Security and Technology

Question 1

what is an attractiveness factor? by what is it influenced?

Answer 1

the degree of interest in a target

influenced by: a) goal of opponent, b) critical infrastructure

Question 2

what is the difference between technique and technology?

Answer 2

technique - man-made, tangible, concrete solution

technology - science of technique; expanding our human capabilities (time component)

Question 3

how has security technology changed over time?

Answer 3

before: for survival (military tech for national security)
after: for survival + facilitate our lives + solve problems… (much broader)

Question 4

what are 4 types of security technology?

Answer 4

1. preventive
2. detective
3. responsive
4. chronological

Question 5

what are TAs goals?

Answer 5

1. identify possible side effects/threats of new techse.g. privacy, job security, ethical, security…)
2. anticipate and prevent unacceptable scenarios
3. develop strategies to mitigate consequences when they happen
4. provide responsible design and deployment suggestions

Question 6

what are Reponsible Innovation’s 2 aspects?

Answer 6

1. substantive: concept to amplify set of moral obligations

2. process: who is responsible in a multi-actor system

Question 7

what does RI consist of according to the EU definition? (the obligations)

Answer 7

during design and development of new tech:

1. obtain knowledge on (a) consequences, (b) range of options
2. evaluate outcomes and options in terms of moral values

Question 8

what are the 4 options of RI’s state?

Answer 8

1. business as usual
2. improved business as usual (specific funding for RRI)
3. improved coordination with m.s. w/o legally binding intiative
4. improved coordination with m.s. with legally binding intiative (top-down)

Question 9

which, out of the 4 options is the best RI state and why?

Answer 9

3. improved coordination with m.s. w/o legally binding intiative
   a. efficient research funding (many actors + funding)
   b. flexible
   c. harmonize approaches

Question 10

is technology value neutral?

Answer 10

no.

• tech inherits our values of society and shapes our lives
• Bethlehem church ‘door of humility’
• NY low bridges
• AI guest lecture

Question 11

is the need for RI (need to balance conflicting ethical values) always bad

Answer 11

no, it can lead to commitment and creativity to find solutions

Question 12

what do TAs aim to do?

Answer 12

1. aim to map as many effects as possible (1st, 2nd, 3rd order effects)
2. reflect on options/measures
3. early warning system
4. support political decision-making
5. map uncertainty and ambiguity
6. suggestions

Question 13

what is the difference between a 1st, 2nd and 3rd order effect?

Answer 13

1st: planned, foreseen, desired
2nd: unplanned, (partly) unforeseen, sometimes desired
3rd: difficult to foresee

Question 14

what is (un)intended use of technologies? what are 2 examples

Answer 14

tech being used for other purposes than designed for

e.g. 3d printers for weapons; speed limits as games

Question 15

what is (un)foreseen use of technologies?

Answer 15

unforeseen effects/impact of tech

e.g. not thinking computers would become so widely used

Question 16

what is the difference between hard and soft impact?

Answer 16

hard impact: more visible; harmful (e.g. chernobyl nuclear accident)
soft impact: less visible; harmful (e.g. privacy breaches, exclusion from society)

Question 17

what is an uncertainty risk problem?

Answer 17

unknown likelihood of occurence (due to lack of knowledge)

Question 18

what is an ambiguous risk problem?

Answer 18

effects’ desirability up for debate

Question 19

what is the constructive ta (cta) method?

Answer 19

• addressing the gap between scientists (promotion) and scholars/stakeholders (control)
• involve more actors and aspects

Question 20

what are cta’s goals?

Answer 20

1. learn about social consequences
2. reflexivity (awareness of complexity of multiple actors)
3. anticipate possible consequences
4. broaden tech dev by a co-creation process

Question 21

how does one go about cta?

Answer 21

• method of insertion:
• inserting scholars/stakeholders in the scientific world
  a. explore world of developing tech (labs, conferences, debates…) (identify endogenous features)
  b. formulate diagnoses on current discussions
  c. orchestrate workshops with socio-technical scenarios (with many stakeholders)
• soft intervention

Question 22

what is the midstream modulation (mm) ta method?

Answer 22

rather than public upstream or downstream engagement, engage in the midstream
more feedback loops

Question 23

what are the issues with solely public upstream engagement for TAs?

Answer 23

1. unclear how to accomodate
2. linear (inflexible)
3. too early
   …?

Question 24

what are the issues with solely downstream engagement for TAs?

Answer 24

1. lack of public trust
2. more perspectives -> more contexts taken into -> more desirable outcomes (more robust)
3. too late

Question 25

what is the network approach for moral evaluation (NAME) ta method?

Answer 25

reaching consensus on which ethical issues to address through 1. reflexivity and 2. inclusiveness
- R&D = network of bounded rational actors cooperating (vs. hierarchy and clear task division)

Question 26

how does one go about the NAME TA method?

Answer 26

1. identify ethical issues in the R&D
2. evaluate by deliberation and seeking coherence on which issues to address
3. distribute responsibilities in acceptable way to all and still effective

Question 27

what is the political TA (pta) method?

Answer 27

involving policy-makers in the tech development

through debates between science and politics (boundary work)

Question 28

what is required for the pTA method?

Answer 28

1. trustworthy scientific identity
2. trust connections
3. seize cooperation opportunities

Question 29

what is the ethical TA (eTA) method?

Answer 29

• ethical implication of new tech
• continuous dialogue with tech developers early on
• focus on 9 values

Question 30

what are the eTA values?

Answer 30

1. dissemination and use of info
2. control, influence and power
3. impact on social contact patterns
4. privacy
5. sustainability
6. human reproduction
7. gender, minorities and justice
8. international relations
9. impact on human values

Question 31

how can you quantify risk?

Answer 31

likelihood x consequence

likelihood = exposure/vulnerability (so need info on the impact and occurence)

Question 32

what is ignorance of effects?

Answer 32

• little knowledge on impact

- any amount of knowledge on the occurences

Question 33

what is uncertainty of effects?

Answer 33

• lots of knowledge about the impact

- little knowledge about occurences

Question 34

what are reasons for a lack of knowledge on tech effects?

Answer 34

a. lack of data
b. lack of adequate testing methods
c. inadequate models
d. long-term effects
e. interaction effects

Question 35

how can one approach making decisions under risk?

Answer 35

risk analysis (limit the negative consequences)

a. risk matrix (likelihood x consequences severity)
b. risk management cycle

Question 36

how can one make decisions under uncertainty?

Answer 36

precautionary principle (no probability needed)
or
security/safety-by-design

Question 37

what is the Collingridge/Control Dilemma?

Answer 37

each moment of a tech’s timeline has limitations in being able to steer the technology
early in development phase:
a. tech = malleable
b. but lack of info makes it difficult to predict how best to steer tech
later phase:
a. less malleable tech (embedded in society)
b. but risks are clearer so you know where you would need to steer

Question 38

what is the precautionary principle?

Answer 38

anticipatory action taking even w/o knowledge on severity and likelihood of the impact
“if there is a threat, which is uncertain, then some kind of action is mandatory”

Question 39

what are critiques of the precautionary principle?

Answer 39

“(1) if there is a threat, which is uncertain, then (2) some kind of action is (3) mandatory”

1. vague (when do you invoke - which phase?)
2. contradiction (uncertainty impedes knowing suitable measure)
3. hinders innovation (can’t deal with ignorance)
4. from sunscreen case: risks not taking into account long-term cumulation, interaction effects…

Question 40

what principle was used for dealing with the uncertainty of titanium dioxide sunscreen?

Answer 40

• NL advice: use precautionary principle
• but limits: risks not taking into account long-term cumulation, interaction effects, lab isn’t real life…
• so used social experiment (safety/security-by-design)

Question 41

what are the conditions for safety/security by design?

Answer 41

1. absence of alternatives
2. controllability of experiment
3. informed consent (knowledge of risks, voluntary, can withdraw)
4. on-going evaluation

Question 42

what is the problem of many hands?

Answer 42

• a collective is responsible for an outcome (vs. one indiv)

- responsibility gaps

Question 43

what are the different classifications of responsible group actors?

Answer 43

1. engineers

2. users

Question 44

what are the conditions for engineers to be held responsible?

Answer 44

1. freedom (to act - no pressure)
2. knowledge (of possible negative outcomes)
3. causal connection (between act and outcome - doing nothing is also an act)
4. transgression of norm (violating a societal norm)

Question 45

what is the difference between backwards and forwards looking responsibility?

Answer 45

• responsibility of engineers
• backwards-looking: after things went wrong
• forward-looking: before something happened

Question 46

what might be true to hold users responsible?

Answer 46

unintended use (than designers’ intentions)

Question 47

how can technology impact the responsibility of users?

Answer 47

• tech can enable and inhibit some from carrying out responsibility
  a. take over responsibility (enable) (e.g. tesla, good design in control room)
  b. hinder from taking over responsibility (bad design in control room)

Question 48

what are issues in governance of technology?

Answer 48

1. too many stakeholders -> conflicting ideas (tech developers, users, non-users but affected, gov…)
2. lack of technical expertise of policy-makers (complex issues, inadequate knowledge) -> rely on advice
   a. experts need independence
   b. experts need credibility
3. international context (laws) e.g. GDPR -> too much regulation -> loses developers

Question 49

what are different tools to govern new technologies?

Answer 49

1. national and international law
   - e.g. GDPR
   - limits: not all stakeholders agree with legislation (legislation doesn’t equal acceptance)
2. stakeholder involvement
   - direct and indirect (unaware, affected non-users)
3. raising awareness on possible implications
   - to all stakeholders (incl. unaware users_
   - how to balance awareness and fear
4. funding for R&D
5. national and international institutes
   - advise, provide info, provide oversight, fund…

Question 50

What are the Rathenau Institute’s tasks

Answer 50

1. support forming both political and public opinion on social issues
2. inform both parliament and public
3. stimulate public debate
4. build bridges between science, tech and society

Question 51

what are the Rathenau Institute’s mode of operation

Answer 51

• many methods for large-scale TA
  1. e.g. lit review, surveys, interviews, focus groups…
  2. communicate results to public
  3. connect TA to politics (put on parliamentary agenda, make research comprehensible…0

Question 52

how can technology (e.g. AI) influence morality?

Answer 52

1. by co-shaping moral perceptions
2. by co-shaping moral actions
3. by co-shaping and changing values

Question 53

how can technology (e.g. AI) influence morality by co-shaping moral perceptions?

Answer 53

• e.g. what it means to be safe in the city
• coloured lights regulate aggressive behaviour or dispatch police
• issues: incorrect identification, need human intervention too
• self-fulfilling prophecy (dispatch often -> determined to find crime)
• safety city maps influencing choices

Question 54

how can technology (e.g. AI) influence morality by co-shaping moral actions?

Answer 54

• e.g. fair treatment
• predictive policing: algorithm for directing efforts towards high-risk persons and locations
• Sensing Project: analyse car passengers for pickpockets/shoplifters of eastern european origin (mobile banditry) (eastern european indicators… vs only crime indicators)
• software predicting chances of recommitting crimes to decide sentence length
• issue: algorithm discriminatory

Question 55

how can technology (e.g. AI) influence morality by co-shaping and changing values?

Answer 55

• e.g. interdependence in the city

- covid-19 social norms (what we expect from others): masks, solidarity, honesty in tracing apps..

Question 56

how does trust affect how we should conduct decision-making with AI?

Answer 56

1. relational vulnerability
2. informed choices beyond AI indicators
3. critical engagement with info from AI

Question 57

what did the case study of SyRI illustrate on risk-assessments using AIs ?

Answer 57

• AI in advance risk prediction of citizens (2014)
• result: childcare benefit scandal -> flagged many people of colour as committing fraud and made to repay -> bankruptcy
• problems:
  a. discriminatory criteria by humans (immigration background, double nationality)
  b. understood honest mistakes as fraud (missing signature)
• learned: need algorithmic transparency, safeguards, accountability

Question 58

what are responsible design solutions for AI?

Answer 58

1. diversity and inclusion
2. checklist to check for biases
3. know AI isn’t neutral; mediates our perceptions
4. get more info (on how its working in practice and before)

Question 59

what are the different alarming situations?

Answer 59

perception of attack detected vs reality: attack

1. missed alarm (f,t)
2. alarm (t,t)
3. at rest (f,f)
4. false alarm (t,f) -> unwanted alarms, unidentified alarms

Question 60

what is the difference between unwanted alarms and unidentified alarms?

Answer 60

unwanted alarms: mistake but for understandable reason (e.g. house alarm detects dog outside)
unidentified alarms: mistake but ununderstandable reason (e.g. house alarm detects nothing)

Question 61

what are the 2 alarm failures?

Answer 61

1. missed alarm (f,t)

2. false alarm (t,f) -> unwanted alarms, unidentified alarms

Question 62

how does one minimize alarm failures?

Answer 62

• move system thresholds
• decide which you want to avoid most
• difficult to avoid both, but solution to minimize both: multiple thresholds (different sensors and technologies) -> multi-layer detection

Question 63

what is multi-layer detection?

Answer 63

• depending on combo and order of detection -> alarm goes off
• lasers, videos, mics…

Question 64

how have alarms changed on the dutch national scale

Answer 64

• increase in verification in 2007 before police dispatch

Question 65

what are different verification tools for alarms?

Answer 65

1. cameras (live and secure)
2. local security
3. seperate secondary alarm
4. mic

Question 66

what is the link between terrorism and tech?

Answer 66

• tech can be used for prevention, mitigation of terrorism

- tech can also be used by terrorists (unintended uses + intended uses + dual-use)

Question 67

what kind of relationship does the resources required to use a tech and the tech’s impact have?

Answer 67

positive linear

Question 68

what kind of relationship does the complexity of a weapon and the probability of success have?

Answer 68

negative linear

Question 69

what influences the probability of the use of a weapon by terrorists?

Answer 69

1. difficulty of the technology’s acquisition (law, money, organisation…)
2. difficulty of acquiring explicit knowledge about the tech (internet, manuals, training…)
3. difficulty of acquiring the tacit knowledge about the tech (trial and error, training, military…)

Question 70

what are the different levels on the web?

Answer 70

1. surface web
   - in search engines
   - no software or The Onion Router (Tor)
   - .com, .net…
2. deep web
   - protected by authentification, passwords, firewalls
   - e.g. emails, bank info…
3. dark web
   - sites within deep web
   - need Tor browser
   - legal and illegal purposes

Question 71

what are some advantages of cyberspace?

Answer 71

1. simple to access
2. poor control/monitoring
3. anonymity
4. interactive
5. cheap
6. instant reach to masses

Question 72

what are advantages of using the cyberspace for cyberattacks

Answer 72

1. stealthy pre-attach
2. organization = low risk
3. can do extensive damage

Question 73

what is doxing?

Answer 73

revealing private info

Question 74

what is narrowcasting?

Answer 74

transmitting restricted info to specific category

Question 75

what are some purposes of cyberspace for cyberattacks?

Answer 75

1. access to materials (weapons, docs)
2. training (manuals, advice…)
3. secure communication
4. doxing
5. recruit
6. fundraise
7. narrow casting
8. get info on targets (maps, images, locations)

Question 76

what is the issues with Value-Sensitive Design (VSD) and Design for Values?

Answer 76

• doesn’t take into account how some technologies can be subject to changes in values

Question 77

what is Value-Sensitive Design (VSD) and Design for Values?

Answer 77

framework for ethical intervention in design of socio-technical systems
VSD:
- empirical, conceptual, technological investigations (cycle)
DFV:
- design requirements, norms, values (pyramid)

Question 78

what are different types of value changes and an example for each?

Answer 78

1. changes in value’s conceptualization (e.g. privacy - many types)
2. emergence of new values (e.g. sustainability)
3. changes in values relevant for tech design (e.g. traffic safety in phones)
4. changes in priority and relative importance of values (e.g. pedestrian safety in cars)
5. changes in values’ specification (translation into norms and design requirements) (e.g. battery cages for chickens)

Question 79

what are 3 ways that tech design can be helped in case of value changes and what is the ultimate goal?

Answer 79

• > resilience!
  1. adaptability: possibility to change composition or configuration (for same or new function) (with modularization)
  2. flexibility: different possibilities for using the design (double-edged)
  3. robustness: ability to perform while respecting values despite changes in relevancy, conceptualization and prioritization of values

Question 80

what are 3 perspectives in how responsibility should be conceptualized?

Answer 80

1. consequentialist (forward-looking; instrumental; efficacy)
2. merit-based (backwards-looking; fairness; conditions)
3. rights-based (no-harm principle; duty; consent)

Question 81

According to Kudina, how should privacy and solidarity values be bridged in COVID-19 tracking apps? and why should that happen?

Answer 81

1. institutional embedding (shared decision-making citizen panels and prevent societal coercion, app as additional measures)
2. public awareness
3. regulatory foresight
4. transparency

• > because tech is non-neutral
• > creates trust in the techs

Question 82

what are some ways that Collingridge contributes to RRI (social control of technology)?

Answer 82

1. keep technical options open
2. increase insensitivity of tech to error
3. escape hedging circle
4. enhance controllability
5. manage entrenchment and competition (to not hinder responsiveness)
6. reduce dogmatism of experts (transparent scrutiny, monitoring, independence)
7. minimise diseconomies of scale

Question 83

what was the sensing project

Answer 83

• how technology/AI used in NL to make risk assessment for shoplifting and pickpocketting
• algorithm indicators were very eastern european targetted -> because there is assumption in police that they are main culprits of mobile banality (even though actually only 22%)

Question 84

does the use of WMDs by terrorists pose a real threat?

Answer 84

theres a clear interest by them but little capability for them to do so

Question 85

in what 2 scenarios might WMD terrorism actually pose a potential threat?

Answer 85

1. toxic industrial chemical or highly radiological materials released near urban area in-situ
2. nuclear or biological weapons taken from a state arsenal (weaker state)

Question 86

what might be motives for terrorists to use WMDs?

Answer 86

1. mass casualties
2. psychological effect
3. long-term area denial
4. boost status

Question 87

what are the 2 most used CBNR attacks by terrorists?

Answer 87

1. chemical

2. biological

Question 88

what groups use CBNR WMDs the most?

Answer 88

1. religiously-inspired groups
2. lone actors or autonomous cells
3. ethno-nationalist groups

Question 89

what are technological advances that may risk more WMD use by terrorists?

Answer 89

1. miniaturization of manufacturing (e.g. biotechnology kits)
2. rapid prototyping and marginal cost production
3. spread by commercial off-the-shelf applications
4. adversaries easy access to online edu and social media

Question 90

what are the 2 types of constraints identified for terrorrist use of WMDs?

Answer 90

1. practical constraints

2. strategic constraints

Question 91

what are the different types of practical constraints identified for terrorrist use of WMDs?

Answer 91

a. technical constraints (build, transport, use, store, uncertainty in no testing
b. environmental constraints (limited sources, expensive, local conditions to hide behind fronts)
- -> but increasing availability hasn’t shown to have contributed to an increase in WMD attacks

Question 92

what are the different types of strategic constraints identified for terrorrist use of WMDs?

Answer 92

a. generate condemnation by supporters?
b. provoke more gov efforts to destroy group
c. ideology role (if want to govern and othering - religious and ethno-nationalist)

Question 93

where do most terrorist orgs feature on constraints

Answer 93

high practical and strategic

Question 94

what the features of far-right CBNR terrorism?

Answer 94

• contrary to most assumptions of CBNR terrorism
  1. lone-actors or autonomous cells
  2. white-collar edu and profession (male middle aged)
  3. far-right non-religious ideology
  4. indiscriminate attack and weapon design
  5. use of easily obtainable and low tech. knowledge agents (ricin and cyanide)

Question 95

what CBNR terrorism assumptions does far-right CBNR terrorism challenge?

Answer 95

1. lone-actors -> not groups which could more easily obtain capabilties
2. non-religious actor’s use of CBNR and indiscriminate tactics -> no rational fear of political backlash

Question 96

what are different stakeholders?

Answer 96

1. tech developers
2. users
3. non-users but affected
4. government
   …