In Memoriam: Sylvia Mercado Kierkegaard (1953–2015)

Sylvia Mercado Kierkegaard

Sylvia Mercado Kierkegaard

Professor Sylvia Mercado Kierkegaard was a Philippine jurist specialising in computer law. In 2009 she attained the position of Visiting Professor in the Faculty of Law at the University of Southampton, in the United Kingdom researching a diverse range of topics including, comparative contract law, alternative dispute resolution, intellectual property rights, European Union law, privacy, electronic commerce, cybersecurity, computer law, and data protection. Professor Kierkegaard was a lifelong learner who had vast knowledge with a strong multidisciplinary approach to her work. Remarkably, her breadth of knowledge never came at the expense of her depth of legal knowledge. 

Sylvia obtained her first academic degree, a Bachelor of Mass Communications (Journalism), in the early 1970s from the University of the Philippines and later studied at Stanford University where she completed her Masters in Asian Studies. In 2003, she duxed her class, attaining her Masters in European Union Business and Law at the University of Aarhus. In addition to living in the Philippines and Egypt (the two countries where her three children were born),the family  moved several times due to her husband’s work transfers. Living in Greece and Germany respectively, Sylvia was active as a born-again Christian Minister, serving the Lord and  reaching to others. In 1992, Sylvia and her husband, Allan Kierkegaard, decided to move the whole family back to Copenhagen, Denmark. Sylvia continued with her ministries whilst taking care of her three children.

It was in Copenhagen, that Sylvia felt she could well and truly re-enter the workforce full time as her children were older, and sincerely begin her career as an academic in the field she so loved. She began to publish articles on topical themes. She also participated in several conferences, at which time she realised there was a stark gap in the field. In 2006, Sylvia swiftly moved to establish the International Association of IT Lawyers (IAITL) targeted  at lawyers and legal practitioners who had an interest in Information Technology Law. The association’s mission sought to promote the study and further research in Computer Law  through international engagement and conferences, the formation of transnational networks and networking events, the publication of members’ research, and the timely announcement of new job openings. In the same year that Sylvia formed IAITL, the first IAITL conference was held in Hamburg with great success. This was followed annually by conferences in  Copenhagen, Istanbul, New York, Beijing, Prague, Malta, Barcelona, Nicosia, Athens, Bangkok and Lisbon. These conferences were known for their high standard in paper submission and  service, as well as by loyal conference participation by delegates, year after year. For those of us who have had the good fortune to host, organise, and program large-scale events such as this, it usually is a one off thing, like building a house. Sylvia built many houses in her time,  had the ability to mobilise volunteers, and was a visionary. 

Sylvia was a deep thinker about the future for numerous reasons. First, she had children, and felt it a duty to provide ways for which legal framework solutions could be used to protect humans. She was incredibly “international” or “bloc” focused in her research having  understood the forces of globalisation so well from the perspective of a Danish resident and Philippine citizen. For instance, she could especially see how new technologies could impact people (e.g. women and children) and how the law needed to rapidly develop to face the challenges (e.g. cyberbullying). She also knew well the digital divide between countries in Asia and the rest of the world. 

Prof. Kierkegaard also liked to tackle looming problems and help bring some definition to them. She would often consider what was “the right thing to do”, and did not mind being faced with what others believed to be insurmountable barriers, challenges or impossibilities like catching out regulators for their lack of enforceability of given laws. To her there was no problem that was unresolvable. It just took hard work, perseverance and persistence. Sylvia needs to be remembered as a trailblazer, a first mover in the European Union, especially in relation to topics that were complex and highly significant to long-term stability of the human race. She was a fierce advocate of data protection, and in the protection of children, and that new technologies should not encroach on an individual’s right to privacy. This editorial is devoted to the celebration of her academic work while she made a seminal contribution at the University of Southampton, throughout Europe and internationally. 

I provide here a list of highlights between 2009 and 2013 as they demonstrate the breadth of the research Prof. Kierkegaard was engaged in:
• Keynote speaker at the 16th Eurasia Summit on Information and Communication Technologies
• Invited lecture on the “Present State and Future Developments in EU Data Privacy and Protection and Info-Network Security” at Technion Israel Institute of Technology
• Recipient of an EU grant to conduct a visualization and privacy study in Israel
• Speaker and panellist at the Ankara Bar Congress
• Speaker and moderator at the Workshop on IPR, INPR Court in Bangkok
• Keynote speaker at the Digital Agenda Assembly of the European Commission Department of Information Society and Media and the European Parliament
• Chair at the EU Workshop on Cultural Heritage, Private Law and IPR from a global and EU-China Perspective
• Keynote speaker on Cybercrime Prevention organised by the Internet Fraud Association, Australian Police and International Association of Cybercrime Prevention in Sydney
• Keynote speaker on “Copyright, Patent, and Trademark” for the Perth Judiciary conference
• Summer School chairman: organized by the University of Vienna Economics, University of Gottingen, University of Hamburg, and Utrecht University
• Chairman for the Conference in Public law, Private law, Trade law in Cyprus
• Chair and workshop in Turkish Cyprus for the Supreme Court on Regulating Cyberspace
• Various lectures at Beijing Normal University, Communication University of China and Renmin University
• Keynote speaker, World Congress of Forensics, Chongqing China
• Workshop chairman for CASS for the China Supreme Court, for Hong Kong University of China, and the University of Macau
• Panel chairman for Challenges in Cybersecurity - Risks, Strategies, and Confidence-Building workshop organised by the Free University of Berlin, the University of Hamburg, the United Nations Institute for Disarmament Research in Geneva and the Federal Foreign Office Berlin
• Conference chairman and speaker, Cyberconference, Netherlands Antilles
• Speaker at the International Information Marketing Association Conference, Texas, USA
• Speaker at the Famagusta Law Conference in Turkish Cyprus
• Chairman, Hans Bredow-Max Planck Workshop on IP Law: “Regulating IPR”, Hamburg, Germany
• Speaker, panellist, ESF Strategic Workshop on Cybersecurity, Budapest, Hungary
• China IP Summer School Program in X’ian, Nanjing and Shanghai
• Keynote speaker, Cybercrime Conference, Brazil for ILA
• Chairman, speaker, IPL Conference, Barcelona, Spain
• Keynote speaker, Social Networking Workshop, Finland
• Chairman, co-Reach Workshop on IPR and ISP Liability, London, UK
• Chairman, co-Reach Workshop on IPR and Collective Society, Database, and Jurisdiction, Vienna
• Keynote speaker, EU Medforist Project under the auspices of Princess Sumaya of Jordan
• Keynote speaker and moderator,Workshop on Digital Convergence and Cyberlaw, Malaysian Centre of Regulatory Studies, Malaysia

• Keynote speaker, 5th Media Economics and City Development Conference, CUC, Beijing. Participation by over 50 mayors of China

• Co-Reach Workshop, CASS, Beijing
• Keynote speaker, First International Workshop on Transborder Commercial Law, University of South Africa and Nedbank
• Welcome speech, 4th Legal Security Privacy Conference and 3rd International Law and Trade Conference, Malta
• Panel with Interpol, EU Data Protection Commissioner and Eurojust regarding privacy issues under the 3rd Pillar, Brussels, Belgium
• Keynote speaker, The Ankara Bar Congress in Turkey
• Keynote speaker, International Information Management Association
• Panellist, Council of Europe, International E-Participation and Local Democracy Symposium, London
• Keynote speaker and panellist, Council of Europe, Madrid, Spain
• Welcome speech, 3rd IBLT Conference, New York, USA
• Welcome speech, 3rd LSPI Conference, Prague, Czech Republic September
• Keynote speaker, EU- China Joint Workshop Organised by the EU Commission and the Chinese Ministry of Information and Industry, Beijing, China

During the same time she was zipping across Europe, the US, the Middle East, Australasia and the Americas, somehow Sylvia was able to produce about 150 publications in 7 years. For anyone in the law, business or humanities,this is double or even triple the number of high-end outputs of what a typical A+ academic could produce. 

It was obvious to anyone on listening to Prof. Kierkegaard deliver a keynote or presentation, that she was not only an expert in her craft, but she could convey difficult concepts simply. Her formula was thus:
1. provide current examples of the subject matter at hand
2. illustrate visually with tangible examples and with visual queues (e.g. clipart) where possible
3. explain the relevance of the material in everyday life to various stakeholders
4. come in with heavy duty descriptions of laws, acts, codes, and regulations
5. consider exemptions to the general rule
6. consider the US and also federal and state legislative differences
7. identify case law examples
8. contextualise for the relevant audience (e.g. Australian cases and laws for a predominantly Australian audience)
9. describe how the EU is leading the way with new directives and compare with other nations
10. talk technology and technological issues and impacts on society
11. bring all the various aspects together with specific line by line Article identification; and
12. offer a bigger picture view all the while pointing to future challenges.

Prof. Kierkegaard loved to simplify thick legal speak and skillfully break it down into consumable chunks for her audience. She is one of the few people I know that could confidently deliver 75 Powerpoint slides in 60 minutes without demanding too much of her audience. Needless to say, Sylvia was a grand master in delivery. She was always well prepared with the unique ability to bring all the pieces of the puzzle together to offer cutting edge insights for all who were willing to listen. One could imagine her in full swing as a jurist as many of those qualities shone through during her time in academe. 

Sylvia was special; there was no doubt about that. She broke all the gender, academic and ethnic stereotypes: woman, wife, mother, self-confessed born-again spirit-filled Christian, multi-disciplinary scholar, Filipino and powerhouse leader, organiser, editor, innovator. I have tried to reflect on what made Sylvia so exceptional. No doubt,migrants feel privileged, for the greater part do not take for granted what they have, cherish the simple things in life, and are not boxed by the boundaries imposed on them by others, often over-achieving as a result. But there was something more to Sylvia. It was not just her cultural roots, her dynamic spirit of engagement, her passion for her craft- Sylvia had a sense of purpose and believed her work could make a difference, and could somehow see what others could not, years in advance. She also believed in the potential of every person that entered her path. 

Prof. Kierkegaard had a flair for engaging everyone she came into contact with: whether they were high court judges, ministers of data protection, European Union or industry lawyers, conference delegates, colleagues, students at Southampton University or simply members’ of the public. She loved people and she loved sharing. Sylvia was always ready to give a talk and always had something to contribute to a discussion in her field. She was vibrant, self-assured, meticulous and extraordinarily encyclopaedic. At the same time, she was willing to see your point of view, provide critical feedback and consider positions that were in deference to hers. The truth was however, you could seldom match it with Prof. Kierkegaard, but rather than feeling somewhat diminished after correspondence or face-to-face question time, you walked away feeling strengthened and encouraged.

Sylvia always made you feel important,that you could conquer the world, achieve anything if you put your mind to it, and that commitment should be placed in international causes that were meaningful to citizenry. In short, she believed all life was precious. She was always seemingly in a hurry to get things done, bring as many stakeholders together around a table as possible, travel to places where decisions and actions could be taken, and think about future issues before they became problematic in society. For Sylvia, there was no time like the present, geographic expanse was not a constraint, and she seldom wasted time putting her ideas into action.

To her name are many edited books with leading specialists, conferences hosted or chaired by her together with accompanying peer-reviewed proceedings, and many articles. The books alone which I have listed here are work enough for the average person over a lifetime of research, let alone 7 years:
• Laws and Practice: Critical Analysis and Legal Reasoning (ed., 2013)
• Contemporary Private Law (ed., 2012)

• Law, Governance and World Order (ed., 2012)
• Copyright Law in the Making – Chinese and European Perspectives (ed. With Willem Grosheide, 2012)
• Law Across Nations: Governance, Policy and Statutes (ed., 2011)
• Private Law: Rights, Duties and Conflicts (ed., 2010)
• Legal Discourse in Cyberlaw and Trade (ed., 2009)
• The Dynamics of Trade, Law and Economics (ed., 2008)
• Synergies and Conflicts in Cyberlaw (ed., 2008)
• Business, Law and Technology, Present and Emerging Trends (ed., 2008)
• International Law and Trade, Bridging the East-West Divide (ed., 2007)
• Cyberlaw, Security and Privacy (ed., 2007)
• Business, Law and Technology, Present and Emerging Trends (ed., vol. 1, 2006)
• Business, Law and Technology, Present and Emerging Trends (ed., vol. 2, 2006)
• Legal Privacy and Security Issues in Information Technology (ed., vol. 1, 2006)
• Legal Privacy and Security Issues in Information Technology (ed., vol. 2, 2006)

One considers how Prof. Kierkegaard could have been such a prolific publisher. Of course there must’ve been some significant sacrifices, but one could deduce that when she was not engaged in the classroom, or with her family, or with her local Church activities, or sleeping, she must’ve been at full throttle researching almost all the time into the early hours of the morning.

Before too long, Prof. Kierkegaard unsurprisingly was in very high demand, and this in a pre-Twitter, pre-ResearchGate, pre-Google Scholar world, where academic news travelled slower, though she heavily embraced online communications for knowledge sharing. She travelled to so many parts of the world to deliver talks, to collaborate, on invited visiting appointments
(e.g. China), as a legal consultant, as a government advisor (e.g. EU), and as an expert commentator to the media. One was always at a stretch to figure out how she did it all simultaneously. One day she could be in Lisbon, the next in Perth, China, and a few days later back corresponding, researching or working on a paper. For Sylvia her work was inseparable from her life’s journey. She also felt it her duty to educate those who perhaps did not have access to necessary expertise in institutions worldwide. As a Professor named in the Academic Centre of Excellence in Cyber Security Research in the UK, she also reached out far and wide, supervising a PhD candidate at the Communications University of China, and as an adjunct professor at Xi’an Jiaotong University among others. Her involvement was significant in the China market. 

She was also a fellow at the UN African Center for Cyberlaw and Cybercrime Prevention, consultant for the Data Protection SDN, BHD Malaysia and a member of the Advisory Board for
the World Council for Law Firms and Justice. She truly was an international citizen, while also contributing greatly to her neighbouring institutions, among them the London School of Economics as a policy expert on their Media Policy Project and was a member of the Policy and Scientific Committee of the European Privacy Association.

Dr Mohamed Chawki, Dr Katina Michael and the late Sylvia Mercado Kierkegaard in Sydney at the Cybercrime Prevention Conference in 2011

There was no doubt about the inner power and strength she possessed. She was a fast mover, always had new ideas, and was constantly thinking about the pressing issues in the field that needed to be addressed. She told me once in person while we attended the Cybercrime Prevention Conference hosted by the Internet Fraud Association in 2011, “The secret to a long and illustrious career is to tackle the topics before anyone else does. Think on the pressing matters that need to be urgently addressed today, and don’t hesitate in seeking solutions. Most people steer away from controversy in research, but I tackle it head on. Someone has to do it.” She also advised me on my career progression: “Katina, choose topics that are little  researched, and that few hesitate to consider the implications of, in that way you can make a bigger contribution in a short time-frame. So long as your interests align, and you are passionate about your subject matter.” I remember that conference well, as I was still breastfeeding. My husband encouraged me to leave all three kids with him, drive to Sydney, and to meet Sylvia in person. I was not disappointed. The person I had been corresponding with for several years was real. I cherish those few hours we had together during a lunch break and her keynote. We spoke more about faith and motherhood than academia. She was more than an academic - she was a whole person, with a multiplicity of roles. This is what made Sylvia so magnetic. 

For Prof. Kierkegaard, researching the law was a calling, there was something sacred about her mission. And she was right at home whether on a panel with the top EU representatives, as a keynote at a conference, or talking to every day mothers and fathers, or communicating with minors. In fact, when I think of Sylvia, I remember a dynamic woman whom I could not keep up with. She was always speaking somewhere, always writing books, always editing journals, always acting on a committee for reviewing papers, and always engaging. I do not ever recall her saying ‘no’. She never tired of the correspondence; despite I imagine her email trove was significant. You always were made to feel special. Sylvia was instructive also and always shared her own papers unreservedly. She even sent me her  powerpoint presentation files, relevant to my own work. She mentored continuously. 

I came across Prof. Kierkegaard’s research at the beginning of 2009 when I was completing my major project on DNA and the Prüm Treaty while studying towards a Masters of Transnational Crime Prevention in the law faculty at the University of Wollongong. By then Sylvia had a well-established academic teaching and research portfolio and was near the pinnacle of her career. Sylvia sent me half a dozen papers, and helped me clarify my research topic so that it could offer some original contribution. Her support during this time was crucial to me. She was such an inspiration for working mothers who were trying to raise a family, and somehow juggle an academic career. In this regard, Sylvia would say that the little children should always come first, and refer to the special responsibility that working mothers had to the health of their  households. When I told her I was pregnant with my third child, she eradicated the doubts in my mind that “I could not continue to do it all.” In 2011, a year after I had given birth to my third child, Sylvia could see the enormous pressure I was under. She gave me the words of encouragement I needed, reassured me that all would be well. She was also very proud of her own children and their achievements and was just elated when her daughter Margaux became pregnant in 2013. She could not wait to become a grandmother, to spend time with her grandchild. She would also mention her beloved husband to me often, of being a godly man who encouraged her onward daily. 

Many of us would have suspected that something was wrong when our emails remained unanswered. Sylvia was known to reply to messages within at most a few days. She would never leave you hanging. Somehow she always made you feel important despite the humungous workload she always engaged in. At most if a few weeks had passed by, you would get an email with longer guidance than you expected and then somehow additional helpful thoughts given a recent visit Sylvia had completed or an important  discussion she had with an influential notable. On one occasion in 2013, Sylvia had told me she was not feeling well but did not make it sound at all too serious, rather that investigations had begun to find out what was wrong. She asked me to pray for her and said for a short time she would try cutting back on her commitments. It was the last time we had contact. 

It is with great sadness that I write of the passing of one of the most brilliant people I have personally known in my career. Sylvia was 62 years old. And she had so much more to do. 

I consider Sylvia would have heavily contributed to necessary changes that she long foresaw, such as the introduction of the General Data Protection Regulation (GDPR) and passing of data breach notification laws. How she would have reacted today to the constant stream of business news such as the Facebook-Cambridge Analytica scandal, the role of social media in Brexit (and more), to IOT-invasive tech like Wi-Fi enabled toys for kids, to smartphone tracking and telecommunications metadata laws, autonomous systems like driverless cars, and the impact of artificial intelligence in the field of law. She would have particularly had much to say on the mega data breaches of Target, Equifax, and online platforms like eBay. Suffice to say, Sylvia would have had more than an opinion, but she was among the first to begin the discussion more than fifteen years before its actuation. Prof. Kierkegaard was a major supporter of the Computer Security Law Review journal begun by editor in chief Steve Saxby, an exceptional pioneer in his own right. Together, Steve and Sylvia were able to draw a global community of specialists to cultivate a nuanced socio-legal response to technological innovation. Unsurprisingly, after many years of effort, CLSR has become the number 1 outlet for such discussions and is truly multidisciplinary bringing together scholars and practitioners from diverse fields. Sylvia’s professional service to the community also extended to several other publications for which she had primary involvement (see http://www.iaitl.org/): 

• Editor in Chief, Journal of International Commercial Law and Technology
• Editor in Chief, International Journal of Private Law
• Editor in Chief, International Journal of Public Law and Policy
• President and Chairman of the Board, International Association of IT Lawyers (IAITL)

 

Sylvia was an authentic leader. She gave of her time, and people around her reciprocated with supporting her common vision. There are many examples of Sylvia’s mentorship, but if I named them here explicitly, I know that she would chastise me for disclosing things that, in her eyes, one did because they were “being human”. She shared in her successes, and lifted those people up around her. She was selfish when it came to carrying the load, and unselfish when it came to sharing the ‘glory’ with others. A model academic in my eyes, I am honoured to have called her my friend, albeit in the last 6 years of her life. I am sure that stories post this publication will surface, of examples of goodness, altruism, goodwill. Great people never die, they live on in our memories. And perhaps of all things, these are the achievements that matter. On our tombstone, the number of publications are not recorded, nor are the titles of “Professor” or “Chairman” or “Keynote Speaker”. We leave with just our name, our age, and the active reputation that precedes us in the number of years we had the opportunity to make a difference in this world we live in. Prof. Sylvia Kierkegaard, could say, on reflection, she did all she could in the time she had- she lived life to the max. She would likely tell us now, it is our turn to pick up where she left off, and continue on the fulfilment of her greater vision of  research on the implications of technology on the law. 

Above all, Sylvia valued relationships and people: her family and friends, colleagues and students. She was overjoyed by the effort of her own children in academia, Margaux in International Development and Management, Mikael an engineer specialising in innovation in industry, and Patrick a health informatics scholar. Sylvia, especially mentioned many times, Patrick’s contribution and co-authoring efforts in  joint work. Among my favourite papers that demonstrated Sylvia’s flair was one of her final publications printed in CLSR published in 2013 with son Patrick, titled: “Danger to public health: Medical devices, toxicity, virus and fraud”. Here she bravely took on some big names in industry holding them accountable to appropriate biomedical regulatory practices. 

Sylvia was larger than life, a force to be reckoned with, in the field of transnational law and the need for laws in the protection of people to assist in reducing the negative social implications
of technology. Sylvia’s voice was unique, and it will echo reverberations in decades to come. Such was the currency of her work. May you rest in peace Sylvia Mercado Kierkegaard. Thank
you for your passion and dedication to the field, and for igniting so many of us to follow in your footsteps. Thank you for being kind, and for loving others as you did. You have been missed greatly already but not forgotten. May your memory be eternal.

Professor Katina Michael
Faculty of Engineering and Information Sciences, University
of Wollongong, NSW, Australia 2522
katina@uow.edu.au
http://www.katinamichael.com

 

Note from Steve Saxby, Editor-in-Chief, CLSR

I would like to thank Sylvia’s family for giving their permission to publish this ‘Editorial: In Memoriam’. Thank you also to Katina, for her heartfelt tribute and analysis of the outstanding
life and career of Sylvia. She first made contact with me in 2005 when she began to publish incisive pieces in CLSR. I quickly established a friendship with her and she joined the ‘Correspondents Panel’ of what was then Computer Law and Security Report. Little did I know what a meteoric decision that was going to be both for me and for the journal. Sylvia began discussing the idea of an annual conference that would explore legal, security and privacy Issues in IT and subsequently private law, public law and the intersection between
economics and law. She thought it would be a great idea to link the IT law related events to CLSR, which would become publisher of the best papers and issue prizes for these.

As Katina has explained, we began in 2006 in Copenhagen and 12 conferences later concluded the series in Lisbon when Sylvia’s health began to fail. These conferences, as those who have taken part will recall, had a unique character and their success was entirely down to Sylvia and her family’s personal commitment to organising these events. No University could possibly have taken on the organisation and financial risk that was involved. Sylvia was simply unique and utterly committed. A very loyal group of participants developed and we all looked forward to the next conference waiting for Sylvia to tell us where it would be. What impressed me was the fact that the book of conference papers was always printed and ready for distribution upon registration. More journals emerged too from these conferences, all guided by Sylvia’s  expertise and abundant energy.

But it did not end there. After 20 or more years as founder and editor of CLSR, I had been successful of course in building it up, but looking back I can see that I had become  comfortable with the routine and where the journal had reached. I needed to understand that so much more could be achieved. Sylvia ignited me to look further and come up with a plan. In Vol. 25.1 of the January 2009 edition my Editorial ‘Ringing the changes – A quarter century of CLSR’ announced what had been happening – a “full scale review of the journal, its image, content and position in the field”.

That is why, as we celebrate 200 issues of CLSR and see just how successful the implementation of that vision has been, it is only right and proper to honour Sylvia in this way. I must have had more than 3000 emails from her over the 10 years of our collaboration. Numerous phone calls too. She did not hold back when she thought something needed to be done and I can still hear her voice encouraging me to get on with it. The results of her input live on in the memory and in the wide range of contributions she has made to the subject and
support for all those who knew her. This has been so well set out too by Katina. Thank you so much Sylvia. We had a great time.

Steve Saxby
s.j.saxby@soton.ac.uk

Citation: Katina Michael, 2018, Editorial: "In Memoriam: Sylvia Mercado Kierkegaard (1953-2015)", Computer Law & Security Review, 34, pp. 671–676.

Gone Fishing

Figure 1. Packing for a full month away. Everything but the kitchen sink.

Figure 1. Packing for a full month away. Everything but the kitchen sink.

On the 9th of December in 2015, I set out for a camping trip with my three young children to the Sapphire Coast of Australia, toward the New South Wales and Victorian border (Figure 1). The last time I had driven through this stunning part of the world, was when my parents decided to take their four children across country in a Ford Cortina station wagon to visit their first cousins on apricot and citrus farms in South Australia.

I turned eight years of age over that summer, and the memories of that trip are etched into our hearts. We've laughed countless times over events on that holiday, all of which were borne from a “lack of access” to technology, resulting in “close-ess” and “togetherness.” Loxton, South Australia, only had two television channels back then-the ABC news, and 5A which showed endless games and replays of cricket. While we grew to love cricket — we had no choice - we welcomed every opportunity to physically help our cousins gather fruit using nothing but ladders and our bare hands.

It was the festive season, and I remember lots and lots of family gatherings, parties, and outdoor lamb-spit barbecues. We gathered to eat, and dance, and our elders reminisced over what life was like in the village in Greece, and tell us funny stories about growing up with hardly any material possessions. Highlights included: when a photographer visited the village once every other year to take pictures with his humungous boxed contraption, which he would hide behind; the memory of the first time a car was spotted trying to come into the village; walking to school one hour away with shoes made out of goat skin (if not barefoot); and the harsh unheated winters and boiling hot summers over scenic Sparta.

It was a kind of celebration of life when I think back. It was so carefree, clean and pure, and joyous! Everyone lived in the moment. No one took pictures of their food to post to Instagram, no one had their head buried in front of a screen watching YouTube on demand, and we were outside in the fresh air awestruck by the beauty of the glistening stars that shone so bright in the night sky (and getting bitten by mosquitos while doing so). It was a kind of SnapChat without the “Snap.” On that trip I gained an appreciation for the land, and its importance in sustaining us as human beings.

As I reflect on that time, we travelled through remote parts of Australia with nothing but ourselves. We were too poor to stay at hotels, so dad ingeniously turned our station-wagon into a caravan, or so it seemed to us when the back seat folded forward and the travelling bags were placed on the roof rack secured with a blue tarpaulin.

Figure 2. The great Australian outdoor toilet, proverbially known as a “dunny” Used in one camp site the kids endearingly nicknamed “Kalaru Poo.”

Figure 2. The great Australian outdoor toilet, proverbially known as a “dunny” Used in one camp site the kids endearingly nicknamed “Kalaru Poo.”

We had no mobile phone in the car, no portable wifi-enabled tablet, no gaming DS, and certainly no down-screen DVD player or in-car navigation system to interrupt the ebb and flow of a family confined to a small space for six weeks. Mum would put on a few Greek cassettes for us to sing along to (Dad's “best ofs” which he had dubbed from the radio), and we paid particular attention to the landscape and wildlife. Mum would tell stories nostalgically about the time before we were born and how she left her homeland at seventeen on her own. And dad would talk about the struggles of losing his mother just before the start of World War II, and how his schooling was interrupted in third class as towns were burned to the crisp by the invaders, and how lucky we were to have a chance at education in a peaceful nation. All the while my brother Arthur was pointing at how far we had driven with his AO mapliterally thousands of kilometres-which gave me a great sense of space and time that has stayed with me to this day. And of course, I do recollect the unforgettable chant of my little sister and big sister in near unison, “are we there yet?”

Last December 2015, after a demanding year in my various roles that included bi-monthly long-haul travel, I was determined to “shut down” the outside world, and give my children what my parents had given me, in all the same simplicity (Figure 2). I somehow needed to give my children my full attention for a four-week duration without a laptop in tow, ensuring that my body and mind would recover from the year that was. I knew I was drifting into overload in September 2015, when on one occasion, I found myself asking my husband which side of the road I should be driving on, even when I was in my home town.

Figure 3. The most spectacular and secluded Nelson Beach down the trail of Nelson Lake Rd near Mogareeka, NSW.

Figure 3. The most spectacular and secluded Nelson Beach down the trail of Nelson Lake Rd near Mogareeka, NSW.

Figure 4. My youngest walking near the most spectacular Wallagoot Gap. We spent the day out at this magical place, swimming with the fish.

Figure 4. My youngest walking near the most spectacular Wallagoot Gap. We spent the day out at this magical place, swimming with the fish.

When one loves life and what they do, it is easy to feel so energized that you don't feel the need to stop… but “stop” I did. I wanted to reconnect with the natural environment in a big way, with my kids, and my inner self. I found myself asking those deep questions about creation - who, what, when, how? What an incredible world we live in! How does it all work and hang together as it does? I felt so thankful. Thankful for my family, my friends, my work, nature, life, Australia. It is so easy to take it for granted.

Each day, we'd choose a different place to visit, not excluding unsealed roads that led to secluded beaches, lakes, and inlets (Figures 3 and 4). Every morning we were awakened by the birdlife - a strange creature would call out at 4:30 a.m. for about 15 minutes straight, and then give it a rest; spotted lizards a few meters long on the road, and lots of kangaroos coming out of hiding at dusk to socialize. While we swam we could see the fish in the sea (with and without snorkels), and we got to speak with complete strangers, feeling like we had all the time in the world to do so.

At historical places, we learned about indigenous people like “King Billy” of the Yuin clan who would often be seen walking unheard distances in the 1950s in the dense shrub between Jervis Bay and Eden − 300 km (Figure 5).

 

Figure 5. The Yuin people (aka Thurga) are the Australian Aborigines from the South Coast of New South Wales. At top are images of legendary “King Billy” as he was nicknamed.

Figure 5. The Yuin people (aka Thurga) are the Australian Aborigines from the South Coast of New South Wales. At top are images of legendary “King Billy” as he was nicknamed.

My kids began to make comments about how resourceful the aborigines would have been, catching fresh fish, making new walking tracks, and being blessed to live in a pristine world before the built environment changed it so radically (Figure 5). It was not difficult for me to imagine throwing in my current lifestyle for the serenity, peace, and tranquillity of the bush. The kids and I would be outside under the sun for at least 12 hours each day, and it was effortless and filled with activities, and so very much fulfilling (Figure 6).

Figure 6.  The sun setting on New Year's Eve celebrations in 2015 in Merimbula, NSW

Figure 6. The sun setting on New Year's Eve celebrations in 2015 in Merimbula, NSW

Figure 7. Pre-bedtime entertainment in our tent. Another game of Snakes & Ladders anyone?

Figure 7. Pre-bedtime entertainment in our tent. Another game of Snakes & Ladders anyone?

The kids didn't watch any television on this trip even though they had access to it in one camp spot (Figure 7). I spoke on the cell phone only a handful of times, and on some days I did not use electricity (they were my favorite days). Many times we did not have any cell phone coverage for large parts of the day. I learnt some important things about each of my children on this trip and about myself and the world we live in (Figure 8). And I'd love to do it all again, sooner than later.

We've been sold the idea that technology provides security for us but I am of the opinion that at least psychologically it leads to insecurity (1). It is a paradox. My eldest kept asking what we would do if we got a flat tire or engine trouble deep down a dirt road where we had no connectivity, or what we'd do in the event of a bushfire (Figure 9). Good questions I thought, and answered them by driving more slowly and carefully, avoiding sharp rocks and potholes, and more than anything, turning to prayer “God, keep me and my children safe. Help us not to panic at a time of trouble, and to know what to do. Help us not to be harmed. And help us not to have fear.” For all intense and purposes, technology which has been sold to us for security, breeds a false sense of security and even greater fear. We have learned to rely on mobile phones or the Internet, even when we don't need them. It has become a knee-jerk reaction, even if we have the stored information at hand readily available.

 

Figure 8. The kids posing for a photo with a big snail at Merimbula's Main Beach. Such a great opportunity for all of us to bond even closer together.

Figure 8. The kids posing for a photo with a big snail at Merimbula's Main Beach. Such a great opportunity for all of us to bond even closer together.

I am thankful I turned to art on this trip - a decision I made a few days before I left my home (see cover image of this issue). I loved speaking to real people, in person, and asking them to participate (2). Being able to hear their laughs, and see the expressions on their faces, and listen to their respective stories was so satisfying. On a few occasions I embraced people I met after opening my heart to life matters, challenges, joys, and sorrows. The cool thing? I met lots of people that reminded me of my mum and dad; lots of people who had three or four or more (or no) children - and felt connected more than ever before to the big family we call “society.” We'd sit around at the beach, at the rock pool, or the camp site, listening and learning from one another, and somehow indirectly encouraging one another onwards. We soon realized these were shared experiences and there was a solidarity, a “oneness,” an empathy between us.

Figure 9. Going down a steep and narrow unsealed road with lots of potholes at Mimosa Rocks National Park. One way down and only one way up.

Figure 9. Going down a steep and narrow unsealed road with lots of potholes at Mimosa Rocks National Park. One way down and only one way up.

We returned home a few days early due to heavy rains, and unexpectedly I did not feel the drive to return to my email trove that I figured had grown substantially in size. The thought crossed my mind that I could get heavily depressed over the thousands of messages I had missed. But I controlled that temptation. The last thing I wanted at that point was to get bogged down again in the rhythm of the digital world. Friends and colleagues might have been shocked that I did as I said I would do - utterly disconnect - but I learned something very fundamental… time away from the screen makes us more human as it inevitably brings us closer together, closer to nature, and also brings things into perspective.

Depending on our work, we can feel captive behind the screen at times, or at least to the thousands of messages that grace our laptops and mobile phones. They make us even more digital and mechanical - in intonation, action, even movement and thought. Breaking with this feeling and regaining even a little bit of control back is imperative every so often, lest we become machine-like ourselves. It is healthy to be “Just human,” without the extensions and the programs. In fact, it is essential to revitalize us and help us find our place in the world, as sometimes technology leads us too quickly ahead of even ourselves.

While it is an intuitive thing to do, you might find yourself having to work that little bit harder to make the unplugged time happen. But breaking free of all the tech (and associated expectations) occasionally, reinforces what it once meant to be human.

References

1. M. Lacy, "Cities of panic and siege psychosis" in Security Technology and Global Politics: Thinking with Virilio, New York, NY:Routledge, pp. 69f, 2014.

2. K. Michael, "Unintended consequences 1–100", [online] Available: http://www.katinamichael.com/call-for-papers/2016/1/14/unintended-consequences-1-100-artwork.

Citation: Katina Michael, "Gone Fishing: Breaking with the Biometric Rhythm of Tech-Centricism", IEEE Technology and Society Magazine ( Volume: 35, Issue: 4, Dec. 2016 ), pp. 6 - 9, Date of Publication: 19 December 2016, DOI: 10.1109/MTS.2016.2618738.

Smart Toys that are the Stuff of Nightmares

Introduction

At the top of some children's Christmas present wish list in 2015 would have been the new Hello Barbie doll [1]. Mattel's latest doll connects to the Internet via Wi-Fi and uses interactive voice response (IVR) to effectively converse with children [2]. When the doll's belt button is pushed, conversations are recorded and uploaded to servers operated by Mattel's partner, ToyTalk [3].

Hello Barbie tries to engage with children in intelligible and freeflowing conversation by asking and responding to questions, as well as being able to learn about its users over time [4]. As Mattel's website says [1]: “Just like a real friend, Hello Barbie doll listens and adapts to the user's likes and dislikes” [5].

But is Barbie the Friend She Promises to be?

Some might welcome Hello Barbie, and similar talking dolls such as My Friend Cayla [6], as a fun and novel development in smart toys that will keep children occupied. Others have voiced concerns, such as the #HellNoBarbie [7] from the Campaign for a Commercial-Free Childhood [8].

As one reporter found, Hello Barbie prompts those conversing with her to divulge information about themselves, but when the focus is on her she quickly changes the subject to invariably gender-normative subjects and fashion [9]. “Hello Barbie: Let's get serious and talk about something really important: fashion.”

She mines children for personal details but gives little in return, other than vacuous compliments and fashion advice. Her friend credentials come further into question as she routinely discloses all the information gathered to ToyTalk, who operate the speech processing services for Hello Barbie.

What's in the Privacy Statement?

As with many products, the detail that really matters is in the fine print. In this instance the fine print is in ToyTalk's Hello Barbie privacy statement, so there are a few important points to consider before wrapping her up and putting her under a Christmas tree [10].

ToyTalk outlines that it may:

“[…] use, store, process, convert, transcribe, analyze or review Recordings in order to provide, maintain, analyze and improve the functioning of the Services, to develop, test or improve speech recognition technology and artificial intelligence algorithms, or for other research and development and data analysis purposes.”

Essentially it can use the information gathered from the child, or anyone who converses with Hello Barbie, for any purpose that it chooses under the vague wording “data analysis purposes.” ToyTalk will also share recordings with unknown “vendors, consultants, and other service providers” as well as “responding to lawful subpoenas, warrants, or court orders.” Has Hello Barbie become a sophisticated surveillance device masquerading as an innocuous child's toy [11]?

In England, the draft Investigatory Powers Bill introduced “equipment interference,” which allows security and intelligence agencies to interfere with electronic equipment in order to obtain data, such as communications from a device [12]. This would mean that government agencies could lawfully take over children's toys and use them to monitor suspects.

These data collection practices are significant, as they reach much deeper than marketing practices that collect information about children's likes and preferences. In conversing with toys, such as Hello Barbie, children reveal their innermost thoughts and private play conversations, details of which are intended for no one else to hear. Once a child has developed a friendship with Hello Barbie, it might not be so easy to take her away.

Security Risks

ToyTalk does recognize that “no security measures are perfect” and that no method of data transmission can ever be “guaranteed against any interception or other type of misuse.” Just last month the toy maker VTech reported 11.6 million accounts were compromised in a cyberattack, including those of 6.3 million children [13]. Photos of children and parents, audio files, chat logs, and the name, gender, and birthdate of children were accessed by the hackers [14].

It's not just toys that are at risk [15]. There are ongoing reports of baby monitors being hacked so that outsiders can view live footage of children (and family), talk to the infant, and even control the camera remotely [16].

Smart toys are going to be tempting propositions for hackers, with some already proving that they could make My Friend Cayla swear [17], to more usual targets such as hacking credit card details [18].

Barbie has also been in hot water before [19]. The Barbie Video Girl [20] has a camera lens embedded in the doll's chest disguised as a pendant which prompted the FBI to issue a warning that it could be used to make child pornography [21].

The Internet of Things provides direct access to children and their spaces through an increasing array of products and gizmos [22]. Such security breaches not only act as a stark reminder of the vulnerability of children's high-tech toys, but also lead us to reflect on other risks that the trend in so-called smart toys might be introducing into children's lives.

An Invasion of Play

But Hello Barbie doesn't just reveal a child's private conversations to large corporations, and potentially law enforcement agencies. She also tells tales much closer to home - to parents. A smartphone app enables parents to listen to the conversations between their child and their Hello Barbie. They can also receive alerts when new recordings become available, and can access and review the audio files. Anyone with access to the parent account can also choose to share recordings and other content via Facebook. Twitter, or You-Tube. While some may see this as a novel feature, it is important to consider the potential loss of privacy to the child.

Play is an important part of the way children learn about the world. A key part of this is the opportunity for private spaces to engage in creative play without concerns about adults intruding. It looks like Hello Barbie's dream to be a fashion-setter might just come true as she pioneers a new trend for smart and connected toys. In turn, the child loses out on both a trusted toy and on the spaces where they can lose themselves in other worlds without worrying about who's listening in.

ACKNOWLEDGMENT

This article is adapted from an article published in The Conversation titled “Hello Barbie, hello hackers: Accessing personal data will be child's play,” on Dec. 16, 2015. Read the original article http://theconversation.com/hello-barbie-hello-hackers-accessing-personal-data-will-be-childs-play-52082.

References

1. "Hello Barbie™ Doll - Blonde Hair", Mattel Shop, 2016, [online] Available: http://shop.mattel.com/product/index.jsp?productId=65561726.

2. K. Michael, A. Hayes, "High-tech child's play in the Cloud", IEEE Consumer Electronics Mag., vol. 5, no. 1, pp. 123-128, 2015.

3. "About us", Toy Talk, 2016, [online] Available: https://www.toytalk.com/about/.

4. "Hello Barbie is world's first interactive Barbie Doll", YouTube, Feb. 2015, [online] Available: https://www.youtube.com/watch?v=RJMvmVCwoNM.

5. "CNET News - Saying hello to Hello Barbie", YouTube, Sept. 2015, [online] Available: https://www.youtube.com/watch?v=zVaVaf8QqWc. 

6. My Friend Cayla, 2014, [online] Available: http://myfriendcayla.co.uk.

7. "Hell no Barbie: 8 reasons to leave Hello Barbie on the shelf", Campaign for Commercial-Free Childhood, 2015, [online] Available: http://www.commercialfreechildhood.org/action/hell-no-barbie-8-reasons-leave-hello-barbie-shelf.

8. 2016, [online] Available: http://www.commercialfreechildhood.org/.

9. Z. Jason, "Hello Barbie: Fashion-obsessed talking doll thinks I'm amazing — Or so she said", The Guardian, Dec. 2015, [online] Available: http://www.theguardian.com/lifeandstyle/2015/dec/04/hello-barbie-talkingdoll-mattel-toytalk-fashion.

10. "Privacy policy", Toy Talk, Jan. 2016, [online] Available: https://www.toytalk.com/hellobarbie/privacy/.

11. "Hello Barbie ‘creepy eavesdropping doll’ at New York Toy Fair violates privacy", YouTube, Mar. 2015, [online] Available: https://www.youtube.com/watch?v=31GvRZKWrhQ.

12. Draft Investigatory Powers Bill U.K. Parliament, 2015, [online] Available: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf

13. "FAQ about cyber attack on VTech Learning Lodge", vtech, Feb. 2016, [online] Available: https://www.vtech.com/en/press_release/2016/faq-about-cyber-attack-onvtech-learning-lodge/.

14. D. Goodin, "Internet-connected Hello Barbie doll gets bitten by nasty POODLE crypto bug", The Guardian, Dec. 2015, [online] Available: http://arstechnica.com/security/2015/12/internet-connected-hello-barbiedoll-getsbitten-by-nasty-poodle-crypto-bug/.

15. P. Timms, "Hello Barbie: Wi-fi enabled doll labelled a bedroom security risk", ABC News (Australia), Nov. 2015, [online] Available: http://www.abc.net.au/news/2015-11-27/wi-fienabled-hello-barbie-dollraises-securityconcerns/6981528.

16. K. Albrecht, L. Mcintyre, "Privacy nightmare: When baby monitors go bad", IEEE Technology & Society Mag., Sept. 2015, [online] Available: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7270426.

17. K. Munro, "Making children's toys swear", PenTestPartners.com, Jan. 2015, [online] Available: http://www.pentestpartners.com/blog/making-childrens-toys-swear/.

18. R. Hackett, "Hello Barbie Doll vulnerable to hackers", Fortune, Dec. 2015, [online] Available: http://fortune.com/2015/12/04/hello-barbie-hack/?iid=sr-link1.

19. K. Michael, "The FBI's cybercrime alert on Mattel's Barbie Video Girl: A possible method for the production of child pornography or just another point of view".

20. "Barbie® Video Girl™ Doll", Mattel Fisher Price, 2015, [online] Available: http://service.mattel.com/us/TechnicalProductDetail.aspx?prodno=R4807&siteid=27&catid1=508.

21. L. Goode, "FBI: Video Barbie could hold evidence in child abuse cases", WSJ, Dec. 2010, [online] Available: http://blogs.wsj.com/digits/search/fbi%20video%20girl%20doll%20could%20hold%20evidence/?s=fbi+video+girl+doll+could+hold+evidence.

22. K. Albrecht, K. Michael, "Connected: To everyone and everything", IEEE Technology & Society Mag., vol. 32, no. 4, pp. 31-34, 2013.

Keywords: security of data, smart toys, data transmission, ToyTalk, Hello Barbie, security measures

Citation: Emmeline Taylor ; Katina Michael, Smart Toys that are the Stuff of Nightmares, IEEE Technology and Society Magazine, (Volume: 35, Issue: 1, March 2016), pp. 8 - 10, Date of Publication: 10 March 2016, DOI: 10.1109/MTS.2016.2527078

Mental Health, Implantables, and Side Effects

Then I was 8 years of age my older sister who was 8 years my senior was diagnosed with paranoid schizophrenia. As a result, my family spent quite a few years visiting hospitals and mental health facilities on a daily basis. It is painful to reflect on that period, as our whole world was rocked by this illness. My once vibrant, skilful, dynamic, energetic, extremely kind, and top-of-her-class sister was plagued by a disease process of schizophrenia that would have her attempting to take her own life on several occasions, battle with hearing voices, go into a state of catatonia for long periods of time, and suffer severe bouts of anxiety and depression.

The onset of my sister's schizophrenia was spontaneous, during what should have been the most carefree years of her life. We will never know what triggered her illness but for whatever reason that this “thing” landed in our household, we learned to come to terms with its impact. I grew up with an understanding that, in life, there are some things we can fix, and some things we cannot. There are some things we can explain, and some things we cannot. Sometimes medical science has the answers, and sometimes it does not. It does not mean I give up on the potential for a cure or therapy for various forms of mental illness, but I am more wary than most about silver bullet solutions.

In the 30 years my sister has lived with schizophrenia there have been numerous incremental innovations that have been beneficial to some sufferers. First, there have been advancements in pharmacology and in the composition of antidepressants so that they are more effective. But pharmaceutical treatments have not helped everyone, especially those sufferers who do not take their medication on a regular basis. Many persons living with depression who come on and off antidepressants without seeking medical advice are at an increased risk of suicide.

Cognitive behavior therapy (CBT), an empirically-based psychotherapy, has also aided increasing numbers of patients to better cope with their condition. Yet CBT is not given the same media attention as the new range of dynamic neural stimulators, commonly dubbed “brain implants,” now on the market [1].

For sufferers who are diagnosed with major depressive disorder (MDD), and for whom antidepressants and CBT simply do not work, doctors have turned to the prospect of somatic therapies. These include: electroconvulsive therapy (ECT), repetitive transcranial magnetic stimulation (rTMS), vagus nerve stimulation (VNS), and deep brain stimulation (DBS). If an individual does not respond to ECT (and only fifty per cent do), they are said to have treatment-resistant depression (TRD) [2].

In plain language, ECT is when electricity is applied to the scalp generally over a treatment period of between 2-4 weeks, several sessions per week. rMTS treatment goes for 4-6 weeks, of 5 sessions per week and uses a fluctuating magnetic field from electromagnetic coil placed outside the skull sending an electrical current to the brain.

VNS and DBS are more intrusive procedures targeting specific parts of the brain [3]. In VNS, an electrode is wrapped around the left vagus nerve in the neck and stimulation occurs about every 5 minutes for about 30 seconds. The battery packs sit under the skin of the chest in both VNS and DBS, but in the DBS procedure, one or more leads are implanted in the brain, targeted through burr holes in the skull, and locked into place [2].

VNS and DBS were unavailable techniques when my sister first became ill, but I do recollect vividly the results of ECT upon her. Post the treatments, we lost her well and truly into a dark space one cannot reach she was placed on higher dosages of antidepressants for the weeks to follow, and it was apparent to us she was not only in mental anguish but clearly in physical difficulties as well. Doctors claimed clinically that she “did not respond to the treatment,” but never acknowledged that the ECT process might have caused her any short-term distress whatsoever. In fact, we were told: “There is no change in her condition. She continues to be as she was before the treatment.” That was debatable in my eyes. Even though I was just a kid, I observed it took a good three months to get my sister back to where she was before the ECT treatment. But she was only one participant among many in clinical trials, and in no way do I generalize her outcomes to be the outcomes of all ECT patients.

VNS and DBS are again very different techniques, and while VNS is used as an adjunct therapy for major depression, DBS is mainly reserved for treating Parkinson's disease and has had only limited approval for combatting intractable obsessive compulsive disorder (OCD). However, what I gained from those childhood experiences is that human life is precious and experimentation can have some very adverse side effects without any direct benefits to the individual sufferer. Doctors need to be held accountable, caregivers and patients with MDD must be told clearly about the risks, and VNS patients must be monitored closely into the longer-term. I am alarmed at the lack of qualitative research being conducted across the spectrum of implantable devices in the health sector. And that is an area I intend to personally address in my own research in years to come.

To this day, I believe my sister was in no condition to consent to the treatment she received. At the time she intermittently thought I was Brooke Shields and that my siblings were other television personalities. She was delusional and completely unaware of herself. Prior to the trial my sister participated in, my parents had no real idea what ECT was, save for what they had heard anecdotally. As my sister's “guardians,” my parents did not understand how ECT would be administered and were not given the option to accompany her during the actual treatment. They were simply told that my sister would wear something on her head and have an electrical current travel all around it to hopefully “zap” her back to normal. They were not informed of what the risks might be to their beloved daughter, although they were clear it was all “experimental.” It was also emphasized, that this “electro-shock treatment” was the only other alternate route of exploration to help my sister get better. I remember their expectations being raised so high, only to be dashed after each treatment [4]. My parents had to rely on an interpreter as my father did not speak English and my mother only broken English. When one was not available my brother and sisters and I would do the translation.

In the end, when all other routes failed, my family turned to God for help. Alongside an excellent medical and health team (psychiatrist, social worker, general practitioner), and a loving home environment, it was faith that gave my family the will to go on facing everyday issues, as my sister slowly regained parts of herself to become functional again, such as her mobility and speech. As the saying goes “prayer works,” and while it might not make rational sense to believe in miracles, I remember witnessing these on at least a few occasions.

A few months ago, the cover of the February 2015 issue of IEEE Spectrum was graced with the title: “Hot-wiring the nervous system: implanted in the brain, smart-systems are defeating neurological disorders” (pp. 28) [5]. As someone who has spent the greater part of their academic career studying surveillance, risk, privacy and security, trust, and control, I have long reckoned that if we can “defeat” neurological disorders using implantable devices, then we can also “construct” and “trigger” them willingly, as well. But the point of my editorial is not to discuss the future of dynamic neural stimulators; we can debate that in another issue of T&S Magazine. Rather my point is to try to generate discussion about some of the fundamental issues surrounding the socio-ethical implications of penetrating the brain with new technologies, especially those that are remotely triggerable [6].

While the early studies for VNS with respect to MDD look promising, we need to acknowledge we are still at the very beginning of our investigations. I am personally more circumspect about published figures that simply categorize subjects post implantation using minimal labels like “non-responders,” “responders” and “achieved remission” [7]. Longitudinal data will give us a clearer picture of what is really happening. DBS, on the other hand, has been used to treat well over 75 000 persons, mostly suffering from movement disorders [2], but it is increasingly being piloted to treat OCD [8]. This is a call to the research community, to publish more widely about some of the complications, side effects, and resultant social life changes that implantees (of all kinds) are faced with post-surgery.

I am not referring here to issues related to surgical implantation (e.g., symptomatic haemorrhage after electrode placement), or even device failure or hardware-related complications (of which I have great concerns that there will be severe hacking problems in the future). Rather, I am referring to the resultant effect of “artificially constructed” dynamic stimulation on the human brain and its impact on an individual. In short, these are the unintended consequences, that range in scope from psychotic symptoms post stimulation (e.g., for epilepsy, or for patients presenting with auditory hallucinations for the first time), to modifications in sleep patterns, uncontrolled and accidental stimulation of other parts of body function [9], hypersexuality, hypomania [10], changes to heart and pulse rates, and much more.

Many implantees resort to social media to share their pre-and post-operative experiences. And while this is “off the record” self-reporting, clearly some of these discussions warrant further probing and inquiry. My hope is that the copious note-taking that occurs during pilots and clinical trials, specifically with respect to side effects, will be more accessible in the form of peer reviewed publication for doctors, engineers, government officials, standards organizations, regulatory approval bodies, and of course, the general public, so that we can learn more about the short-term and long-term effects of neural stimulation devices.

One patient, as a result of a particular procedure in a DBS pilot study described a sensation of feeling hot, flushed, fearful, and “panicky.” “He could feel palpitations in his chest, and when asked indicated he had an impending sense of doom. The feelings were coincident and continuous with the stimulator ‘on’ setting and they rapidly dissipated when switched ‘off'” [11]. Surely, this kind of evidence can be used to inform stakeholders towards what works and what does not, and the kinds of risks a patient may be exposed to if they opt-in, even if we know the same state will not be experienced by every patient given the complexity of the brain and body. In the more mature heart pacemaker industry, it is device manufacturers who tend to wish to hoard the actual physiological data being recorded by their devices [12], [13]; the brain implant industry will likely follow suit.

To conclude this editorial, at the very least, I would like to echo the sentiments of Fins et al., that deep brain stimulation is a “novel surgical procedure” that is “emerging,” and should presently be considered a last resort for people with neuropsychiatric disorders [14]. There needs to be some tempering of the hype surrounding the industry and we need to ensure that rigor is reintroduced back into trials to minimize patient risk. Exemptions like that granted by the U.S. Food and Drug Administration (FDA) on the grounds of a “humanitarian device” allow implant device manufacturers to run trials that are not meaningful because the size of the trial is inappropriate, lacking commensurate statistical power [14]. The outcomes from such trials cannot and should not be generalized.

I would go one step further, calling not only for adherence to more careful research requirements during clinical trials, but also urging the medical community in general to really think about the direction we are moving. If medical policies like these [15] exist, clearly stating that “there is insufficient evidence to support a conclusion concerning the health outcomes or benefits associated with [vagus nerve stimulation] … for depression” then we must introduce major reforms to the way that consent for the procedure is gained.

Between 1935 and 1960, thanks to a rush of media (and even academic coverage), lobotomies were praised for the possibilities they gave patients and their relatives [16]. Although I am not putting lobotomies on the same level as VNS and DBS, I am concerned about placing embedded devices at the site of the most delicate organ in the human body. If we can “switch on” certain functions through the brain, we can also “switch them off.”

It is clear to anyone studying emerging technologies, that the future trajectory is composed of brain implants for medical and non-medical purposes. Soon, it won't be just people fighting MDD, or OCD, epilepsy [17], [18], Parkinson's disease [19] or Tourette's Syndrome who will be asking for brain implants, but everyday people who might wish to rid themselves of memory disorders, aggression, obesity, or even headaches. There is also the potential for a whole range of amplified brain technologies that make you feel better – diagnostic devices that pick up abnormalities in physiological patterns “just-in-time,” and under-the-skin secure identification [20]. And while the current costs for brain implants to fight mental illness are not cheap, at some $25 000 USD each (including the end-to-end surgical procedure), the prices will ultimately fall [1]. Companies like Medtronics are talking about implanting everyone with a tiny cardiac monitor [21]; it won't take long for the same to be said about a 24×7 brain monitor, and other types of daily “swallowable” implants [22].

Fears related to embedded surveillance devices of any type may be informed by cultural, ethical, social, political, religious concerns that must be considered during the patient care process [23]. Fully-fledge uberveillance, whether it is “surveillance for care” or “surveillance for control” might well be big business in the future [24], but for now academicians and funding bodies should be less interested in hype and more interested in hope.

References

1. S. Upson, "A difficult time for depression devices", IEEE Spectrum, pp. 14, May 2008.

2. W. K. Goodman, R. L. Alterman, "Deep brain stimulation for intractable psychiatric disorders", Annu. Rev. Med., vol. 63, pp. 511-524, 2012.

3. P. Kotagal, "Neurostimulation: Vagus nerve stimulation and beyond", Seminars in Pediatric Neurology, vol. 18, pp. 186-194, 2011.

4. V. Johansson, "Beyond blind optimism and unfounded fears: Deep brain stimulation for treatment resistant depression", Neuroethics, vol. 6, pp. 457-471, 2013.

5. T. Denison, "Building a bionic nervous system: Smart neural stimulators sense and respond to the body's fluctuations", IEEE Spectrum, pp. 28-35, Feb. 2015.

6. W. Glannon, "Stimulating brains altering minds", J. Medical Ethics, vol. 35, pp. 289-292, 2009.

7. T. Schlaepfer, J. Fins, "Deep brain stimulation and the neuroethics of responsible publishing: when one is not enough", JAMA, vol. 303, pp. 775-776, 2010.

8. B. Aouizerate, "Deep brain stimulation for OCD and major depression", Amer. J. Psychiatry, vol. 162, pp. 2192, 2005.

9. P. Moore, "Enhancing Me: The Hope and the Hype of Human Enhancement" in , Wiley, 2008.

10. C. Ch, "Hypomania with hypersexuality following bilateral anterior limb stimulation in obsessive-compulsive disorder", J. Neurosurg., vol. 112, pp. 1299-1300, 2010.

11. S. Na, "Panic and fear induced by deep brain stimulation", J. Neurol. Neurosurg Psychiatry, vol. 77, pp. 410-12, 2006.

12. J. Carvalko, "The Techno-Human Shell: A Jump in the Evolutionary Gap" in , Sunbury, 2013.

13. J. Carvalko, "Who should own in-the-body medical data in the age of ehealth?" in IEEE Technology & Society Mag., Summer, pp. 36-37, 2014.

14. J. Fins, "Misuse of the FDA's humanitarian device exemption in deep brain stimulation for obsessive-compulsive disorder", Health Aff. (Millwood), vol. 30, pp. 302-311, 2011.

15. C. Blue, "Medical Policy: Implantable Eletrical Nerve Stimulators (Vagus Autonomic Nerve and Peripheral Nerve Stimulators)", 2014, [online] Available: https://www.capbluecross.com/wps/wcm/connect/73f7fba6-65df-4f7f-a35c-acc4d805a066/Implantable_Electrical_Nerve_Stimulators_3-25-14.pdf?MOD=AJPERES.

16. G. J. Diefenbach, "Portrayal of lobotomy in the popular press: 1935–1960", J. History of the Neurosciences, vol. 8, pp. 60-70, 1999.

17. C. M. DeGiorgio, "Pilot study of trigeminal nerve stimulation (TNS) for epilepsy: A proof-of-concept trial", Epilepsia, vol. 47, pp. 1213-1215, 2006.

18. A. Schulze-Bonhage, V. Coenen, "Treatment of epilepsy: peripheral and central stimulation techniques", Nervenartz, vol. 84, pp. 517-528, 2013.

19. E. Strickland, "How brain pacemakers treat parkinson's disease", IEEE Spectrum, Apr. 2015, [online] Available: http://spectrum.ieee.org/tech-talk/biomedical/devices/new-clues-how-does-a-brain-pacemaker-control-parkinsons-symptoms.

20. K. Michael, Microchipping People, 2012.

21. E. Strickland, "Medtronic wants to implant sensors in everyone", IEEE Spectrum, Jun. 2014, [online] Available: http://spectrum.ieee.org/tech-talk/biomedical/devices/medtronic-wants-to-implant-sensors-in-everyone.

22. "Google director Regina E. Dugan pushing RFID microchips", 2014, [online] Available: https://www.youtube.com/watch?v=RvYnWBdmcQk.

23. K. Michael, M. G. Michael, The Social Cultural Religious and Ethical Implications of Automatic Identification, 2004.

24. M. G. Michael, K. Michael, "Towards a state of Uberveillance", IEEE Technology & Society Mag., vol. 29, pp. 9-16, 2010.

Citation: Katina Michael, "Mental Health, Implantables, and Side Effects", IEEE Technology and Society Magazine, Volume: 34, Issue: 2, June 2015, pp. 5 - 17, 19 June 2015, DOI: 10.1109/MTS.2015.2434471

Sousveillance: Implications for Privacy, Security, Trust, and the Law

Introduction

Point of view has its foundations in film. It usually depicts a scene through the eyes of a character. Body-worn video-recording technologies now mean that a wearer can shoot film from a first-person perspective of another subject or object in his or her immediate field of view (FOV). The term sousveillance has been defined by Steve Mann to denote a recording done from a portable device such as a head-mounted display (HMD) unit in which the wearer is a participant in the activity. Some people call it inverse surveillance because it is the opposite of a camera that is wall mounted and fixed.

IMAGE COURTESY OF WIKIMEDIA COMMONS/MICHAELWOODCOCK

IMAGE COURTESY OF WIKIMEDIA COMMONS/MICHAELWOODCOCK

During the initial rollout of Google Glass, explorers realized that recording other people with an optical HMD unit was not perceived as an acceptable practice despite the fact that the recording was taking place in a public space. Google's blunder was to consider that the device, worn by 8,000 individuals, would go unnoticed, like shopping mall closed-circuit television (CCTV). Instead, what transpired was a mixed reaction by the public—some nonusers were curious and even thrilled at the possibilities claimed by the wearers of Google Glass, while some wearers were refused entry to premises, fined, verbally abused, or even physically assaulted by others in the FOV.

Some citizens and consumers have claimed that law enforcement (if approved through the use of a warrant process) and shop owners have every right to surveil a given locale, dependent on the context of the situation. Surveilling a suspect who may have committed a violent crime or using CCTV as an antitheft mechanism is now commonly perceived as acceptable, but having a camera in your line of sight record you—even incidentally—as you mind your own business can be disturbing for even the most tolerant of people.

Wearers of these prototypes, or even fully fledged commercial products like the Autographer, claim that they record everything around them as part of a need to lifelog or quantify themselves for reflection. Technology like the Narrative Clip may not capture audio or video, but even still shots are enough to reveal someone else's whereabouts, especially if they are innocently posted on Flickr, Instagram, or YouTube. Many of these photographs also have embedded location and time-stamp data. You might not have malicious intent by showing off in front of a landmark, but innocent bystanders captured in the photo could find themselves in a predicament given that the context may be entirely misleading.

Privacy, Security, and Trust

Privacy experts claim that while we once might have been concerned or felt uncomfortable with CCTV being as pervasive as it is today, we are shifting from a limited number of big brothers to ubiquitous little brothers and toward wearable computing. Fueled by social media and instant fame, recording the moment can make you famous as a citizen journalist at the expense of your neighbor.

The fallacy of security is that more cameras do not necessarily mean a safer society. In fact, statistics, depending on how they are presented, may be misleading about reductions in crime in given hotspots. The chilling effect, for instance, dictates that criminals do not just stop committing crime (e.g., selling drugs) because someone installs a bunch of cameras on a busy public route. On the contrary, crime has been shown to be redistributed or relocated to another proximate geographic location. In a study conducted in 2005 for the United Kingdom's Home Office by Martin Gill of the University of Leicester, only one area of a total of 14 studied saw a drop in the number of incidents that could be attributed to CCTV. The problem was with using the existing CCTV systems to “good effect” [1].

Questions of trust seem to be the biggest factor against wearable devices that film other people who have not granted their consent to be recorded. Let's face it: we all know people who do not like to be photographed for reasons we don't quite understand, but it is their right to say, “No, leave me alone.” Others have no trouble being recorded by someone they know, so long as they know they are being recorded prior to the record button being pushed. And still others show utter indifference, claiming that there is no longer anything personal out in the open.

Who's watching whom? Alexander Hayes takes a picture of wearable computer pioneer Steve Mann in Toronto, Canada, during the Veillance.me Conference (IEEE International Symposium on Technology and Society 2013), while Mann uses his EyeTap device and high-definition camera to record a surveillance camera. Is this sousveillance squared? (Photo courtesy of Alexander Hayes.)

Who's watching whom? Alexander Hayes takes a picture of wearable computer pioneer Steve Mann in Toronto, Canada, during the Veillance.me Conference (IEEE International Symposium on Technology and Society 2013), while Mann uses his EyeTap device and high-definition camera to record a surveillance camera. Is this sousveillance squared? (Photo courtesy of Alexander Hayes.)

Often, the argument is posed that anyone can watch anyone else walk down a street. These individuals fail in their assessment, however—watching someone cross the road is not the same as recording them cross the road, whether by design or by sheer coincidence. Handing out requests for deletion every time someone asks whether they've been captured on camera by another is not good enough. Allowing people to opt out “after the fact” is not consent based and violates fundamental human rights such as the control individuals might have over their own image and the freedom to go about their life as they please.

Using technology like the Narrative Clip may not capture audio or video, but even still shots are enough to reveal someone else's whereabouts, especially if they are innocently posted on Flickr, Instagram, or YouTube.

Laws, Regulations, and Policies

At the present time, laws and regulations pertaining to surveillance and listening devices, privacy, telecommunications, crimes, and even workplace relations require amendments to keep pace with advancements in HMDs and even implantable sensors [2]. The police need to be viewed as enforcing the laws that they are there to upkeep, not to don the very devices they claim to be illegal. Policies in campus settings, such as universities, also need to address the seeming imbalance in what is and is not possible. The commoditization of such devices will only lead to even greater public interest issues coming to the fore. The laws are clearly outdated, and there is controversy over how to overcome the legal implications of emerging technologies. Creating new laws for each new device will lead to an endless drafting of legislation, which is not practicable, and claiming that existing laws can respond to new problems is unrealistic, as users will seek to get around the law via loopholes in a patchwork of statutes.

Cameras provide a power imbalance. First, only a few people had mobile phones with cameras, and now they are everywhere. Then, only some people carried body-worn video recorders for extreme sports, and now, increasingly, using a GoPro, Looxcie, or Taser Axon glasses, while still in their nascent stages, has been met with some acceptance, dependent on the context (e.g., for business-centric applications that free the hands in maintenance). Photoborgs might be hitting back at all the cameras on the walls that are recording 24×7, but they do not cancel out the fact that the photoborgs themselves are doing exactly what they are claiming a fixed, wall-mounted camera is doing to them. But beating “them” at their own game has consequences.

The Überveillance Trajectory

One has to ponder: where to next? Might we be well arguing that we are nearing the point of total surveillance, as everyone begins to record everything around them for reasons of insurance protection, liability, and complaint handling “just in case,” like the in-car black box recorder unit that clears you of wrongdoing in accident? And how gullible might we become that images and video footage do not lie, even though a new breed of hackers is destined to manipulate and tamper with reality to their own ends.

Will the new frontier be surveillance of the heart and mind? The überveillance trajectory refers to the ultimate potentiality for embedded surveillance devices like swallowable pills with onboard sensors, tags, and transponder IDs placed in the subdermal layer of the skin, and even diagnostic image sensors that claim to prevent disease by watching innards or watching outward via the translucent dermal epidermal junction [3]. Just look at the spectacle and aura of the November 2014 “chipping” of Singularity University's cofounder Peter Diamandis if you still think this is conspiracy theory [4]! No folks, it's really happening. This event was followed by the chipping party in Sweden of eight individuals [5]. Let us hope this kind of thing doesn't catch on too widely because we stand to lose our freedom, and that very element that separates man from machine.

ACKNOWLEDGMENTS

This article was adapted from Katina Michael, “Redefining Surveillance: Implications for Privacy, Security, Trust, and the Law,” December 2014, Issues Magazine, http://www.issuesmagazine.com.au/article/issue-december-2014/redefining-surveillance-implications-privacy-security-trust-and-law.html.

References

1. BBC. (2005). CCTV systems "fail to cut crime." BBC News. [Online]. Available: http://news.bbc.co.uk/2/hi/uk-news/england/leicestershire/4294693.stm

2. R. Clarke, "The regulation of point of view surveillance: A review of Australian law," IEEE Technol. Soc. Mag., vol. 33, no. 2, pp. 40-46, 2014.

3. M. G. Michael and K. Michael, Eds., Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies (Advances in Human and Social Aspects of Technology). Hershey, PA: IGI Global, 2013.

4. J. Dorrier. (2014). Summit Europe: Chip implants easy as piercings. Singularity Hub. [Online]. Available: http://singularityhub.com/2014/11/25/summit-europe-chip-implants-easy-as-piercings/

5. J. Wakefield. (2014). The rise of the Swedish cyborgs. BBC News: technology. [Online]. Available: http://www.bbc.com/news/-technology-30144072

Citation: Katina Michael, "Sousveillance: Implications for Privacy, Security, Trust, and the Law", IEEE Consumer Electronics Magazine, Volume: 4, Issue: 2, April 2015, pp. 92 - 94, DOI: 10.1109/MCE.2015.2393006

Drones Humanus

Some years ago, a sweet grandma in my (Christine's) neighborhood was convinced that one of her neighbors was involved in illegal activity. Although my husband and I tried to assuage her overactive mind, she insisted we purchase and deliver binoculars to enable her to perform her civic duty as a self-appointed sleuthhound.

If it had been this year, she could have placed an order on-line and a drone could deliver the packaged binoculars to her front door [1]. Perhaps next year, she can trade in the binoculars for a perching air drone that will not only fly, but also perform a controlled stall with actuators allowing the feet to grip the branch of the tree in her neighbor's yard. The bird-like drone, with motors that can shut down to avoid energy depletion, can sit for long periods of time, recording lots and lots of data [2].

The current environment in which these technologies are emerging causes even the more open-minded members of society to face considerable misunderstandings, exploitation, abuse, and even physical danger as was evidenced during The Burning Man festival this past year [3]. Not surprisingly, a plethora of issues arose at the festival pertaining to drones; many of which related to privacy. It is apparent, there are still fragmented, few, or no regulations. Yet advances in technology allow for more easily concealed devices [4], revolutionary capabilities of remote sensing and capture technology (e.g., LIDAR chip) [5], and decreasing costs to acquire devices [6].

What will we become? We can now buy devices to wear 24/7, logging everything we see, and sending data to our lifelog storage device in the cloud. Perhaps we are now the bird-like drone, but we move from the sky, to the branch, to the inside of people's homes, into their workspaces, and alongside them on roads, trains, and planes. We can capture their interactions, their facial expressions, and the intimate aspects of their everyday experiences [7]. There are seemingly no limits [8].

Much like peer-to-peer security that has proven to be effective in society to reduce disorderly conduct in crowds [9], perhaps people will be paid for drone-like behavior [10]. Perhaps, the sweet, civic-minded grandma in the neighborhood, who lifelogs to pass on a heritage to her progeny, will utilize the same device to capture peer-to-peer data and thereby subsidize her pension. What is the trajectory for society?

If the digital realm plays an ever-increasing role in developing and transmitting social norms, we must consider the many values at stake [11]. The older as well as the younger generations may perceive this as an opportunity to become as fearless as the desert explorers who traversed unknown lands. Only today, the point-of-view #explorers are demonstrating their mean feats to a global theatre using social media in real time to their legions of online followers [12]. Suppose lifelogs lead to an environment in which we are fact-checked against the recorded medium [13]. Your interpretation of an event could be refuted; you would be told, “You were never into jazz.” or “That wasn't such a good time, was it?” [14]. Can synthesized data, capture the spirit behind the poetic license one takes when telling a story to achieve a desired effect? Can an algorithm discern the varied contexts within which our behaviors were recorded? We often have different personae that change over time; and it is often necessary for an individual to have one personae for work, one for family, and yet another for the Internet [15].

The human experience cannot be captured and interpreted easily; we are highly complex and astoundingly dynamic beings. This is the great stuff of humanity. We are ever-changing. We embellish to affect laughter. We create what didn't exist. We make stuff up. We make up rules so we can play games. We make up institutions so we can coordinate problem-solving collective action. Data, especially when so abundant and extensive, can easily undermine such invention. One only needs to ask siblings to describe their shared childhood experiences; one could compare their stories and be exceedingly perplexed. Each sibling has created his or her own narrative; each may have invented a slightly different back story. Can algorithms or a fallible human who chooses how to personally interpret the synthesis of data, appropriately process reality [16]? Moreover, if it can be said that “history belongs to the winners,” then while there exists lifelogging asymmetry (some do, some don't), perhaps it could also be said, equally cynically, that “personal history belongs to the lifeloggers”? Issues arise with this historical record because a lifelogger could easily omit, misrepresent, or even distort and deceive; he or she can willfully create inaccurate narratives which could go unchecked and unchallenged.

The most delightful aspect of visiting that grandma wasn't the amusing humor derived from her comedic idiosyncrasies, but rather it was her rich storytelling. Her husband often had a different take on events. She admitted she chose to forget the painful aspects of the depression era. Yet, she wonderfully verbalized a narrative of her life and times from her perspective. Just as forgetting is an essential part of the human psyche (without which we cannot begin to function), so is the ability to create narratives [17]. In the event of universal lifelogging, could this be lost and replaced with machine-perfected recollections? Without narrative, we have no mythos, and so we have no more explanation for the human condition than logos. We would have much less ability to create a shared sense of community through a commonly told story, and may be stuck instead with a single unalterable personae deterministically crushed by the unbearable tyranny of mundane facts captured through devices.

There are negative ramifications when we allow technology to commodify social concepts, and diminish social relations like privacy, friendship, and loyalty. The resultant consequences, such as the fragmentation of communities, the dissolution of trust, and the diminution of our ability to solve collective action problems, are serious enough. However, such invasive technologies as wearables and bearables are doing something else: they could deprive us of the ability to create personae and narratives [18]. We may discover the obsessive literalism is an axe being taken to the very essence of what it means to be human.

IEEE Keywords: Special issues and sections, Drones, Privacy, Behavioral science, Security, Information processing,Wearable computers, Surveillance

Citation: Jeremy Pitt, Christine Perakslis, Katina Michael, "Drones Humanus", IEEE Technology and Society Magazine, Volume: 33, Issue: 2, Summer 2014, pp. 38 - 39, Date of Publication: 02 June 2014, DOI: 10.1109/MTS.2014.2319951

TrackingPoint bolt-action rifles are game-changers, not a game

The new series of three TrackingPoint bolt-action rifles was developed with sport in mind – rather than combat or law enforcement...

Read More

Privacy - The times they are a-changin'

Introduction

This special section is dedicated to privacy in the information age. In particular, since the rise of mobile social media and the advent of cloud computing, few can dispute that the times have indeed changed. Privacy is now understood “in context” and within a framework that is completely different from what it once was. The right to be let alone physically seems to have been up turned by the right to give away virtually as much information as we like.

What kind of inherent safeguards can be introduced into the data driven society? We cannot argue for privacy as a natural right if we ourselves do not respect the laws that govern the use of personal information - except for those instances when we become the victims of our own folly (or otherwise through security breaches). We cannot ask for the application of law only on those occasions when we find ourselves on the wrong side of the new openness, so as to escape the consequences of being defrauded or having our identity stolen, or when we are the subjects of blackmail or cyber bullying.

Police services must also be held accountable when there are surveillance laws that are not being enforced as a consequence of new technologies. These laws do not suit the new range of high-tech policing capabilities - everything from body worn video recorders for “always on” surveillance of the citizenry to the use of opinion net monitors on social media such as Facebook. For the most part we are struggling with out-of-date and outmoded listening and surveillance device acts, privacy acts, telecommunications acts and interception acts, and we are moving toward data retention legislation that will make audit and compliance of every transaction mandatory in business and government. And if the laws are not outdated then they will often contradict one another or overwrite each other, providing those chartered with authority the continued ability to engage in mass surveillance.

Commercial entities create privacy policies that are seldom read - more a shortcoming of the trust and indifference of some subscribers and complete ignorance of others about the collection and use of personal information. Internet search giants are now joining numerous product-focused policies into a single policy, and in so doing limiting their liability while increasing that of their subscribers. It is evident enough that consumers cannot win, they go with the flow to keep au courant of the constant change, never quite being in control even if they believe themselves to be. The network increases in stealth and size as more and more personal data is fed into it.

We are told there are a number of solutions to the current privacy problems - 1) build in privacy to the design of new technologies at the engineering and commercialization stages, 2) ensure that appropriate crimes legislation and provisions are in place so that there are harsher penalties for people who breach the privacy rights of others, and/or 3) leave it to commerce itself to deal with using a number of ways to protect consumer privacy through technical standards and industry codes of conduct.

Some of the articles in this special section address these issues from a variety of stakeholder perspectives including government, non-government organizations, industry, and consumers. If we have privacy problems then we remain hopeful there must be solutions. But clearly the solutions are limited, if only because of the insatiable nature of the beast.

There is also a discernible movement between what was once considered a brave new world, to the open innovation model that is heralding an even “braver new world.” We are correspondingly doing away with the familiar George Orwell motifs and sentiments, and moving toward that of the Big Data “all you can eat and stomach” model. This new practice is supposed to give rise to a collective intelligence never before seen, a global brain of purposive inflows and outflows of knowledge to accelerate discoveries and increase productivity. Anyone still stuck on the existential and privacy concerns raised by 1984 might as well give up on the debate. at least this is what we are being pushed to believe by the transnationalist capitalist class which has globalized at unprecedented speeds. Recently G.T. Marx has again reminded us of the technique of normalization. And so for those gloomy students of Thomas Hobbes, for their numbers have also been increasing, Leviathan will take on newer and more sinister connotations.

There is for sure much to be gained from Big Data, from open innovation, from sharing our knowledge as one global community. Yet sharing openly might be the utilitarian approach that serves the greater good at the expense of the individual. In terms of consumerism, this is and will in all probability forever remain one of the great paradoxes of our post-industrial society. Making certain individual claims about health and disease for example will inevitably help communities overcome or become more resilient to them, but they will also impact the individual asymmetrically by lending them to even more detailed forms of scrutiny such as social sorting and potential insurance typecasting. Our online searches reveal more about us than what we might like to think - we could to some large degree be determining our own destiny by what we enter into that little space we call the search box.

So what are we supposed to do then? We cannot simply give up the battle for maintaining our right to privacy. This special section is not about giving it up without a good fight. It is about finding inspiration in how we can offer something that works for all parties - but mostly for citizens if we are to embrace user-centered engineering approaches that are secure and long lasting. There is indeed much to gain from new and imaginative online business models if they are used for the right purposes and in the right way. Conversely, we are headed for dangerous waters if these models are abused and mismanaged by those who are in charge.

We have endeavoured here to offer an international Special Section with a wide range of perspectives. Some articles digress on viewpoints, but all of our expert authors are willing to have open dialogue and to seriously engage in the public forum. We must capture these and other consonant opportunities to speak now while we can, that we might together come up with a global approach to arrest alarming developments that threaten to turn privacy into a thing of the past. Privacy does matter. It is both the stuff of dreams and of identity.

IEEE Keywords: Privacy, Data privacy, Security, Social network services

Citation: Katina Michael, 2012, Privacy- the times are a changin', IEEE Technology and Society Magazine, 31(4),

Securing Cyber-Physical Critical Infrastructure (Book Review)

Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges

Das, Kant and Zhang have done a brilliant job editing Securing Cyber-Physical Critical Infrastructure, bringing together a who's who list of researchers and practitioners. Das is a University distinguished Scholar Professor of Computer Science and Engineering at the University of Texas Arlington with more than 500 published papers, three books and the editorship at Elsevier's Pervasive and Mobile Computing journal. Kant is a research professor at the Center for Secure Information Systems at George Mason University, Fairfax, VA. Kant comes equipped with many years of academic experience and industry exposure at Bell Labs, Telcordia and Intel, as well as government positions including at the National Science Foundation (NSF). Finally, Zhang, the third editor, was an assistant professor of Computer Science and Engineering at the University of Texas at Arlington from 2006 to 2008 and is currently researching databases and information security/privacy. Zhang received the prestigious NSF CAREER award in 2008.

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Part I provides theoretical foundations in the area of control theory, game theory and epidemic theory as applied to cyber-physical infrastructure management. Part II focuses on security for wireless mobile networks. Robert Brammer who wrote the foreword of the handbook, emphasized the successes of the New York City Wireless Network (NYCWiN), motivated partly by the events of 9/11. NYCWiN became operational in 2009 and its cyber-physical systems architecture has addressed issues in the control of transport, public health, environmental quality and communications during critical emergencies. Part III covers security for sensor networks which are fast becoming integral for monitoring and controlling cyber-physical systems. These systems provide much of the feedback mechanism, forewarning or alerting to subsystems when things go wrong. As we increasingly become reliant on sensor networks, we need to ensure that they are as secure and reliable.

Parts IV and V position the importance of platform security, and address cloud computing and data security. The section on platform security includes chapters on traditional hardware and software vulnerabilities and presents solutions that could be employed to make it even more difficult for large-scale systems to be penetrated. The section on cloud computing makes sure to emphasize how systems are changing in terms of outsourcing to companies whose core competency is information technology infrastructure, platforms and services. The cloud, mobile devices, and online social networks are particularly creating opportunities for hackers toward data breaches, and this is discussed in detail.

Part VI and VII are on event monitoring and situation awareness, as well as policy issues in security management. These chapters provide approaches to systems monitoring, discovery and tracking patterns of interest in security data streams, discontinuous clustering, sequencing, geo-spatial temporal correlations and other event detections mechanisms. For those seeking examples of how such systems monitoring occur, there are equations, algorithms, proofs, process flows, physical infrastructure layout maps, pictorial evidence, graphs, tables, and example simulation outputs to spend hours and hours exploring further. Finally, policies, access control and formal analysis methods for overseeing security in cyber-physical critical infrastructure are also shown.

The biggest highlight for me personally was the coming together of Parts I–VII in the security issues in real-world systems presented in Part VIII which brings home the relevance and timeliness of this handbook today. Chapters 25–30 could have been a book in their own right for their depth of insight into emerging smart infrastructures – including smart grids, automotive information technology, mobile health care systems, internet infrastructure, emergency vehicular networks, and more broadly unified telecommunications infrastructure using Voice over Internet Protocol (VoIP). It is not too difficult to see the complexities of these big systems needing to interact with each other and the security and privacy concerns this might raise.

As noted by the authors, the handbook could be used to cover courses on security and robustness of computer networks, the security in physical infrastructure, or even the security in cyber infrastructure. Today, we are witnessing a paradigm shift toward autonomous systems, and despite most physical infrastructure being considered legacy, even the old wires and cables are becoming “switched onto” the cyber. An understanding of both these elements is crucial in engineering and maintaining better working and resilient systems for the future.

Citation: Katina Michael, [Book Review]: Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges, by S.K. Das, K. Kant, N. Zhang. Elsevier|Morgan Kaufmann, Volume 31, Issue 8, November 2012, p. 1013: DOI: https://doi.org/10.1016/j.cose.2012.07.007

Securing the Cloud (book review)

Securing the Cloud: Cloud Computer Security Techniques and Tactics

    With so much buzz around Cloud Computing, books like this one written by Winkler are much in demand. Winkler's experience in the computing business shines through and as readers we are spoiled with a great deal of useful strategic information – a jam packed almost 300 page volume on securing the cloud.

    Winkler, presently a senior associate at Booz Allen Hamilton has had more than 30 years of experience servicing U.S. Government clients, and as Chief Technologist for Security for the Sun Microsystems Public Cloud, in applications engineering, and IT operations and management in a number of organizations. Winkler has numerous technical conference publications, and among his many achievements, he was a visiting cyber security expert authoring the Information Security policy for the Government of Malaysia.

    The book begins with a well-needed introduction for those who are new to cloud computing. Winkler describes how the cloud works, the importance of securing the cloud, and its fundamental architecture.

    Chapter 2 goes into greater detail on the cloud reference architecture, introducing cloud service and deployment models and differentiating between public, private, community and hybrid clouds, and the cloud software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) models.

    To be commended, before entering an in-depth discussion on how to architecture a secure cloud, Winkler spends chapter 3 discussing security concerns, risk issues, and legal aspects. As a privacy specialist myself, it is very heartening to see that Winkler addresses those very difficult questions that every client asks about privacy and confidentiality concerns, data ownership and locale concerns, and other aspects like emerging threats, third parties, data privacy and litigation.

    Chapters 4–6 are all about ways in which we can secure the cloud – the underlying architecture, data security, and key strategies and best practices. These chapters are at the heart of the book as we are taken on a guided tour about standards and policies, honeypots, sandboxes, network and cabling patterns and the like. For the important area of data security within the cloud we are introduced to the idea of control over data and public cloud economics, ownership and custodianship, data encryption and its limitations, and access control techniques for data categorization. The deletion of data within the cloud is also discussed, something that is becoming vital from the lessons learnt in the social media environment. Key strategies and best practices in securing the cloud are presented in chapter 6 from first principals. NIST definitions are given in security controls and unclassified and classified models are compared. Security monitoring by the CIA is addressed and the emphasis is placed on reliable streams of data – a notion introduced as MaaS – Monitoring as a Service.

    Chapter 7 and 8 look at security criteria with respect to building an internal cloud (i.e. private cloud) versus selecting an external cloud provider. The internal cloud choice is based on the security implications offset between a shared versus dedicated resources solution. Criteria for ensuring a secure private cloud include: network considerations, data center considerations, operational security considerations, and regulation. For the selection of an external cloud provider a discussion is given on assurance and how to verify independently the claims made by a given vendor.

    Chapter 9 is about evaluating your cloud security using an information security framework. Checklists are provided to help cloud personnel evaluate the stealth of their given solution, including a manner for placing metrics against the checklists.

    Chapter 10 is about operating a cloud and is very much intended for the manager who is in charge of the business case toward a cloud solution. Processes, efficiency and cost are all covered aspects as well as security operations activities that typically are related to business continuity and recovery.

    As a former pre-sales engineer, what I loved most about this book was the obvious hands-on strategic and technical experience that Winkler bought to every aspect of it. It is really a practitioner's guide to cloud computing security. I appreciated the descriptive figures, the tips, the warnings, the notes, the tools, the stories of failures and successes but most of all the comprehensive nature of the real world descriptions.

    Citation: Katina Michael, [Book Review] "Securing the Cloud: Cloud Computer Security Techniques and Tactics" by Vic (J.R.) Winkler. Computers & Security,  Vol. 31, No. 4, June 2012, Page 633, Syngress|Elsevier, https://doi.org/10.1016/j.cose.2012.03.006

    Security Risk Management (book review)

    Security Risk Management: Building an Information Security Risk Management Program from the Ground Up

    In an age of outsourcing tasks that are not considered to be a core competency of the business, organisations have often relied on external consultants for matters pertaining to security. In actual fact, most companies could have utilized existing skill-sets in-house to produce a security risk management program, if only they knew what steps to take, and how to go about it all. Evan Wheeler in his book on information security risk management does just that he equips professionals tasked with security, with the thinking required to create a program that is more preoccupied with the complex strategic-level questions than the technical or operational level skills required to execute particular tools and applications. Wheeler, a practicing security consultant himself, asks the big questions which technicians usually cannot answer beginning with the “why” question. From Wheeler’s perspective it is important that those who have been given the role to manage security, have the upper management support to act as “internal” consultants with clear roles and responsibilities defined from the outset, given resource allocation limitations. Wheeler’s book offers a simple to understand risk management lifecycle where the business owners are empowered to manage their own risks with the security team playing a supporting role as policymaker and overseer. Security thus becomes everyone’s problem.

    Wheeler organizes his book in three very accessible parts. The first part provides an introduction to risk management which positions security within an organizational context as well as introduces the risk management lifecycle. The second part which is on risk assessment and analysis techniques, includes chapters on risk profiling, formulating a risk, risk exposure, security control, risk evaluation and reporting. And the final third part is on building and running a risk management program, with a focus on generating a blueprint for security. What is practical about this book is that there are quick guides to follow with detailed descriptions for each part, sub-part, and individual steps in the stages of the risk management workflow. The numerous template pro-formas included in the book also presents another tangible way for practitioners to get involved in risk management, providing an approach toward identifying and mapping an organisation’s risks and mitigating them. The book also contains generic case studies wherever appropriate. The appendices which include example profiles and questionnaires are additionally supported by partly-filled out tabular forms in the main body of the text. Sample worksheets, workflow diagrams, tips and tricks, and associated warning signals along the way are also illustrative, helping the information security professional to get started straight away without falling into recognized pitfalls. One thing that makes this book so useful is the style that it has been written in, a credit to Wheeler that it allows for direct engagement and is easily digestible by any one at any level in the organisation.

    A distinct omission in Wheeler’s book is an acknowledgment of the importance of the existence of international standards, such as the International Standards Organisation’s (ISO) 27000 series of standards on information security matters, and also other IT governance related frameworks, such as CoBIT. While the claim is made that Wheeler offers a new approach in his book, shaking up old paradigms, it is probably more correct to say that Wheeler has taken tried and tested elements in security management, and has presented them in a more accessible way to the professional who might not necessarily have a security background. The success of the book is in its presentation of the security risk management lifecycle.

    With the admission that the qualitative versus quantitative approach to risk assessment continues to be debated by the industry, Wheeler spends some time describing the implementation of each approach, tending toward a little bit of this, and a little bit of that, in his self-professed cookbook of risk management. But for the greater part, Wheeler is obviously encouraging of the qualitative assessment given the length of space attributed to this approach in the book. One criticism of solely using either a qualitative approach or a quantitative approach to risk assessment has very much to do with how to interpret the meaning behind the results. Take for example a quantitative assessment based on annualized loss expectancy (ALE). It is very likely to have two risks end up with exactly the same dollar figure. The fallback position in this situation is to a qualitative assessment result to weigh up which is more significant to the given organizational context when addressing the risk concerns. Innovative modeling approaches which utilize a hybrid approach are now being implemented in many organisations. The absence of this discussion from the book is noted, Wheeler taking the perspective that most organisations use a qualitative approach alone because the quantitative assessment approach relies on too many historical facts which are usually unknown, and based upon complex equations.

    Another detail that seems to have not been addressed is that security risk requires business owners to consider interdependencies at a variety of layers. These layers can be considered as categories of resources, i.e., applications, infrastructure, environment, facility, business unit and vendor, each of which have impacts at the financial, legal, reputational or regulatory levels. The failure to recognize interdependencies as being an integral dimension of risk assessments can lead to detrimental effects in any risk management program. Scenario analyses conducted to gauge the consequences of negative effects on a crucial element in the security value chain might mean that controls and mechanisms to protect that element are of greater significance than another element that might have a bigger risk exposure but is not underlying most other processes. Much of this work on interdependencies was begun in the critical infrastructure protection (CIP) domain but has been applied in many other areas, including in the banking sector which has been preoccupied with risk appetite since consumers have begun to use emerging technologies do conduct their transactions.

    Wheeler’s book is predominantly a practitioner’s guide to security risk management but can also be used as a teaching text to help engineers, students of security, information assurance, or information systems more broadly. The key message that Wheeler is emphasizing is that risk is at the core of security, and at the heart of every business. Despite that the book lacks key referencing from academic literature, it can still be used as the basis for setting a large-scale team assignment on devising a risk management program from the ground up for a real organisation. Security professionals in banks will particularly find the book relevant, with examples from this sector discussed or alluded to.

    Citation: [Book Review]: Katina Michael, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up, E. Wheeler.  Volume 31, Issue 2, March 2012, pp. 249-250, Syngress, Elsevier. Accepted 22 December 2011, Available online 5 January 2012, DOI: https://doi.org/10.1016/j.cose.2011.12.011

    Predicting the socioethical implications of implanting people with microchips

    Privacy, security, trust, control and human rights are all concerns that need to be addressed before widespread diffusion of advanced identification technologies. Implants for humans are not new... Today we have even realised the potential for microchip implants to be embedded inside the human body for the purpose of acting as unique lifetime identifiers (ULIs).

    Read More