Information and Communication Technologies (ICTs) are important to human, national, and even international security. IT research, artifacts, and knowledge that can be applied in military and civilian contexts, used as part of weapon systems, or cause significant harm are referred to as dual-use. Advances in artificial intelligence (AI), robotics, cybersecurity, and open source intelligence (OSINT) raise questions about their dual-use risks. But how can dual-use of such disparate technologies be assessed? Case studies are still lacking on how to assess dual-use ICT and how to enable sensitive and responsible dual-use design. To address the research gap, this cumulative dissertation uses Technology Assessment (TA) as an epistemological framework to bring together approaches of Critical Security Studies (CSS) as well as Value Sensitive Design (VSD) from the field of Human-Computer Interaction (HCI). As a result, the dissertation systematizes the dual-use risks and scenarios of the selected ICTs and derives organizational and design implications.
Author(s): Thea Riebe
Publisher: Springer Vieweg
Year: 2023
Language: English
Pages: 325
City: Wiesbaden
Foreword of the Supervisor
Acknowledgements
Abstract
Zusammenfassung
Contents
Abbreviations
List of Figures
List of Tables
Part I Synopsis
1 Introduction
1.1 Motivation and Problem Statement
1.2 Aims and Objectives
1.3 Structure of the Work
1.4 Underlying Publications and Contributions of the Author
2 Theoretical Background and Related Work
2.1 Peace and Conflict Studies
2.1.1 Critical Security Studies
2.1.2 Technology Ambivalence and Dual-Use
2.2 Technology Assessment and Design
2.2.1 Dimensions of Technology Assessment
2.2.2 Human-Computer Interaction: From Technology Assessment to Participatory Design
2.3 Research Gap
3 Research Design
3.1 Conceptual Background
3.2 Research Approach
3.3 Research Context
3.4 Methods
3.4.1 Monitoring
3.4.2 Governance
3.4.3 Design
4 Results
4.1 Monitoring Perspective: Military and Civilian Applications
4.2 Governance Perspective: Weapons and non-Weapon Systems
4.3 Design Perspective: ICT Research and Development of Concern
4.4 Summary of Results
5 Discussion
5.1 Monitoring of Dual-use ICTs
5.2 Governance of Dual-use ICTs
5.3 Design of Dual-use ICTs
5.4 Towards Dual-Use Assessment of ICTs
5.5 Limitations and Future Work
6 Conclusion
7 List of the Author's Publications
Part II Publications
8 Measuring Spillover Effects from Defense to Civilian Sectors: A Quantitative Approach Using LinkedIn
8.1 Introduction
8.2 State of Research
8.2.1 Knowledge Economics and the Italian School
8.2.2 Measuring Spillover Effects by Patent Referencing and Labor Mobility
8.3 Analyzing the LinkedIn Profile Data
8.3.1 Sample and Case Selection
8.3.2 Coding the Companies
8.4 Empirical Results
8.4.1 Churn Behavior between the Defense and Civilian Industries
8.4.2 Limitations of the Approach
8.5 Comparison of the Approaches
8.6 Conclusion
9 Dual-Use and Trustworthy? A Mixed Methods Analysis of AI Diffusion between Civilian and Defense R&D
9.1 Introduction
9.2 Related Work and Theoretical Background
9.2.1 Responsible R&D of Dual-Use Technologies
9.2.2 EU Trustworthy AI Principles
9.2.3 Knowledge Diffusion of AI
9.3 Research Design
9.3.1 Patent Analysis: The Case of AI
9.3.2 Research Bodies: Arenas of Knowledge Diffusion
9.3.3 Data Collection
9.3.4 Data Analysis
9.4 Analysis
9.4.1 Quantitative Analysis: Patent Citation Networks
9.4.2 Qualitative Analysis
9.5 Discussion
9.5.1 Implications for Dual-use Assessment
9.5.2 Implications for Trustworthy AI
9.5.3 Limitations
9.6 Conclusion
10 Meaningful Human Control of LAWS: The CCW-Debate and its Implications for Value-Sensitive Design
10.1 Introduction
10.2 Related Work
10.3 Theoretical Background
10.4 Research Design
10.4.1 Data Collection
10.4.2 Data Analysis
10.5 Results
10.5.1 Autonomy and LAWS
10.5.2 Human-Computer Interaction
10.5.3 Socio-Technological Values of LAWS
10.5.4 Influencing Discourses
10.6 Discussion and Conclusion
10.6.1 Implications
10.6.2 Limitations and Outlook
11 U.S. Security Policy: The Dual-Use Regulation of Cryptography and its Effects on Surveillance
11.1 Introduction
11.2 Related Work
11.2.1 Surveillance Studies Perspective on Security Practices
11.2.2 Governance of Cryptography as a Security Relevant Dual-use Good
11.2.3 Research Gap
11.3 Method
11.3.1 Data Collection
11.3.2 Data Collection
11.4 Results
11.4.1 The 1990s: Cryptography and the Internet become Accessible
11.4.2 The 2000s: The War on Terror and the Spread of Social Media
11.4.3 The 2010s: From the Snowden Revelations to Today
11.5 Discussion
11.6 Conclusion
12 Values and Value Conflicts in the Context of OSINT Technologies for Cybersecurity Incident Response
12.1 Introduction
12.2 Background and Related Work
12.2.1 OSINT Systems as AI-based Decision Support in Cybersecurity Incident Response
12.2.2 VSD Research on OSINT
12.2.3 Research Gap
12.3 Methods
12.3.1 Systematic Literature Review: OSINT in the Domain of Cybersecurity
12.3.2 Conceptual and Empirical VSD Case Study
12.4 Results
12.4.1 OSINT-Technologies in the Domain of Cybersecurity
12.4.2 Stakeholder Values and Value Conflicts
12.5 Discussion and Implications
12.5.1 Research and Design Implications
12.5.2 Value Sensitivity as a Facilitator of Collaboration
12.5.3 Limitations and Future Work
12.6 Conclusion
13 Computer Emergency Response Teams and the German Cyber Defense: An Analysis of CERTs on Federal and State Level
13.1 Introduction
13.2 Related Work
13.2.1 Organization of Governmental CERTs
13.2.2 Technology and Collaboration of CERTs
13.2.3 Adapting Crisis Informatics Research to the Cyber Security Domain
13.2.4 Research Gap
13.3 Methodology: Empirical Study with German CERTs
13.3.1 Data Collection: Interviews and Document Research
13.3.2 Data Analysis: Codebook Development and Structured Content Analysis
13.4 Results
13.4.1 Organizational Structure, Interorganizational Exchange and Target Groups
13.4.2 Technologies and Practices for Cyber Incident Response
13.5 Discussion and Conclusion
13.5.1 Discussion and Findings
13.5.2 Implications for Design, Policy, and Research
13.5.3 Limitations and Future Work
14 Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey
14.1 Introduction
14.2 Related Work
14.2.1 Acceptance of Surveillance Technologies
14.2.2 Privacy Impact of OSINT
14.2.3 Research Gap and Hypotheses Development
14.3 Research Design
14.3.1 Survey Design
14.3.2 Questionnaire
14.3.3 Data Collection
14.3.4 Statistical Analysis
14.3.5 Ethics
14.4 Results
14.4.1 Descriptive Results
14.4.2 Factors Associated with OSINT Acceptance
14.5 Discussion
14.5.1 Factors Associated with the Acceptance of OSINT for Cybersecurity
14.5.2 Implications for Design and Organization
14.5.3 Limitations and Future Work
14.6 Conclusion
15 CySecAlert: An Alert Generation System for Cyber Security Events Using Open Source Intelligence Data
15.1 Introduction
15.2 Concept
15.2.1 Data Source and Architecture
15.2.2 Preprocessing and Representation
15.2.3 Relevance Classifier
15.2.4 Detecting Events and Generating Alerts
15.2.5 Implementation
15.3 Evaluation
15.3.1 Dataset
15.3.2 Relevance Classification
15.3.3 Alert Generation
15.3.4 System Performance
15.3.5 (Near-)Real-Time Capability
15.4 Related Work and Discussion
15.4.1 Cyber Security Event and Hot Topic Detection
15.4.2 Contributions
15.4.3 Limitations and Future Work
15.5 Conclusion
A Bibliography