jay Kesan | Law professor | Author | University of Illinois at Urbana-Champaign

jay Kesan has published extensively both as an engineer and scientist and as a legal scholar. His work has been cited widely. He also holds 18 U.S. patents on various aspects of electrical, wireless, RFID and software technologies.

GOOGLE AND CENSORING OF SEARCH RESULTS

16-Oct-2018: In recent news, President Trump has accused Google of rigging search results. The President claims that the search engine giant has purposefully suppressed positive stories about his administration, and could be opened to prosecution as a result.

https://www.jaykesanpublications.com/jaykesan/

https://www.jaykesanpublications.com/

https://www.jaykesanpublications.com/jaykesan/

https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

https://www.jaykesanpublications.com/2019/06/17/law-enforcement-needs-a-warrant-to-obtain-cell-site-location-data/

LAW ENFORCEMENT NEEDS A WARRANT TO OBTAIN CELL-SITE LOCATION DATA https://www.jaykesanpublications.com/

Cellular service providers store information about which cell towers transmit signals to a customer’s phone, thus revealing the geographic area where you are located when the transmission occurs.When cell phones were first getting popular, this information would be limited to when a phone call or text message was initiated or received by an individual, and the information only provided a general vicinity of where the cell phone was located. Modern apps often give users the option to receive “push” notifications that allow services to send updates directly to your phone instead of waiting for you to manually check for updates. The frequent “checking in” from apps makes cell site location data increasingly detailed, and service providers might store this information for years.Because people carry their phones with them, historical cell site location data creates the new possibility of retroactive surveillance as a boon to law enforcement.

 On June 22, the Supreme Court issued its opinion in the case of Carpenter v. United States. Carpenter concerned this type of cell site location information and involved a string of robberies in Michigan and Ohio. The defendant’s physical nearness to the robberies, as shown by historical cell site data, was used as circumstantial evidence to support convicting him. To obtain this information, the investigators had used an order under the Stored Communications Act. This order is an enhanced subpoena process to allow investigators to compel certain categories of data from cellular service providers without having to show the full “probable cause” that is required for a warrant under the Fourth Amendment.In Timothy Carpenter’s case, investigators used this enhanced subpoena to obtain 127 days of information about Carpenter’s physical movements, consisting of 12,898 individual data points. The question before the Supreme Court was whether investigators needed to show “probable cause” to obtain a court order to conduct this kind of retroactive surveillance.

 A 5-4 majority on the Supreme Court noted that the Carpenter case exists at a crossroad in Fourth Amendment law. On one hand, in the recent GPS-related case of United States v. Jones, the Supreme Court recognized an expectation of privacy in physical location and movements. But there is also the third-party doctrine, which says there is not an expectation of privacy in information that you voluntarily give to third parties. The third party doctrine is often discussed in the context of business records, like financial records held by a bank.

 In the Carpenter decision, the Supreme Court ruled that the third party doctrine does not apply to historical cell site location data.The Court reasoned that even in third party doctrine cases, Fourth Amendment protection may still exist for information of a particular nature.Writing for the majority, Chief Justice Roberts noted that “[t]here is a world of difference between the limited types of personal information addressed in [third party doctrine cases] and the exhaustive chronicle of location information casually collected by wireless carriers today.”

 The Carpenter decision, while potentially ground breaking for privacy rights, is fairly narrow and is very much tied to the presence of physical objects.Under Carpenter, there is Fourth Amendment protection for this kind of automatically generated information that tracks locations for a particular communications device.Previous cases about location privacy under the Fourth Amendment have concerned beepers in barrels and GPS devices in cars. Cell site data is more far-reaching because cell phones are practically an extension of the body.

 This action by the Supreme Court recognizes the societal developments that come with living in a highly connected technological age. If you want a device to be able to connect to services wirelessly, some form of location tracking will occur. Carpenter clarifies that that kind of information is to be afforded Fourth Amendment protections.

 I’m Jay Kesan.

https://www.jaykesanpublications.com/jaykesan/

https://www.jaykesanpublications.com/2019/06/17/law-enforcement-needs-a-warrant-to-obtain-cell-site-location-data/

https://www.jaykesanpublications.com/2019/06/17/taking-a-deep-dive-into-the-russian-indictment-based-on-their-cyber-attacks/

https://www.jaykesanpublications.com/jaykesan/

https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

TAKING A DEEP DIVE INTO THE RUSSIAN INDICTMENT BASED ON THEIR CYBER ATTACKS

https://www.jaykesanpublications.com/

https://www.jaykesanpublications.com/jaykesan/

https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

https://www.jaykesanpublications.com/2019/06/17/taking-a-deep-dive-into-the-russian-indictment-based-on-their-cyber-attacks/

On Friday, July 13th, Robert Mueller’s special prosecution team announced an indictment of twelve Russian agents in connection with cyber attacks against us.

The indictment discusses two computer intrusion units in the Russian military. One of these units is associated with actions to publicize private data, and the other unit is associated with attempts to disrupt our election infrastructure. Both of these sets of crimes include violations of federal law – the Computer Fraud and Abuse Act—the CFAA. The defendants in the indictment are charged with two violations of the CFAA: accessing a computer without authorization and obtaining information, and transmitting something that causes damage to a computer.

Information gathering was one focus of the Russian cyber intrusions.According to the indictment, Russian intelligence agencies have been deploying hackers against a variety of systems in the U.S.Arguably the most visible victim is the DNC, which experienced multiple intrusions resulting in the theft of emails and other digital information.Then, posting under names like DCLeaks and Guccifer 2.0, they staged releases of these documents.An unnamed organization – generally assumed to be Wikileaks – is described as working directly with Guccifer 2.0 to release the documents.

When someone wants to break into a computer system, they must find a security vulnerability.In many cases, that security vulnerability is situated right between the chair and the computer keyboard.The indictment alleges that units of the Russian military used spear phishing tactics to obtain passwords or other methods of access. Spear phishing involves sending emails by personalizing them so they appear to be from a trusted source thereby inducing the targeted individuals to reveal confidential information. Once they had access, they installed malware on the computers, including key loggers. That way, the hackers were able to record every keystroke that the user made.

When there is evidence that someone committed a crime, you want to know everyone who interacts with that evidence in the so-called chain of custody.You want the evidence to be in the same shape in court as it was when the crime was committed.An unknown hacker is hardly a reliable link in any chain of custody.When the documents were posted to Wikileaks, journalists immediately started reading them and identifying significant things.But there is no way of ensuring that the hacker didn’t plant dozens or hundreds of little lies throughout the stolen documents.

Another part of the indictment concerns interference with election infrastructure.The indictment refers to an unnamed state board of elections that was the target of a cyber attack by the defendants resulting in the theft of the personal information of about 500,000 voters.In the months following that data breach, some of the defendants also hacked into an American company that makes software to help state and local election boards verify voter registration information.The company is referred to as “Vendor 1.”Some journalists have suggested that this company might be VR Systems.

The indictment also alleges that the defendants used email addresses that resembled Vendor 1 as part of spear phishing campaigns against election officials across the country in November 2016.They used the company’s logo to make the emails seem more legitimate as coming from a company that election officials trust, but the attached Word documents contained malware.It is unknown how many of these spear phishing attempts were successful or what the hackers did when they got access.It’s possible that some of those problems were part of a hacking operation aimed at causing confusion and long lines and lowering voter turnout on election day.

But perhaps the strongest effect that we are experiencing is psychological, as the entire country is concerned about the legitimacy of our political system.

I’m Jay Kesan.

GOOGLE AND CENSORING OF SEARCH RESULTS

16-Oct-2018

In recent news, President Trump has accused Google of rigging search results. The President claims that the search engine giant has purposefully suppressed positive stories about his administration, and could be opened to prosecution as a result.

While the President’s specific claims of political censoring are unsubstantiated, the President has touched on an underlying issue; how do we know what we search and what we see on the internet represents the objective truth? How do websites rank and show information in a fairway?

In the case of Google, Google searches make up 92 percent of all internet searches. Despite their popularity, the search engine has never published how its search algorithm works. What is the “it” the factor that pushes a Wikipedia page or a New York Times article near the top of a search, while keeping a quote “untrustworthy” source near the bottom? These “secret algorithms” are prevalent throughout search engines and social media; popular sites like Facebook, Instagram, and Twitter all rely on these algorithms to determine what content to show users.

For example, in July of this year, Twitter algorithms limited the visibility of some Republicans in profile searches. Testifying before Congress, Twitter’s CEO, Jack Dorsey said the site tried to enforce policies against “threats, hate, harassment or other forms of abusive speech”, and that the tweaking of their algorithm unintentionally excluded republican profiles. Twitter has since fixed its search algorithm.

What we know about these secret algorithms isn’t much. For sure the algorithm looks for sites that use the same kind of words that people are searching for. But they also try and ensure that the pages writing those words are legitimate, by looking at information such as whether the site is trustworthy and if it is using the latest and most secure technology. There’s also an element of personalization affecting site rankings, where users will see more stories from publishers that they’ve visited frequently in the past,.

For Google, their decision to keep the algorithm secret is partly an attempt to ensure that it still works. If the nuts and bolts behind Google’s rankings were revealed, companies would try to alter their content in order to maximize their rank.

Regardless, because of the entire industry’s lack of transparency, it is easy to think that the search results we receive every day could be inherently biased. If Google or Facebook ever went rogue and decided to throw an election to a favored candidate, it would only have to alter a small fraction of search results to do so. And that is a very scary proposition.

So how do we fix such an issue?

Frank Pasquale, a professor at the University of Maryland Law School, has suggested that the Federal Trade Commission and the Federal Communications Commission should gain access to search data and investigate claims of manipulation. His hope is that a nonpartisan body could investigate accusations of bias and put the issue to rest.

Conversely, Facebook has sketched out a plan that involves giving academic researchers access to its search data and allowing these academic researchers to study whether bias exists. Under Facebook’s proposed solution, the tech company would keep a tighter lid on its a secret algorithm, while still allowing some review to come out to the public.

However, recently it was revealed that the Trump administration is considering instructing federal antitrust and law enforcement agencies to open investigations into the practices of sites like Google and Facebook. While the preliminary document is still in the early stages of drafting, and could change significantly in the coming months, the threat of federal antitrust enforcement from the Trump administration could spur tech companies to introduce more transparent policies regarding their search algorithms.

 It’s still an open question how these tech companies will deal with these developments. It will take months for the Trump Administration’s proposal to take shape if it does at all and other proposals are only still preliminary thoughts. Stay tuned for more developments on this front, and let’s hope that these developments aren’t blocked.

I’m Jay Kesan

- https://www.jaykesanpublications.com/

- https://www.jaykesanpublications.com/jaykesan/

- https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

10-May-2018 Facebook privacy violation

https://www.jaykesanpublications.com/In April, the CEO of Facebook, Mark Zuckerberg, testified in Congress about the alleged user privacy violations that occurred at Facebook. Several weeks later, Cambridge Analytical, the political consulting firm that misused the personal information of millions of Facebook users, is shutting down due to the loss of customers. The Federal Trade Commission is progressing with its investigation of Facebook, and we will find out whether and how Facebook will be held responsible for these privacy violations.

That said, these privacy concerns are not going to end anytime soon. It is not just Facebook. Companies in multiple industries are becoming heavily dependent on customers’ personal data so that they can provide tailored products and services to their customers at a lower cost. Ideally, both the companies and their customers should benefit from this data collector-data contributor relationship. In reality, all of us who are data contributors often feel uncomfortable about it. From Zuckerberg’s testimony in Congress, we may find answers to why we feel this way, and how meaningful regulation can improve this situation.

One reason why data contributors may not trust data collectors is that there is an informational asymmetry between the two. Many users have little knowledge about how companies like Facebook are collecting their personal information and what kinds of information are being collected. People get suspicious about whether their voices are being recorded secretly through the microphones on their laptops or through smart home devices like Amazon Echo.

It is often unclear to users who have access to their personal information. For example, people unfamiliar with Facebook’s business model may think that it sells users’ information to advertisers. During his Congressional testimony, Zuckerberg explained that Facebook acted as an intermediary that connected users with relevant ads. In order to provide greater clarity to users, regulation is needed to require that data collectors disclose, in an understandable and comprehensive manner, the sources being used to collect information, the types of information being collected, and the parties who have the access to that information.

Sometimes the collected information may be such that we are hesitant to share it. For example, many car insurance companies have been promoting telematics devices, which track drivers’ driving habits, and good drivers will be rewarded with lower premiums. But even for a good driver, the chance of her getting into an accident varies depending on many other factors, for example, the road conditions. Imagine if insurance companies start to gather information about the routes that a driver takes and change premium rates accordingly, in real-time. Drivers will spend less on car insurance if safer routes are taken, and insurers will be able to monitor their risk exposures more closely. But even in such a mutually beneficial scenario, not everyone is willing to share his every footprint with others.

In short, people balance different considerations when it comes to the sensitivity of personal information. Some may be happy about giving up personal information in exchange for lower price or convenience, while others may not. Therefore, data contributors– meaning you and me — should be given the right to not share the information they consider sensitive unless they want to do so.

In the EU, the General Data Protection Regulation – GDPR – goes into effect on May 25, 2018, and it provides data protection and privacy for all individuals within the European Union. It also deals with the export of personal data outside the EU, and hence, it will have a global impact.

Given the increased focus on cyber privacy, it is likely that some Congressional legislation regulation emerges. Will this regulation be adequate and will there be adequate enforcement of those regulations?

https://www.jaykesanpublications.com/

https://www.jaykesanpublications.com/jaykesan/

I’m Jay Kesan.

AMAZON ECHO IN DORM ROOMS AND PRIVACY CONCERNS - https://www.jaykesanpublications.com/

https://www.jaykesanpublications.com/jaykesan/As the fall the semester begins, students of Saint Louis University will soon find a new amenity, the Amazon Echo Dot, in each of their dorm rooms. Echo Dot is a voice assistant device developed by Amazon and enabled by the artificial intelligence service, Alexa. The university has decided to deploy over 2,300 of these devices in all student residences on campus to provide students with easier access to campus-related information. For example, students can ask the voice assistant about library hours and building locations. It is the first time that a university has put these voice assistant devices in student living spaces. Not surprisingly, despite the conveniences they provide, there are privacy concerns with these devices.

So, let us look at how the Amazon Echo Dot works. The device responds to a wake word chosen by its user, such as Alexa, by default. After hearing the wake word, the device records the user’s voice, sends it to the virtual assistant, Alexa, and performs a corresponding action. For example, a student may ask the Echo Dot in his dorm room to create a reminder for a personal event, which may be private information. The device will then send the voice recording to Alexa to create the reminder, as instructed. But, voice recordings like this will not be deleted upon the completion of requests. Instead, they are stored on Amazon’s server. Saint Louis University states that the Alexa-for-business platform, which is a workspace solution, is used to manage the Echo devices provided to students and no personal information will be collected. According to Amazon, devices enabled by Alexa-for-business are not associated with personal accounts. It means that any data sent to the server, including voice recordings, is anonymous, and not attributable to individual students. Alexa-for-business does not give the university any access to these audio files except the ability to delete them. Thus, students’ voice recordings are anonymous and inaccessible to the school. Amazon has also been implementing controls in compliance with the EU’s General Data Protection Regulation, the GDPR, to secure customer data.

However, even though the university does not seem to pose a threat to students’ privacy, and Amazon says protecting customer data is its top priority, it is difficult to guarantee that all the conversations near Echo devices will be safe, because sometimes things do not work as intended, especially when it comes to technology. A few months ago, an Oregon family discovered that a private conversation was recorded by their Echo device and sent to a random person on their contact list because the device misheard the wake word and the following command. This incident tells us that voice recognition is not always reliable. Under the GDPR, data accuracy is an essential requirement, and users are given the right to correct any false information. But voice assistants like Amazon Echo usually do not give users enough time to correct the misinterpreted commands before these commands are executed and an impact is made, and there is not enough visual confirmation to help users understand how their data will be processed either.

Another source of risk is the vulnerabilities in these devices. Security experts had successfully exploited Echo devices and turned them into wiretaps that could continuously listen and record by either modifying the hardware or running malicious software. Although these exploits are already fixed, new vulnerabilities may be discovered and utilized by attackers.

Other than these intrinsic risks residing in voice assistant devices, Saint Louis University is considerate about students’ privacy, and students can either mute the microphone or just unplug it and put it in a drawer for the rest of the school year.

I’m Jay Kesan.

- https://www.jaykesanpublications.com/jaykesan/

2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)

UTILIZATION OF BIO-ONTOLOGIES FOR ENHANCING PATENT INFORMATION RETRIEVAL

The ability to access existing patents and patent-related information can have significant impacts on technology development and commercial markets. While such information is now available online, requesting the information about a specific technology remains a nontrivial task. The reason is that the online information often resides in different storage sources, is based on different modeling paradigms, and is managed by different independent entities. Ontology is one modeling paradigm that can capture semantically rich knowledge about a specific domain and its existing patents. That knowledge can be used to facilitate information sharing and information interoperability.

https://www.jaykesanpublications.com/jaykesan/

https://www.jaykesanpublications.com/

2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC).

UTILIZATION OF BIO-ONTOLOGIES FOR ENHANCING PATENT INFORMATION RETRIEVAL 

- https://www.jaykesanpublications.com

- https://www.jaykesanpublications.com/jaykesan/

GOOGLE AND CENSORING OF SEARCH RESULTS

In recent news, President Trump has accused Google of rigging search results. The President claims that the search engine giant has purposefully suppressed positive stories about his administration, and could be opened to prosecution as a result. 

https://www.jaykesanpublications.com/ 

https://www.jaykesanpublications.com/jaykesan/

THE NEW “CONSUMER REVIEW FAIRNESS ACT OF 2016”

https://www.jaykesanpublications.com/

Dec-5-2016

Click here to accept these terms.  That sentence, or a variation of it, is something that we routinely encounter. It shows up in-app updates, on website registration pages, and during the installation of software and computer games. Most people don’t read the terms that they’re accepting, which can be a problem if they have a dispute with the company that provided the product because these unknown terms are now part of a binding contract. In the law, such a contract is often referred to as a contract of adhesion. Contracts are usually about a “meeting of the minds” – in other words, the people signing the contract know what’s in the contract and mutually agree to it.  But form contracts, like clickwrap agreements, don’t give customers the opportunity to negotiate for more favorable terms.

Read more articles at- https://www.jaykesanpublications.com/

THE NEWLY ENACTED CYBERSECURITY INFORMATION SHARING ACT (CISA)—GOOD OR BAD POLICY? https://www.jaykesanpublications.com/

THE NEWLY ENACTED CYBERSECURITY INFORMATION SHARING ACT

Mar-7-2016

ISIS uses encrypted communication methods to reach sympathizers over the Internet.  Drugs are sold in decentralized markets in the hidden corners of the Web.  People who want to exploit children have anonymous forums where posts are very difficult to trace.  Terrorism and crime have gone digital creating new challenges for law enforcement.

Thousands of software and hardware security flaws are floating in the ether, waiting to be discovered and exploited.  When a computer security flaw enables unauthorized remote access, tech-savvy criminals can steal data, add a compromised system to a botnet, and sometimes even cause physical damage to a machine.  But unlike terrorist recruitment or trafficking in illegal goods, there is often little physical evidence left by cyberattacks.

Read more at - https://www.jaykesanpublications.com/2019/09/20/the-newly-enacted-cybersecurity-information-sharing-act-cisa-good-or-bad-policy/

kindly visit the website to read more about security information

- https://www.jaykesanpublications.com/

- https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

- https://www.jaykesanpublications.com/jaykesan/

- https://www.jaykesanpublications.com/2019/09/20/the-newly-enacted-cybersecurity-information-sharing-act-cisa-good-or-bad-policy/

THE NEWLY ENACTED CYBERSECURITY INFORMATION SHARING ACT (CISA)—GOOD OR BAD POLICY?

 https://www.jaykesanpublications.com/

THE NEWLY ENACTED CYBERSECURITY INFORMATION SHARING ACT (CISA)

ISIS uses encrypted communication methods to reach sympathizers over the Internet.  Drugs are sold in decentralized markets in the hidden corners of the Web.  People who want to exploit children have anonymous forums where posts are very difficult to trace.  Terrorism and crime have gone digital creating new challenges for law enforcement.

Thousands of software and hardware security flaws are floating in the ether, waiting to be discovered and exploited.  When a computer security flaw enables unauthorized remote access, tech-savvy criminals can steal data, add a compromised system to a botnet, and sometimes even cause physical damage to a machine.  But unlike terrorist recruitment or trafficking in illegal goods, there is often little physical evidence left by cyberattacks.

I’m Jay Kesan.

kindly visit the website to read more about CYBERSECURITY INFORMATION

visit at - https://www.jaykesanpublications.com/

- https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

- https://www.jaykesanpublications.com/jaykesan/

IS STRONGER ENCRYPTION THE ANSWER?

IS STRONGER ENCRYPTION THE ANSWER?

Apr-4-2016

In 2015, the FBI unsuccessfully tried to persuade Congress to regulate encryption. To combat the so-called problem of criminal investigations “going dark,” some law enforcement professionals want tech companies to be able to bypass their own encryption.  The FBI and intelligence community accepted that although the Congress was not open to this idea in 2015, in the event of a terrorist attack where strong encryption can be shown to have hindered law enforcement, attitudes might change.

Kindly Visit Website to read more about Stronger Encryption and Its Factors.

- https://www.jaykesanpublications.com/2019/09/20/is-stronger-encryption-the-answer/

- https://www.jaykesanpublications.com/category/commentary-on-law-and-technology/

I’m Jay Kesan.