Abstract
Although my technical capstone project and STS research paper address different technologies, they are connected by a shared concern with how technical systems become legitimate in real settings. My technical project, Nmap Insight, focuses on network scanning and security-tool usability. It asks how a powerful but command-line-heavy tool like Nmap can be made more approachable for students, beginner security learners, and small-scale IT users without removing the control and precision that make Nmap useful. My STS research paper, by contrast, examines AI-enabled remote exam proctoring in higher education and asks how privacy norms, equity concerns, and legal constraints reshaped universities' governance of remote proctoring from emergency adoption to post-pandemic restriction. These projects are not directly connected by topic, but both grew from the same broader motivation: technical capability alone does not make a system responsible. In both projects, the important question is not only what the technology can do, but how people encounter it, what risks it creates, and what forms of design or governance make its use more legitimate.
Nmap Insight is a local-first desktop web application that wraps Nmap in a guided user interface and structured result model. Nmap is a widely used tool for network discovery and basic security auditing, but its command-line interface can be difficult for newer users to use correctly, especially when scans require multiple flags, timing choices, target specifications, and interpretation of raw text output. Nmap Insight addresses that gap by helping users construct, run, cancel, compare, store, and export Nmap scans through a browser-based interface served by a local FastAPI backend. The application validates user input, constructs Nmap subprocesses without unsafe shell command concatenation, parses XML output into structured results, and stores scan history in SQLite for later review. A major part of the solution is its security-conscious design: the application binds to loopback, uses safe defaults, validates targets and scan options, supports cancellation and timeouts, and separates privileged scan functionality into a dedicated elevated helper rather than running the entire interface with administrator permissions. The goal is not to replace Nmap or hide its underlying power, but to make common discovery workflows more understandable for local network-auditing contexts.
My STS research paper examines a very different case: the rise and restriction of AI-enabled remote exam proctoring at U.S. universities between 2020 and 2024. The paper argues that universities' shift away from surveillance-heavy remote proctoring should be understood as a sociotechnical renegotiation of appropriate information flows in assessment. During emergency remote teaching, institutions adopted tools such as browser lockdown, webcam monitoring, room scans, identity verification, biometric checks, and automated flagging in order to preserve academic integrity. However, once exams moved into students' homes and introduced vendors, persistent recordings, biometric processing, and opaque suspicion systems, these tools came into conflict with privacy expectations. Using contextual integrity as the STS framework, the paper analyzes how information recipients, data types, and transmission principles changed as universities, vendors, advocates, and courts responded to the controversy. The paper finds that the governance of remote proctoring shifted from emergency normalization toward narrower surveillance, more human review, opt-outs, and greater attention to assessment redesign. Its central claim is that the future of academic integrity should not depend on simply making surveillance more invasive, but on designing assessment practices and governance rules that preserve trust and fairness.
Working on both projects at the same time helped me see technical design and sociotechnical governance as parts of the same larger engineering responsibility. The technical project forced me to think concretely about implementation tradeoffs: validating inputs, limiting privileges, preventing command injection, keeping execution local, and making a powerful tool usable without making it reckless. The STS project pushed me to think about similar questions at the institutional level: who receives data, what information is collected, what rules govern its transmission, and when technical convenience becomes socially unacceptable. Even though Nmap Insight and remote proctoring are not directly connected, the STS paper made me more attentive to the risks of lowering barriers around powerful technologies. A tool can become more accessible in ways that empower legitimate users, but accessibility without constraints can also create misuse or loss of trust. At the same time, the capstone project made the STS research feel more practical because it showed how values such as safety, transparency, and accountability have to be translated into actual design choices rather than left as abstract principles.
