Erin Kenneally - Academia.edu (original) (raw)
Papers by Erin Kenneally
IEEE internet of things magazine, Jun 1, 2019
Social Science Research Network, 2021
Darwin’s survival of the fittest theory maintains that an organism's ability to adapt to chan... more Darwin’s survival of the fittest theory maintains that an organism's ability to adapt to changes in its environment and adjust accordingly over time determines its survival success. This process of adaptation at the heart of Darwinism is apropos for the cyber insurance industry amidst the selective pressures introduced by ransomware (RW) incidents and claims. This case study proffers adaptations to the changes wrought by ransomware in order to increase cyber insurance resiliency to this peril and prevent coverage extinction. These adaptations exist on a spectrum of controllability and speed of impact, including: risk management guidance, mandatory ransomware incident disclosure regulation, security controls failure reporting, infosec prevention and mitigation controls incentives, data-driven risk models, and cyber extortion policy reform.
;login:: the magazine of USENIX & SAGE, 2002
Digital Investigation, Jun 1, 2005
;login:: the magazine of USENIX & SAGE, 2003
Social Science Research Network, Oct 12, 2009
The proliferation of network-connected devices, also known as the “Internet of Things” (IoT), off... more The proliferation of network-connected devices, also known as the “Internet of Things” (IoT), offers unprecedented opportunities for consumers and businesses. Yet devices such as fitness trackers, personal home assistants (e.g., Amazon Echo, Google Home), and digital appliances are changing the nature of privacy as they operate silently in the background while transmitting data about a broad range of human activities and behaviors. As “smart” becomes the new default setting for devices, consumers are further losing the ability to monitor and control the data collected about them, and they often have little awareness of what is done with their data downstream. The risks of sharing data through smart devices are not always clear, particularly as companies combine data from different sources to infer an individual’s habits, movements, and even emotions.<br><br>This report is the culmination of eighteen months of empirical research into the privacy risks of the internet of things, involving over forty experts, scholars, business-people, advocates, regulators, lawyers, engineers, and other experts. It provides an overview of some of the key privacy issues resulting from the expansion of the IoT, as well as emerging frameworks that could help policymakers and corporate leaders reduce potential harms through regulation and product design. Among the findings outlined in this paper:<br><br>• The IoT has the potential to diminish the sanctity of spaces that have long been considered private, and could have a “chilling effect” as people grow aware of the risk of surveillance. Yet the same methods of privacy preservation that work in the online world are not always practical or appropriate for the personal types of data collection that the IoT enables.<br><br>• Several frameworks have emerged for addressing the privacy issues that the IoT presents. Some focus on giving users more meaningful, granular control over the data that is collected, when it's collected, and how it is shared, while others focus on the accessibility and correct timing of privacy notices.<br><br>• Policymakers should take steps to regulate the privacy effects of IoT before mass sensor data collection becomes ubiquitous, rather than after. Omnibus privacy legislation can help regulate how data is handled in the grey areas between sectors and contexts. Europe’s General Data Protection Regulation (GDPR), coming into force in 2018, will have an impact initially on IoT devices created and sold in the EU, and will affect those from the US as well over time.<br><br>• Having broad non-specialist conversations about the use, collection, and effects of IoT data is essential to help the populace understand technological changes in this space and how they affect privacy expectations.<br><br>• Makers of IoT products and services should employ a variety of standard measures to provide greater user management and control, as well as more effective notification about how personal data is captured, stored, analyzed, and shared.
Lecture Notes in Computer Science, 2012
Computer Communication Review, Apr 8, 2014
Social Science Research Network, 2013
IEEE internet of things magazine, Jun 1, 2019
Social Science Research Network, 2021
Darwin’s survival of the fittest theory maintains that an organism's ability to adapt to chan... more Darwin’s survival of the fittest theory maintains that an organism's ability to adapt to changes in its environment and adjust accordingly over time determines its survival success. This process of adaptation at the heart of Darwinism is apropos for the cyber insurance industry amidst the selective pressures introduced by ransomware (RW) incidents and claims. This case study proffers adaptations to the changes wrought by ransomware in order to increase cyber insurance resiliency to this peril and prevent coverage extinction. These adaptations exist on a spectrum of controllability and speed of impact, including: risk management guidance, mandatory ransomware incident disclosure regulation, security controls failure reporting, infosec prevention and mitigation controls incentives, data-driven risk models, and cyber extortion policy reform.
;login:: the magazine of USENIX & SAGE, 2002
Digital Investigation, Jun 1, 2005
;login:: the magazine of USENIX & SAGE, 2003
Social Science Research Network, Oct 12, 2009
The proliferation of network-connected devices, also known as the “Internet of Things” (IoT), off... more The proliferation of network-connected devices, also known as the “Internet of Things” (IoT), offers unprecedented opportunities for consumers and businesses. Yet devices such as fitness trackers, personal home assistants (e.g., Amazon Echo, Google Home), and digital appliances are changing the nature of privacy as they operate silently in the background while transmitting data about a broad range of human activities and behaviors. As “smart” becomes the new default setting for devices, consumers are further losing the ability to monitor and control the data collected about them, and they often have little awareness of what is done with their data downstream. The risks of sharing data through smart devices are not always clear, particularly as companies combine data from different sources to infer an individual’s habits, movements, and even emotions.<br><br>This report is the culmination of eighteen months of empirical research into the privacy risks of the internet of things, involving over forty experts, scholars, business-people, advocates, regulators, lawyers, engineers, and other experts. It provides an overview of some of the key privacy issues resulting from the expansion of the IoT, as well as emerging frameworks that could help policymakers and corporate leaders reduce potential harms through regulation and product design. Among the findings outlined in this paper:<br><br>• The IoT has the potential to diminish the sanctity of spaces that have long been considered private, and could have a “chilling effect” as people grow aware of the risk of surveillance. Yet the same methods of privacy preservation that work in the online world are not always practical or appropriate for the personal types of data collection that the IoT enables.<br><br>• Several frameworks have emerged for addressing the privacy issues that the IoT presents. Some focus on giving users more meaningful, granular control over the data that is collected, when it's collected, and how it is shared, while others focus on the accessibility and correct timing of privacy notices.<br><br>• Policymakers should take steps to regulate the privacy effects of IoT before mass sensor data collection becomes ubiquitous, rather than after. Omnibus privacy legislation can help regulate how data is handled in the grey areas between sectors and contexts. Europe’s General Data Protection Regulation (GDPR), coming into force in 2018, will have an impact initially on IoT devices created and sold in the EU, and will affect those from the US as well over time.<br><br>• Having broad non-specialist conversations about the use, collection, and effects of IoT data is essential to help the populace understand technological changes in this space and how they affect privacy expectations.<br><br>• Makers of IoT products and services should employ a variety of standard measures to provide greater user management and control, as well as more effective notification about how personal data is captured, stored, analyzed, and shared.
Lecture Notes in Computer Science, 2012
Computer Communication Review, Apr 8, 2014
Social Science Research Network, 2013