The Pathologies of Digital Consent
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Security Analysis of Voatz, the First Internet Voting Application Used in U.S
The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections∗ Michael A. Specter James Koppel Daniel Weitzner MIT† MIT‡ MIT§ Abstract The company has recently closed a $7-million series A [22], and is on track to be used in the 2020 Primaries. In the 2018 midterm elections, West Virginia became the In this paper, we present the first public security review of first state in the U.S. to allow select voters to cast their bal- Voatz. We find that Voatz is vulnerable to a number of attacks lot on a mobile phone via a proprietary app called “Voatz.” that could violate election integrity (summary in Table1). For Although there is no public formal description of Voatz’s se- example, we find that an attacker with root access to a voter’s curity model, the company claims that election security and device can easily evade the system’s defenses (§5.1.1), learn integrity are maintained through the use of a permissioned the user’s choices (even after the event is over), and alter the blockchain, biometrics, a mixnet, and hardware-backed key user’s vote (§5.1). We further find that their network protocol storage modules on the user’s device. In this work, we present can leak details of the user’s vote (§5.3), and, surprisingly, that the first public security analysis of Voatz, based on a reverse that the system’s use of the blockchain is unlikely to protect engineering of their Android application and the minimal against server-side attacks (§5.2). -
In 2017, Broad Federal Search Warrants, As Well As
A PUBLICATION OF THE SILHA CENTER FOR THE STUDY OF MEDIA ETHICS AND LAW | FALL 2017 Federal Search Warrants and Nondisclosure Orders Lead to Legal Action; DOJ Changes Gag Order Practices n 2017, broad federal search warrants, as well as from disclosing the fact that it had received such a request. nondisclosure orders preventing technology and social On Oct. 12, 2017, the Floyd Abrams Institute for Freedom of media companies from informing their customers that their Expression at Yale Law School and 20 First Amendment Scholars, information had been handed over to the government, led to including Silha Center Director and Silha Professor of Media legal action and raised concerns from observers. However, Ethics and Law Jane Kirtley, fi led an amici brief in response Ithe U.S. Department of Justice (DOJ) also changed its rules on the to the ruling, explaining that National Security Letters (NSL) gag orders, leading a large technology company to drop its lawsuit issued by the FBI are accompanied by a nondisclosure order, against the agency regarding the orders. which “empowers the government to preemptively gag a wire or In 2017, the DOJ fi led two search warrants seeking extensive electronic communication service provider from speaking about information from web hosting company DreamHost and from the government’s request for information about a subscriber.” Facebook in connection to violent protests in Washington, The brief contended that these orders constitute prior restraints D.C. during President Donald Trump’s January 20 inauguration in violation of the U.S. Constitution and U.S. Supreme Court festivities. On Aug. -
Enhancing Cybersecurity for Industry 4.0 in Asia and the Pacific
Enhancing Cybersecurity for Industry 4.0 in Asia and the Pacific Asia-Pacific Information Superhighway (AP-IS) Working Paper Series P a g e | 2 The Economic and Social Commission for Asia and the Pacific (ESCAP) serves as the United Nations’ regional hub promoting cooperation among countries to achieve inclusive and sustainable development. The largest regional intergovernmental platform with 53 member States and 9 associate members, ESCAP has emerged as a strong regional think tank offering countries sound analytical products that shed insight into the evolving economic, social and environmental dynamics of the region. The Commission’s strategic focus is to deliver on the 2030 Agenda for Sustainable Development, which it does by reinforcing and deepening regional cooperation and integration to advance connectivity, financial cooperation and market integration. ESCAP’s research and analysis coupled with its policy advisory services, capacity building and technical assistance to governments aim to support countries’ sustainable and inclusive development ambitions. The shaded areas of the map indicate ESCAP members and associate members. Disclaimer : The Asia-Pacific Information Superhighway (AP-IS) Working Papers provide policy-relevant analysis on regional trends and challenges in support of the development of the AP-IS and inclusive development. The findings should not be reported as representing the views of the United Nations. The views expressed herein are those of the authors. This working paper has been issued without formal editing, and the designations employed and material presented do not imply the expression of any opinion whatsoever on the part of the Secretariat of the United Nations concerning the legal status of any country, territory, city or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries. -
Supreme Court of the United States
No. 19-783 IN THE Supreme Court of the United States NATHAN VAN BUREN, Petitioner, v. UNITED STATES, Respondent. ON WRIT OF CERTIORARI TO THE UNITED STATES CouRT OF APPEALS FOR THE ELEVENTH CIRcuIT BRIEF OF AMICI CURIAE COMPUTER SECURITY RESEARCHERS, ELECTRONIC FRONTIER FOUNDATION, CENTER FOR DEMOCRACY & TECHNOLOGY, BUGCROWD, RAPID7, SCYTHE, AND TENABLE IN SUPPORT OF PETITIONER ANDREW CROCKER Counsel of Record NAOMI GILENS ELECTRONic FRONTIER FOUNDATION 815 Eddy Street San Francisco, California 94109 (415) 436-9333 [email protected] Counsel for Amici Curiae 296514 A (800) 274-3321 • (800) 359-6859 i TABLE OF CONTENTS Page TABLE OF CONTENTS..........................i TABLE OF CITED AUTHORITIES ..............iii INTEREST OF AMICI CURIAE ..................1 SUMMARY OF ARGUMENT .....................4 ARGUMENT....................................5 I. The Work of the Computer Security Research Community Is Vital to the Public Interest...................................5 A. Computer Security Benefits from the Involvement of Independent Researchers ...........................5 B. Security Researchers Have Made Important Contributions to the Public Interest by Identifying Security Threats in Essential Infrastructure, Voting Systems, Medical Devices, Vehicle Software, and More ...................10 II. The Broad Interpretation of the CFAA Adopted by the Eleventh Circuit Chills Valuable Security Research. ................16 ii Table of Contents Page A. The Eleventh Circuit’s Interpretation of the CFAA Would Extend to Violations of Website Terms of Service and Other Written Restrictions on Computer Use. .................................16 B. Standard Computer Security Research Methods Can Violate Written Access Restrictions...........................18 C. The Broad Interpretation of the CFAA Discourages Researchers from Pursuing and Disclosing Security Flaws ...............................22 D. Voluntary Disclosure Guidelines and Industry-Sponsored Bug Bounty Programs A re Not Sufficient to Mitigate the Chill . -
Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’S Monetization Strategies
12. GOODSTEIN.DOCX (DO NOT DELETE) 12/2/20 7:53 AM WHEN THE CAT’S AWAY: TECHLASH, LOOT BOXES, AND REGULATING “DARK PATTERNS” IN THE VIDEO GAME INDUSTRY’S MONETIZATION STRATEGIES Scott A. Goodstein* INTRODUCTION .......................................................................... 287 I. DEFINING DARK PATTERNS AND OTHER INVASIVE ASPECTS OF THE VIDEO GAME INDUSTRY ....................... 294 A. Dark Patterns ............................................................ 294 1. Video Game Dark Patterns Identified by Lewis, Björk, and Zagal ...................................... 297 2. A Loot Box is Simply a Monetized Rivalries Dark Pattern, Sometimes Combined with a Currency Confusion Dark Pattern ..................... 300 B. Psychology, Consumer Surveillance, and Data Research .................................................................... 302 II. TECHLASH IN THE VIDEO GAME INDUSTRY ..................... 306 A. Political Recognition of Exploitative Video Game Design ........................................................................ 308 B. Consumers Should Not Expect or Be Forced to Rely Upon the Video Game Industry to Self- Correct its Predatory Practices ................................. 311 III. LEGISLATIVE ATTEMPTS TO CURB MANIPULATIVE INTERFACE DESIGN .......................................................... 314 A. The Protecting Children from Abusive Games Act .. 315 *J.D. Candidate 2021, University of Colorado Law School; Associate Editor, Univer- sity of Colorado Law Review. I would like to thank all my fellow Law Review -
Dark Patterns and the Legal Requirements of Consent Banners: an Interaction Criticism Perspective
Dark Patterns and the Legal Requirements of Consent Banners: An Interaction Criticism Perspective Colin M. Gray Cristiana Santos [email protected] [email protected] Purdue University Utrecht University West Lafayette, Indiana, United States The Netherlands Nataliia Bielova Damian Clifford Michael Toth [email protected] [email protected] Australian National University [email protected] Australia Inria France ABSTRACT ACM Reference Format: User engagement with data privacy and security through consent Colin M. Gray, Cristiana Santos, Nataliia Bielova, Michael Toth, and Damian Clifford. 2021. Dark Patterns and the Legal Requirements of Consent Ban- banners has become a ubiquitous part of interacting with inter- ners: An Interaction Criticism Perspective. In CHI Conference on Human net services. While previous work has addressed consent banners Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. from either interaction design, legal, and ethics-focused perspec- ACM, New York, NY, USA, 18 pages. https://doi.org/10.1145/3411764.3445779 tives, little research addresses the connections among multiple disciplinary approaches, including tensions and opportunities that transcend disciplinary boundaries. In this paper, we draw together 1 INTRODUCTION perspectives and commentary from HCI, design, privacy and data protection, and legal research communities, using the language and The language of ethics and values increasingly dominates both the strategies of “dark patterns” to perform an interaction criticism read- academic discourse and the lived experiences of everyday users ing of three different types of consent banners. Our analysis builds as they engage with designed technological systems and services. upon designer, interface, user, and social context lenses to raise Within the HCI community, there has been a long history of en- tensions and synergies that arise together in complex, contingent, gagement with ethical impact, including important revisions of the and conflicting ways in the act of designing consent banners. -
Going from Bad to Worse: from Internet Voting to Blockchain Voting
Going from Bad to Worse: From Internet Voting to Blockchain Voting Sunoo Park Michael Specter Neha Narula Ronald L. Rivest MIT & Harvard∗ MITy MITz MIT§ November 6, 2020 (DRAFT) Abstract Voters are understandably concerned about election security. News reports of possible election in- terference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide. This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly: given the current state of computer security, any turnout increase derived from with Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero days, and denial-of-service attacks continue to be effective. This article analyzes and systematizes prior research on the security risks of online and electronic voting, and show that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce additional problems for voting systems. -
Shining-A-Light-Encr
SHINING A LIGHT ON THE ENCRYPTION DEBATE: A CANADIAN FIELD GUIDE JOINT RESEARCH PUBLICATION, MAY 2018 BY THE CITIZEN LAB AND THE CANADIAN INTERNET POLICY & PUBLIC INTEREST CLINIC LEX GILL TAMIR ISRAEL CHRISTOPHER PARSONS SHINING A LIGHT ON THE ENCRYPTION DEBATE: A CANADIAN FIELD GUIDE This page has intentionally been lef blank. SHINING A LIGHT ON THE ENCRYPTION DEBATE: A CANADIAN FIELD GUIDE COPYRIGHT © 2018 Citizen Lab and the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic, “Shining a Light on the Encryption Debate: A Canadian Field Guide,” by Lex Gill, Tamir Israel, and Christopher Parsons Licensed under the Creative Commons BY-SA 4.0 (Attribution-ShareAlike Licence) Electronic version first published by Citizen Lab and the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic in 2018. This work can be accessed through https://citizenlab.ca and https://cippic.ca. Citizen Lab and the Canadian Internet Policy & Public Interest Clinic (CIPPIC) are collaborative research partners. Together, the two groups engage in research that investigates the intersection of digital technologies, law, and human rights. This report is a joint research publication. Document Version: 1.0 The Creative Commons Attribution-ShareAlike 4.0 license under which this report is licensed lets you freely copy, distribute, remix, transform, and build on it, as long as you: • give appropriate credit; • indicate whether you made changes; and • use and link to the same CC BY-SA 4.0 licence. However, any rights in excerpts reproduced in this report remain with their respective authors; and any rights in brand and product names and associated logos remain with their respective owners. -
Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns
Proceedings on Privacy Enhancing Technologies ; 2016 (4):237–254 Christoph Bösch*, Benjamin Erb, Frank Kargl, Henning Kopp, and Stefan Pfattheicher Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns Abstract: Privacy strategies and privacy patterns are However, online service providers have become more fundamental concepts of the privacy-by-design engineer- and more sophisticated in deceiving users to hand over ing approach. While they support a privacy-aware de- their personal information. Up until now, privacy re- velopment process for IT systems, the concepts used by search has not studied this development. malicious, privacy-threatening parties are generally less An example for this development is the Tripadvi- understood and known. We argue that understanding sor mobile app (depicted in Figure 1), which is a review the “dark side”, namely how personal data is abused, platform for travel-related content. At first glance, the is of equal importance. In this paper, we introduce the starting page asks the user to log in with a personal concept of privacy dark strategies and privacy dark pat- Google+, Facebook, or email account. Taking a closer terns and present a framework that collects, documents, look, one notices that a third option is given that offers and analyzes such malicious concepts. In addition, we the creation of a Tripadvisor account. Furthermore, a investigate from a psychological perspective why privacy “Skip”-button is hidden in the upper right corner, which dark strategies are effective. The resulting framework which skips the login process entirely. When signing in allows for a better understanding of these dark con- with Facebook, Tripadvisor wants to gain access to the cepts, fosters awareness, and supports the development friend list, photos, likes, and other information (cf. -
The Dark (Patterns) Side of UX Design
The Dark (Patterns) Side of UX Design Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs Purdue University West Lafayette, IN {gray42; kou2; bbattles; jhoggatt; toombsa}@purdue.edu ABSTRACT We focus specifically on the practitioner-created construct of Interest in critical scholarship that engages with the complex- "dark patterns" and its emergence in the practitioner lexicon, ity of user experience (UX) practice is rapidly expanding, defining a co-opting of human-centered values in the service yet the vocabulary for describing and assessing criticality in of deceptive or malicious aims. practice is currently lacking. In this paper, we outline and While ethics and values have been studied extensively in the explore the limits of a specific ethical phenomenon known HCI and Science & Technology Studies (STS) literature (e.g., as "dark patterns," where user value is supplanted in favor of value levers [63], values at play [25], critical design [10,7, 23], shareholder value. We assembled a corpus of examples of reflective design [60, 61]), these conversations are frequently practitioner-identified dark patterns and performed a content bound to the academic community and related discourses, analysis to determine the ethical concerns contained in these making practitioner access to these conversations difficult and examples. This analysis revealed a wide range of ethical issues activation of their implications problematic. While there are raised by practitioners that were frequently conflated under clear uptakes from these conversations for UX practice, it is the umbrella term of dark patterns, while also underscoring a unclear whether these methods or approaches are used in UX shared concern that UX designers could easily become com- practice to raise or foreground awareness of criticality, an issue plicit in manipulative or unreasonably persuasive practices. -
Shane Nicholas Mishandling the Human Redacted.Pdf
Mishandling the human: Virtual surveillance and actualised error Shane Leigh Nicholas orcid.org/0000-0003-0236-496X Submitted in partial fulfilment of the requirements of the degree of M. FINE ARTS (Visual Art) (by Research) December 2017 School of Art Faculty of The Victorian College of The Arts and The Melbourne Conservatorium of Music The University of Melbourne ii Abstract This project is a practiced-based inquiry into the relationship between physical reality and virtual worlds in a period where digital technology has substantially transformed how we interact with our surroundings. The research investigates this relationship with emphasis on the interdependent nature of neural networks, extended consciousness and online surveillance. The research explores the increasing use of digital surveillance and the potential for the surrounding world to be restructured on feedback derived from algorithms. As the neural networks filtering such data are programmed with values reflecting the ideology of liberal capitalism, the results will inevitably be skewed in favour of this perspective. As smart devices and their users are contained within this feedback loop the paper considers how these systems of surveillance influence the perception of human identity. The resulting work responds to the use of surveillance technology, focusing on gaps in information and distortions in representation that occur through this filtering and assumed information. The works question the nature of online surveillance from a posthuman perspective and explore the potential problems that can occur with the adoption of cavalier attitudes towards these technologies. I have created three systems to reproduce the human form based on the mishandling of data. -
Are Dark Patterns Anticompetitive?
044BBC27-503D-4AFB-B1D9-B7BAF6F2C013.DOCX (DO NOT DELETE) 11/5/2020 7:00 PM ARE DARK PATTERNS ANTICOMPETITIVE? Gregory Day and Abbey Stemler INTRODUCTION ............................................................................................................ 2 I. PLATFORMS, ATTENTION, AND ONLINE MANIPULATION ......................... 7 A. The Economic Value of Attention ................................................................. 8 B. The Attention Cycle ..................................................................................... 10 C. Dark Patterns and Online Manipulation .................................................... 14 II. PRIVACY AND PRIVACY PROTECTION .......................................................... 16 A. Privacy and Decisional Privacy..................................................................... 17 B. The Individual and Societal Costs of Online Manipulation .......................... 19 C. The Lack of Regulation of Online Manipulation ......................................... 22 III. PRIVACY AND MANIPULATION IN MODERN ANTITRUST ......................... 24 A. Digital Markets and Antitrust .................................................................... 25 B. Persuasion or Coercion in Digital Markets?................................................. 27 1. Persuasion ............................................................................................ 28 2. Coercion ............................................................................................... 31 C. Anticompetitive