QUANTIFYING CREEPINESS: USING PREDICTIVE PRIVACY TO MEASURE PRIVACY HARMS

SSRN Electronic Journal · 2025-01-01

Computer Science and the Law

Communications of the ACM · 2025-05-21

Making a case for stronger influence and overlap of technology and law.

IP Traceback

2025-01-01

Compression, correction, confidentiality, and comprehension: a modern look at telegraph codebooks

Cryptologia · 2025-03-05

Netnews: The Origin Story

IEEE Annals of the History of Computing · 2024-07-08

Netnews, sometimes called Usenet, was arguably the first social network. Quarterman describes it as “one of the oldest cooperative networks.” It had a profound influence on online socializing, including helping to give to the world the current slang meanings of words such as “spam,” “troll,” and “flame.” It was where many technologies we now take for granted were first announced, including Linux, the World Wide Web, and the graphical web browser. But its design was a function of both its design goals and the technological context of the time. I describe those and a variety of other early design decisions, those which were right, those which were wrong, and those which were inevitable.

Challenging the Machine: Contestability in Government AI Systems

arXiv (Cornell University) · 2024-06-14 · 1 citations

In an October 2023 executive order (EO), President Biden issued a detailed but largely aspirational road map for the safe and responsible development and use of artificial intelligence (AI). The challenge for the January 24-25, 2024 workshop was to transform those aspirations regarding one specific but crucial issue -- the ability of individuals to challenge government decisions made about themselves -- into actionable guidance enabling agencies to develop, procure, and use genuinely contestable advanced automated decision-making systems. While the Administration has taken important steps since the October 2023 EO, the insights garnered from our workshop remain highly relevant, as the requirements for contestability of advanced decision-making systems are not yet fully defined or implemented. The workshop brought together technologists, members of government agencies and civil society organizations, litigators, and researchers in an intensive two-day meeting that examined the challenges that users, developers, and agencies faced in enabling contestability in light of advanced automated decision-making systems. To ensure a free and open flow of discussion, the meeting was held under a modified version of the Chatham House rule. Participants were free to use any information or details that they learned, but they may not attribute any remarks made at the meeting by the identity or the affiliation of the speaker. Thus, the workshop summary that follows anonymizes speakers and their affiliation. Where an identification of an agency, company, or organization is made, it is done from a public, identified resource and does not necessarily reflect statements made by participants at the workshop. This document is a report of that workshop, along with recommendations and explanatory material.

Degenerative AI?

IEEE Security & Privacy · 2024-05-01 · 3 citations

It is not secret that generative AI, especially in the form of large language models (LLMs), is extremely popular today. One might go so far as to say that it’s eaten the world. It may be a bubble, or it may last—though the death of cryptocurrencies has long been predicted, as I write this Bitcoin has just reached an all-time high value against the American dollar—but for now and at least the next few years, generative AI will be with us. As people who care about security and privacy, we need to understand the implications of it: is it good or bad for our field, and if the latter, what should we do about it? Ignoring it is not an option.

Recommendations for Government Development and Use of Advanced Automated Systems to Make Decisions about Individuals

arXiv (Cornell University) · 2024-03-04

Contestability -- the ability to effectively challenge a decision -- is critical to the implementation of fairness. In the context of governmental decision making about individuals, contestability is often constitutionally required as an element of due process; specific procedures may be required by state or federal law relevant to a particular program. In addition, contestability can be a valuable way to discover systemic errors, contributing to ongoing assessments and system improvement. On January 24-25, 2024, with support from the National Science Foundation and the William and Flora Hewlett Foundation, we convened a diverse group of government officials, representatives of leading technology companies, technology and policy experts from academia and the non-profit sector, advocates, and stakeholders for a workshop on advanced automated decision making, contestability, and the law. Informed by the workshop's rich and wide-ranging discussion, we offer these recommendations. A full report summarizing the discussion is in preparation.

Bugs in our pockets: the risks of client-side scanning

Journal of Cybersecurity · 2024 · 27 citations

• Computer Security
• Computer Security
• Computer Science

Abstract Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.

Reflections on Ten Years Past the Snowden Revelations

2023-07-01 · 2 citations