Spring 2018 Talk Schedule

Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes

February 06, 2018
11 am – 12 pm
2116 Hornbake Bldg, South Wing

Abstract: Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could identify more vulnerabilities, software would be more secure at release time. Thus far, however, the processes used by each group — and how they compare to and interact with each other — have not been well studied. This work takes a first step toward better understanding, and eventually improving, this ecosystem: we report on a semi-structured interview study (n=25) with both testers and hackers, focusing on how each group finds vulnerabilities, how they develop their skills, and the challenges they face. The results suggest that hackers and testers follow similar processes, but get different results due largely to differing experiences and therefore different underlying knowledge of security concepts. Based on these results, we provide recommendations to support improved security training for testers, better communication between hackers and developers, and smarter bug bounty policies to motivate hacker participation.

Speaker: Daniel Votipka is a PhD student at the University of Maryland working on computer security, with an emphasis on the human factors affecting security workers. His work focuses on understanding the processes and mental models of professionals who perform security related tasks such as vulnerability discovery, network defense, and malware analysis to provide research-based recommendations for education, policy, and automation changes.

 

The Digital Rights Space: Portrait of a Social Movement

February 20, 2018
11 am – 12 pm
2116 Hornbake Bldg, South Wing

Abstract: This presentation discusses a dissertation chapter that investigates the global social movement dedicated to the promotion of digital rights, understood as the right of individuals to freely access, create, and disseminate content online without surveillance or reprisal, with narrow legal exceptions that are compatible with human rights. This transnational “digital rights space” is rooted in several interwoven traditions of contestation and social innovation, notably the F/OSS movement, the international human rights movement, the cypherpunks, and the anti-globalization movement. After placing the movement in the context of the sociology of social movements, the chapter discusses the impact that the very same technologies that the digital rights space defends and promotes can have on the practice of social movements in general, traces the genealogy of the movement to 1970s global policy debates over information flows, and highlights key tensions within the movement over gender, diversity and inclusion.

This is a work in progress, and feedback would be very much appreciated! The presentation will begin with an overview of the dissertation project, titled “Use Signal, Use Tor? The Political Economy of Digital Rights Technology.”

Speaker: Nathalie Maréchal is a PhD candidate in Communication and Oakley Endowed Fellow at the University of Southern California.  Her dissertation examines the relationship between the transnational social movement for human rights online and the US Internet Freedom Agenda through an ethnography of the “freedom technologists” behind popular secure messaging applications and censorship circumvention software. Until July 2017, Nathalie was a Senior Fellow at Ranking Digital Rights, a non-profit research initiative housed at New America’s Open Technology Institute that works with an international network of partners to set global standards for how companies in the information and communications technology (ICT) sector should respect freedom of expression and privacy. Nathalie’s writing has been published by the International Journal of Communication, the Global Commission on Internet Governance, Media & Communication, and Slate.

 

Tactics for Waiting in the Mobile Media Age

March 06, 2018
11:30 am – 12:30 pm (Note the different time)
2116 Hornbake Bldg, South Wing

Abstract: It has always been understood that waiting is an in-between time; but what if waiting is the very thing that has been shaping us throughout history? This talk focuses on how our experiences of time and waiting have shaped not only how we understand human intimacy and connection, but also how we learn and build knowledge about our world and the universe. Because of recent technological advancements — as lauded on the TED stage and Apple commercials alike — our wait times should be disappearing as life becomes faster and more efficient. The dominant message of our moment is clear: we live in an instantaneous culture. Yet, this picture of our always connected, instantaneous lives is not only incomplete, it’s a false mythology. This talk is not about how impatient we’ve become as technologies have connected us at ever-accelerating paces; instead, I focus on the importance of delay and waiting as a fundamental pieces of how we keep in touch, share ideas, and build cross-cultural understanding. Coupled with the benefits of waiting, I also look at the role that waiting and time synchronization play in maintaining power structures. Ultimately, waiting becomes a useful analytic to understand the ways that notions of agency, efficiency, and productivity have been defined. Waiting makes visible the ways that these categories are forces on our daily lives in the digital age.

Speaker: Jason Farman is Associate Professor in the Department of American Studies at the University of Maryland, College Park. He is also the Director of the Design Cultures & Creativity Program and a faculty member with the Human-Computer Interaction Lab. He is author of the book Mobile Interface Theory (winner of the 2012 Book of the Year Award from the Association of Internet Researchers). He is the editor of the books The Mobile Story (2014) and Foundations of Mobile Media Studies (2016). He has published scholarly articles on such topics as mobile technologies, the history of technology, digital maps and cultural geography, locative and site-specific art, videogames, digital storytelling, performance art, social media, and surveillance. His most recent book is titled Waiting for Word: How Message Delays Have Shaped Love, History, Technology and Everything We Know (Yale University Press, 2018).

 

Zero-rating the News: Is Sponsored Data a Threat to Media Pluralism?

March 27, 2018
11 am – 12 pm
2116 Hornbake Bldg, South Wing

Abstract: Mobile data plans increasingly include unlimited access to certain social media platforms (Facebook, WhatsApp, YouTube, etc.) such that accessing content on those platforms does not count against a user’s data cap. This practice, which is referred to as zero-rating, has been promoted as a way to increase access to the internet to low-income consumers. This is particularly true in developing countries where services like Facebook’s FreeBasics have been touted as a philanthropic effort to expand internet access, despite the fact that this type of content prioritization violates the principle of net neutrality. Ultimately, zero-rating does not provide access to the entire internet, but rather, it allows users access to the “walled-gardens” of specific social media platforms. This has direct implications for news media because it means that content prioritized on those social media platforms will have a broader reach, while information not available within the “walled-garden” may be effectively impossible for many to access. This raises some important questions for news media analysts: Who decides what news content is available? Are larger, mainstream news sites more likely to be zero-rated than small independent outlets? Can zero rating of news or information media be justified in furtherance of the right to access information in countries with low internet penetration? In this presentation, I will analyze different types of zero-rating initiatives, examine a couple of cases where news media content has been zero-rated, and grapple with the broader ethical and political implications of these arrangements.

Speaker: Daniel O’Maley is the Deputy Editor and Digital Policy Specialist at the Center for International Media Assistance at the National Endowment for Democracy. A cultural anthropologist by training, Daniel received his Ph.D. from Vanderbilt University in Nashville, Tennessee in December 2015. His doctoral research, which was funded by the Fulbright Foundation, focused on how Brazilian Internet freedom activists have used new media and the Internet to foster increased citizen participation in the policy making process. In addition to his research in Brazil, Daniel has studied in Ecuador, Honduras, Spain, and China. A native of Indiana, Daniel graduated from Bowdoin College in Brunswick, Maine in 2005 with a double major in Anthropology and Spanish.

 

Beyond the Black Box: Approaches to Scrutinizing and Governing Automated Decisions

April 10, 2018
11 am – 12 pm
2116 Hornbake Bldg, South Wing

Abstract: Automated decisions increasingly mediate civic life. Governments use algorithms to screen immigrants and allocate social services. Corporations rely on software to help make decisions in vital areas like hiring, credit, and political discourse. There is a growing desire to “open the black box” of complex algorithms and hold the institutions using them accountable. But across the globe, researchers face a range of challenges as they pursue these goals. This talk will introduce a new framework to understand different, important components of automated systems, as well as highlight methods for public scrutiny of these components. The discussion will also describe current legal and regulatory approaches to governing these systems.

Speaker: Miranda Bogen is a Policy Analyst at Upturn, where she focuses on the social implications of machine learning and artificial intelligence, and the effect of technology platforms on civil and human rights. Her academic research has focused on policy behavior of global technology companies and the evolution of corporate social responsibility in the digital age. Miranda holds a Masters degree from The Fletcher School of Law and Diplomacy at Tufts, and graduated summa cum laude from UCLA with degrees in Political Science and Middle Eastern & North African Studies

 

Determinism and Legal Ambiguity: Making Computational Sense of Policy and Law

April 24, 2017
11 am – 12 pm
2116 Hornbake Bldg, South Wing

Abstract: Information systems are increasingly pervasive and distributed, allowing these systems to play important new roles in generating, storing and processing sensitive and personal information. Consequently, the responsibility for conforming these systems to laws and regulations falls on software developers, who hold the expertise to design software, but generally lack the necessary awareness of law and regulatory practices. This presents several challenges, because laws are written in specialized, ambiguous language and they encode social norms that are subject to change over time. In this talk, we review emerging methods for extracting logical primitives from laws with the aim of automated reasoning over law and policy across multiple jurisdictions and applications. This includes methods applied to data breach notification laws and privacy policies, where the latter are increasingly used to regulate mobile applications. We will conclude with open challenges, including the challenges of natural language understanding, formal reasoning and bridging the professions of law and engineering as they relate to greater cooperation in automating compliance assistance.

Speaker: Travis D. Breaux is an Associate Professor of Computer Science, appointed in the Institute for Software Research of the School of Computer Science at Carnegie Mellon University. Dr. Breaux’s research program searches for new methods and tools for developing correct software specifications and ensuring that software systems conform to those specifications in a transparent, reliable and trustworthy manner. This includes demonstrating compliance with U.S. and international privacy and security laws, policies and standards. Dr. Breaux is the Director of the Requirements Engineering Laboratory at Carnegie Mellon University. Dr. Breaux has several publications in ACM and IEEE-sponsored journals and conference proceedings, including best paper nominations and an honorable mention for a 10-year most influential paper award. Dr. Breaux is a member of the ACM SIGSOFT, IEEE Computer Society and USACM Public Policy Committee.

 

TBA

May 08, 2017
11 am – 12 pm
2116 Hornbake Bldg, South Wing

Abstract: TBA

Speaker: Oluwatoyin Ayanlade is a lecturer and a research fellow from the African Institute for Science Policy and Innovation at the Obafemi Awolowo University (OAU), Nigeria. She is presently a postdoctoral research scholar at the University of Maryland, College of Information Studies. Her research investigates how information technology innovations can be leveraged to alleviate societal problems. Oluwatoyin has a PhD in Technology Management from OAU; a MS from Roehampton University, London, UK; and BS in Computer Science and Engineering also from OAU, Nigeria.

 

The CASCI Talk Series Spring 2018 was organized by Priya Kumar. Please send questions about the schedule to pkumar12@umd.edu or casci@umd.edu.