The Cyber-security Research Ethics Dialog & Strategy (CREDS 2013) was held on May 23, 2013 in San Francisco, CA, co-located with The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013), an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2013).
There were workshop registration fees required to attend, as required for IEEE S&P 2013 and SPW 2013.
Date: May 23 (Thu), 2013
Place: The Westin St. Francis Hotel, San Francisco, CA, USA
The future of online trust, innovation & self-regulation is threatened by a widening gap between users. expectations, formed by laws and norms, and the capacity for great benefits and harms generated by technological advances. As this gap widens, so too does ambiguity between asserted rights and threats. How do we close this gap and thereby lower risks, while also instilling trust in online activities? The solution embraces fundamental principles of ethics to guide our decisions in the midst of information uncertainty.
One context where this solution is germinating is cybersecurity research. Commercial and public researchers and policymakers are tackling novel ethical challenges that exert a strong influence for online trust dynamics. These challenges are not exceptional, but increasingly the norm: (i) to understand and develop effective defenses to significant Internet threats, researchers infiltrate malicious botnets; (ii) to understand Internet fraud (phishing) studies require that users are unaware they are being observed in order to ascertain typical behaviors; and (iii) to perform experiments measuring Internet usage and network characteristics that require access to sensitive network traffic.
These research activities are prerequisite for evidence-based policymaking that impacts us individually and collectively, such as infrastructure security, network neutrality, free market competition, spectrum application and broadband deployment, technology transfer, and intellectual property rights. Therefore, in the wake of failures to resolve these mounting tensions, ethics has re-emerged as a crucial ordering force. For this reason, ethics underpins the debate among CS researchers, oversight entities, industrial organizations, the government and end users about what research activity is or is not acceptable.
This workshop is anchored around the theme of "ethics-by-design", and aims to:
- Educate participants about underlying ethics principles and applications;
- Discuss ethical frameworks and how they are applied across the various stakeholders and respective communities who are involved;
- Impart recommendations about how ethical frameworks can be used to inform policymakers in evaluating the ethical underpinning of critical policy decisions;
- Explore cybersecurity research ethics techniques, tools, standards and practices so researchers can apply ethical principles within their research methodologies; and
- Discuss specific case vignettes and explore the ethical implications of common research acts and omissions.
For talks with presenters, the format will be 15 minutes talk time by the presenter, followed by 30 minutes of group dialogue.
May 23 (Thursday)Place: The Westin St. Francis Hotel, San Francisco, CA
- 09:00 - 09:15 Welcome, Introductions, Opening Remarks
- Michael Bailey and Erin Kenneally
- 09:15 - 10:30 Theme A: Brave New World - Ethical Research Amidst Expanding Opportunities
Discussions focused on the lines being drawn between ethical and unethical research in the ICTR community
- Henry Corrigan-Gibbs and Bryan Ford, Ethics of Internet Freedom Promotion - Welcome to the World of Human Rights: Please Make Yourself Uncomfortable
- Sebastian Schrittwieser, Martin Mulazzani and Edgar Weippl, Ethics in Security Research: Which lines should not be crossed?
- John Aycock and John Sullins, Why "No Worse Off" is Worse Off
- 10:30 - 10:50 break
- 10:50 - 12:20 Theme B: Checking Our Collective Assumptions- Risks and Benefits at the Frontline of ICT Research
Discussions that highlight evaluating and balancing risks and benefits and finding common ground
- Stefan Savage and Tadayoshi Kohno, Vulnerability Research in the CyberPhysical World
- Mark Allman, Traffic Monitoring Considered Reasonable
- Ty Bross and Jean Camp, I Just Want Your Anonymized Contacts! Benefits and Education in Security & Privacy Research
- 12:20 - 13:20 lunch
- 13:20 - 14:35 Theme C: Teaching Researchers to Fish - Tools to Implement Ethics Principles and Applications
Discussions that explore techniques, tools, standards and practices to facilitate the application of ethical principles in practice
- Stuart Schechter, Cristian Bravo-Lillo, Cormac Herley, Serge Egelman and Janice Tsai, You Needn't Build That: Reusable Ethics-Compliance Infrastructure for Human Subjects Research
- Ronen Margulies and Amir Herzberg, Conducting Ethical yet Realistic Usable Security Studies
- Rula Sayaf, James B. Rule and Dave Clarke, Can Users Control their Data in Social Software? An Ethical Analysis of Control Systems
- 14:35 - 15:00 Theme D: Who's Driving the Train?
Discussions about the shifting roles, responsibilities, and relationships between Researchers, ERBs, Government, Professional Societies, and Program Committees in incentivizing and overseeing ethical research
- 15:00 - 15:15 break
- 15:15 - 15:45 Theme D, cont'd.
- 15:45 - 16:30 Theme E: Seeing the Forest and the Trees
A group discussion exploring the ethical underpinnings of other recent and impactful issues that beckon for policy recommendations
- 16:30 - 17:00 Wrap-up and Post-Op
- Co-Chair Michael Bailey, University of Michigan
- Co-Chair Erin Kenneally, Cooperative Association of Internet Data Analysis (CAIDA), University of California San Diego; Elchemy
- Mark Allman, International Computer Science Institute
- Michael Bailey, University of Michigan
- Jean Camp, University of Indiana
- kc claffy, CAIDA, University of California San Diego
- Charles Ess, University of Oslo
- Simson Garfinkel, Naval Post Graduate School
- John Heidemann, University of Southern California
- Erin Kenneally, CAIDA, University of California San Diego; Elchemy
- Tadayoshi Kohno, University of Washington
- Wenke Lee, Georgia Institute of Technology
- Stefan Savage, University of California San Diego
- Giovanni Vigna, University of California Santa Barbara