On Enforcing the Digital Immunity of a Large Humanitarian Organization

@article{Blond2018OnET,
  title={On Enforcing the Digital Immunity of a Large Humanitarian Organization},
  author={Stevens Le Blond and Alejandro Cuevas and Juan Ram{\'o}n Troncoso-Pastoriza and Philipp Jovanovic and Bryan Ford and Jean-Pierre Hubaux},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={424-440}
}
Humanitarian action, the process of aiding individuals in situations of crises, poses unique information-security challenges due to natural or manmade disasters, the adverse environments in which it takes place, and the scale and multi-disciplinary nature of the problems. [] Key Result These results highlight, among other challenges, the trade offs between operational security and requirements stemming from all stakeholders, the legal barriers for data sharing among jurisdictions; especially, the need to…

Figures and Tables from this paper

Human Factors in Cybersecurity: A Scoping Review
TLDR
A scoping review to investigate the take of the CS community on the human-centric cybersecurity paradigm by considering the top conferences on network and computer security for the past six years shows that broadly two types of users are considered: expert and non-expert users.
Conducting Privacy-Sensitive Surveys: A Case Study of Civil Society Organizations
TLDR
This paper aims to capture the factors that affect the attitudes and intentions of CSO employees to engage in security and privacy behaviors by using a survey-based study to collect data about employees working at US-based civil society groups.
SoK: A Framework for Unifying At-Risk User Research
TLDR
This systematization work presents a framework for reasoning about at-risk users based on a wide-ranging meta-analysis of 85 papers and identifies 10 unifying contextual risk factors—such as oppression or stigmatization and access to a sensitive resource—which augment or amplify digital-safety threats and their resulting harms.
Clinical Computer Security for Victims of Intimate Partner Violence
TLDR
A consultation service to help IPV victims obtain in-person security help from a trained technologist is created and a range of new technical and non-technical tools that systematize the discovery and investigation of the complicated, multimodal digital attacks seen in IPV.
"It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
TLDR
It is found that sex workers have well-defined safety goals and clear awareness of the risks to their safety: clients, deficient legal protections, and hostile digital platforms, and the importance of more holistic design of security tools to address both online and offline axes of safety.
The Role of Computer Security Customer Support in Helping Survivors of Intimate Partner Violence
TLDR
Recommendations for computer security companies to better address tech-enabled IPV through training support agents, tracking the prevalence of these cases, and establishing partnerships with IPV advocates are concluded.
Building a path towards responsible use of Biometrics: A proposal for security and data privacy evaluation of Biometric Systems
TLDR
This work assesses the different parts of biometric authentication systems and investigates their potential risks and vulnerabilities, and evaluates existing biometric security frameworks and extends on them by integrating the distribution of components over functional parties.
PriFi: Low-Latency Anonymity for Organizational Networks
TLDR
PriFi is presented, an anonymous communication protocol for LANs, which protects users against eavesdroppers and provides high-performance traffic-analysis resistance, and solves the challenge of equivocation attacks by encrypting traffic based on communication history.
PriFi: A Traffic-Analysis Resistant, Low-Latency Anonymous Communication Protocol for Local Area Networks
TLDR
PriFi provides organizations with robust traffic-analysis resistance and maintains the Quality of Service of the communications and is compatible with delaysensitive applications such as VoIP.
Droplet: Decentralized Authorization for IoT Data Streams
This paper presents Droplet, a decentralized data access control service, which operates without intermediate trust entities. Droplet enables data owners to securely and selectively share their dat
...
1
2
...

References

SHOWING 1-10 OF 47 REFERENCES
The Protection of Journalists in Armed Conflicts: How Can They Be Better Safeguarded?
The years 2011 and 2012 were among the most deadly for journalists reporting from conflict situations worldwide. The numbers of assaults, arrests and attacks have been on a constant rise and portray
International Committee of the Red Cross (ICRC)
  • Eman Omar
  • Political Science
    B-Model Gromov-Witten Theory
  • 2019
The International Committee of the Red Cross (ICRC) is a humanitarian organisation whose unique mandate is to protect the lives and dignity of victims of armed conflict and of other situations of
Individual versus Organizational Computer Security and Privacy Concerns in Journalism
TLDR
Through interviews with 15 practicing journalists and 14 organizational stakeholders, this research offers insight into some of the practical and cultural constraints that can limit the computer security and privacy practices of the journalism community as a whole.
Social Engineering Attacks on Government Opponents: Target Perspectives
TLDR
In-depth interviews of 30 potential targets of Middle Eastern and Horn of Africa-based governments illuminates the ways that likely targets are vulnerable to the types of social engineering employed by nation-states.
When Governments Hack Opponents: A Look at Actors and Technology
TLDR
An extensive collection of suspicious files and links targeting activists, opposition members, and nongovernmental organizations in the Middle East over the past several years are analyzed, finding that these artifacts reflect efforts to attack targets' devices for the purposes of eavesdropping, stealing information, and/or unmasking anonymous users.
A Look at Targeted Attacks Through the Lense of an NGO
TLDR
It is found that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against political and industrial organizations, and Tibetan NGOs.
Internet Censorship in Thailand: User Practices and Potential Threats
  • G. Gebhart, T. Kohno
  • Computer Science
    2017 IEEE European Symposium on Security and Privacy (EuroS&P)
  • 2017
TLDR
The findings indicate that existing circumvention tools were adequate for respondents to access blocked information, that respondents relied to some extent on risky tool selection and inaccurate assessment of blocked content, and that attempts to take action with sensitive content on social media led to the most concrete threats with the least available technical defenses.
Tools to do the job: The ICRC's legal status, privileges and immunities
  • Els Debuf
  • Law
    International Review of the Red Cross
  • 2015
Abstract The International Committee of the Red Cross (ICRC) enjoys a specific legal status and specific privileges and immunities under both international and domestic law. They enable the ICRC to
Internet censorship circumvention technology use in human rights organizations: an exploratory analysis
TLDR
The research examines the factors influencing the use of circumvention technologies and the organizational effects of their use to result in a revised model of censorship circumvention technology use as well as a new model situating human rights organizations and their audiences in bidirectional information flows.
Investigating the Computer Security Practices and Needs of Journalists
TLDR
Investigating the general and computer security practices of 15 journalists in the U.S. and France via in-depth, semi-structured interviews finds evidence that existing security tools fail not only due to usability issues but when they actively interfere with other aspects of the journalistic process.
...
1
2
3
4
5
...