scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Tor does not stink: Use and abuse of the Tor anonymity network from the perspective of law

01 Feb 2016-Computer Law & Security Review (Elsevier Advanced Technology)-Vol. 32, Iss: 1, pp 111-127
TL;DR: The human rights connotations of the anonymity provided by Tor are explored, coming to the conclusion that this anonymity is an integral part of certain human rights, particularly the right to privacy and theright to freedom of expression.
About: This article is published in Computer Law & Security Review.The article was published on 2016-02-01. It has received 15 citations till now. The article focuses on the topics: European union & The Right to Privacy.
Citations
More filters
Journal ArticleDOI
TL;DR: This study presents an integrated cloud incident handling and forensic‐by‐design model and demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications).
Abstract: Summary Information security incident handling strategies or models are important to ensure the security of organisations, particularly in cloud and big data environments. However, existing strategies or models may not adequate as cloud data are generally virtualised, geographically distributed and ephemeral, presenting both technical and jurisdictional challenges. We present an integrated cloud incident handling and forensic-by-design model. We then seek to validate the model using a set of controlled experiments on a cloud-related incident. Three popular cloud storage applications were deployed namely, Dropbox, Google Drive, and OneDrive. This study demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications). Copyright © 2016 John Wiley & Sons, Ltd.

91 citations


Cites background from "Tor does not stink: Use and abuse o..."

  • ...While anonymous communication tools such as TOR may help individuals in oppressive regimes to evade surveillance, it can also be abused for nefarious purpose [33]....

    [...]

Dissertation
01 Jan 2019
TL;DR: The Europos deliktų teisės kontekste as mentioned in this paper, a group of Europos Teisių Teismo groups, has been formed to promote the development of the Eurovision Song Contest 2019.
Abstract: Disertacijoje, remiantis Europos Žmogaus Teisių Teismo nagrinėtose Delfi AS v. Estonia, MTE & Index v. Hungary, Pihl v. Sweden ir Tamiz v. the United Kingdom bylose suformuluotais interneto tinklalapių valdytojų saviraiskos laisvės ribojimo būtinumo demokratinėje visuomenėje vertinimo elementais, nustatyti ir įvertinti interneto tinklalapių valdytojų deliktinės civilinės atsakomybės už anoniminiais svetainės lankytojų komentarais tretiesiems asmenims sukeltą žalą, susijusią su jų teisės į privatų gyvenimą pažeidimais, taikymą pateisinantys kriterijai. Struktūralizmo koncepcija grindžiamoje pirmojoje darbo dalyje atskleidžiamas is EŽTK 10 straipsnio kylancios interneto tinklalapių valdytojų saviraiskos laisvės ir privataus gyvenimo kategorijos, kaip interneto tinklalapių valdytojų saviraiskos laisvės ribojimo prielaidos, turinys bei isskirti konkretūs interneto tinklalapių valdytojų civilinės atsakomybės už žalą, treciųjų asmenų patiriamą dėl jų teisės į privatų gyvenimą pažeidimo anoniminiais svetainių lankytojų komentarais, taikymą pateisinantys kriterijai. Antrojoje disertacijos dalyje, kuri grindžiama funkcionalizmo principu, kompleksinės minėtose Europos Žmogaus Teisių Teismo bylose priimtų sprendimų analizės pagrindu įvertintas kiekvieno kriterijaus turinys, palyginti jų turinio ir taikymo skirtingose bylose ypatumai, įvertinta sių kriterijų problematika ir reiksmė, taip pat nustatytas jų tarpusavio santykis. Tai yra pirmasis tokio pobūdžio mokslinis tyrimas ne tik Lietuvos, bet ir Europos deliktų teisės kontekste. Tyrimas parodė, kad kertiniai interneto tinklalapių valdytojų civilinės atsakomybės už žalą, kylancią tretiesiems asmenims dėl jų teisės į privatų gyvenimą pažeidimo anoniminiais svetainės lankytojų komentarais, taikymą pateisinantys kriterijai yra i) komentarų paskelbimo kontekstas ir pacių komentarų turinys bei ii) interneto tinklalapio valdytojo taikytos isankstinės komentarų teisėtumo užtikrinimo priemonės ir faktinis elgesys po komentarų paskelbimo. Tuo metu kiti Europos Žmogaus Teisių Teismo praktikoje isskiriami kriterijai (t. y. i) nukentėjusiojo asmens veiksmai iki ir po komentarų pasirodymo, ii) jam komentarų sukeltos pasekmės, iii) komentarų autorių atsakomybės galimybė kaip tam tikra alternatyva interneto tinklalapių valdytojų atsakomybei ir iv) civilinės atsakomybės taikymo pasekmės konkreciam interneto tinklalapio valdytojui) vertintini kaip papildomi ir neturintys esminės įtakos interneto svetainės valdytojų civilinės atsakomybės taikymo faktui, taciau reiksmingi sprendžiant dėl jų civilinės atsakomybės taikymo masto.

50 citations

Proceedings ArticleDOI
27 Nov 2020
TL;DR: DeepImage as mentioned in this paper uses feature selection to pick the most important features to create a gray image and feed it to a two-dimensional convolutional neural network to detect and characterize darknet traffic.
Abstract: Darknet traffic classification is significantly important to categorize real-time applications. Although there are notable efforts to classify darknet traffic which rely heavily on existing datasets and machine learning classifiers, there are extremely few efforts to detect and characterize darknet traffic using deep learning. This work proposes a novel approach, named DeepImage, which uses feature selection to pick the most important features to create a gray image and feed it to a two-dimensional convolutional neural network to detect and characterize darknet traffic. Two encrypted traffic datasets are merged to create a darknet dataset to evaluate the proposed approach which successfully characterizes darknet traffic with 86% accuracy.

44 citations

Journal ArticleDOI
TL;DR: In this paper, the authors argue that the reluctance of states to engage in international law-making has left a power vacuum, lending credence to claims that international law fails in addressing modern challenges posed by rapid technological development.
Abstract: Several indicators point to a crisis at the heart of the emerging area of international cyber security law. First, proposals for binding international treaties by leading stakeholders, including China and Russia, have been met with little enthusiasm by other states, and are generally seen as having limited prospects of success. Second, states are extremely reluctant to commit themselves to specific interpretations of controversial legal questions and thus to express their cyber opinio juris. Third, instead of interpreting or developing rules, state representatives seek refuge in the more ambiguous term ‘norms’. This article argues that the reluctance of states to engage in international law-making has left a power vacuum, lending credence to claims that international law fails in addressing modern challenges posed by rapid technological development. In response, several non-state-driven norm-making initiatives have sought to fill the void, including Microsoft's cyber norms proposals and the Tallinn Manual project. The article then contends that this emerging body of non-binding norms presents states with a critical window of opportunity to reclaim a central law-making position, similar to historical precedents including the development of legal regimes for Antarctica and nuclear safety. Whether the supposed crisis will lead to the demise of inter-state cyberspace governance or a recalibration of legal approaches will thus be decided in the near future. States should assume a central role if they want to ensure that the existing power vacuum is not exploited in a way that would upset their ability to achieve strategic and political goals.

33 citations

Journal ArticleDOI
TL;DR: It is argued that online anonymity should not be conceptualized in absolute terms but as an inherently fluid and transitional condition that characterizes any kind of social interaction online.
Abstract: Whenever we navigate the Web, we leave a trace through our IP address, which can in turn be used to establish our identity – for instance, by cross-checking it with a user’s Internet subscription. By using software such as VPN and Tor, however, it might be possible to avoid leaving such traces. A lively debate among policymakers, security professionals, hacker communities, and human rights associations has recently ensued regarding the question if such anonymity is acceptable and in which form. This article introduces the Crosscurrent special section dedicated to this topic by providing a brief overview of this debate and by pointing to the necessity of considering online anonymity from multiple, interrelated perspectives. By taking into account both technical and social dimensions, we argue that online anonymity should not be conceptualized in absolute terms but as an inherently fluid and transitional condition that characterizes any kind of social interaction online.

27 citations


Cites background from "Tor does not stink: Use and abuse o..."

  • ..., 2017), allowing the existence of drug crypto markets that capitalize on the anonymity tools (Martin, 2014; Morselli et al., 2017), adding sophistication to the hacking attack technology (Hoang and Pishva, 2014), and facilitating illegal file sharing, a practice that has been constantly growing on the Web (Larsson et al....

    [...]

  • ...…of cybercrime (Van Hardeveld et al., 2017), allowing the existence of drug crypto markets that capitalize on the anonymity tools (Martin, 2014; Morselli et al., 2017), adding sophistication to the hacking attack technology (Hoang and Pishva, 2014), and facilitating illegal file sharing, a…...

    [...]

References
More filters
Journal ArticleDOI
TL;DR: It is argued that developers of OSINT platforms and networks have a responsibility to make sure that end-users are enabled to use privacy by design, by allowing functionalities such as revocable privacy and a policy-enforcement language.

44 citations

01 Jan 2013
TL;DR: In this paper, public policy objectives, types of code regulation, Institutional Political Economy, Outcomes, Public Policy Objectives, Types of Code Regulation, and Outcomes are discussed.
Abstract: This chapter contains sections titled: Public Policy Objectives, Types of Code Regulation, Institutional Political Economy, Outcomes

21 citations

MonographDOI
20 Mar 2015
TL;DR: In the Function of the Proportionality Analysis in European Law as discussed by the authors, the author offers a legal dogmatic, comparative and legal theoretical analysis of proportionality analysis applied by European courts.
Abstract: In the Function of the Proportionality Analysis in European Law the author offers a legal dogmatic, comparative and legal theoretical analysis of proportionality analysis applied by European courts.

21 citations

Posted Content
TL;DR: The paper draws the conclusion that technology-facilitated investigations of open sources by the police often constitute an interference with the right to privacy; hence, they require a legal, statutory basis that is sufficiently clear for citizens to understand what the police are doing.
Abstract: Analysing large amounts of data goes to the heart of the challenges confronting intelligence and law enforcement professionals today. Increasingly, this involves Internet data that are ‘open source’ or ‘publicly available’. Projects such as the European FP7 VIRTUOSO are developing platforms for open-source intelligence by law enforcement and public security, which open up opportunities for large-scale, automated data gathering and analysis. However, the mere fact that data are publicly available does not imply an absence of restrictions to researching them. This paper investigates one area of legal constraints, namely criminal-procedure law in relation to open-source data gathering by the police. What is the legal basis for this activity? And under what conditions can domestic and foreign open sources be investigated? These questions are addressed from the perspectives of European and Dutch law. First, the international legal context for gathering data from openly accessible and semi-open sources is analysed, including the issue of cross-border gathering of data. In particular, article 32 of the Cybercrime Convention and some national implementations are discussed, as well as data protection requirements from European Union law. Next, the paper zooms in on the Dutch legal context for open-source investigations, to illustrate how the issues of a legal basis and other legal requirements are addressed in a specific legal framework. The paper draws the conclusion that technology-facilitated investigations of open sources by the police often constitute an interference with the right to privacy; hence, they require a legal, statutory basis that is sufficiently clear for citizens to understand what the police are doing. Moreover, open-source investigation tools and practices used must meet general data-protection requirements and forensic reliability standards. The discussion also shows that interpreting existing legal provisions to accommodate open-source investigation tools can lead to convoluted interpretations, suggesting that legal frameworks of investigation powers with a focus on physical-space investigations may need to be revised to accommodate the particularities of open-source Internet investigations.

13 citations