Rina Steenkamp - Privacy and technology
[Social media and the 'spiral of silence' | Reverse-engineering censorship in China - Randomized experimentation and participant observation | What's old is new again - retaining Fourth Amendment protections in warranted digital searches | The international free and open source software law book | Security analysis of a full-body scanner | Security of automated access management using Secure Shell (SSH)]
A report by Keith N. Hampton, Lee Rainie, Weixu Lu, Maria Dwyer, Inyoung Shin and Kristen Purcell (PewResearchCenter).
From 'About this report':
"An informed citizenry depends on people's exposure to information on important political issues and on their willingness to discuss these issues with those around them. The rise of social media, such as Facebook and Twitter, has introduced new spaces where political discussion and debate can take place. This report explores the degree to which social media affects a long-established human attribute—that those who think they hold minority opinions often self-censor, failing to speak out for fear of ostracism or ridicule. It is called the 'spiral of silence.'"
Read more:
See also:
A paper by Gary King, Jennifer Pan, and Margaret E. Roberts.
Abstract:
"Existing research on the extensive Chinese censorship organization uses observational methods with well-known limitations. We conducted the first large-scale experimental study of censorship by creating accounts on numerous social media sites, randomly submitting different texts, and observing from a worldwide network of computers which texts were censored and which were not. We also supplemented interviews with confidential sources by creating our own social media site, contracting with Chinese firms to install the same censoring technologies as existing sites, and - with their software, documentation, and even customer support - reverse-engineering how it all works. Our results offer rigorous support for the recent hypothesis that criticisms of the state, its leaders, and their policies are published, whereas posts about real-world events with collective action potential are censored."
Read more:
A report by Steven R. Morrison (National Association of Criminal Defense Lawyers).
From the Introduction:
"The fact that computers, external file storage and cloud servers are employed does not require one to alter the high threshold that must be met to justify government intrusion. Each new technology that affords a different type of private place to preserve private communications does not require a different standard for the search and seizure of its contents than is constitutionally required for the search of a file cabinet or the search of a home. What is different is the amount of private information that can be improperly searched and the substantially greater intrusion upon privacy and Fourth Amendment interests that may result. One must look to the Fourth Amendment to define the limits of such searches and then ask whether the existing policies, procedures and guidelines applied to the technologies of the day appropriately mirror our fundamental constitutional values. Currently, they do not. The starting point cannot be that everything is fair game."
Read more:
A publication by Ywein Van den Brande, Shane Coughlan and Till Jaeger (ed.).
From 'Welcome to a new type of law book':
"As legal systems differ throughout the world there are significant differences in how Free and Open Source Software licenses are treated in different countries, and it can be difficult to obtain reliable information on national interpretations. The International Free and Open Source Software Law Book engages with this by providing a clear yet thorough analysis of Free and Open Source legal matters written and maintained by local experts, and by inviting everyone to assist in improving or expanding the content."
Read more:
A paper by Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, Stephen Checkoway, J. Alex Halderman, and Hovav Shacham.
Abstract:
"Advanced imaging technologies are a new class of people screening systems used at airports and other sensitive environments to detect metallic as well as nonmetallic contraband. We present the first independent security evaluation of such a system, the Rapiscan Secure 1000 full-body scanner, which was widely deployed at airport checkpoints in the U.S. from 2009 until 2013. We find that the system provides weak protection against adaptive adversaries: It is possible to conceal knives, guns, and explosives from detection by exploiting properties of the device's backscatter X-ray technology. We also investigate cyberphysical threats and propose novel attacks that use malicious software and hardware to compromise the the effectiveness, safety, and privacy of the device. Overall, our findings paint a mixed picture of the Secure 1000 that carries lessons for the design, evaluation, and operation of advanced imaging technologies, for the ongoing public debate concerning their use, and for cyberphysical security more broadly."
Read more:
See also:
Draft standard by Tatu Ylonen, Karen Scarfone and Murugiah Souppaya (NIST).
Abstract:
"Hosts must be able to access other hosts in an automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management, and dynamic cloud provisioning. This is often accomplished using the Secure Shell (SSH) protocol. The SSH protocol supports several mechanisms for authentication, with public key authentication being recommended for automated access with SSH. Management of automated access requires proper provisioning, termination, and monitoring processes, just as interactive access by normal users does. However, the security of SSH-based automated access has been largely ignored to date. This publication assists organizations in understanding the basics of SSH automated access management in an enterprise, focusing on the management of SSH access tokens."
Read more:
See also: