP theft will slow down meaningfully without changing China’s decision calculus. China and the United States have twice agreed, in principle, to respect one another’s IP rights. However, these agreements have lacked any real enforcement mechanism, so the United States must do more to ensure its IP is …

Enter The Battleverse: China's Metaverse War, Josh Baughman

Military Cyber Affairs

No abstract provided.

Bilski And The Information Age A Decade Later, Michael J. Meurer

Faculty Scholarship

In the years from State Street in 1999 to Alice in 2014, legal scholars vigorously debated whether patents should be used to incentivize the invention of business methods. That attention has waned just as economists have produced important new research on the topic, and just as artificial intelligence and cloud computing are changing the nature of business method innovation. This chapter rejoins the debate and concludes that the case for patent protection of business methods is weaker now than it was a decade ago.

Technical Behaviours Of Child Sexual Exploitation Material Offenders, Chad Steel, Emily Newman, Suzanne O'Rourke, Ethel Quayle

Journal of Digital Forensics, Security and Law

An exploration of the technological behaviours of previously convicted child sexual exploitation material (CSEM) offenders provides a foundation for future applied research into deterrence, investigation, and treatment efforts. This study evaluates the technology choices and transitions of individuals previously convicted of CSEM offenses. Based on their inclusion in two sex offender registries, anonymous survey results (n=78) were collected from English-speaking adults within the United States. CSEM offenders chose technologies based on both utility and perceived risk; peer-to-peer and web-browsers were the most common gateway technologies and showed substantial sustained usage; a substantial minority of users never stored CSEM and only …

Anatomy Of An Internet Hijack And Interception Attack: A Global And Educational Perspective, Ben A. Scott, Michael N. Johnstone, Patryk Szewczyk

Annual ADFSL Conference on Digital Forensics, Security and Law

The Internet’s underlying vulnerable protocol infrastructure is a rich target for cyber crime, cyber espionage and cyber warfare operations. The stability and security of the Internet infrastructure are important to the function of global matters of state, critical infrastructure, global e-commerce and election systems. There are global approaches to tackle Internet security challenges that include governance, law, educational and technical perspectives. This paper reviews a number of approaches to these challenges, the increasingly surgical attacks that target the underlying vulnerable protocol infrastructure of the Internet, and the extant cyber security education curricula; we find the majority of predominant cyber security …

A Low-Cost Machine Learning Based Network Intrusion Detection System With Data Privacy Preservation, Jyoti Fakirah, Lauhim Mahfuz Zishan, Roshni Mooruth, Michael L. Johnstone, Wencheng Yang

Annual ADFSL Conference on Digital Forensics, Security and Law

Network intrusion is a well-studied area of cyber security. Current machine learning-based network intrusion detection systems (NIDSs) monitor network data and the patterns within those data but at the cost of presenting significant issues in terms of privacy violations which may threaten end-user privacy. Therefore, to mitigate risk and preserve a balance between security and privacy, it is imperative to protect user privacy with respect to intrusion data. Moreover, cost is a driver of a machine learning-based NIDS because such systems are increasingly being deployed on resource-limited edge devices. To solve these issues, in this paper we propose a NIDS …

Detection Of Overlapping Passive Manipulation Techniques In Image Forensics, Gianna S. Lint, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

With a growing number of images uploaded daily to social media sites, it is essential to understand if an image can be used to trace its origin. Forensic investigations are focusing on analyzing images that are uploaded to social media sites resulting in an emphasis on building and validating tools. There has been a strong focus on understanding active manipulation or tampering techniques and building tools for analysis. However, research on manipulation is often studied in a vacuum, involving only one technique at a time. Additionally, less focus has been placed on passive manipulation, which can occur by simply uploading …

Human-Controlled Fuzzing With Afl, Maxim Grishin, Igor Korkin, Phd

Annual ADFSL Conference on Digital Forensics, Security and Law

Fuzzing techniques are applied to reveal different types of bugs and vulnerabilities. American Fuzzy Lop (AFL) is a free most popular software fuzzer used by many other fuzzing frameworks. AFL supports autonomous mode of operation that uses the previous step output into the next step, as a result fuzzer spends a lot of time analyzing minor code sections. By making fuzzing process more focused and human controlled security expert can save time and find more bugs in less time. We designed a new module that can fuzz only the specified functions. As a result, the chosen ones will be inspected …

The Amorphous Nature Of Hackers: An Exploratory Study, Kento Yasuhara, Daniel Walnycky, Ibrahim Baggili, Ahmed Alhishwan

Annual ADFSL Conference on Digital Forensics, Security and Law

In this work, we aim to better understand outsider perspectives of the hacker community through a series of situation based survey questions. By doing this, we hope to gain insight into the overall reputation of hackers from participants in a wide range of technical and non-technical backgrounds. This is important to digital forensics since convicted hackers will be tried by people, each with their own perception of who hackers are. Do cyber crimes and national security issues negatively affect people’s perceptions of hackers? Does hacktivism and information warfare positively affect people’s perception of hackers? Do individual personality factors affect one’s …

Smart Home Forensics: Identifying Ddos Attack Patterns On Iot Devices, Samuel Ho, Hope Greeson, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Smart homes are becoming more common as more people integrate IoT devices into their home environment. As such, these devices have access to personal data on their homeowners’ networks. One of the advantages of IoT devices is that they are compact. However, this limits the incorporation of security measures in their hardware. Misconfigured IoT devices are commonly the target of malicious attacks. Additionally, distributed denial-of-service attacks are becoming more common due to applications and software that provides users with easy-to-use user interfaces. Since one vulnerable device is all an attacker needs to launch an attack on a network, in regards …

Digital Forensics For Mobility As A Service Platform: Analysis Of Uber Application On Iphone And Cloud, Nina Matulis, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Uber is a ride-hailing smartphone application (app) that allows users to order a ride in a highly efficient manner. The Uber app provides Mobility as a Service and allows users to easily order a ride in a private car with just a few clicks. Uber stores large amounts of data on both the mobile device the app is being used on, and in the cloud. Examples of this data include geolocation data, date/time, origin/destination addresses, departure/arrival times, and distance. Uber geolocation data has been previously researched to investigate the privacy of the Uber app; however, there is minimal research relating …