Workshop on Ethics in Computer Security Research (WECSR 2011)
The workshop took place on March 4, 2011, after the FC 2011 program concluded. The workshop location is the Bay Gardens Hotel. There will be shuttle service
from the Bay Gardens Beach Resort at 8:15am. It is a 15-minute walk from the Bay Gardens Beach Resort to the workshop venue.
(as of Mar 4, 2011)
This workshop style is highly interactive, so the times are
approximate. The program has been published in the FC Workshops Volume, Springer LNCS 7126.
|13:00 - 18:00
|Half-day excursions (see FC
|19:30 - 21:30
|9:00 - 9:15
|Opening remarks - Sven Dietrich
9:15 - 10:00
|Invited Paper 1 (Session chair: Sven Dietrich)
- Ethical Issues in E-Voting Security Analysis
Halderman (The University of Michigan) and David G. Robinson
(Information Society Project, Yale Law School)
Research about weaknesses
in deployed electronic voting sys- tems raises a variety of interesting
ethical concerns. In addition to ethical issues common to vulnerability
research, such as disclosure and the po- tential for harm, electronic
voting researchers face questions that flow from the unique and
important role voting plays in modern democratic societies. Should
researchers worry that their own work (not unlike the flaws they study)
could sway an election outcome? When elected officials authorize a
security review, how should researchers address the conflicted
interests of these incumbent politicians, who might exploit knowledge
about vulnerabilities when they stand for re-election? How should re-
searchers address the risk that identifying specific flaws will lead to
a false sense of security, after those particular problems have been
resolved? This paper addresses these and other questions with reference
to experience from previous e-voting security reviews. We hope our
provisional analysis will help practicing researchers anticipate and
address ethical issues in future studies.
|10:00 - 10:30
10:30 - 12:00
|Position paper: (Session chair: Nicolas Christin)
11:00 Short break
- Human Subjects, Agents, or Bots: Current Issues in Ethics
and Computer Security Research.
Panel moderator: Elizabeth Buchanan
Buchanan (University of Wisconsin-Stout), John Aycock
(University of Calgary), Scott Dexter
(Brooklyn College, CUNY) and Dave Dittrich
(University of Washington).
|12:00 - 13:00
|Invited paper 2: (Session chair: Michael Bailey)
14:00 Short break
- Enforced Community Standards For Research on Users of the
Tor Anonymity Network.
Security and privacy researchers are increasingly taking an interest in
the Tor network, and have even performed studies that involved
intercepting the network communications of Tor users. There are
currently no generally agreed upon community norms for research on Tor
users, and so unfortunately, several projects have engaged in
problematic behavior – not because the researchers had malicious
intent, but because they simply did not see the ethical or legal issues
associated with their data gathering. This paper proposes a set of four
bright-line rules for researchers conducting privacy invading research
on the Tor network. The author hopes that it will spark a debate, and
hopefully lead to responsible program committees taking some action to
embrace these, or similar rules.
- Ethical Dilemmas in Take-down Research.
Moore (Harvard University) and Richard Clayton
(University of Cambridge)
- Ethical Considerations of Sharing Data for Cybersecurity
|15:00 - 15:30
15:30 - 16:30
Panel moderator: Erin Kenneally
(UC San Diego/CAIDA/Elchemy)
Panelists: John McHugh (RedJack/UNC), Angelos Stavrou (George
Mason University), Ross
Anderson (University of Cambridge), Nicolas Christin
(Carnegie Mellon University)
|16:30 - 17:00
|Rump Session (short talks)
Please contact the program chair or the rump session chair, Elizabeth Buchanan for details/submissions.
|Closing remarks (Sven Dietrich) / Adjourn
|March 5, 2011
|All-day excursions (see FC
J. Alex Halderman is an assistant
professor of electrical engineering
and computer science at the University of Michigan, where his research
spans computer security and tech-centric public policy. He is best
known for his work developing the “cold boot attack” against disk
encryption systems, for exposing the Sony DRM rootkit and other harmful
side effects of DRM, and for finding security flaws in many different
electronic voting systems. Recently, Halderman and his students
participated in a public trial of an Internet voting system fielded by
the city of Washington, D.C.; within 36 hours, they were able to take
control of the servers and change every vote.
is a researcher, activist, blogger, and Ph.D.
candidate at Indiana University. He first gained notoriety in 2006 as
the creator of a website that generated fake airline boarding passes.
Since that incident, he has
continued to engage in high-profile activism related to privacy and
computer security. In September 2009, he began working for the US
Federal Trade Commission as a
technical advisor to the Division of Privacy and Identity Protection.
This workshop is
organized in cooperation with the International