Student Symposium in Cybersecurity Policy Abstracts

Trickle-Down Surveillance Tech and the Fourth Amendment

Abstract: Sophisticated computer investigative tools are becoming available to state and local law enforcement agents, not just federal agents, raising new privacy and security concerns. Yet, oversight of these tools remains patchwork. Courts take years to converge on the proper applicability of the Fourth Amendment to new technologies. Legislation governing such technologies emerges only rarely, most often in response to highly visible tools such as drones. Although Fourth Amendment protections have been lauded as the procedural gold standard, this paper investigates whether administrative governance of local law enforcement use of sophisticated investigative tools should be adopted to bolster these constitutional protections against technological erosion.

Systematizing Accountability Proposals: An Analysis of Risks and Incentives

Can States Make Cyber-Deterrence Work?

Abstract: This article examines conditions under which publicly observable “institutional change” by budget and personnel, which broadcast a state’s rising or extensive cyber capabilities, can deter a country’s adversaries from attacking it. The “use-and-lose” nature of cyber operations and difficulty of cyber attribution make such operations more effective in achieving tactical surprise than in deterring opponents. However, merely establishing a cyber unit and disclosing its estimated budget and personnel may increase the credibility of a state’s threat and signal to multiple audiences, including its adversaries, that a country has, or is in the process of developing, its “power to hurt.” Kostyuk’s research demonstrates that  even though the cases in which institutional change will influence a strong adversary’s choice to attack are limited, states tend to sub-optimally overinvest resources in publicly observable institutional changes. Weak states overinvest to make adversaries believe they are strong whereas strong states overinvest because they do not want adversaries to believe that they are weak states, pretending to be strong.

Logistics Rules for Hacking Back: A Framework the U.S. Government Could Implement to Enable Regulated Hack Backs

  • Author: Ernesto Zaldivar, Brown University
  • Date & Time: Saturday, April 6, 9:30 am – 10:30 am
  • Discussants: Monica Toft & Andy Ellis

Abstract: This paper examines the logistics of how hack backs could exist without escalating cyber and kinetic conflicts. The goal of the paper is not to argue for or against hacking back; no position is taken on that subject. Instead, the paper provides a set of procedures–a framework–for how hack backs could be conducted and regulated. These logistics rules anticipate potential conflicts with nation state actors and attempt to mitigate possible problems.

Viable Solution or Postponing the Problem? Dealing with the “Going Dark” Debate and its Relation to Government Hacking

Alexandre da Silva

Abstract: The debate on encryption regulation and government access to encrypted data has intensified over the years. On the one hand, law enforcement authorities have been pushing for limitation on encryption systems in order to enable criminal investigations online and on digital devices. On the other hand, both technical experts and scholars argue that any relativization of encrypted systems could compromise the security (and privacy) of their users – be them investigated parties or not. Some claim that alternative means of investigation could provide the information authorities seek without the need of compromising encryption; government hacking is one of these alternatives.

Carlos Liguori

The issue of “lawful hacking” or “government hacking” is directly related to the debate on legal regulation of cryptography. While this form of investigation seems to be essential in a connected society, it is important to understand possible security and privacy risks of different government hacking regulatory approaches. By analyzing the international encryption debate, we aim to understand if government hacking is a viable alternative to encryption regulation or just a further issue in the privacy vs. security dispute.

Overcoming the Cyberlaw Stalemate: Technological Change and International Legal Uncertainty

Abstract: Cyber conflict has in recent years been a major sticking point in great power relations. Despite states’ collective interest in stabilizing cyberspace, consensus on how to do so has for many years eluded the international community. The success of the UN GGE (United Nations Group of Global Experts) in 2015 made agreement seem within reach; however, this success was short-lived. What factors explain multilateral indecision over how, or even whether, to regulate cyberspace? Departing from existing theory which offers traction only on static outcomes, this paper provides a dynamic account of why some agreements over new technologies are sometimes easier to achieve than others. Deriving propositions from a game theoretic model, it argues that uncertainty over one’s own payoff streams, not just adversary intentions, can frustrate bargaining solutions. The paper then explores this mechanism using several case studies of historical arms control efforts.