Workshop on Ethics in Computer Security Research (WECSR 2011)

The workshop took place on March 4, 2011, after the FC 2011 program concluded. The workshop location is the Bay Gardens Hotel. There will be shuttle service from the Bay Gardens Beach Resort at 8:15am. It is a 15-minute walk from the Bay Gardens Beach Resort to the workshop venue.

(as of Mar 4, 2011)

This workshop style is highly interactive, so the times are approximate. The program has been published in the FC Workshops Volume, Springer LNCS 7126.

March 3, 2011
13:00 - 18:00
Half-day excursions (see FC program)
19:30 - 21:30
Workshop Reception

March 4, 2011
9:00 - 9:15
Opening remarks - Sven Dietrich
Session 1
9:15 - 10:00
Invited Paper 1 (Session chair: Sven Dietrich)
  • Ethical Issues in E-Voting Security Analysis
    J. Alex Halderman (The University of Michigan) and David G. Robinson (Information Society Project, Yale Law School)
    Research about weaknesses in deployed electronic voting sys- tems raises a variety of interesting ethical concerns. In addition to ethical issues common to vulnerability research, such as disclosure and the po- tential for harm, electronic voting researchers face questions that flow from the unique and important role voting plays in modern democratic societies. Should researchers worry that their own work (not unlike the flaws they study) could sway an election outcome? When elected officials authorize a security review, how should researchers address the conflicted interests of these incumbent politicians, who might exploit knowledge about vulnerabilities when they stand for re-election? How should re- searchers address the risk that identifying specific flaws will lead to a false sense of security, after those particular problems have been resolved? This paper addresses these and other questions with reference to experience from previous e-voting security reviews. We hope our provisional analysis will help practicing researchers anticipate and address ethical issues in future studies.
10:00 - 10:30
Session 2
10:30 - 12:00
Position paper: (Session chair: Nicolas Christin)
11:00 Short break

  • Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research.
    Panel moderator: Elizabeth Buchanan
    Panelists: Elizabeth Buchanan (University of Wisconsin-Stout), John Aycock (University of Calgary), Scott Dexter (Brooklyn College, CUNY) and Dave Dittrich (University of Washington).
12:00 - 13:00

Session 3
13:00 -
Invited paper 2: (Session chair: Michael Bailey)

  • Enforced Community Standards For Research on Users of the Tor Anonymity Network.
    Christopher Soghoian (Indiana University)
    Security and privacy researchers are increasingly taking an interest in the Tor network, and have even performed studies that involved intercepting the network communications of Tor users. There are currently no generally agreed upon community norms for research on Tor users, and so unfortunately, several projects have engaged in problematic behavior – not because the researchers had malicious intent, but because they simply did not see the ethical or legal issues associated with their data gathering. This paper proposes a set of four bright-line rules for researchers conducting privacy invading research on the Tor network. The author hopes that it will spark a debate, and hopefully lead to responsible program committees taking some action to embrace these, or similar rules.

14:00 Short break

  • Ethical Dilemmas in Take-down Research.
    Tyler Moore (Harvard University) and Richard Clayton (University of Cambridge)
  • Ethical Considerations of Sharing Data for Cybersecurity Research. Darren Shou (Symantec)
15:00 - 15:30
Session 4
15:30 - 16:30

Panel: Moving forward, building an ethics community
Panel moderator: Erin Kenneally (UC San Diego/CAIDA/Elchemy)
Panelists: John McHugh (RedJack/UNC), Angelos Stavrou (George Mason University), Ross Anderson (University of Cambridge), Nicolas Christin (Carnegie Mellon University)

16:30 - 17:00
Rump Session (short talks)
Please contact the program chair or the rump session chair, Elizabeth Buchanan for details/submissions.
Closing remarks (Sven Dietrich) / Adjourn

March 5, 2011

All-day excursions (see FC program)

Invited speakers

Alex Halderman
Alex Halderman photo

J. Alex Halderman is an assistant professor of electrical engineering and computer science at the University of Michigan, where his research spans computer security and tech-centric public policy. He is best known for his work developing the “cold boot attack” against disk encryption systems, for exposing the Sony DRM rootkit and other harmful side effects of DRM, and for finding security flaws in many different electronic voting systems. Recently, Halderman and his students participated in a public trial of an Internet voting system fielded by the city of Washington, D.C.; within 36 hours, they were able to take control of the servers and change every vote.

Christopher Soghoian

Christopher Soghoian imageChristopher Soghoian is a researcher, activist, blogger, and Ph.D. candidate at Indiana University. He first gained notoriety in 2006 as the creator of a website that generated fake airline boarding passes. Since that incident, he has continued to engage in high-profile activism related to privacy and computer security. In September 2009, he began working for the US Federal Trade Commission as a technical advisor to the Division of Privacy and Identity Protection.

This workshop is organized in cooperation with the International Financial Cryptography Association.