Publications

Regulation of Exporting cyber technologies

PI: Prof. Niva Elkin Koren, Prof. Amnon Riechman, Yoni Har Karmel

Abstract:  in the PDF FIle.

Regulation of Exporting cyber technologies.

The Threat of Innovation

PI: Dr. Moran Yemini. 

Abstract:
The purpose of the research is to explain why a harmonized vision of the relations between innovation and other values cannot seamlessly follow from an unchecked assumption about the positive impact of innovation. Put simply, it will be argued that innovation, especially in the digital environment, is not always a blessing, but can also be a threat to things we have reason to value. Building on this assertion, the research will explore the place of innovation in current Internet scholarship and policy; describe its interrelations with other values, such as public security and human well-being; discuss the normative grounds for pursuing (or not pursuing) innovation as a policy objective; and suggest principles for re-defining the place of innovation in Internet policymaking.

The proposed research falls under several research themes specified in the call - both the more open-ended, normatively-based themes (e.g. cyber and the rule of law; cyber, ethics and social norms), and more concretely-defined themes (e.g. encryption regulation;
digital monitoring; cloud computing).

The New Irony of Free Speech

PI: Dr. Moran Yemini. 

Abstract:
In his The Irony of Free Speech, published in 1996, Professor Owen Fiss argues that the traditional understanding of freedom of speech, as a shield from interference by the state, ended up fostering a system that benefited a small number of media corporations and other private actors, while silencing the many who did not possess any comparable expressive capacity. Conventional wisdom says that by dramatically lowering the access barriers to speech, the Internet has provided a solution to the twentieth-century problem of expressive inequality identified by Fiss and others. As this Article will demonstrate, however, the digital age presents a new irony of free speech, whereby the very system of free expression that provides more expressive capacity to individuals than ever before also systematically diminishes their liberty to speak. The popular view of the Internet as the ultimate promoter of freedom of expression is, therefore, too simplistic. In reality, the Internet, in its current state, strengthens one aspect of freedom (the capacity aspect) while weakening another (the liberty aspect), trading liberty for capacity.

This Article will explore the process through which expressive capacity has become a definitive element of freedom in the digital ecosystem, at the expense ... Read More in the PDF FIle.

Modal-based approach for cyber-physical attack Detection...

PI: Mashor House, Ziv Ohar

Abstract:
Modern Water Distribution Systems (WDSs) are often controlled by Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) which manage their operation and maintain a reliable water supply. As such, and with the cyber layer becoming a central component of WDS operations, these systems are at a greater risk of being subjected to cyberattacks. This paper offers a model-based methodology based on a detailed hydraulic understanding of WDSs combined with an anomaly detection algorithm for the identification of complex cyberattacks that cannot be fully identified by hydraulically based rules alone. The results show that the proposed algorithm is capable of achieving the best-known performance when tested on the data published in the BATtle of the Attack Detection ALgorithms (BATADAL) competition (http://www.batadal.net).

Read More in the PDF FIle.

leveraging organizational climate theory for understanding...

PI: Sofia Sherman, Irit Hadar, Gil Luria

Abstract:
Context: Industry-academia collaboration (IAC) in the field of software engineering is widely discussed in the literature, highlighting its importance and benefits. However, along with the benefits, academic researchers face challenges while performing empirical studies in industry, risking their success. Awareness of these challenges and the importance of addressing them has recently grown, and became the center of discussion in several publication venues. Objective: In this paper, we aim to address one of the key challenges affecting the success of IAC: stakeholder involvement. To this end, we propose a vision for leveraging organizational climate theory toward an effective management of IAC in software engineering research. Organizational climate is defined as the organization's priorities as perceived by its employees and was found to be an effective means of predicting employee behavior Method: To provide a basis and motivation for our vision, we conducted a literature review, focused on the workshop series of CESI, Conducting Empirical Studies in Industry, in order to elicit the relevant reported challenges of IAC, and to analyze them through the lens of the organizational climate theory. Results: Emergent categories of the elicited challenges of IAC are related to the two basic components that determine the emergence of organizational climate: management commitment and communication. This result demonstrates that analyzing stakeholder involvement-related challenges of IAC through the lens of organizational climate theory provides an indication of the climate components that should be enhanced in order to address these challenges. Conclusion: The above analysis lays the foundation for our vision that organizational climate may serve as an effective means of addressing the discussed challenges. We propose that developing measures of organizational research collaboration climate and deploying respective interventions for improvement would be instrumental for enhancing stakeholder involvement in IAC. We further propose a research outline toward fulfilling these potential contributions.
Read More in the PDF FIle.

Virtual Reality Exceptionalism

PI: Gilad Yadin

Abstract:
Virtual reality is here. In just a few years, the technology moved from science fiction to the Internet, from specialized research facilities to living rooms. These new virtual reality environments are connected, collaborative, and social—built to deliver a subjective psychological effect that believably simulates spatial physical reality. Cognitive research shows that this effect is powerful enough that virtual reality users act and interact in ways that mirror real-world social and moral norms and behavior. Contemporary cyberlaw theory is largely based on the notion that cyberspace is exceptional enough to warrant its own specific rules. This premise, a descendant of early cyberspace exceptionalism, may be dramatically undermined by the advent of virtual reality. This technology brings cyberspace conceptually and concretely close to the real world, blurring legally significant distinctions between cyberspace behavior and physical behavior, between “real,” “not real,” and “virtually real.” There is an opportunity here. Some of the cyberspace-specific legal regimes that developed over the last twenty years are seriously flawed, especially in criminal law contexts. Computer-hacking legislation is overly broad and vague, resulting in the criminalization of minor Internet infractions and the chilling of digital freedoms; cyberharassment and cyberstalking laws are poorly enforced and ineffective, turning cyberspace into a hostile environment for many people; and government cybersurveillance norms have seriously upset  ... Read More in the PDF FIle.

Secure Data Retrieval on the Cloud

PI: Adi Akavia, Dan Feldman and Hayim Shaul

Abstract:
Secure Report is the problem of retrieving from a database table (e.g. on the cloud) all records matching specified attributes, as in SQL SELECT queries, but where the query and possibly the database are encrypted. Here, only the client has
the secret key, but still the server (e.g. cloud owner) can compute and return the encrypted result. Secure report is theoretically possible with Fully Homomorphic Encryption (FHE). However, the current state-of-the-art solutions are realized by
a polynomial of degree that is at least linear in the number m of records, which is too slow in practice even for very small databases. Nevertheless, in this work we present the first algorithm for secure report that is realized by a polynomial of degree
polynomial in log m, as well as the first implementation of secure (FHE) report. This is by suggesting a novel paradigm that forges a link between cryptography and modern data summarization techniques known as core-sets, and sketches in particular.
The key idea is to compute only a core-set of the desired report. Since the core-set is small, the client can quickly decode the desired report that the server computes after decrypting its core-set. We implemented our main reporting system including
all its sub-routines in an open source library. This is the first implemented system that can answer such database queries under the strong secure notion of FHE. As our analysis promises, the experimental results show that we can run secure report
queries on billions records compared to few thousands in previous FHE papers. We hope that our results and open code would lead to the first FHE database engine in the near futureupset 

... Read More in the PDF FIle.

Setup-Free Secure Search on Encrypted Data: Faster...

PI: Adi Akavia, Craig Gentry, Shai Halevi and Max Leibovich

Abstract:
We present a novel secure search protocol on data and queries encrypted with Fully Homomorphic Encryption (FHE). Our protocol enables organizations (client) to (1) securely upload an unsorted data array x = (x[1], . . . , x[n]) to an untrusted honest-but-curious sever, where data may be uploaded over time and from multiple data-sources; and (2) securely issue repeated search queries q for retrieving the first element (i∗, x[i∗]) satisfying an agreed matching criterioni ∗ = min { i ∈ [n] | IsMatch(x[i], q) = 1}, as well as fetching the next matching elements with further interaction. For security, the client encrypts the data and queries with FHE prior to uploading, and the server processes the ciphertexts to produce the result ciphertext for the client to decrypt. Our secure search protocol improves over the prior state-of-the-art for secure search on FHE encrypted data (Akavia, Feldman, Shaul (AFS), CCS’2018) in achieving:
• Post-processing free protocol where the server produces a ciphertext for the correct search outcome with overwhelming success probability. This is in contrast to returning a list of candidates for the client to post-process, or suffering from a noticeable error probability, in AFS. Our post-processing freeness enables the server to use secure search as a sub-component in a larger computation without interaction with the client.
• Faster protocol: (a) Client time and communication bandwidth are improved by a log2 n/ log log n factor. (b) Server evaluates a polynomial of degree linear in log n (compare to cubic in AFS), and overall number of multiplications improved by up to log n factor. (c) Employing only GF(2) computations (compare to GF(p) for p  2 in AFS) to gain both further speedup and compatibility to all current FHE candidates.
• Order of magnitude speedup exhibited by extensive benchmarks we executed on identical hardware for implementations of ours versus AFS’s protocols. Additionally, like other FHE based solutions, out solution is setup-free: to outsource elements from
the client to the server, no additional actions are performed on x except for encrypting it element by element (each element bit by bit) and uploading the resulted ciphertexts to the server.

Keywords: Secure search, Fully homomorphic encryption, Randomized algorithms, Razborov-Smolensky,
Low degree approximation, Universal hash functions

... Read More in the PDF FIle.

Fast multiplication of binary polynomials with the...

PI: Nir Drucker, Shay Gueron, Vlad Krasnov

Abstract:

Polynomial multiplication over binary fields F2n is a common primitive, used for example by current cryptosystems such as AES-GCM (with n = 128). It also turns out to be a primitive for other cryptosystems, that are being designed for the Post
Quantum era, with values n 128. Examples from the recent submissions to the NIST Post-Quantum Cryptography project, are BIKE, LEDAKem, and GeMSS, where the performance of the polynomial multiplications, is significant. Therefore, efficient
polynomial multiplication over F2n , with large n, is a significant emerging optimization target.
Anticipating future applications, Intel has recently announced that its future architecture (codename ”Ice Lake”) will introduce a new vectorized way to use the current VPCLMULQDQ instruction. In this paper, we demonstrate how to use this instruction
for accelerating polynomial multiplication. Our analysis shows a prediction for at least 2x speedup for multiplications with polynomials of degree 512 or more.

 ... Read More in the PDF FIle.

The comeback of Reed Solomon codes

PI: Nir Drucker, Shay Gueron, Vlad Krasnov

Abstract:

Distributed storage systems utilize erasure codes to reduce their storage costs while efficiently handling failures. Many of these codes (e. g., Reed-Solomon (RS) codes) rely on Galois Field (GF) arithmetic, which is considered to be fast when
the field characteristic is 2. Nevertheless, some developments in the field of erasure codes offer new efficient techniques that require mostly XOR operations, and are thus faster than GF operations.
Recently, Intel announced [1] that its future architecture (codename ”Ice Lake”) will introduce new set of instructions called Galois Field New Instruction (GF-NI). These instructions allow software flows to perform vector and matrix multiplications
over GF(28) on the wide registers that are available on the AVX512 architectures. In this paper, we explain the functionality of these instructions, and demonstrate their usage for some fast computations in GF(28). We also use the IntelR Intelligent Storage Acceleration Library (ISA-L) in order to estimate potential future improvement for erasure codes that are based on RS codes. Our results predict ≈ 1.4x speedup for vectorized multiplication, and 1.83x speedup for the actual encoding.

 ... Read More in the PDF FIle.

The Reasonable Algorithm

PI: Karni Chagal-Feferkorn

Abstract:

Algorithmic decision-makers dominate many aspects of our lives. Beyond simply performing complex computational tasks, they often replace human discretion and even professional judgement. As sophisticated and accurate as they may be, autonomous algorithms may cause damage.
A car accident could involve both human drivers and driverless vehicles. Patients may receive an erroneous diagnosis or treatment recommendation from either a physician or a medical-algorithm. Yet because algorithms were traditionally considered “mere tools” in the hands of humans, the tort framework applying to them is significantly different than the framework applying to humans, potentially leading to anomalous results in cases where humans and algorithmic decision-makers could interchangeably cause damage.
This Article discusses the disadvantages stemming from these anomalies and proposes to develop and apply a “reasonable algorithm” standard to nonhuman decision makers—similar to the “reasonable person” or “reasonable professional” standard that applies to human tortfeasors.
While the safety-promotion advantages of a similar notion have been elaborated on in the literature, the general concept of subjecting non-humans to a reasonableness analysis has not been addressed. Rather, current anecdotal references to applying a negligence or reasonableness standard to autonomous machines mainly discarded the entire concept, primarily because “algorithms  ... Read More in the PDF FIle.

AM I AN ALGORITHM OR A PRODUCT? WHEN PRODUCTS LIABILITY...

PI: KKarni A. Chagal-Feferkorn

Abstract:

Over the years mankind has come to rely increasingly on machines. Technology is ever advancing, and in addition to relinquishing physical and mere computational tasks to machines, algorithms' self-learning abilities now enable us to entrust machines
with professional decisions, for instance, in the fields of law, medicine and accounting. A growing number of scholars and entities now acknowledge that whenever certain "sophisticated" or "autonomous" decision-making systems cause damage, they should no longer be subject to products liability but deserve different treatment from their "traditional" predecessors. What is it that separates "traditional" algorithms and machines that for decades have been subject to traditional product liability legal framework from what I would call "thinking algorithms," that seem to warrant their own custom-made treatment? Why have "auto-pilots," for example, been traditionally treated as "products," while autonomous vehicles are suddenly perceived as a more "human-like" system that requires different reatment? Where is the line between machines drawn? Scholars who touch on this question, have generally referred to the system's level of autonomy as a classifier between traditional products and systems incompatible with products liability laws (whether autonomy was mentioned expressly, or reflected in the specific questions posed). This article, however, argues that a classifier based on autonomy level is not a good one, given its excessive complexity, the vague classification process it dictates, the inconsistent results it might lead to, and the fact said results mainly shed light on the system's level of autonomy, but not on its compatibility with products liability laws. This article therefore proposes a new approach to distinguishing traditional products from "thinking algorithms" for the etermining whether products liability should apply. Instead of examining the vague concept of "autonomy," the article analyzes the system's specific features and examines whether they promote or hinder the rationales behind the products liability legal framework. The article thus offers a novel, practical method for decision-makers wanting to decide when products liability should continue to apply to "sophisticated" systems and when it should not. ... Read More in the PDF FIle.

Toying with Privacy: Regulating the Internet of Toys...

PI: Eldar Haber

Abstract:

Recently, toys have become more interactive than ever before. The emergence of the Internet of Things (IoT) makes toys smarter and more communicative: they can now interact with children by "listening" to them and respond accordingly. While there is little doubt that these toys can be highly entertaining for children and even possess social and educational benefits, the Internet of Toys (IoToys) raises many concerns. Beyond the fact that IoToys that might be hacked or simply misused by unauthorized parties, datafication of children by toy conglomerates, various interested parties and perhaps even their parents could be highly troubling. It could profoundly threaten children’s right to privacy as it subjects and normalizes them to ubiquitous surveillance and datafication of their personal information, requests, and any other information they divulge. While American policymakers acknowledged the importance of protecting children's privacy online back in 1998, when crafting COPPA, this regulatory framework might become obsolete in face of the new privacy risks that arise from IoToys. Do fundamental differences between websites and IoToys necessitate a different legal framework to protect children's privacy? Should policymakers recalibrate the current legal framework to adequately protect the privacy of children who have IoToys? Finally, what are the consequences for children's privacy of ubiquitous parental. ... Read More in the PDF FIle.

Study of The Organization and Human Resource Quart...

PI: Eldar Haber

Abstract:

Study of The Organization and Human Resource Quarterly 31( 2018 האנושי המשאב וניהול ארגונים לחקר ר. ... Read More in the PDF FIle.

The Response of the Clinic to the Flight Regulatio...

PI: Eldar Haber

Abstract:

Study of The Organization and Human Resource Quarterly 31( 2018 האנושי המשאב וניהול ארגונים לחקר ר. ... Read More in the PDF FIle.

Cyber Influence Campaigns in the Dark Web

PI: Lev Topor and Pnina Shuker

Abstract:
In recent years there has been a significant rise in the scope and intensity of information wars between the great powers and other forces in the international arena, and influence campaigns have become a legitimate tool in the hands of politicians, propagandists, and global powers. In this context, the professional literature has focused most on campaigns on social networks while it has almost ignored similar campaigns in the Dark Web where the current research tends to focus on criminal activity. The Dark Web was developed by the American Navy for intelligence purposes and was then promoted by the West as a public tool to protect privacy and anonymity. Today it provides fertile ground for deliberate leaks by countries that do not wish to publish certain information in the traditional media. These leaks are perceived as authentic, leading the media and other intelligence organizations to swallow the bait and investigate, and in some cases they even change their operations accordingly. The purpose of this article is to present the way in which the Dark Web is used in influence campaigns, particularly through deliberately leaking information.  ... Read More in the PDF FIle.

Dark Hatred Antisemitism on the Dark Web

PI: Lev Topor

Abstract:
Antisemitism is racism. While it is not broadly accepted in modern societies, it does exist in the margins, in places with no norms or regulations. The key purpose of this article is to develop a new conceptual research framework for the study of both antisemitism and racism. The dark web hosts a great deal of offensive and criminal activity; it also hosts racist and antisemitic activity. It is necessary, then, to search the dark web, the dank underbelly of society, for activity which is not accepted in conventional life. In order to make this conceptual research framework available to other researchers, an overview of racist antisemitic activity on the dark web will be presented and analyzed. As concluded, governments do not take sufficient action for the eradication of dark web racism as it is hidden from society and is very difficult to regulate. In contrast to the surface web, racists, antisemites, thrive there. Keywords.  ... Read More in the PDF FIle.

Dark and Deep Webs Liberty or Abuse

PI: Lev Topor

Abstract:
While the Dark Web is the safest internet platform, it is also the most dangerous platform at the same time. While users can stay secure and almost totally anonymously, they can also be exploited by other users, hackers, cyber-criminals, and even foreign governments. The purpose of this article is to explore and discuss the tremendous benefits of anonymous networks while comparing them to the hazards and risks that are also found on those platforms. In order to open this dark portal and contribute to the discussion of cyber and politics, a comparative analysis of the dark and deep web to the commonly familiar surface web (World Wide Web) is made, aiming to find and describe both the advantages and disadvantages of the platforms.  ... Read More in the PDF FIle.

Internet Access as a Human Right

PI: Ryan Shandler

Abstract:
We are faced with a new reality where our reliance on internet access to fulfil basic civil tasks is threatened by increasing personal and societal cyber vulnerability. This dichotomy of dependence and vulnerability requires a new framework for understanding the legal and human rights status of this evolving technological reality. A number of theories have sought to explain how internet access could attain the status of a human right. These include reliance on the freedom of expression protection offered by the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights. More recent approaches have suggested that international customary law could apply, or that internet access could attain the status of an auxiliary human right. Despite repeated demands by international institutions to address modern cyber challenges through a human rights lens, this assortment of legal approaches has failed to garner a consensus view in the international community. The article reviews the merits of each of these arguments, and grounds the debate in the lens of this reality of dependence and vulnerability. Of the four options surveyed, we find that auxiliary righthood is the most promising approach, but that additional research is required to substantiate the claims.  ... Read More in the PDF FIle.

Technological Reliefs against Online Incitement to...

PI: Dr. Maayan Perel. 

Abstract:
Online incitement to terrorism is an infectious virus posing an imminent threat to public safety and national security. Social media platforms generally remove content violating their terms-of-use when flagged by their users. This also applies to online posts that incite terrorism. Recently, the disturbing scale of online incitement combined with its potentially devastating results have encouraged the formulation and adoption of legislation providing for prompt technological reliefs against online incitement. Accordingly, under certain conditions, local regulatory measures provide for removal of content which allegedly incites terrorism in different countries, including France, Germany, Canada and soon perhaps also Israel.

Role of Lawyers in Cyber Exercises (RoLiCE)

PI: Mr. Jakub Harašta. 

Abstract:
Multiple national strategies, interdisciplinary projects, and international movements strive to bring cyber security and cyber threats to especially vulnerable groups, such as minors or elders. However, cyber security requires both knowledge (know-what) and know-how. Beside spreading knowledge about threats, it is especially important to spread know-how. This statement applies not only to especially vulnerable groups that often lack both knowledge and know-how, but also to highly qualified and skilled personnel responsible for maintaining cyber security.

The proposed research aims to investigate the role of lawyers in different types of exercise and within different positions with specific research questions formulated as follows:
1) What is the role of lawyers in cyber security exercises as perceived by traditional participants (IT professional in case of Full Live exercises, decision makers in case of Table Top exercises)?
2) What is the role of lawyers in blue teams as perceived by participating lawyers?
3) What is the role of lawyers in white teams as perceived by participating lawyers?
What is the expected knowledge and know-how to be communicated from lawyers during exercise?

Data will be collected by semi-structured interviews with individuals and organisations
participating in cyber security exercises, regardless of whether they act as members of white team or blue team. Ultimate goal is to develop, based on analysis of collected data, (1) framework for
involvement of legal professionals in different types of cyber security exercises; (2) evaluation of models currently being used in exercises where lawyers are involved (e.g. NATO CyberCoalition); (3) proposal for improvement of current exercises where lawyers’ engagement is limited (e.g. Locked Shields); (4) examples of legal injects to be used in various models of engagements of legal professionals.

Hyperconnected Law – Regulatory Landscape for the Internet...

PI: Mr. Ido Kilovaty. 

Abstract:
The underlying hypothesis of this paper is that advancement in IoT technologies will transform our lives entirely. At the same time, from a regulation perspective, there are administrative and jurisdictional difficulties in safeguarding privacy and security in the IoT context. In a world of hyper-connectivity, these challenges will be exacerbated, requiring a more systematic approach, and careful regulatory planning.

The paper will proceed in four parts. In Part I, I will discuss the phenomenon of IoT, and provide data on the trajectory of this sector. Part II will focus on the threats posed by IoT under the current inadequate regulatory regime. In Part III, I will analyze the current shortcomings of IoT regulation – mainly inter-agency conflicts (FCC v. FTC),7 Section 1201 of the Digital Millennium Copyright Act exemptions,8 and ambiguous security and privacy standards. Finally, Part IV offers a regulatory regime for IoT, taking into consideration the myriad administrative, jurisdictional, security, and privacy challenges posed by the emergence of the IoT landscape. This Part will highlight the need of a centralized authority to complement specific agencies, such as the FTC, FCC, FDA, and DHS. In addition, this concluding Part will address the degree of regulatory flexibility required in order to create a safe and reliable IoT environment.

A Legal Framework for Always-On Devices

PI: Prof. Cláudio Lucena. 

Abstract:
This research attempts to identify policy-making issues and governing alternatives concerning the use of these always-on sensors, focusing on the questions that seem immediately relevant, such as how to treat consent, how to manage and control the collected data, how to ensure compliance with the privacy and data protection applicable law and policies, and under which circumstances should authorities be granted access to the collected data. It suggests exploring different features in various kinds of sensors and how this diversity can become legally relevant. The objective is to devise a legal framework of principles and best practices for this variety to be taken into account in the process of regulating or deciding on the governance of the use of sensors and connected items in sensitive always-on contexts.

Beyond Cyberlaw

PI: Mr. Gilad Yadin. 

Abstract:
Virtual reality is here. In just a few years, the technology moved from science fiction to the Internet, from specialized research facilities to living rooms. The new virtual reality environments are connected, collaborative and social, built to deliver a subjective psychological effect that believably simulates spatial physical reality. Cognitive research shows that this effect is powerful enough so that virtual reality users act and interact in ways that mirror real-world social and moral norms and behavior.

Contemporary cyberlaw theory is largely based on the notion that cyberspace is exceptional enough to warrant its own specific rules. This premise, a descendant of early cyberspace exceptionalism, may be dramatically undermined by the advent of virtual reality. The technology brings cyberspace conceptually and concretely close to the real world, blurring legally significant distinctions between cyberspace behavior and physical behavior, between “real”, “not real” and “virtually real”.

There is an opportunity here. Some of the cyberspace-specific legal regimes that developed over the last twenty years are seriously flawed, especially in criminal law contexts. Computer hacking legislation is overly broad and vague, effecting the criminalization of minor Internet infractions and chilling digital freedoms; cyberharassment and cyberstalking laws are poorly enforced and ineffective, turning cyberspace into a hostile environment for many people; government cybersurveillance norms have seriously upset the balance between public security and individual privacy, putting society on the path to an Orwellian surveillance state.

Virtual reality brings a new understanding of the human cyberspace behavior continuum that counteracts cyberspace exceptionalism, undermining contemporary cyberlaw theory and presenting an opportunity to move away from problematic cyberspace-specific legal regimes, back towards the well-established laws of the real world.

The quasi-sovereign attributes of social network s...

PI: Ms. Noa Mor. 

Abstract:
Social Network Sites (SNSs) are becoming key-players in addressing diversified cyber related conflicts. These conflicts may refer to terror, incitement to racial or ethnic hatred, cyber-attacks, bulling and shaming, intellectual property, and civic engagement. As they tackle these complex tasks, or even deal with everyday dilemmas arising in their platforms, SNSs dramatically influence and shape many of the human rights of their users. Such influence is maintained by applying varied practices, including monitoring and surveillance, ex-ante or ex-post censorship, disabling user accounts, and sharing private data with government authorities or with other stakeholders. Other practices may regard the designation of varied architectural and design features that mold the processes of information generation and consumption throughout these sites.

With this immense power and responsibility pertaining human rights, the legal framework that applies to SNSs as private actors, is sometimes insufficient and unequipped. What, then, is the normative basis for enhancing the legal (and moral) toolkit relevant to SNSs' conduct? This research seeks to identify the quasi-sovereign attributes of SNSs, as a basis for articulating the differences between them and "regular" private entities, and to justifying application of certain obligations on SNS's. Thus, the research further strives to explore the implications such quasi-sovereign attributes may have with regard, inter alia, to the norms and principals that ought to govern SNSs' operation, as well as the channels and measures that could promote their adaption.

Regulation of cybersecurity in telecom end-point d...

PI: Mr. Asaf Avidan. 

Abstract:
The subject of the proposed research is regulation of cybersecurity in telecom end-point devices ("EPDs"). The research will explore whether cybersecurity in EPDs should be subject to a regulatory regime in order to increase their protection and reduce the exposure to cyber-attacks of EPDs and the network to which they are connected.

Algorithmic decision-making in social networks

PI: Ms. Lital Kahalon Zandberg. 

Abstract:
Can algorithmic enforcement effectively manage violent speech in social networks?

Social media offer a platform for users to communicate, exchange and distribute content. Users are the ones who determine the nature of use of the social media, deciding which information to make available to the public and how. Some content posted on social media platforms might be inciting, threatening or otherwise harmful. It is quite challenging to monitor potentially harmful contents and prevent its publication when necessary. The network is not limited in time or space, and harmful content could become promptly accessible and widely distributed, thereby amplifying its potential harm. The core features of the network are not only viral but also eternal, and consequently, any harmful content that was uploaded to the internet will remain there, unless an active act to removal is taken.

Over the past decade, there has been an increasing use of algorithms for enforcement purposes. Algorithms are used as a tool for monitoring, filtering, blocking and removing content.

The purpose of this research is to examine the efficiency of using algorithms on social media for the purpose of enforcement and policing. The research will also examine how algorithms adapt to changes by machine learning, thus improving its result in accordance to the details of users.

If there are any offenses made or damages caused on social network platforms, liability may be imposed by using the guidance of the existing laws. So far, there is no clear statutory framework governing algorithmic enforcement, therefore a research examining the possibility of regulating behavior in social networks by means of algorithmic enforcement is required. This research will focus on applying algorithmic enforcement in social networks in the context of cyberbullying.

dark web

PI: Gabriel Weimann 

Abstract:
Algorithmic decision-makers dominate many aspects of our lives. Beyond simply performing complex computational tasks, they often replace human discretion and even professional judgement. As sophisticated and accurate as they may be, autonomous algorithms may cause damage.

A car accident could involve both human drivers and driverless vehicles. Patients may receive an erroneous diagnosis or treatment recommendation from either a physician or a medical-algorithm. Yet because algorithms were traditionally considered "mere tools" in the hands of humans, the tort framework applying to them is significantly different than the framework applying to humans, potentially leading to anomalous results in cases where humans and algorithms decision-makers could interchangeably cause damage. This article discusses the disadvantages stemming from these anomalies and proposes to develop and apply a "reasonable algorithm" standard to non-human decision makers- similar to the "reasonable person" or "reasonable professional" standard that applies to human tortfeasors. While the economic advantages of a similar notion have been elaborated on in the literature, the general concept of subjecting non-humans to a reasonableness analysis has not been addressed. Rather, current anecdotal references to applying a negligence or a reasonableness standard on autonomous machines mainly discarded the entire concept, primarily because "algorithms are not persons". This article identifies and addresses the conceptual difficulties stemming from applying a "reasonableness" standard on non-humans, including the intuitive reluctance of subjecting non-humans to human standards; the question of whether there is any practical meaning of analysing the reasonableness of an algorithm separately from the reasonableness of its programmer; the potential legal implications of a finding that the algorithm "acted" reasonably or unreasonably; and whether such an analysis reconciles with the rationales behind tort law. Other than identifying the various anomalies resulting from subjecting humans and non-humans conducting identical tasks to different tort frameworks, the article's main contribution is, therefore, explaining why the challenges associated with applying a "reasonable standard" to algorithms are overcome. .. Read More in the PDF FIle.

Algorithmic Wars in Cyberspace

PI: Prof. Michal Gal.

Research Students: Tamar Indig, Chen Komisar, Lior Shachar, Saar Ben David, Ilana Atron.

Abstract:

Cyberspace, it was hoped, would increase competition. Moreover, it was envisaged that cybernetic competition would significantly increase innovation. The logic is straightforward: transparency of online offers and the increased connectivity between suppliers and consumers makes it more difficult to compete over price, given that if a supplier sets a higher price than its rivals for a similar widget, then consumers can easily switch to buying from them. Therefore, suppliers would have stronger incentives to compete over other features of their offers, mainly the unique and innovative features of their products and services. This, in turn, would increase innovation, thereby also potentially increasing welfare.

These potential benefits of cyberspace are, however, currently threatened. Interestingly, the same traits on which the hopes for a welfare-enhancing cybernetic marketplace were based, have led to the creation of barriers to competition and innovation. The speed of decision-making and its sophistication, coupled with the transparency and connectivity of cyberspace markets, led to a situation in which coordination among competing online suppliers to set a joint profit-maximizing price is easier and more stable than ever before. Indeed, coordination no longer requires competitors to operate in oligopolistic markets; and suppliers can much more quickly and easily detect and punish deviations from the status-quo, thereby reducing incentives for shirking. As our assumptions about which market conditions must exist for firms to coordinate their conduct are altered, the number of red flags that are raised across industries rises. As Ezrachi and Stucke write, this is the end of competition as we know it.

Furthermore, cyberspace make consumers more vulnerable to manipulations by suppliers. Such manipulations can take many forms. One example involves real-time manipulations of emotions. As Facebook recently demonstrated in a controversial experiment on emotional contagion, cybernetic providers may shape the way we feel. Another example involves the manipulation of data. Cyberspace exponentially increased the ability to collect big data. This ability is further reinforced by the advent of the internet-of-things (IOT) and the connectivity of many “things” through cyberspace. The analysis by suppliers of big data regarding consumers’ preferences threatens to strengthen their ability to engage in perfect price discrimination (what some call like to call in the more obscure name “personalized pricing”). Such price discrimination can significantly harm consumer welfare, at least under certain circumstances, by increasing prices charged from consumers to the highest price they are willing to pay for each and every product or service.

These threats to competition and innovation are further increased by the fact that currently some major cyberspace platforms suffer from a high level of concentration. A handful of digital intermediaries with mega platforms control effective points of access to potential users. These include smart devices (iPhone and Kindle), operating systems (iOS and Android), application stores (Apple Store and Google Play) and browser entry points (Google Search and Facebook). The high level of concentration is largely due to network effects, created when the value for each consumer of using the platform rises in parallel with the number of others using the system. These network effects are further increased by the network effects of big data. By converging control of content, access, and online distribution channels, large networks enjoy inherent competitive advantages in access to an immense volume of users’ personal online data. This situation has several implications for welfare. Most importantly, access of other firms to data and to consumers may be affected by the incentives of such intermediaries.

Can the market devise its own solutions to limited competition and innovation in cyberspace? The answer is a partial yes. One potential (albeit partial) solution is the use of algorithms by consumers to counteract at least some of the competition and innovation-reducing conduct of suppliers. Algorithmic consumers (“digital butlers”) are algorithms employed by consumers, which make and execute decisions for the consumer by directly communicating with other systems through the Internet. The algorithm automatically identifies a need, searches for an optimal purchase, and executes the transaction on behalf of the consumer. As elaborated elsewhere, algorithmic consumers offer many benefits to consumers as they can significantly reduce search and transaction costs, and help consumers overcome biases and enable more rational and sophisticated choices.

Most importantly for our purposes, algorithmic consumers can counteract at least some of the negative welfare effects. How can they do so? Algorithmic consumers can create buyer power, if an algorithmic consumer has a sufficiently large number of users, or if it coordinates its conduct with other algorithmic consumers. This, in turn, may allow consumers to counteract suppliers’ buyer power. Indeed, the algorithm can be coded not to buy a certain good if price is above a certain level. The aggregation of buyers can also make transactions less frequent and small, thereby increasing incentives of suppliers to deviate from the status-quo.

Furthermore, algorithmic consumers can be coded to include decisional parameters designed to eliminate or at least reduce some market failures in the long run. Algorithms are sufficiently flexible to include considerations such as long-run effects on market structures that might harm consumers. For example, an algorithm might be able to recognize the coordination, and refrain from doing business with those suppliers until prices are lowered. Or it might always buy some portion of its goods from at least one new source, to strengthen incentives for new suppliers to enter the market. Of course, including such decisional parameters requires more sophisticated modeling and analysis of market conditions and their effect on welfare, but given advances in economics and in data science, they are becoming easier.
Finally, Algorithmic buying groups may reduce the ability of suppliers to learn about, or to use to their advantage, information regarding each user’s preferences by aggregating the choices of different consumers into one virtual buyer (what might be called anonymization-through-aggregation). Indeed, once consumers are aggregated into sufficiently large consumer groups, suppliers will lose the ability to collect information on consumers’ individual preferences with regard to products bought through the group, and to discriminate among them based on each consumer’s elasticity of demand. The loss of this ability, in turn, could increase consumers’ welfare, if suppliers are forced to set a lower price for all.

Algorithmic consumers can therefore improve market dynamics and limit coordination without a need for legal intervention. Rather, their regulating power resides in the reaction of consumers to the change in market conditions created by suppliers, through their algorithms.

This, in turn, will most likely lead to algorithmic wars in cyberspace. Suppliers will not sit quietly while watching some of their benefits from operating in cyberspace being taken away. They will most likely attempt to block access of algorithmic consumers to important inputs (such as data) or to outputs (such as reaching consumers). One strategy that is already observable is for suppliers or cyberspace platform firms to create their own algorithmic consumers, which are not necessarily benign (such as Alexa, Siri, etc.). Indeed, such firms currently dominate the market for algorithmic consumers.

This requires us to think seriously about whether our regulatory tools are fit to the task of ensuring that algorithmic wars in cyberspace increase welfare through creating incentives for competition and innovation. This is the goal of this research. To meet this goal, the research will be conducted in four steps. The first will identify the conditions for competition and innovation in cyberspace, with a special focus being placed on how algorithms operate and on entry barriers into relevant markets. The second will explore in detail the dynamics of algorithmic wars in cyberspace and their effects on competition and innovation. Several scenarios will be explored, which will be sensitive to the special characteristics of the cybernetic marketplace. These two steps will set the stage for the following ones, since without an in-depth understanding of how our markets work, we cannot apprehend the regulatory challenges before us. The third step will analyze existing market and regulatory solutions, to determine their effects on welfare. The final step will involve an exploration of the use of new regulatory tools in order to ensure that algorithmic wars in cyberspace bring about the positive welfare effects they have in store. The methodology includes, inter alia, a thorough literature review, an empirical study of competition law and other regulatory tools employed around the world in order to deal with threats to competition and innovation in cybernetic marketplaces; and the development of a theoretical model for market dynamics in a cyberspace populated by algorithms and characterized by big data and fast connectivity.

Confronting the Cyber Risks of Re-identification Attacks...

PI: Prof. Tal Zarsky. 

Confronting the Cyber Risks of Re-identification Attacks in Governmental Personal Data Transfers: Theory and Practice in Israel: Anonymization generates key questions with which policymakers and scholars from a variety of fields are currently struggling. In Israel, however, this issue has received very limited regulatory and academic attention. This proposal focuses on legal issues underlying the protection of anonymized data from de-anonymization (or re-identification) attacks in Israel and in accordance to Israeli law. Such attacks might origin from external adversaries (such as one of Israel's enemies), business entities or even internal parties with the government. This proposal is concerned with possible attacks on centralized anonymized databases and the lack of harmonization in dealing with this challenge. Using de-anonymization tools hackers could potentially gain access to sensitive information in large magnitude. This risk is imminent in light of concerns raised by scholars as to the ability to truly anonymize data. Thus, the main question this proposal wishes to examine is how should governmental agencies prepare themselves in light of the cyber threats to sensitive data? What are the boundaries of their actions and what steps must they consider?

Government’s Role in Standard Setting of Cryptographic...

PIs: Prof. Orr Dunkelman, Prof. Niva Elkin-Koren, Ms. Dalit Ken-Dror Feldman. 

Surveillance and monitoring is often required by law enforcement and national security agencies to protect security and safety. Strong encryption may challenge these efforts. At the same time however, strong encryption is essential for protecting economic interests of considerable importance and ensuring civil rights (e.g., privacy, free speech). The strength of encryption is shaped, among other things, by standard setting bodies. While many countries strive to make these standards as secure as possible, evidence shows that several countries are working to weaken these standards. Specifically, some governmental entities allegedly address the challenges of strong encryption by secretly promoting weaker standards in standard setting bodies. Are these strategies legitimate and useful? Can governments legitimately endorse such standards and present them as a strong encryption even when they know they have a built-in backdoor? This study will examine different strategies to promote weaker standards in encryption, without disclosing vulnerabilities, as a matter of law and ethics. The study will analyze the potential legal implications of such practices, with emphasis on Israel and selected key countries, and propose alternative strategies for promoting innovation, national security, and privacy in cryptography standards

Technological standards for evidence law: Forgery Detection...

PIs: Prof. Niva Elkin-Koren, Prof. Hagit Hel-Or. 

Research Students: Ms. Noa Friedman Horesh, Mr. Azami Hidar. 

Abstract:
In this research, we propose to develop clear policies and criteria for evaluating validity and admissibility in court of 3D images. The failure to understand how to effectively authenticate the output of 3D cameras may compromise efforts of law enforcement agencies and courts. We therefore hope to develop technological criteria for defining the authentication and admissibility of 3D images.

Criteria for validity and proof of authenticity of 3D images, will be developed based on the study of forgery detection in 3D images, specifically the ability to detect forgery and to evaluate its statistical viability. Such criteria could be tailored to address the legal requirements of procedure and evidence in investigation and adjudication.

Regulation of Unmanned Aerial Vehicle (UAV) in Israel...

PIs: Dr. Dan Feldman, Ms. Dalit Ken-Dror Feldman. 

Research Students: Mr. Roy Mezan, Mr. Roy Zohar. 

Abstract:
As the civil use of UAVs expands and becomes more popular, there is a need for a comprehensive legal and technological policy of UAVs including privacy issues, tort liability and criminal liability. The research will study the technological potential uses of UAVs through a test case in Haifa “Grand Canyon” Mall and will offer a legal and technology policy for the civil use of UAVs.

Measuring Privacy in an 'Always On' Society

PIs: Dr. Dan Feldman, Dr. Eldar Haber. 

Abstract:
Information gathering practices has enhanced in our interconnected era. Technological developments combined with human' interest in collecting and making use of data are turning the Orwellian state non-fictional. One of these latest developments include the Internet of Things (IoT), whereby users are now able to be constantly connected to the internet through various means like home automation (smart homes), smart TVs, smartphones, wearables, and through many other ‘things’. Within the realm of IoT, a cohort of devices emerged: devices that operate in an 'always mode' ('always on' devices) like Amazon Echo or Google Home. These developments obviously have both benefits and drawbacks from a social perspective. From the aspect of data use, there is much value in the information that is gathered and analyzed. On the other hand, from an informational privacy perspective, one of the drawbacks is that these devices do not generally distinguish between the types of information that is gathered. In other words, from a technological and legal perspective, there is no much difference between the personal information of adults vs. children nor sensitive vs. non-sensitive data. The underlying question of this research is whether the ubiquitous surveillance era necessitates recalibrating our notion of the right to privacy, and more closely, should we distinguish between different levels of privacy protection? In other words, is there a viable method to measure privacy? And if so, what mathematical tools are available to conduct such measurements without substantially decreasing the value of information?

Cyber Risks Perceptions in the Israeli Public

PI: Prof. Daphne Raban. 

Research Students: Mr. Yohai Avukay. 

Abstract:
Cyberspace and computer systems allows modern society to function properly. Alongside the many opportunities that these systems allow, there are also risks – attackers of various types operating in different ways, with different intensity and different purposes. These attackers can cause damage in both cyberspace and physical space. With the rapid progress of digitalization in our life, it is important that the public will be aware of the cyber risks and know how to defend itself. To this end, this research focuses on understanding cyber risk perception among the public in Israel. The study examines the perception of risk in two methods. One method is the application of the psychometric paradigm as a risk perception model. This model enables to estimate the intensity of the risks as perceived by the public. The second method is analyzing talkback interactivity in articles about cyber incidents, based on the theory that there is a difference in the level of interactivity between articles about controversial issues and moderate news.

The research questions focus on three areas. The first area is testing the intensity of cyber risks as perceived by the public. The second area is looking for differences between experts and non-experts in the perception of risk. The third area is testing if the level of talkback interactivity will be different in news articles about various types of cyber risks.

The findings indicate that according to the characteristics of risk perception, non-experts perceive the intensity of cyber risks differently from experts and see the risk of economic harm to a civilian (such as stealing money from a bank account, extortion of money by using ransomware taking over the PC, unauthorized credit card activities, etc.) as most intense. In addition, the talkback interactivity analysis showed that this risk led to the highest level of overall talkbacks and interactive talkbacks.

This research contributes to the several relevant theories. First, I found that the psychometric model, with some adjustments, can be applied to the perception of cyber risks. Second, I found that it is possible to identify differences in cyber risk perception between experts and non-experts. Thirdly, as probably first performed in this field of research, we found that the talkback interactivity analysis can be applied to support the finding of the risk perception, especially in the characteristic of familiarity with risk.

Cyber-Security of Water Distribution Systems: Attacks’...

PIs: Prof. Ofira Ayalo, Dr. Mashor Housh. 

Research Students: Ms. Noy Kadosh, Ms. Naama Shapira. 

Abstract:
Modern infrastructure systems are often controlled by Supervisory Control and Data Acquisition (SCADA) system and Programmable Logic Controllers (PLCs). As such, with the SCADA becoming a central component of WDSs, these systems can be subjected to cyber and cyber-physical attacks. For example, shutting/opening valves or pumps which might risk the water supply, damage equipment, or even inject chemicals (chlorine, fluoride, etc.) above desirable limits.
We propose to develop a specially tailored algorithm for identifying cyber-attacks based on detailed hydraulic understanding of the WDS combined with a machine learning event detection system for identification of complex cyber-attacks that cannot be fully identified by the hydraulic based rules alone. As such, this algorithm will utilize the unique characteristics of the WDS (e.g. hydraulic laws) as opposed to a straightforward application of anomaly detection methodologies. This research will be comprised of several stages. The first stage of the research will focus on conceptualizing surveillance in the 'always on' society and offer a theoretical framework to understand the trends that led to its potential existence. The second stage of the research will focus on the various legal aspects that always-on devices raise, while focusing mainly on the right to privacy. It will scrutinize the current American perception of informational privacy, and value various notions of privacy violations as reflected in legal proceedings and the American legal framework. The third stage will turn these theoretical arguments into mathematical formulations via what is termed as Differential Privacy. The expected outcomes would be offering a toolkit in the form of technological standards. In other words, this research will provide mathematical mechanisms to "measure" the protection of privacy and aid in determining what should constitute as sufficient security to address the concerns that always on devices raise while preserving the value of the obtained data.

Digital Monetization and Data Public: from disruption...

PI: Prof. Ilan Talmud. 

Research Students: Mr. Yaron Connoly. 

Abstract:

The study aims at inquiring into social devices and organized activities embedded in the market making of a “virtual currency”. The Bitcoin market is embedded in anonymous, decentralized, de-territorialized, online system. Trade in Bitcoin is risky, as it involves high degree of uncertainty regarding valuation, fluctuation, liquidity, and a lack of formal institutional regulation. Exploratory analysis conducted within the Israeli Bitcoin community reveals that market organizers use various social and rhetoric devices in order to promote market legitimacy and velocity. The proposed study aims at systematically examining the ways in which market organizers attempt at influencing investors to frame their investments as valuable, despite high levels of uncertainty, dramatic fluctuations, recurrent fraud cases, technical interruptions, public skepticism, and regulatory uncertainty. The study will explore to what extent the practical materiality of Bitcoin is dependent on trust in virtuality, and acceptance of “Folk Theory” of economics, based on trust in the efficient operation of algorithmic regulation, private production of money, and conspiracy theories of banking. The PI has experience in studying computer mediated communication, social networks, and economic sociology, using a variety of research contexts and methodologies.

Cyber security and privacy: Israeli developers in the...

PI: Dr. Rivka Ribak. 

Abstract:

In his work on the politics of algorithms, Tarleton Gillespie (2016) urges the study of algorithms to attend to "the people involved at every point: people debating the models, cleaning the training data, designing the algorithms, tuning the parameters, deciding on which algorithms to depend on in which context" (2016:22). The proposed research heeds his call, seeking to trace the ways in which social ideas about cyber security and privacy are shaped before they are inscribed in code. Specifically, as the hi-tech industry becomes transnational, the research is designed to disentangle the flow of ideas about cyber security and privacy in local and cross-cultural encounters, and to shed light on the ways in which these social ideas are negotiated and then written as software for apps and related products. Drawing on interviews with Israeli developers, it addresses three questions: How do Israeli developers conceptualize information privacy and data security? How are local concepts of privacy and security re-shaped in the encounter between Israeli developers and other developers – from the US, from Europe, from Asia? How are these cross-cultural encounters stabilized and inscribed in code?

Improving Informational Privacy and Security Governance...

PIs: Prof. Gil Luria, Dr. Irit Hadar. 

Research Students: Ms. Or Atias, Ms. Renana Arison. 

Abstract:

Today, information technology (IT) developers are called upon to develop measures inherent in the technologies to protect informational privacy and security, by applying holistic approaches such as privacy and security by design, addressing privacy and security concerns as the default mode of operation of a business or organization.

A previous study, in the context of privacy by design, identified organizational climate as a central force representing the influence of the environment on IT developers’ understanding and decision making regarding privacy concerns, often leading them to disregard privacy-related regulations, including the organization’s own policies.

Given the identified influence of organizational climate on IT developers, and in light of vast organizational literature indicating the high influence of organizational climate on employee behavior, and specifically on compliance with policy this research aims to leverage organizational climate for improved privacy and security governance.

The derived research objectives are: (1) to develop measures for informational privacy and security organizational climates, (2) to develop interventions for improving the level of privacy and security organizational climates, and evaluating their effect via the aforementioned measures.