Erin Kenneally

Risk sensitive digital evidence collection

Over the past decade or so, well-understood procedures and methodologies have evolved within computer forensics digital evidence collection. Correspondingly, many organizations such as the HTCIA (High Technology Criminal Investigators Association) and IACIS (International Association of Computer Investigative Specialists) have emphasized disk imaging procedures which ensure reliability, completeness, accuracy, and verifiability of computer disk evidence. The rapidly increasing and changing volume of data within corporate network information systems and personal computers are driving the need to revisit current evidence collection methodologies. These methodologies must evolve to maintain the balance between electronic environmental pressures and legal standards. This paper posits that the current methodology which focuses on collecting entire bit-stream images of original evidence disk is increasing legal and financial risks. The first section frames the debate and change drivers for a Risk Sensitive approach to digital evidence collection, which is followed by the current methods of evidence collection along with a cost-benefit analysis. Then the methodology components of the Risk Sensitive approach to collection, and then concludes with a legal and resource risk assessment of this approach. Anticipated legal arguments are explored and countered, as well. The authors suggest an evolved evidence collection methodology which is more responsive to voluminous data cases while balancing the legal requirements for reliability, completeness, accuracy, and verifiability of evidence.

Dialing Privacy and Utility: A Proposed Data-Sharing Framework to Advance Internet Research

The current reluctance to share systems and network data derives from gaps in the law, commercial pressures, and evolving considerations of threat models and ethical behavior. Internet research stakeholders have an opportunity to tip the risk scales in favor of more protected data sharing by proactively implementing appropriate privacy risk management. The privacy-sensitive sharing (PS2) framework integrates privacy-enhancing technologies with a policy framework. The authors evaluate this framework along two primary criteria: how well the policies and techniques address privacy risks, and how well policies and techniques achieve utility objectives. A case study applies the framework to enable network operational data sharing for cybersecurity RD.

A framework for understanding and applying ethical principles in network and security research

Current information and communications technology poses a variety of ethical challenges for researchers. In this paper, we present an intellectual framework for understanding and applying ethical principles in networking and security research rooted in the guidance suggested by an ongoing Department of Homeland Security working group on ethics. By providing this prototype ethical impact assessment, we seek to encourage community feedback on the working groups nascent efforts and spur researchers to concretely evaluate the ethical impact of their work.

Digital investigation legal editorial: The Internet is the computer: The role of forensics in bridging the digital and physical divide

Just as residue from the ridge patterns on our fingers existed before science and technology was able to ‘‘uncover’’ them by latent fingerprinting methods, digital traces of criminal activities exist on the Internet, and consequently lie dormant because we are only beginning to develop and deploy tools and techniques to identify, manage, and model solutions to probing questions related to digital crimes. Cyber forensic investigations occur in varying degrees throughout the fields of computer security and incident response, network forensics, and law enforcement investigations, yet in all contexts involve the recognition, recovery and reconstruction of investigatory leads and evidence. In the context of investigations, the source-artifacts for evidence and leads are often ‘‘siloed’’ into investigation data from structured law enforcement reports, or data from examinations of computers involved in a crime. No longer are artifacts relegated to data in reports, and no longer is the standalone computer exclusively a target or tool used in criminal activity. The Internet itself has become a breeding ground for primary and secondary sources of evidence in the search for truth, as well as harboring the seeds to predict future malfeasance.

A refined ethical impact assessment tool and a case study of its application

Research of or involving Information and Communications Technology (ICT) presents a wide variety of ethical challenges and the relative immaturity of ethical decision making in the ICT research community has prompted calls for additional research and guidance. The Menlo report, a revisiting of the seminal Belmont report, seeks to bring clarity to this arena by articulating a basic set of ethical principles for ICT research. However the gap between such principles and actionable guidance for the ethical conduct of ICT research is large. In previous work we sought to bridge this gap through the construction of an ethical impact assessment (EIA) tool that provided a set of guiding questions to help researchers understand how to apply the Menlo principles. While a useful tool, experiences in the intervening years have caused us to rethink and expand the EIA. In this paper we: (i) discuss the various challenges encountered in applying the original EIA, (ii) present a new EIA framework that represents our evolved understanding, and (iii) retrospectively apply this EIA to an ethically challenging, original study in ICTR.

Cyber Research Ethics Decision Support (CREDS) Tool

This work introduces an applied research and development project, the Cyber Research Ethics Decision Support (CREDS) tool. This effort is motivated to operationalize a decision support methodology, conceptual framework, and an interactive online tool to identify, reason, and manage ethical and legal issues related to cyber-based research (e.g., network and system security). The objectives of the tool are to facilitate research that minimizes potential harm while enabling innovation, and to advance the collective dialogue between and among researchers, oversight entities and policymakers about research ethics principles and practices. The functional goals include: estimating and communicating ethical risk; identifying potential impacts of technology; and measuring and improving judgment and reasoning. The methodology involves deriving principles and practices from established law, ethics and best practices, and then using that output to drive the underlying logic of the tool. The CREDS tool is intended to be a resource for the entire community to engage repeatable and transparent decision making in an effort to prevent unattended harm, diminished public trust, and reputational blowback by association arising from undifferentiated comparisons to public or private surveillance and cyber opportunism.

Moving forward, building an ethics community (panel statements)

The organizing question around which this panel at WECSR 2011 rallied was how to move toward building a nation-state-agnostic ethics community in computer security research.