Encryption policy and cybersecurity
The presentation discusses the relations among cybersecurity, insider threats and encryption. It then recommends organisational IT policies and national cybersecurity policies that can be adopted to prevent and protect against insider threats.
IAEA Advanced, Practitioner-Level Training Course on Preventive and Protective Measures against Insider Threats, Antwerp, 8 September 2022
Technology, laws and values of encryption
The presentation will provide an overview of the technology, laws and values of encryption. It will explain the technical principles and protocols, laws and legal rules, and social norms and values that underlie this technology. The aim of the presentation is to set out the various contexts and considerations that need to be taken into account when discussing encryption regulation in Aotearoa New Zealand.
TeLENZ Webinar Series: Regulating Encryption in New Zealand, Hamilton, 27 April 2021
Matters of trust, privacy and security: An examination of the technical, legal and social principles and values of encryption
In this presentation, we will summarise the key technical principles and rules that underlie encryption. We will then relate this to the legal rules that apply to encryption. There is a common belief that, aside from export control rules, encryption is not subject to regulation. Based on our research, we found that encryption is in fact already regulated by various laws. We will discuss what these laws are and how they impact the development, implementation and use of encryption. Finally, we will discuss how people in New Zealand prioritise and understand the fundamental principles and values of encryption (most especially trust) and how these can be reflected in any proposed encryption laws and policies.
18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Rotorua, 7 August 2019
The significance of "yet another manifesto"
Manifestos are an integral part of social, political and cultural movements and revolutions. They are normally published during times of great crises and upheavals in society. Written in declarative and exhortative language, manifestos are expressions of people’s higher goals and ideals as well as calls to action to come together and transform society. Given the significant role that manifestos play in igniting and bringing about social change, it is not surprising that, like other countercultural movements, hacker culture too has a rich tradition of manifesto making. As a form of polemic and prescriptive discourse, hacker manifestos reveal the norms that guide their behavior and the values that drive their actions and aspirations. From Steven Levy’s oft-cited distillation of the “Hacker Ethic” to The Mentor’s “The Hacker Manifesto” and up to “The Maker’s Bill of Rights”, these hortatory statements for and about hacker culture are essential sources and materials for understanding the meaning and impact of hacking on society. In examining the various forms and examples of hacker manifestos, this presentation further aims to catalog and describe the norms and values that different types of hackers commonly share and perform.
OHM2013 Conference, Oudkarspel, 2 August 2013
Understanding the rules of a networked world: A pluralist and interdisciplinary approach to the study of law, technology and society
With the ever-increasing informatization and technologization of society, non-state actors and scientific and technical rules are playing a greater role in the operation and governance of a connected world. This presentation argues that, in order to better understand who and what governs the networked information society, it is important to develop and adopt a pluralist conception and an interdisciplinary methodology to the study of law, technology and society. On a conceptual level, this means coming to terms with the plural legal and extra-legal rules, norms, codes, and principles that influence and govern behavior. With regard to method, this requires adopting an interdisciplinary socio-techno-legal approach that combines the fields of technology law, socio-legal studies and science and technology studies. The proposed pluralist approach can be usefully applied to the matter of hackers and hacking. From a pluralist perspective, hacking is not a problem to be solved by the state but is a creative and normative activity that needs to be constructively recognized and encouraged. Adopting a pluralist and interdisciplinary approach to law and technology study can be valuable since multiple persons, things and rules do profoundly shape the world we live in.
VSR Conference: Complexiteit, superdiversiteit en de rechtsstaat, Doorn, 18 January 2013
Significance of trust to technology law and policy
The main aim of this presentation is to examine the significance and implication of trust on technology law and policy, specifically with regard to cybersecurity. The presentation will explain the various meanings, types and constructs of trust including distrust. It will then discuss how these various conceptualisations and experiences of trust apply in the case of cybersecurity. The presentation will thereafter recommend general principles and policies on how to incorporate and develop trust in cybersecurity law and policy. The presentation will conclude with a brief summary and reflection on the importance of trust to the regulation of technology.
2022 New Zealand Conference on Law and Technology: Education, Practice and Policy, Auckland, 8 September 2022
A socio-legal analysis of the conceptions of privacy and information security in relation to the laws of encryption
This paper presentation will discuss what their varying conceptions or notions of privacy and information security are in relation to encryption and compare these with the applicable laws. This paper will explain why the most pertinent laws are not the oft-cited privacy and data protection laws but are those that concern law enforcement and criminal procedure. This paper argues that the rights of the accused and other rules involving criminal investigations and proceedings are germane to the issue of privacy and security in a digital and connected society.
Socio-Legal Studies Association 2021 Annual Conference, Cardiff, 31 March 2021
Encryption and the Manifold Meanings of Security
The encryption dilemma (i.e., the seeming irreconcilability between security and privacy) has been the subject of constant debates since the so-called Crypto Wars in the 1990s. This presentation does not intend to resolve this enigmatic problem. However, it will focus on a related area that requires further elucidation: What is the meaning of security in relation to encryption? In the field of cryptology, security has multiple meanings. For instance, security can be understood in terms of disparate concepts or notions such as national security, information security, confidentiality, data protection, and secrecy of communications. Knowing which particular meaning or concept of security applies in a given context or situation may help clarify and advance the discussion of how to properly deal with encryption both nationally and internationally. This presentation draws on an ongoing research project that examines the principles, values and impact of encryption in New Zealand.
The Waikato Dialogue: The Implications of Emerging Disruptive Technologies for International Security and New Zealand Symposium, Hamilton, 20 September 2018
The maker movement: Reforming the image of computer hackers in law and popular culture
This presentation will analyze the relationship between law and the representation of computer hackers in popular culture. The word “hacker” still has strong negative connotations. In the public mind, it conjures up images of malicious outsiders who use their technical skills to steal information or cause damage to computer systems. But this popular and entrenched perception of hackers is based on a problematic stereotype that neither completely nor accurately captures the true nature and full diversity of computer hackers and hacking. This presentation explains how and why the fear, uncertainty and doubt about hackers began in the 1980s, and came about due to the confluence of the one-sided representations of hackers in film and other mass media and the desire of the law to regulate the then burgeoning field of computers by enacting cybercrime laws and other anti-hacking statutes. The unfair depiction of hackers in both popular culture and law produced the twin outcomes of the demonization and criminalization of hackers. There have been attempts, however, by hackers to counteract and reform these negative portrayals and labels. The “maker movement” presents a more positive and constructive conception of computer hackers that is more in tune with the original meaning of hacking, which is about creativity and community. This presentation will discuss how the public image of makers and hackerspaces can improve the legal and popular perceptions of hackers.
Law and Popular Culture Conference,
Tilburg, 7 June 2013
IT wants to be freed: Hackers and the evolution of technology regulation
In response to the spate of high profile hacks and data security breaches committed by the groups Anonymous and LulzSec, the European Parliament has recently proposed a Directive that will criminalise attacks against information systems (so-called "cyber attacks") and update European cybercrime laws. This is not the first nor the last instance of hackers having an impact on information technology (IT) law, policy and practice through their intentional acts or the unintended consequences of their actions. While hackers do not normally engage with or participate in formal processes of state law making, they have had a hand in the development of technology regulation. This presentation argues that hackers, through their acts of freeing information and liberating technology, have helped shape how behaviour is regulated and governed in an increasingly digitised and connected world. This presentation will survey the evolving legislations, policies and case law concerning hacking beginning with the mainframe computer hackers in the 1950s up to the present day online hacktivists. Specifically, it will examine the mutual shaping of hacker norms, values and tools and technology regulation.
SCRIPT Conference: Law and Transformation, Edinburgh, 6 June 2012
The critical role of technical and social principles and values in encryption regulation
Governments around the world have been proposing various ways to regulate encryption since the widespread presence and use of computers and the internet in the 1990s. Law and policymakers have unsurprisingly taken a very law-centred approach to regulating encryption. But focusing solely on the laws and legal aspects of encryption without sufficient recognition of its technical and social contexts and conditions can result in the adoption of laws that are either ineffectual or unacceptable to the relevant stakeholders or society as a whole. This presentation will discuss the attendant technical and social principles and values of encryption that must be considered when seeking to develop appropriate laws and policies. Through the examination of the often overlooked technical and social dimensions of encryption, this presentation can provide key insights into how to better regulate encryption and technology more generally.
New Zealand Symposium on Law and Technology: Education, Practice and Policy 2021, Auckland, 1 July 2021
Cyber- space, law and diplomacy
In this brief presentation, I will share my initial thoughts about the overlapping domains of cyber- space, law and diplomacy.
CYDIPLO Conceptualising Cyber Diplomacy Workshop, Leiden, 25 March 2021
A socio-legal approach to hacking
Hacking is perennially the subject of much study and debate and has been examined using various disciplinary theories and perspectives. Despite being yet another proposed theory about hacking, this talk will discuss potentially useful concepts, methods and frameworks to better analyze and understand hacking in relation to law and society. This presentation will delve into such topics as the meanings and elements of hacking, the significance of values and ethics, and the relationship between hacking and law from the viewpoint of socio-legal studies.
Interference Conference, Amsterdam, 15 August 2014
Hacker norms and technology laws
Hackers have a tendency to both directly and indirectly influence technology laws and policies. Throughout the history of computing, a number of cases illustrate hacking’s impact on technology regulation. Legislators, for example, made full (albeit unfair) use of the unfounded fear about hackers to enact computer fraud and abuse laws in the 1980s. Hackers, in a more active role, subverted the traditional uses of copyright and contract laws in relation to intellectual property and made a licensing model that ensures that software and other forms of creative work remain free and open for people to use, access, modify and distribute. In addition to describing the various instances when hackers helped shape technology legislation, this presentation seeks to explain the possible reasons behind hacking’s propensity to affect the legitimacy and effectiveness of laws. It will discuss how the norms and values of hackers, together with their tools and technical expertise, are potentially key determinants of their ability to transform technology regulation. It is argued that since technologies like open source hardware and software embody deeply held norms and values such as openness, freedom of expression, transparency and autonomy, laws that attempt to control these and other technologies will be contested by and face strong opposition from hackers.
eth0:2013 Winter Conference, Lievelde, 23 February 2013
Connecting Lessig's dots: The network is the law
This presentation will analyse the different ways by which law has been mapped, modelled and graphically represented in relation to and within the context of the inter-networked society. Starting with Lawrence Lessig's illustration of the "pathetic" dot and how it is subject to four modalities of regulation (law, social norms, the market and architecture), this presentation will examine Andrew Murray's three-dimensional regulatory matrix and John Griffiths' representations of law vis-à-vis semi-autonomous social fields. By analysing the various theories and methodologies that underpin the different network-based approaches to mapping law in the information society - namely, systems theory, actor-network theory and legal pluralism - this presentation argues that it may be more fruitful for those engaged in socio-techno-legal studies to focus less on what law is but where it is to be found. By studying the plural and ever reconfiguring relations among social actors in the network society, law and information technology research becomes less about discovering the laws of networks but becoming aware that the network is the law.
Gikii V Conference, Edinburgh, 29 June 2010