“Accepting the Rules of the Game”: Institutional Rhetorics in Legitimizing Surveillance

Pauli, Roman; Sarwary, Hares; Imbusch, Peter; Lukas, Tim

doi:10.1007/s41125-016-0007-z

“…Surveillance technologies, such as OSINT, have been researched in the context of public security to monitor terrorists and criminal groups. Their capability to monitor the public on a large scale, as well as existing cases thereof have also been researched [10,39]. Surveillance can be defined as the systematic monitoring of individuals or groups for a given purpose [32,52].…”

Section: Acceptance Of Surveillance Technologiesmentioning

confidence: 99%

“…As OSINT in cybersecurity draws insights from the fields of crisis informatics [4,44] as well as surveillance studies [39], the research from similar cases can be used to derive implications for the design of OSINT systems and their evaluation regarding the factors which are associated with the acceptance of such systems. The discourse on privacy and relevant context factors [36,37] has shown that the following aspects need further consideration: the kind of data which is collected (1), the actors or organization gathering the data (2) and the transmission principles and platforms which allow for the data gathering (3).…”

Section: Implications For Design and Organizationmentioning

confidence: 99%

Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey

Riebe

¹

,

Biselli

²

,

Kaufhold

³

et al. 2023

PoPETs

View full text Add to dashboard Cite

The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

show abstract

“…Surveillance technologies, such as OSINT, have been researched in the context of public security to monitor terrorists and criminal groups. Their capability to monitor the public on a large scale, as well as existing cases thereof have also been researched [10,39]. Surveillance can be defined as the systematic monitoring of individuals or groups for a given purpose [32,52].…”

Section: Acceptance Of Surveillance Technologiesmentioning

confidence: 99%

Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey

Riebe¹

2023

Technology Assessment of Dual-Use ICTs

0

View full text Add to dashboard Cite

The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

show abstract

“…The increased access to information technology for private users as well as for security organizations has led to the increased use of "surveillance-oriented security technologies" (SOSTs). SOSTs are technologies that are designed to monitor terrorists and criminal groups but are also capable of and have been used to monitor the public on a large scale (Degli Esposti & Santiago Gómez 2015, p. 437;Pauli et al 2016). The acquisition of SOSTs has been legitimized as means to prevent criminal and terrorist attacks; however, it has also led to critical discussions of surveillance measures (Ball et al 2012;Bauman et al 2014;Bigo 2006;Lyon 2006).…”

Section: Surveillance Studies Perspective On Security Practicesmentioning

confidence: 99%

U.S. Security Policy: The Dual-Use Regulation of Cryptography and its Effects on Surveillance

Riebe

¹

,

Kühn

²

,

Imperatori

³

et al. 2022

View full text Add to dashboard Cite

Cryptography has become ubiquitous in communication technology and is considered a necessary part of information security. However, both the regulation to restrict access to cryptography, as well as practices to weaken or break encryption, are part of the States’ security policies. The United States (U.S.) regulate cryptography for export in international trade as a dual-use good. However, the regulation has been increasingly loosened and transferred to bilateral agreements with Information and Communication Technology companies. At the same time, the National Security Agency attempted to implement a government encryption standard to guarantee itself easier access to data, thus progressively expanding surveillance on non-U.S. citizens. In this paper, using comparative policy analysis, we examine the evolution of both security policies by tracing the historical development of U.S. regulation of cryptography as a dual-use good, and surveillance technologies, and practices used from the 1990s to today. We conclude that the impact of the dual-use regulation has affected the efficiency of surveillance technology, by loosening regulations only for mass communication services, thereby supporting the proliferation of surveillance intermediaries, while working on strategies to collaborate and exploit their coverage.

show abstract

“Accepting the Rules of the Game”: Institutional Rhetorics in Legitimizing Surveillance

Cited by 4 publications

References 19 publications

Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey

Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey

Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey

U.S. Security Policy: The Dual-Use Regulation of Cryptography and its Effects on Surveillance

Contact Info

Product

Resources

About