Elaine M. Sedenberg,James X. Dempsey

DOI: https://doi.org/10.48550/arXiv.1805.12266

2018-05-31

Abstract:In recent years the cybersecurity policy debate in Washington has been dominated by calls for greater information sharing within the private sector, and between the private sector and the federal government. The passage of the Cybersecurity Information Sharing Act (CISA) (signed into law under the Cybersecurity Act of 2015) underscored federal efforts to collect information from the private sector, and assuaged some concerns regarding private sector liability in sharing activities. However, the law lacked specificity on how continued federal efforts would work with existing information sharing networks, and failed to address other challenges associated with sharing including trust building, privacy and propriety interests, reciprocation, and quality control. This paper aims to bring granularity to implementations of information sharing initiatives by creating a taxonomy of the governance and policy models within each of these organizations. The research shows how this diverse ecosystem of sharing models work together and separately, and the impact governance and policy have on key components critical to sharing infrastructure.

Computers and Society,Cryptography and Security

Le Cheng,Jiamin Pei,Marcel Danesi

DOI: https://doi.org/10.1080/10350330.2019.1587843

2019-01-01

Social Semiotics

Abstract:Based on one specially created corpus of U.S. cybersecurity-related laws, this study employs the corpus approach to examine the referent objects and securitizing actors in U.S. cybersecurity legislative discourse, which are two critical issues in constructing security, including cybersecurity. Through corpus data analysis, it is found that unlike traditional security, cybersecurity has become more people-oriented in terms of referent objects with critical infrastructure as a key referent object. Additionally, the role of private sectors and cooperative security are highlighted in U.S. cybersecurity legislative discourse. From a sociosemiotic perspective, it is noted that the meaning-making process of U.S. cybersecurity not only is conveyed by the texts but also interacts with other sign systems, such as historical background, cyberspace as a virtual realm and social contexts, which suggests that the specific meanings of signs constructing cybersecurity and cybersecurity itself should be interpreted in specific temporal or spatial contexts. Furthermore, a sociosemiotic approach to U.S. cybersecurity legislative discourse also offers valuable insights to how signs and concepts in cybersecurity contribute to sketching a holistic landscape of cybersecurity and further security on a large scale.

Le Cheng,Yuxin Liu,Yun Zhao

DOI: https://doi.org/10.1515/ijld-2021-2058

2021-01-01

International Journal of Legal Discourse

Abstract:This study uses a combinative method of quantitative and qualitative discourse analysis applying the discourse-historical approach (DHA), based on a self-built special corpus composed of the U.S. laws, policies and strategy documents that are directly related to critical information infrastructure protection (CIIP); through a Word List ranked by frequency, it is found that there seems to be a coherent securitizing system which has been formed in the U.S. CIIP legislative practices, with some specific considerations in the CIIP policy-making process including the strategy for risk management. By further investigating the internal institutional relationships and institutional mechanisms with corpus tools, four discursive features and strategies of the U.S. CIIP institutional discourse can be discovered: the leading role of private and specific institutions in public-private cooperation; the coexisting characteristics of generality and precision in the process of object definition; the center-divergent institutional settings in executing CIIP execution; and the coordinating discourse patterns for CIIP within the U.S. legislation. Those discursive practices concerning different institutional actors can be further explained in the broader context of the U.S. social reality. This study is not only helpful in better understanding the legal practices in U.S. cybersecurity, but also provides some meaningful insights on CIIP legislation to policy makers in other countries as well as at the international level.

Patrick Birkinshaw

DOI: https://doi.org/10.1093/he/9780198806363.003.0013

2019-07-24

Abstract:The Freedom of Information Act is a statute of great constitutional significance. The Act heralded a right to publicly held information which government had attempted to keep private. FOIA laws have their origins in the pre-digital age and any discussion of information rights must take on board the contemporary reality of the global digitization of communications via social media networks and the enhanced capabilities of state intelligence agencies to conduct surveillance over electronic communications. The General Data Protection Regulation seeks to give greater security to personal data. However, private information is harvested by private tech companies which they have obtained often ‘voluntarily’ and used by intermediaries to influence public events, public power and elections—as illustrated by recent scandals involving the practice of ‘data farming’ by social media networks and the sale of personal data to political campaign consultants seeking to pinpoint electors and thereby affect the outcomes of national elections and referenda. Government surveillance is age-old, but the emergence of digital power has enabled public authority to invade our private lives far more intrusively and effectively. The most recent example is the Investigatory Powers Act 2016. All this poses substantial challenges for the public regulation of information access in a growing confusion of public and private in the constitution. Courts, meanwhile, have to balance demands for privacy protection, open justice and secrecy.

Eleanor Birrell,Jay Rodolitz,Angel Ding,Jenna Lee,Emily McReynolds,Jevan Hutson,Ada Lerner

DOI: https://doi.org/10.48550/arXiv.2312.15383

2023-12-24

Abstract:Growing recognition of the potential for exploitation of personal data and of the shortcomings of prior privacy regimes has led to the passage of a multitude of new online privacy regulations. Some of these laws -- notably the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) -- have been the focus of large bodies of research by the computer science community, while others have received less attention. In this work, we analyze a set of Internet privacy and data protection regulations drawn from around the world -- both those that have frequently been studied by computer scientists and those that have not -- and develop a taxonomy of rights granted and obligations imposed by these laws. We then leverage this taxonomy to systematize 270 technical research papers published in computer science venues that investigate the impact of these laws and explore how technical solutions can complement legal protections. Finally, we analyze the results in this space through an interdisciplinary lens and make recommendations for future work at the intersection of computer science and legal privacy.

Computers and Society

Le Cheng,Xitao Hu

DOI: https://doi.org/10.1177/21582440241299677

IF: 2.032

2024-01-01

SAGE Open

Abstract:Personal information security has become a critical concern in the digital era, so it is imperative to clearly delimit and define personal information. This study examines personal information legislation from a sociosemiotic perspective to identify the similarities and differences between legislation in the United States and China. It reviews the evolution of personal information in both countries, and explores their differences in the definition of privacy, the status quo of personal information legislation, the definition of personal information and cross-border personal information flow. The findings indicate that (1) personal information, noted as a social sign, has context-sensitive characteristics, i.e., spatiality and temporality; (2) the meaning-making process of personal information is a continuum; and (3) there exists an intersemiotic operation between language, law and society. Such a sociosemiotic exploration can shed light on relevant studies in the sociosemiotic analysis of legal discourse in particular as well as other context-sensitive discourses in general.

Suresh Javvaji

DOI: https://doi.org/10.36713/epra13852

2023-07-21

EPRA International Journal of Multidisciplinary Research (IJMR)

Abstract:This paper explores the benefits, challenges, and future implications of surveillance technology. It highlights how surveillance technology enhances security measures, improves public safety, optimizes resource allocation, and aids in emergency response and disaster management. However, concerns related to privacy invasion, potential abuse, discrimination, and lack of transparency and accountability need to be addressed. The essay emphasizes the importance of legislative measures, public awareness, technological safeguards, and collaborative efforts to strike a balance between the advantages of surveillance technology and the protection of individual rights. It also considers the global variations in surveillance practices, cultural and societal implications, and the challenges of cross-border data sharing. The conclusion emphasizes the need to navigate the future of surveillance technology responsibly by considering ethical guidelines and implications for individual privacy and social structures. KEYWORDS: Surveillance; Digital Age; Data Privacy; Technological Safeguards;

E. Gorian

DOI: https://doi.org/10.1007/978-3-030-15577-3_1

2019-04-11

Abstract:National mechanisms of critical information infrastructure (CII) protection differ depending on the information assets, authorities’ powers, methods of regulation, etc. Singapore implements the state-driven approach for CII protection that is balanced and calibrated in order to harmonize the efficient powers of authorities with the burdens imposed on IT industry parties. Singapore’s Cybersecurity Act 2018 (CSA) establishes a solid and precise framework for the CII protection specifying three core aspects: constant cooperation of public authorities and private sector in envisaging a CII system; broad authorities for prevention, management and response to cybersecurity threats and incidents in Singapore, and compulsory licensing of cybersecurity services. It emphasizes compliance with promulgated codes of practice and expresses designation of CII and cybersecurity threats. The distinctive feature of the act is its significant reduction of the compliance burden on cybersecurity professionals and CII owners. As for the CII protection it’s important that computer systems in the supply chain supporting the operation of a CII (i.e. data centre owners and cloud services operators) will not be designated as CIIs. Thus the CSA illustrates the narrow approach of law makers in envisaging its jurisdiction – it implies just CII owners and not any network operators. Singapore is a first jurisdiction in South-East region that has developed its cybersecurity legislation to impose requirements on certain businesses to implement protections against cybersecurity risks into their computer systems.

Titis Pandan Wangi Reformasi,Hasrul Buamona

DOI: https://doi.org/10.55927/jlca.v3i3.10376

2024-08-06

Abstract:In the ever-evolving digital era, an in-depth exploration of the cybersecurity legal framework is a must. This article examines the background and discussion of personal data protection in 2023. It provides a comprehensive overview of the current cybersecurity landscape, identifying key trends and threats faced by individuals, businesses, and governments. The focus then shifts to regulatory and compliance analysis, exploring potential changes and evaluating the adequacy of current regulations. Next, we outline the latest technologies used in data protection, detailing the role of artificial intelligence (AI) to blockchain in strengthening cybersecurity. Ethical aspects are also highlighted, exploring how efforts to improve security can be balanced with individuals’ right to privacy and preventing abuse of power by authorities. Through analysis of key cases in 2023, this article highlights real-world experiences related to personal data breaches. From here, readers can gain a deeper understanding of how cybersecurity law is evolving and addressing the ever-growing threats in this digital era. This article aims to provide a holistic view, educating readers about the current challenges and innovations in personal data protection and contributing to a deeper understanding of the field.

Ushita Chugh

DOI: https://doi.org/10.36676/ijl.2023-v1i1-07

2023-11-10

Abstract:The proliferation of digital technology has had a significant impact on individuals' right to privacy; as a result, privacy laws have had to evolve in order to address these new challenges and provide enhanced protection for people's legal rights. the ever-evolving path of privacy legislation in the modern period, which highlights the intricacy at the intersection of data collection, technology, and individual rights. We examine the evolution of privacy regulations via the prism of history, beginning with their beginnings in traditional legal systems and ending with their application in contemporary digital domains. the challenges brought forth by the growing adoption of data-driven technologies such as social media, cutting-edge analytics software, and the Internet of Things (IoT). Data breaches, espionage, the use of automated decision making, and the worldwide nature of data flows are all factors that contribute to these challenges. There is also the conflict that results from the competing interests of individuals and organisations that collect and use their personal information. This conflict can be seen as an additional source of contention.

Oluwatosin Reis,Nkechi Emmanuella Eneh,Benedicta Ehimuan,Anthony Anyanwu,Temidayo Olorunsogo,Temitayo Oluwaseun Abrahams

DOI: https://doi.org/10.51594/ijarss.v6i1.733

2024-01-25

International Journal of Applied Research in Social Sciences

Abstract:As the world becomes increasingly interconnected through digital technologies, the protection of individuals' privacy has emerged as a critical concern. This paper conducts a comprehensive global review of privacy legislation and enforcement mechanisms, shedding light on the challenges posed by the digital age. With a focus on the intricate balance between technological advancements and the fundamental right to privacy, the study explores the evolving legal landscape and its implications for individuals, businesses, and governments. The analysis encompasses diverse jurisdictions, highlighting the variations in privacy laws and enforcement approaches across regions. From the European Union's robust General Data Protection Regulation (GDPR) to the nuanced approaches in Asia and the Americas, this review synthesizes the evolving regulatory frameworks. Special attention is given to emerging issues such as the use of artificial intelligence, biometrics, and surveillance technologies, which pose unique challenges to existing privacy paradigms. Moreover, the paper investigates the effectiveness of enforcement mechanisms in ensuring compliance with privacy laws. It examines the role of governmental agencies, regulatory bodies, and international collaborations in addressing cross-border data flows and global privacy challenges. The study also evaluates the impact of recent high-profile privacy incidents on shaping legislative responses and enforcement strategies. By presenting a holistic view of privacy law challenges in the digital age, this research contributes to the ongoing discourse on safeguarding individuals' privacy rights in an era of rapid technological innovation. The findings provide valuable insights for policymakers, legal practitioners, businesses, and individuals seeking a deeper understanding of the evolving dynamics surrounding privacy legislation and enforcement on a global scale. Keywords: Law, Privacy Law, Digital Age, Review, Data Protection.

John B. Taschner

DOI: https://doi.org/10.18034/ajtp.v7i1.484

2020-08-21

American Journal of Trade and Policy

Abstract:Data mining and collecting is increasingly becoming a common practice, in the name of monetization of personal data, progression of national security measures, and politically fueled democratic interferences. Millions of users’ data is constantly being sorted, manipulated, and sold, often without conscientious consent of the consumer. While this practice can result in greater convenience from an innocent consumer level, the vulnerabilities to national privacy and the cyberspace create dangerous territory. The article entitled describes the triangulation of security, monetization, and politicizing in terms of data collection through three primary case studies: Cambridge Analytica and the Facebook scandal during the 2016 United States presidential election, Apple v. FBI, and Edward Snowden and the NSA surveillance activities. It explores how data harvesting and subsequent monetization is embedded in virtually every aspect of our culture and develops understanding of how corporate social responsibility calls for companies to respect and maintain transparency with consumer interests. Current technology policies leaves open spaces for violation both internally and internationally, and why this constitutes certain offensive measures. Future data and privacy legislation, with strong consideration to the varying social contexts, resources, and current international relations. This is done under the underlying assumption that data is an irreplaceable factor in our global progression and is irrevocably embedded into our society. Over-regulation or under-regulation of big tech may lead to negative repercussions to our security or individual privacy rights. These ideas are becoming increasingly understood by the general public and are considered worthy of concern after seeing glimpses of the depth of surveillance and information held by either the government or corporations. While there are intense emotions and opinions on the matter, my article takes an objective and well-rounded perspective to address the interlocking complexities of individual freedoms, need for international cyberspace protection, and continued profitability of data. The idea of personal data and information being manipulated and used against citizens for financial or political agendas is rightfully horrifying the public; my article therefore takes into account these concerns while suggesting further navigating the political, legal, and social process in alignment with the ever-growing power of big data.

Lorrie Cranor,Tal Rabin,Vitaly Shmatikov,Salil Vadhan,Daniel Weitzner

DOI: https://doi.org/10.48550/arXiv.1604.03160

2016-04-11

Computers and Society

Abstract:Great advances in computing and communication technology are bringing many benefits to society, with transformative changes and financial opportunities being created in health care, transportation, education, law enforcement, national security, commerce, and social interactions. Many of these benefits, however, involve the use of sensitive personal data, and thereby raise concerns about privacy. Failure to address these concerns can lead to a loss of trust in the private and public institutions that handle personal data, and can stifle the independent thought and expression that is needed for our democracy to flourish. This report, sponsored by the Computing Community Consortium (CCC), suggests a roadmap for privacy research over the next decade, aimed at enabling society to appropriately control threats to privacy while enjoying the benefits of information technology and data science. We hope that it will be useful to the agencies of the Federal Networking and Information Technology Research and Development (NITRD) Program as they develop a joint National Privacy Research Strategy over the coming months. The report synthesizes input drawn from the privacy and computing communities submitted to both the CCC and NITRD, as well as past reports on the topic.

Harold Abelson,Ross Anderson,Steven M Bellovin,Josh Benaloh,Matt Blaze,Jon Callas,Whitfield Diffie,Susan Landau,Peter G Neumann,Ronald L Rivest,Jeffrey I Schiller,Bruce Schneier,Vanessa Teague,Carmela Troncoso

DOI: https://doi.org/10.1093/cybsec/tyad020

2024-01-01

Journal of Cyber Security

Abstract:Abstract Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.

Christopher Gorog

DOI: https://doi.org/10.48550/arXiv.2103.14783

2021-03-27

Cryptography and Security

Abstract:This paper outlines an approach for IEEE to take leadership for digital privacy to align many existing IEEE Societies and efforts in the areas of computer systems & applications security, organizational & global architectures, policy-supporting legislation, originating new standards, integrating compliance into technologies, and helping design decision-board infrastructures for governance bodies. Much of the current emphasis on evolving privacy technologies centers on big corporate enterprises and institutions, causing the industry to support corporate assets protection mainly. Fostering technology to empower individual privacy-enabling tools has lagged, and personal privacy has diminished because corporate big data applications have made sizable investments into exploiting private data. As one of the largest individual-member-based organizations, IEEE is urged to develop a collaborative approach for digital privacy with privacy-enabling technologies to benefit its members. The recommendations outlined define a prospective course that could result in future global individualized privacy capabilities which employ a combination of synergistic technologies such as distributed ledgers, differential privacy, homomorphic encryption, secure distributed multi-party computation, zero-trust architectures, proof-of-origin of data, software, or other techniques. Such an effort would involve community engagement and outreach, academic peer-review events, the establishment of governance bodies, coordination & expansion of existing standards, and the development of publicly-accessible prototypes. Collaboration with other IEEE-sponsored efforts for transactive energy systems, confidentiality and security of healthcare records and devices, and other IEEE-funded projects will help magnify digital privacy investments already in progress in these applications of emerging technologies.

Elisabetta Biasin,Burcu Yaşar,Erik Kamenjašević

DOI: https://doi.org/10.5204/lthj.3068

2023-11-21

Abstract:The regulation of cybersecurity for medical devices keeps evolving in the European Union (EU). In the past few years, new pieces of legislation have been added to the initial framework for medical device cybersecurity, including the Medical Device Regulation, the General Data Protection Regulation and the Cybersecurity Act. The Artificial Intelligence Act, the European Health Data Space Regulation and the Data Act are forthcoming laws that contain cybersecurity-related requirements applicable to medical devices. This article examines the requirements stemming from each of these, as well as their role vis-a-vis the existing legal framework. We observe that despite being comprehensive and wide ranging in their changes, these new regulations may be inadequate for the task of ensuring the cybersecurity of medical devices. In our view, this approach by the EU legislature is inadequate because it fails to foresee cybersecurity requirements in a way that is truly linked with the already existing cybersecurity laws. To help address this problem, the article offers a set of workable recommendations that EU legislators would be well advised to take on board in respect of specific regulations, as well as in general, when establishing cybersecurity-related requirements.

English Else

Kristin Westerhorstmann

2015-07-17

Abstract:Each year, the frequency and severity of cyber-attacks continue to increase. With each new threat comes more pressure on the government to implement an effective plan for preventing these attacks. The first instinct has been to attempt either to enact more laws, or to broaden the scope of already-existing laws such as the Computer Fraud and Abuse Act (“CFAA”). The CFAA, the federal hacking statute, has been called the “worst law in technology” for its excessively broad scope and vague provisions, which have resulted in arbitrary and discriminatory enforcement, conflicts with the federal private nondelegation doctrine, and in overcriminalization. In addition, significant amendments throughout the past two decades have left the protection of privacy—once a central interest of the original CFAA—minimalized to the point of forgotten. What was once a narrow statute formulated to prevent hackers from stealing government information and breaching critical infrastructure has turned into an unrecognizably broad statute that criminalizes common computer use such as deleting cookies, lying about one’s age on Facebook, or checking personal email * Chief Symposium Editor, 2015-2016, University of Miami National Security & Armed Conflict Law Review; Juris Doctor Candidate 2016, University of Miami School of Law. Thank you to Sarah Fowler, Chief Notes Editor 2014-2015, for all of your hard work, commitment, and patience. Thank you to all of my friends and family for your unwavering and constant support. A special thank you to my advisor and internet hero, Professor Mary Anne Franks, for all of your support, direction, and advice. 146 U. MIAMI NAT’L SECURITY & ARMED CONFLICT L. REV. [Vol. V:145 while at work. In order to actually combat cyber-attacks, protect people’s online interests, and remedy the problems facing the current CFAA, this Note argues that the broad, catchall language of the statute must be discarded to make way for a new, more narrow, specific framework.

Computer Science,Law,Political Science

Ejiofor Oluomachi,Akinsola Ahmed,Wahab Ahmed,Edozie Samson

DOI: https://doi.org/10.29322/IJSRP.14.02.2023.p14610

2024-04-17

Abstract:This article assesses the effectiveness of current cybersecurity regulations and policies in the United States amidst the escalating frequency and sophistication of cyber threats. The focus is on the comprehensive framework established by the U.S. government, with a spotlight on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and key regulations such as HIPAA, GLBA, FISMA, CISA, CCPA, and the DOD Cybersecurity Maturity Model Certification. The study evaluates the impact of these regulations on different sectors and analyzes trends in cybercrime data from 2000 to 2022. The findings highlight the challenges, successes, and the need for continuous adaptation in the face of evolving cyber threats

Cryptography and Security,Computers and Society

Naeem Allahrakha

DOI: https://doi.org/10.17323/10.17323/2713-2749.2023.2.78.121

2023-07-28

Legal Issues in the Digital Age

Abstract:In today’s digital world the need to maintain cyber-security and protect sensitive information is more important than ever. However, this must be balanced against the right to privacy, which is also a fundamental human right. This article provides an overview of the legal and ethical considerations involved in balancing cyber-security and privacy in the digital age. It explores the challenges of implementing effective cyber-security measures while respecting privacy rights, and discusses the current legal framework for cyber-security and privacy in various jurisdictions. The article also considers the ethical implications of balancing these two important values and suggests ways in which cyber-security and privacy concerns can be reconciled in a general context. By highlighting the importance of a careful balance between cyber-security and privacy, this article aims to raise awareness of the need for ethical and legal considerations in the development of digital technologies and their regulation.

Lawrence Gostin

DOI: https://doi.org/10.7326/0003-4819-127-8_part_2-199710151-00050

IF: 39.2

1997-10-15

Annals of Internal Medicine

Abstract:During the early 1990s, the U.S. government addressed the issue of providing universal health care to all its citizens. Although this issue has not been completely resolved, centralization of electronic data and sharing of health care information among insurers and providers have been pursued. The emergence of electronic data banks in health care has raised another issue: each citizen's right to privacy compared with the collective benefit to society when critical data on quality assurance and scientific research are shared by an array of network users. The choices we face are difficult, and the solution may necessarily reflect a compromise that alters traditional beliefs in the right to personal privacy. However, Congress can take the initiative by enacting statutes to ensure that sensitive information contained in electronic patient records is not divulged without a patient's consent and is protected against fraudulent access and abuse.

medicine, general & internal