officeHours: Office Hours Management Tool; Private Data Breaches: To What Extent Should We Hold Engineers Responsible?
Cherchar, Ali, School of Engineering and Applied Science, University of Virginia
Baritaud, Catherine, EN-Engineering and Society, University of Virginia
Cohoon, Jim, EN-Comp Science Dept, University of Virginia
Wylie, Caitlin, EN-Engineering and Society, University of Virginia
The phenomenon of private data breach incidents has increased considerably during the last few years leading the majority of scholars to question the effectiveness of security measures against it. Private data breaches affect all organizations regardless of size or influence. Their primary goal is to obtain private information for identity theft and other fraudulent activities. The technical research paper covers an open-source web application designed to help teaching staff manage their office hours queues. The paper aims at establishing a primary line of defense against private data breaches by questioning the need to collect private information as well as providing the audience with insights on how to best protect it. The Science, Technology and Society (STS) research paper examines a set of notable data breach incidents from an ethical perspective. The purpose of the analysis is to identify and address the root cause(s) that led to successful attacks targeting private information. The research paper uses the findings to establish a secondary line of defense against private data breaches. The technical research report and STS research paper are complementary as they provide valuable information to counter the rising problem of cyber-attacks targeting private information. The technical research report focuses on measures that precede the collection of private information while the STS paper underlines measures related to the post data collection phase.
The expansion of the illegal data collection and sharing chain is a major contributor to successful cyber-attacks targeting private information. In fact, allowing everyone to collect private information would increase the chances of it falling between the hands of parties that will intentionally or unintentionally fail to protect it. This makes private information pretty much exposed to external threats. Therefore, drawing the line between legitimate and non-legitimate data collection is very important. Additionally, if data collection is justified, then it is imperative to meet some technical requirements to make sure that private information is secure and properly handled. Taking both points into consideration would help limit the number of successful cyber-attacks targeting private information.
The technical research report presents officeHours, a web application designed to provide a reliable solution to managing office hours queues, and uses it as an example to guide the audience on determining how much private data can be collected if at all as well as the best methods to secure it. The work makes it quite clear that the minimum amount of private information necessary for the design to work as expected can be collected. This also includes not collecting any data and differs by project. Thus, referring to pre-existing rules on data collection/handling and using good judgement should provide enough guidance on the matter.
The Science, Technology and Society (STS) research paper aims to determine the extent to which engineers should be held accountable for private data breaches. A detailed analysis of notable data breach incidents (Target & Capital One) supported by the Actor Network Theory (ANT) framework reveals that two stakeholders can be identified as the root cause(s) of any successful cyber-attack: engineers, institution such as Target, or both. Therefore, the extent to which engineers should be held accountable varies on a case-by-case basis.
Examining the behavior of engineers and institutions through the lens of Engineering Ethics and Ethics of Care respectively, provides enough evidence to determine who is truly responsible for a given data breach and help answer the main research question. Findings are used to establish more targeted measures to remedy the problem of private data breaches.
Successful measures against private data breaches can be assigned to two distinct phases: pre data collection, and post data collection. The former guarantees that the collection of private information is justified and meets specific safety requirements while the latter lifts the standard of professional responsibility. Both work in a synchronous manner to counter the rising problem of private data breaches.
BS (Bachelor of Science)
ANT, Cyber-attack, Private data breach
School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Jim Cohoon
STS Advisor: Catherine Baritaud, Caitlin Wylie
All rights reserved (no additional license for public reuse)