Cybernetic diasporic safe places

AUTHOR
Ananda Mitra

ABSTRACT

One of the most significant developments of the twentieth century has been the way in which people are able to move from one geographic location to another. With the advent of transportation technologies, it is now possible to efficiently and affordably travel great distances. For the West (developed nations) a significant impact of that process has been the influx of immigrants from the East (developing nations). For the people who have immigrated the impact has been on the loss of a sense of spatial stability and an emerging angst over identity as the dwelling place (the original Greek word for which is indeed ethos) of the diasporic people has changed. Furthermore, such displacements have been particularly problematized in a post-9/11 World where the West has become wary of the Other, and the Other, in turn, has had the urgent need to find a “safe” place in the West where the identity anxieties can be resolved. The idea of safety has thus become particularly problematized in a real world where the threats of terrorism, for instance, have produced threats to privacy and identity in real life. For instance, the increasing incidence of “hate crimes” in the United States becomes an indicator of the way in which the diasporic immigrants have to reconsider the safety of their real dwelling place as well as invent new dwelling places, perhaps in the virtual, where they can feel safe.

In this essay I would propose that the virtual space produced by the burgeoning Internet could provide such a safe place for the diasporic people. This proposition is grounded in two other theoretical premises. First, it has been suggested that cyberspace can be theorized as a discursive space where people with traditionally low “speaking capital” can find a voice (Mitra, 2001). By gaining that voice, a sense of agency develops which brings with it the ethical demand of speaking in a responsible fashion. At the same time, the speaking capital obtained on the Internet calls into questions the authenticity and trustworthiness of the many voices that could often be speaking together. Eventually, the sense of place is produced around the discourses that make up the fabric of the virtual, which remains embedded in the real.

The fact that the virtual is intimately tied to the real is the second key component of the current perspective since it has been argued that interaction with the virtual cyberspace necessarily happens within the context of the real spaces occupied by Netizens thus producing a synthetic cybernetic space which is defined by the material practices of a “real” geographic space and the “virtual” discursive space (Mitra and Schwartz, 2001). Consequently the construct of cybernetic space is built on the premise that real space is constantly being transformed and re-negotiated by the emergence of the virtual space that itself attempts to mimic the real. As a consequence it becomes urgent to consider the interaction between the discursive virtual place and the real material space. The advent of tools, such as portable computers with seamless Internet access, that allow the simultaneous tethering in the virtual and the real increases the possibility that people constantly dwell in cybernetic space.

Using these two perspectives it is possible to examine the way in which diasporic individuals and groups use their voices to create the discursive virtual while their everyday lived practices are embedded in the real. I argue that for people in diaspora the synthetic cybernetic space could produce the ethos or dwelling place where they can perhaps produce a sense of safety around familiar voices and discourses. This is particularly important to consider at this moment in time precisely because the sense of safety could be disappearing from real life. There is ample evidence of the increasing anxiety in real life as the diasporic, who are always already marginalized, find their voices and discourses increasingly controlled and censored.

These propositions and arguments would be supported using the discourses from a variety of web sites maintained and used by immigrants in diaspora. As pointed out earlier, immigrants have been particularly active in producing web sites that address many of their concerns that can not be discussed in the real-life public sphere. In this analysis the focus is primarily on the digital discourses produced for and by immigrants from India who have been particularly prolific in creating the web presence and utilizing the web to produce a sense of community. I would suggest that the ethos of the Indian diaspora is at a turning point as Indian immigrants are constantly re-thinking their speaking position and their diasporic dwelling place by living in the cybernetic world produced at the intersection of the real new places of the West and the virtual old places of the East. In the end, the analysis could suggest that, for those in diaspora, the Internet can influence the inevitable crisis of identity and the anxiety related to that crisis. Perhaps as the ethos of diaspora transforms and the diasporic spend more time in the cybernetic space producing and circulating their authentic voice an ethical response will be demanded by these voices as they attempt to carve out their diasporic safe spaces. The strategy mobilized by those in diaspora can eventually be appropriated by others who also feel a need to voice themselves in the virtual to produce a cybernetic safe space.

REFERENCES

Mitra, A. (2001). Diasporic voices in cyberspace. New Media and Society, 3, 1, 29-48.

Mitra, A. and Schwartz, R. L. (2001). From Cyber Space to Cybernetic Space: Rethinking the Relationship between Real and Virtual Spaces. Journal of Computer Mediated Communication, 7(1).

Cyberethics and the South African Electronic Communications and Transactions Act

AUTHOR
DP van der Merwe, L Pretorius and A Barnard

ABSTRACT

In this paper we explore the relationship between personal ethics, public morality and external regulation by means of, among others, legislation. This conceptual continuum is also prevalent in the domain of information technology and cyberspace and is in accordance with Lessig’s paradigm as discussed by Spinello (2002) which distinguishes the four modalities of regulation of cyberspace, namely law, norms, the market and architecture (or code). We focus on three of these modalities, viz. law, norms and architecture.

Gleason and Friedman (2003) argue that “the development of particular cyberspatial norms” will benefit all the actors involved in online collaboration. They furthermore state that “efforts should be made to articulate a conceptual model of cyberspace that respects its unique attributes – one that is accessible to both the actors that will take lead organizing and regulating cyberspace, and, more importantly, the citizens of the world who will hold those actors accountable”. In the context of this accountability we consider the possibility that human decision-making (and the ethical values which this implies) might be superseded by structuring machine architecture (code) in such a way that human decision-making may be appreciably reduced. Furthermore, attempts to regulate cyberspace by means of legislation is at present awarded prominence on a global level by governments in part due to the pervasive nature of Internet technology. It is within this context that we evaluate the new South African Electronic Communications and Transactions (ECT) act (Act No. 25, 2002) and its implications for the other modalities under consideration.

The “ECT Act” (as it has come to be known) is of great strategic importance for the entire African continent as it struggles to move from a mainly agrarian economy into the brave new world of the Internet, in particular e-commerce. Since South Africa has been one of the first African countries to adopt this type of legislation, it is plausible to speculate that the ECT Act might serve as a model for the entire continent. This seems even more likely, given the initiative of NEPAD (New Partnership to Promote Africa’s Development) to empower Africa economically. This gives credence to the investigation and analysis of this act independently of legislation adopted in Europe, the US and elsewhere.

We consider a number of the issues dealt with in the new South African ECT act. Among others we identify which topics are currently covered by this act; viz. e-mail, the Internet, cybercrime and evidence, jurisdiction, domain names, consumer protection and defamation. Issues absent from the act in its current format comprise most of the area of intellectual property (save for domain names), taxation and a compulsory regime on privacy. One of the most controversial clauses in the ECT Act, which has also raised a number of ethical issues, has been the matter of domain names. The South African government intended to form a non- profit domain name authority, of which it would be the only member and shareholder under an exemption from the South African Companies Act. Government reasoned that it had the duty to administer the .za domain as a national asset.

The idea of a Government controlled domain name authority elicited ferocious response from the private sector, particularly from the company Namespace. The latter had constituted itself into a non-profit company on the 21st of August 2001 in order to administer the .za domain. This move was widely regarded as a pre- emptive move by the Internet community to prevent Government from taking exclusive control of the registration process. Government’s reaction however was swift. An ECT Bill tabled to Parliament in November 2001 made provision for a government controlled domain name authority. About ninety percent of official commentary on the ECT Act, which deals with about twenty additional topics, was centred on the domain name issue.

We subsequently explore the notion that regulation in itself in not sufficient to guarantee acceptable normative behaviour in cyberspace. Actors in cyberspace also need to demonstrate ethical and moral principles and behaviour. For example, the South African ECT act affords a data collector the option to respect and implement online privacy protection of collected data (Act No. 25, 2002 sections 50-51), and does not enforce such behaviour but rather relies on the integrity exhibited by said data collector. The SA Law Commission is of the opinion that this alone is not sufficient to guarantee citizens’ constitutional right to privacy (section 14 of Act No. 108 of 1996) and is consequently preparing concept legislation in this regard. Nonetheless, the SA Constitution also gives citizens the right of access to public and private information (section 32 of Act No.108 of 1996) and it is not yet clear how conflicts between these two constitutional entitlements (of concealing and revealing) will be resolved.

Tension also exists between decision-making freedom and autonomy on the one hand and regulation or constraint by means of law or IT architecture on the other. In the spirit of Goldberg, Wagner and Brewer (1997) which asserts that regulation in term of the “laws of mathematics” (i.e. information technology) should be pursued in conjunction with the “laws of men” (i.e. legislation), one should consider certain restrictions imposed by information technology architecture on the decision-making freedom, autonomy and privacy of the individual. Lawrence Lessig (1999) warns that in cyberspace the the designers of software and hardware may increasingly resort to the modality of IT architecture because they do not at present consider the modalities of law, norms (and the market) to be effective. This warning seems to have gained added weight from the announcement by Microsoft of its Next-Generation Secure Computing Base (NGSCB), code-named “Longhorn”, a new hardware and software design that enables new kinds of secure computing capabilities for providing “enhanced data protection, privacy and system integrity” (Microsoft Next-Generation Secure Computing Base – Technical FAQ, 2003).

By increasing ethical awareness and ethical behaviour in cyberspace and by introducing and evaluating the relevance and appropriateness of legislation, we contend that such extreme measures as envisaged by Lessig and applied by Microsoft, may not be necessary.

REFERENCES

Act No. 25 (2002). The South African Electronic Communications and Transactions Act.

Act No.108 (1996). The South African Constitution.

Gleason, D.H. and Friedman, L. (2003). The social construction of cyberspace, Proceedings of the fifth international conference on Computer Ethics – Philosophical Enquiry, Boston College, Chestnut Hill, MA, pp.41-51.

Goldberg, I., Wagner, D. and Brewer, E. (1997). Privacy-enhancing technologies for the Internet, IEEE COMPCON, (97), 1997, February, http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www/privacy-html.html accessed on 15/11/2002.

Lessig, L. (1999). Code: and other laws of cyberspace. Basic Books, New York.

Microsoft Next-Generation Secure Computing Base – Technical FAQ (2003). http://www.microsoft.com/technet/security/news/NGSCB.asp?frame=true accessed on 20/11/2003.

Spinello, R. A. (2002). Case Studies in Information Technology Ethics. 2nd Edition. Prentice Hall.

Intellectual Property Rights Issues in Information Society

AUTHOR
D G Medhi and Hiren K D Sarma

ABSTRACT

Technological advancement in the twentieth century was tremendous. Introduction of Information Technology has changed the working environment in an organization and daily life of individuals. In a bigger sense it has brought a drastic change to the society. Impact of information technology on the society can be observed in both the directions, positive and negative. If we consider as an employee in an organization the protection of individual work is an issue. Again if we consider an organization (specially an IT industry) as a whole, the protection of their product against illegal use is another important issue. For both the cases there is a strong necessity of legal framework for the proper protection of right. It is known that patent is an exclusive right granted for an invention, which is a product or a process that provides a new solution to a problem. Therefore, a patent provides protection for invention to the owner of the patent for a limited period. Here, patent protection means that the invention cannot be commercially made, used, distributed or sold without the patent owner’s consent. Then there is a fundamental question – what kind of invention can be protected? There is a constant argument going on regarding software products or computer programs, whether they are patentable or not. As the patent rules differ form country to country, in a few countries some softwares are patented, but in India the rules do not allow to patent softwares or computer programs. For example, in US Patent No 504,579 there is a claimed and disclosed method and device for automatically controlling the period of photographic development and a photosensitive material for the purpose of obtaining a substantially same or optimum photographic development result at various temperatures. Utilizing the knowledge of a certain relation between the time period of photographic development and the temperature of the photographic developer which will produce a same photographic development result, the time period of photographic development is adjusted, for instance, by changing the speed of a conveyor carrying the photosensitive material through the photographic developer. The mentioned relationship may not be always expected by a linear function with a desired accuracy but may be approximated with a desired accuracy by means of various mathematical functions such at polynomial and irrational functions.

This patent is based on computer programs and it was allowed because technical effects were produced by the operation of the computer programs. It can be concluded that if no technical effects were produced, no patent will be available in respect of the programmed computer. And this indicates computer programs are also patentable.

Patents provide incentives to individuals by offering them recognition for their creativity and material reward for their marketable inventions. These incentives encourage innovation, which assure that the quality of human is continuously enhanced. Therefore, it is believed that the process patent can play a great role in technological advancements. This is true for information society also. If the issue of software patent is considered, there are two directions. In one direction, protection of right of an individual may be considered. In the other direction, protections of right of an organization may be considered if the invention is from within the organization. A patent can really motivate an individual or encourage an organization for more advancements. Here in this paper, the necessities of proper protection of individual rights in IT industries are discussed elaborately. For the case studies different IT industries in India are considered and a few professionals are interviewed.

Another issue is the patent duration. It is observed that the durability in terms of years against a patent varies from countries to countries. Without any improvement or addition to an innovation, the patent against the innovation is going to be lost after a particular duration. Here we are addressing this issue in the global context.

Again information and communication technologies have an important role in introducing the concept of global village. Mobility of people and product has increased rapidly. Therefore, it is felt that there is a need of a global information society where rules and regulations will be implemented in a global context. It is worthy to feel the necessity of uniform rules and regulations regarding the protection of inventions related to software or computer programs regardless of geographical regions.

In this paper the authors address the issue of software patent. For this, several IT professionals are consulted. Their views are considered in drawing the inferences regarding this issue. The paper also investigates the issue of the necessity of global information society with uniform rules and regulations. Several sets of statistical data based on the consultation with IT professionals are presented with the help of bar diagram and pi-chart.

Privacy Policies Online

AUTHOR
Steve McRobb and Simon Rogerson

ABSTRACT

Many authors have identified fears about a lack of personal privacy online as a major disincentive to the take-up of e-commerce by private consumers. The publication of a privacy policy is encouraged by ICT industry groups such as the Online Privacy Alliance, and by online certification bodies such as TRUSTe. Privacy policies are taken to reassure the wary, and thereby to overcome the disincentive to trade. Many authors have identified the simple presence or absence of a privacy policy as one of the key determinants of trust for consumers at the point of deciding whether or not to commit to an online transaction. Once a privacy policy exists on an organisation’s website, further questions arise regarding its content, its organisation, its visibility, its style, etc.

This paper reports on the second major phase of an ongoing research project into the practical measures taken by organisations to publish their online privacy policies. The research began, fortuitously, just before the September 11 World Trade Centre attack and the implementation of the EU Privacy Directive, and these have provided the authors with an unparalleled opportunity to examine some aspects of the dynamic nature of trust in online commerce.

The first phase (in preparation for publication at the time of writing) was based upon a survey undertaken early in September 2000, when a total of 113 disparate websites were identified that included some kind of explicit privacy policy and the visibility and content of the policy was analysed. The dataset proved surprisingly rich, and the analysis undertaken to date has barely scratched its surface. The analysis was set in context by relating it to a discussion of the nature and role of trust in online relationships. This highlighted a number of issues that need further attention on the part of some of the organisations in the survey.

This second phase of the study is based on a survey of the same sites that was undertaken late in 2002. A number of analyses have been carried out based on the two datasets now available for investigation. Firstly, a comparative analysis has been undertaken using the same techniques to determine what changes have taken place in the intervening two years. Further conclusions are drawn from this comparison, including (but not limited to) some of the possible effects on online privacy policies of intervening world events.

In addition to the straightforward comparisons enabled by the collection of similar data about the same organisations over a two year sampling interval, some further analysis has also been undertaken of both datasets. Reflection on the interim results of the first phase of the survey has prompted several further research questions. In particular, an effort has been made to determine the interaction between organisation characteristics (such as sector, size, nationality, etc) and privacy policies. This sheds further light on the significance of privacy policies for online commerce.

The work is ongoing. It is anticipated that the findings presented here, and the reactions of colleagues at conference and elsewhere, will, in turn, prompt further questions that may be asked of the existing data. It is also anticipated that further research directions will be identified, prompting still further research that is yet to be designed in any detail. A further survey is already planned for 2004, and other spin-off projects are currently under consideration.

Post September 11th Security concerns: the threat to Internet Privacy

AUTHOR
Karen McCullagh

ABSTRACT

Cain postulates that prior to 11 September 2001, discussions about privacy regulation focused almost exclusively on uses of personal information in e-commerce transactions. However, post September 11th, attention is centered upon issues of national and international security. (Cain, 2002, p.32) Indeed, post-September 11th security concerns have led to the formulation of a range of legislative measures, which promote surveillance and data retention and have culminated in restricted data protection and privacy safeguards for users of ICT. This paper seeks to examine whether the privacy invading surveillance and data retention measures are proportionate to the security threat posed?

Privacy: This paper begins by examining various concepts and functions of privacy. It is argued that the Internet does not create new privacy issues rather, it makes issues such as confidentiality, authentication and integrity of the personal information and correspondence transmitted more difficult to control and secure. It explores the positive attributes of privacy and outlines why it is vital in a liberal, democratic society. This leads us to the question of what level of privacy is acceptable to the majority of the populace? Under what circumstances surveillance may be permitted, or even considered desirable? It is suggested that neither total privacy nor a total loss of privacy are desirable, and indeed that citizens are willing to trade-off their right to privacy in certain limited circumstances. In the process of examining under what conditions, if any, may privacy be invaded, the issue of whom should regulate privacy? and what controls are needed to regulate privacy? are explored.

Surveillance: Moreover, there are major concerns about the opportunity the Internet provides for mass surveillance by governmental organizations and law enforcement bodies both at a national and international level. This necessitates an exploration of the concept of surveillance, the role played by ICT in surveillance and the functions served by surveillance. The aim is to determine whether privacy and surveillance are at opposite ends of the spectrum? Does the general populace accept and support the need for surveillance? Under what circumstances should surveillance be permitted/desirable? For example, are people willing to accept a trade-off of personal information for services/funding they require? Are there surveillance practices which are not acceptable, for example those which the individual does not have knowledge of, or has not consented to? It is suggested that anonymity is not a panacea for online privacy protection.

Security: This merits an exploration of the implications of using ICT to promote security and investigates whether privacy and security are necessarily at the opposite ends of the spectrum? It is postulated that the balance between security and privacy has never been static, shifting in favour of security when faced with significant threats to public safety and national security. In concurrence with Cavoukian it is asserted that caution must be exercised to ensure that the legislative measures restricting privacy and fostering data retention and surveillance are proportionate to the security risk posed to society. (Cavoukain, 2002, p.15). Furthermore, it is submitted that privacy and security are necessarily interrelated and interdependent. Therefore neither principle should ever be applied to the exclusion of the other, as they are both essential tenets of a liberal democratic society.

Data retention: This leads to an exploration of legislative measures authorizing data retention? What function does it serve? Are current legislative measures for protecting privacy and permitting data retention adequate and effective? Do data retention techniques guarantee the security of society? It is submitted that the security ‘intelligence’ failure of the September 11th attack was a failure of existing techniques of data analysis and information sharing. It is suggested that new legislative measures regarding data retention may not improve future security. Rather law enforcement agencies may be overwhelmed by the volume and complexity of information available, and lack the funding and expertise to analyse such data.

Conclusion: It is submitted that privacy and security are necessarily interrelated and interdependent. Therefore neither principle should ever be applied to the exclusion of the other, as they are both essential tenets of a liberal democratic society. Instead, caution must be exercised in order to ensure that the perceived security threat does not cause the pendulum to swing too far in favour of surveillance and data retention, at the expense of privacy. Serious threats and implications posed to society by surveillance must never be ignored, and must be traded off against their benefits in each and every instance. Nevertheless, the monitoring of greater volumes of communication from an increased number of sources would not necessarily increase security. Government intelligence agencies already possess sufficient powers to allow them to conduct surveillance of potential terrorists. They need to refine those techniques, rather than seek an extension of their powers. Likewise, granting of such powers to public bodies would be disproportionate to the security risk involved. Such public bodies do not have the expertise to monitor such information accurately and sensitively. The result could well be an unwarranted and unjustified invasion of individual privacy rights. Therefore, citizens should regularly question the merit of legislation and technology. Indeed, citizens must be ever vigilant of the inherent risks and dangers posed by such technology and must never place too much confidence in the self-restraint of any institution or government.

REFERENCES

Cain, R. M. [2002] “Global Privacy Concerns and Regulation – Is the United States a World Apart?” International Review of Law Computers & Technology, Vol. 26, No. 1 p. 32

Cavoukain, A. cited in Dresner, M. [2002] “Privacy vs Public Safety” Privacy Law & Business: Data Protection & Privacy Information Worldwide p. 15

Digital Victim or ‘Vigilante’: Legal and Ethical Limits to Online Self-Defense

AUTHOR
Jeffrey H. Matsuura

ABSTRACT

There is increasing support for “self-help” measures in response to perceived or actual misuse of computer systems. Network operators who recognize that their network is under attack often seek authority to take action to disable the attacker. Owners of copyright protected material ask for permission to act to disable computers that store pirated versions of their works. Some copyright owners also deliberately distribute corrupted versions of their material to frustrate pirates. Internet service providers who receive a high volume of messages from a source sometimes assume it to be unsolicited commercial e-mail, and block the messages, at times resulting in non-delivery of legitimate messages. Commercial vendors of software often seek the right to be able to disable the software they sell if the licensee fails to fulfill its license obligations. Security authorities and researchers commonly make use of “honeypots” to attract computer attacks in order to gather information about such attacks and to identify security suspects.

This paper explores the question: At what point do such aggressive digital actions, taken in the name of defense of established legal rights, cease being legitimate responsive defensive measures, and become unethical (and potentially unlawful) offensive actions? The paper will examine traditional concepts of self-defense and mitigation of harm, and will apply those principles to these active digital defensive schemes.

The paper will examine the interaction between these digital self-help or self-defense initiatives and the increasing number of computer security laws and regulations. Laws such as the Computer Fraud and Abuse Act, in the United States, prohibit unauthorized access to computers and computer networks. Those legal restrictions are primarily aimed at preventing malicious conduct against computer systems. Those same prohibitions, however, could be applied against parties who take action against the computers of another party, based on a claim of self-defense. The issue is one of determining when a victim has become a lawbreaker as a result of damages inflicted by its digital counterattack. Those damages could injure the original attacker or some innocent third party who is affected by the counterattack unintentionally.

The paper will also examine legislative initiatives that encourage these self-help measures. For example, efforts have been made in the United States Congress to pass legislation that would permit copyright owners to take action against peer-to-peer file-sharing networks involved in piracy, without facing full liability for damage they might cause to other computers (the P2P Piracy Protection Act). Although Congress has not yet enacted such legislation, that approach illustrates how far some officials appear to be prepared to go to permit aggressive defensive actions in the name of enforcement of rights or responses to digital attack.

The paper will examine the potential consequences of widespread use of active digital self-defense. Consequences include a potential escalation of conflict as victims of digital attacks unleash counterattacks, as a matter of course. The paper will examine whether such an environment actually makes the entire Internet less stable and less secure than it is today. The paper will also consider whether this is the type of conduct and environment we should accept, from an ethical perspective.

The paper will include a recommendation as to an acceptable approach to the issue of legitimate digital defensive actions. The paper will suggest that parties should not be encouraged to rely on digital counterattacks to defend their rights. The cost of widespread counterattacks, in terms of damage to innocent parties, is likely to be too high. In addition, the environment created in the online community by reliance on digital vigilantism is not an ethically healthy one. That approach would tend to undermine the stability of the online community, making both individuals and organizations reluctant to expand their online activities. Instead, resources should be directed toward digital defensive measures that reduce the opportunities for attacks, and those that increase the costs to the attacker. Appropriate defensive measures would likely include pooling of the effort and cost associated with defense among service providers and users. This type of collective defensive approach appears to be more likely to establish a stable and secure online environment than would rampant self-help activities by individual parties.

Promotion of aggressive digital counterattacks would push the online community toward chaos. A chaotic online environment will be less attractive to casual and commercial users, thus inhibiting the development of the Internet and electronic commerce. No one will be better off in such an unstable community. Aggressive digital self-defense may provide the illusion of order, but it is actually more likely to signal the beginning of a descent into profound disorder for the online community.