Difficult Problems in Cyberlaw

Here at Stanford, we could organize a protest. The protest would most likely occur online, and definitely through a web interface. Communication would appear authentic but participants would be paid. UbiComp sites can facilitate these types of activities. Emails are written to senators. Resturants are given positive reviews. Comments are posted, letters are sent and seemingly authentic activity is appearing online, but is created by paid individuals on crowdsourcing sites.

Should this be possible? Is it ethical to participate in these activities? What if a user is participating and decides to only write for causes they support? Is it possible or realistic to enforce regulations in this space?

Imagine a scenario wherein a middle school girl plays a puzzle solving game frequently online. She is successful and brilliant at the game, and her efforts are leveraged to solve real-live computational issues, but she is never given any compensation, social or otherwise. Her brother also finds satisfaction in tasks online on a site that awards small payments for menial tasks. On average he is able to make around minimum wage for these efforts and also finds them enjoyable, but he has no workers compensation, no union and definitely not a guarantee of pay for hours worked, as payment is awarded based on his ability to successfully complete a task according to metrics assigned by his benefactor.

They both have a choice to go elsewhere for entertainment and monetary gain, but is it ethical for the businesses perpetuating the systems to operate in this way? Is either scenario fair? Would you personally be willing, either for enjoyment or monetary compensation to participate in either activity? How could either situation be more advantageous for those participating? Are worker’s rights required for menial tasks online? Why or why not?

Does information technology raise human rights concerns? Where are the legal borders of the Internet? Is positive law the only law, or should companies take supererogatory efforts? (meaning do we stop only at laws explicitly written down?)

Yesterday our course had a round table conversation with Mark Chandler Senior Vice President, General Counsel, and Secretary of CISCO, Chuck Cosson Senior Policy Counsel of Microsoft and Dunstan Hope  Managing Director ICT Practice, Managing Director Advisory Services of Businesses for Social Responsibility. The outcomes proved to be filled with questions and difficult problems.

The Global Net Initiative (GNI) was formally launched in December 2008 and its primary goal is to further the ideals of freedom of expression and privacy online. The GNI has implementation guidelines for participating companies that outline the principles of membership. These include freedom of expression, privacy, multi-stakeholder collaboration, and governance, accountability and transparency.

Within the concept of Global Net and human rights online our course discussion centered around the roles of businesses that facilitate online infrastructure we invited guests to propose their questions and ideas about the broader spectrum of the global Internet and it’s implications for businesses, policies and human rights.

One approach to GNI issues is to allow Governments to negotiate international issues of information and distribution. This can be advantageous for tech companies especially when the issues at hand cut across industry and through global treaty obligations. We discussed the concept of re-casting encryption issues as a government to government issue, thus affecting how an entire industry gets treated rather than singling out a particular company.

Is it useful for governments to handle disputes rather than corporations? When are these debates between two enterprises rather than between two governments?

Another huge benefit of GNI is the possibility of having uninvolved agents evaluate a situation. This sets up personal relationships that allow for collaboration between industry and academia that might not otherwise be possible.The diplomacy between nations and companies is an integral part of the ideals in GNI.

If more private diplomacy works better than naming and shaming, what is the best way to publicize/inform citizens of these types of negotiations? Do citizens have a right to know about these negotiations as they are in progress?

Are human rights more of an externality for some companies than others? (externality here meaning, if they do something that affects society, does it affect their sales)  How can the Global Net Initiative incentivize smaller companies where Human Rights?

We’d love your thoughts in the comments.

Cybersecurity is an international issue spanning monetary, governmental and personal concerns. Professors Jack Goldsmith and Jonathan Zittrain led a conversation about the careful balances and difficult solutions involved.

Networks like the Internet are pervasive, yet vulnerable. Cyber attacks can be broken down into two categories, attacks and exploitations. Cyber attacks are computer network activities that change, destroy or manipulate data. Cyber exploitation is reading and potentially copying information.

Professor Goldsmith broke down cybersecurity into four threat vectors:

• remote attack, or  an attack from one computer system to another such as DOS. Narrowly and colloquially speaking a DOS (or denial of service) attack is a surplus of requests to a particular website, making it inaccessible, but more broadly speaking it is any resource that cannot interact on the network.

• supply chain attack, or something that affects critical infrastructure, such as trojan hardware or software

• exploitation, or the copying of data, such as industrial or governmental espionage, or the copying of individual personal information such as credit card numbers

• military/intelligence problem, for GPS locations and the control of UAVs(unmanned aerial vehicles)

Cybersecurity differs from other forms of security due to the type of anonymous attacks possible. From an investigative and enforcement standpoint, anyone can be an aggressor, which in turn facilitates the blur between public and private. In this way it is more difficult to identify or punish or deter aggressors, especially with the potential for delayed attacks hidden in software or hardware. How safe is your computer and what are you willing to do about it, economically, time-wise and in terms of policy support and advocacy? Where do you draw the line between security and human rights/privacy concerns for individuals? How can a government respond to attacks of unknown origin?

Interventions can be incremental or quantum, the question remains both a policy and economic debate. How can risk be calculated? Can we have the open Internet and solve the cybersecurity problem? What would a solution look like? What kind of losses are you willing to accept?

New innovations in cloud computing, or the ability to store data and computational resources online rather than on a personal computer are also susceptible to cybersecurity debates. On one hand, large storage services have higher security implemented than the average computer user, but information on aggregate becomes a more appealing target for exploitation. How can we design resilient systems that uphold against attacks (though they wont’ be perfect)?

In the coming three weeks, students from Harvard, MIT and Stanford will be tackling real-life problems of Internet commerce, governance, security and information dissemination. These problems themselves are not only conceptual issues but also identifiable struggles within their spheres. Students will be engaged with practitioners and academics–people who potentially hold the power to shape the future of these issues or at least provide the course with a sounding board to articulate better questions about the future.

An important aspect of the trajectory of this course is the students’ participation in the Internet phenomena they have chosen to investigate for these few weeks. Students will be required to understand cycles perpetuated by Reputation Defender, participate in human computing sites like Amazon Mechanical Turk and understand debates around the successes and perils of Couchsurfing.com (of course, through forums, as three weeks at Stanford is a quite lengthy amount of time to couchsurf!). The students are also offered field trips to interact firsthand with various components of the technical sphere they seek to understand including Facebook, Ebay and Google. The idea behind this immersion is to allow students the participatory (albeit “couchsurfing” free) understanding of the media they consume and now also advise.