Browsing by Author "Hiller, Janine S."

Now showing 1 - 7 of 7
  • Thumbnail Image
    Applying Best Supply Chain Practices to Humanitarian Relief
    Russell, Roberta S.; Hiller, Janine S. (Penn State, 2015-05)
    With the growth in length and breadth of extended supply chains, more companies are employing risk management techniques and resilience planning to deal with burgeoning and costly supply chain disruptions. As companies can learn from humanitarian groups, so can humanitarian groups learn from industry how to respond, recover, and prepare for these disruptive events. This paper looks at industry leaders in supply chain risk management and explores how humanitarian supply chains can learn from industry best practices.
  • Thumbnail Image
    Civil Cyberconflict: Microsoft, Cybercrime, and Botnets
    Hiller, Janine S. (Santa Clara University School of Law, 2014-01)
    Cyber “warfare” and hackback by private companies is a hot discussion topic for its potential to fight cybercrime and promote cybersecurity. In the shadow of this provocative discussion, Microsoft has led a concerted, sustained fight against cybercriminals by using traditional legal theories and court actions to dismantle criminal networks known as botnets. This article brings focus to the role of the private sector in cybersecurity in light of the aggressive civil actions by Microsoft to address a thorny and seemingly intractable global problem. A botnet is a network of computers infected with unauthorized code that is controlled from a distance by malicious actors. The extent of botnet activity is staggering, and botnets have been called the plague of the Internet. The general public is more commonly aware of the damaging results of botnet activity rather than its operation, intrusion, or infection capabilities. Botnet activity may result in a website being unavailable due to a denial-of-service (DoS) attack, identity theft can occur because the botnet collects passwords from individual users, and bank accounts may be emptied related to botnet activity. Spam, fraud, spyware, and data breaches are all the result of botnet activity. Technical remedies for stopping botnet attacks and damages are ongoing, but technical solutions alone are inadequate. Law enforcement is active in tracking down criminal activities of botnets, yet the number and sophistication of the attackers overwhelm it. In a new development, multiple civil lawsuits by Microsoft have created the legal precedent for suing botnet operators and using existing law to dismantle botnets and decrease their global reach. This article reviews the threats created by botnets and describes the evolution of legal and technical strategies to address botnet proliferation. The distinctive aspects of each of the cases brought by Microsoft are described and analyzed and the complex questions surrounding a botnet takedown are identified. Discussion of the details of the lawsuits are important, because over a relatively short period of time, government and private sector roles have evolved considerably in the search for a methodology to deal effectively with botnets. Theoretical and international questions surrounding the sustainability and policy ramifications of private sector leadership in cybersecurity are examined, and questions for future research are identified.
  • Thumbnail Image
    Critical Protection for the Network of Persons
    Hiller, Janine S.; Berger-Walliser, Gerlinde; Brantly, Aaron F. (University of Pennsylvania School of Law, 2022)
    The world is facing a future of sensored surveillance, filled with pervasive ultra-small connected devices, added to relatively larger ones already present in appliances and everyday technology today. Sensors will be bound to people as well as the environment, and people will provide much of the data that will compose the fundamental building blocks of a decisional infrastructure. Threats emanating from incompetence, unethical conduct, criminals, and nation states will put national security at increased risk because of new levels of potential harm to individual citizens as well as potential damage to physical infrastructure. A future that includes intimate electronic connections with a person’s body creates an imperative to secure a Network of Persons (NoP), rather than of things. Sensor driven collection of huge amounts of data from individuals can impact the fundamental meaning of citizenship, affect economic prosperity, and define personal identity, all in a world composed of dwindling nodes of mediation between humans and automated systems. Intimately connected technology is increasingly interweaving persons in ways that extend the importance and relevance of critical infrastructure protections to the person. The present disjointed and fragmented approaches of Europe and the United States exacerbate the problems and elevate the importance of reconsidering designations of critical infrastructure. A new designation of a Critical Network of Persons (CNoP) does not obviate or alleviate the risks associated with the technologies; rather, it begins to shift the burden of risk mitigation and protection away from those least capable, towards the state and its partners. This paper proposes critical infrastructure protection for life critical functions in the NoP and argues that because the person is the building block for this critical infrastructure protection, the government’s duty is qualitatively different from its duty to protect other critical infrastructures. Establishing a CNoP reorients the scope and focus to that of the citizen, the person—the building block of the nation. Ensuring the security at the individual level is imperative for maintaining national security for all.
  • Thumbnail Image
    Governance Mechanisms as a Means of Increasing Consumer Trust in Online Exchanges: A Signaling Perspective
    Cook, Don Lloyd (Virginia Tech, 2001-12-12)
    Many consumers seem to be uncomfortable or unwilling in making online transactions. This lack of trust stems in part from the online exchange process itself where consumers are deprived of many traditional cues that they would use to evaluate this process. This research focuses on consumer perceptions of regulatory governance in online exchanges and how signals of governance might act to increase consumer trust in online transac-tions. An experimental methodology was used to examine the effects of different types of structures on consumer perceptions and to provide direction for public policy makers as well as online businesses and private regulatory entities.
  • Thumbnail Image
    Political Participation in a Digital Age: An Integrated Perspective on the Impacts of the Internet on Voter Turnout
    Carter, Lemuria D. (Virginia Tech, 2006-04-12)
    E-government is the use of information technology, especially telecommunications, to enable and improve the efficiency with which government services and information are provided to its constituents. Internet voting is an emerging e-government initiative. It refers to the submission of votes securely and secretly over the Internet. In the United States some areas have already used Internet voting systems for local and state elections. Many researchers argue that one of the most important social impacts of Internet voting is the effect it could have on voter participation. Numerous studies have called for research on the impact of technology on voter turnout; however, existing literature has yet to develop a comprehensive model of the key factors that influence Internet voting adoption. In light of the gradual implementation of I-voting systems and the need for research on I-voting implications this study combines political science and information systems constructs to present an integrated model of Internet voter participation. The proposed model of Internet voting adoption posits that a combination of technical, political and demographic factors amalgamate to influence the adoption of I-voting services. The study was conducted by surveying 372 citizens ranging in age from 18-75. The findings indicate that an integrated model of I-voting adoption is superior to existing models that explore political science or technology adoption constructs in isolation. Implications of this study for research and practice are presented.
  • Thumbnail Image
    Privacy and Security in the Implementation of Health Information Technology (Electronic Health Records): U.S. and EU Compared
    Hiller, Janine S.; McMullen, Matthew S.; Chumney, Wade M.; Baumer, David L. (Boston University School of Law, 2011)
    The importance of the adoption of Electronic Health Records (EHRs) and the associated cost savings cannot be ignored as an element in the changing delivery of health care. However, the potential cost savings predicted in the use of EHR are accompanied by potential risks, either technical or legal, to privacy and security. The U.S. legal framework for healthcare privacy is a combination of constitutional, statutory, and regulatory law at the federal and state levels. In contrast, it is generally believed that EU protection of privacy, including personally identifiable medical information, is more comprehensive than that of U.S. privacy laws. Direct comparisons of U.S. and EU medical privacy laws can be made with reference to the five Fair Information Practices Principles (FIPs) adopted by the Federal Trade Commission and other international bodies. The analysis reveals that while the federal response to the privacy of health records in the U.S. seems to be a gain over conflicting state law, in contrast to EU law, U.S. patients currently have little choice in the electronic recording of sensitive medical information if they want to be treated, and minimal control over the sharing of that information. A combination of technical and legal improvements in EHRs could make the loss of privacy associated with EHRs de minimis. The EU has come closer to this position, encouraging the adoption of EHRs and confirming the application of privacy protections at the same time. It can be argued that the EU is proactive in its approach; whereas because of a different viewpoint toward an individual’s right to privacy, the U.S. system lacks a strong framework for healthcare privacy, which will affect the implementation of EHRs. If the U.S. is going to implement EHRs effectively, technical and policy aspects of privacy must be central to the discussion.
  • Thumbnail Image
    Protection Motivation Theory: Understanding the Determinants of Individual Security Behavior
    Crossler, Robert E. (Virginia Tech, 2009-03-19)
    Individuals are considered the weakest link when it comes to securing a personal computer system. All the technological solutions can be in place, but if individuals do not make appropriate security protection decisions they introduce holes that technological solutions cannot protect. This study investigates what personal characteristics influence differences in individual security behaviors, defined as behaviors to protect against security threats, by adapting Protection Motivation Theory into an information security context. This study developed and validated an instrument to measure individual security behaviors. It then tested the differences in these behaviors using the security research model, which built from Protection Motivation Theory, and consisted of perceived security vulnerability, perceived security threat, security self-efficacy, response efficacy, and protection cost. Participants, representing a sample population of home computer users with ages ranging from 20 to 83, provided 279 valid responses to surveys. The behaviors studied include using anti-virus software, utilizing access controls, backing up data, changing passwords frequently, securing access to personal computers, running software updates, securing wireless networks, using care when storing credit card information, educating others in one's house about security behaviors, using caution when following links in emails, running spyware software, updating a computer's operating system, using firewalls, and using pop-up blocking software. Testing the security research model found different characteristics had different impacts depending on the behavior studied. Implications for information security researchers and practitioners are provided, along with ideas for future research.