Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform

We describe the design, implementation, and evaluation of FROST—three new forensic tools for the OpenStack cloud platform. Our implementation for the OpenStack cloud platform supports an Infrastructure-as-a-Service (IaaS) cloud and provides trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs. Unlike traditional acquisition tools, FROST works at the cloud management plane rather than interacting with the operating system inside the guest virtual machines, thereby requiring no trust in the guest machine. We assume trust in the cloud provider, but FROST overcomes non-trivial challenges of remote evidence integrity by storing log data in hash trees and returning evidence with cryptographic hashes. Our tools are user-driven, allowing customers, forensic examiners, and law enforcement to conduct investigations without necessitating interaction with the cloud provider. We demonstrate how FROST's new features enable forensic investigators to obtain forensically-sound data from OpenStack clouds independent of provider interaction. Our preliminary evaluation indicates the ability of our approach to scale in a dynamic cloud environment. The design supports an extensible set of forensic objectives, including the future addition of other data preservation, discovery, real-time monitoring, metrics, auditing, and acquisition capabilities.     

Digital evidence and ‘cloud’ computing

The term ‘cloud computing’ has begun to enter the lexicon of the legal world. The term is not new, but the implications for obtaining and retaining evidence in electronic format for the resolution of civil disputes and the prosecution of alleged criminal activities might be significantly affected in the future by ‘cloud’ computing. This article is an exploratory essay in assessing the effect that ‘cloud’ computing might have on evidence in digital format in criminal proceedings in the jurisdiction of England & Wales.     

A case study on anonymised sharing platforms and digital traces left by their usage

Non-local forms of file storage and transfer provide investigatory concerns. Whilst mainstream cloud providers offer a well-established challenge to those involved in criminal enquiries, there are also a host of services offering non-account based ‘anonymous’ online temporary file storage and transfer. From the context of a digital forensic investigation, the practitioner examining a suspect device must detect when such services have been utilised by a user, as offending files may not be resident on local storage media. In addition, identifying the use of a service may also expose networks of illegal file distribution, supporting wider investigations into criminal activity. This work examines 16 anonymous file transfer services and identifies and interprets the digital traces left behind on a device following their use to support law enforcement investigations.     

Protecting the privacy and security of sensitive customer data in the cloud

The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.     

A study on the forensic mechanisms of VoIP attacks: Analysis and digital evidence

This paper discusses the use of communication technology to commit crimes, including crime facts and crime techniques. The analysis focuses on the security of voice over Internet protocol (VoIP), a prevention method against VoIP call attack and the attention points for setting up an Internet phone. The importance of digital evidence and digital forensics are emphasised. This paper provides the VoIP digital evidence forensics standard operating procedures (DEFSOP) to help police organisations and establishes an experimental platform to simulate phone calls, hacker attacks and forensic data. Finally, this paper provides a general discussion of a digital evidence strategy that includes VoIP for crime investigators who are interested in digital evidence forensics.     

Cross border data transfer: Complexity of adequate protection and its exceptions

The majority of the fear that exists about the cloud arises due to the lack of transparency in the cloud. Fears have persisted in relation to how the data are frequently transferred in a cloud for various purposes which includes storing and processing. This is because the level of protection differs between countries and cloud users who belong to countries which provide a high level of protection will be less in favour of transfers that reduce the protection that was originally accorded to their data. Hence, to avoid client dissatisfaction, the Data Protection Directive has stated that such transfers are generally prohibited unless the country that data is being transferred to is able to provide ‘appropriate safeguards’. This article will discuss the position of the Data Protection Directive and how the new General Data Protection Regulation differs from this Directive. This involves the discussion of the similarity as well as the differences of the Directive and Regulation. In summary, it appears that the major principles of the cross border transfer are retained in the new regulation. Furthermore, the article discusses the exceptions that are provided in the standard contractual clause and the reason behind the transition from Safe Harbor to the new US-EU Privacy Shield. This article subsequently embarks on the concept of Binding Corporate Rule which was introduced by the working party and how the new regulation has viewed this internal rule in terms of assisting cross border data transfer. All the issues that will be discussed in this article are relevant in the understanding of cross border data transfer.     

社会转型对统一战线的影响、 影响机理及应对策略研究

统一战线一直是中国共产党在革命、改革和建设等各个时期的关键议题,是我国社会主义民主政治建设的重要内容。统一战线寓于社会转型之中并深受社会转型的影响。迄今为止,中国近现代共经历了三次大的社会转型,三次社会转型的主题不同,产生的动因不同,对我国统一战线产生的阶段性影响也有所差异。我国现处于第三次社会转型期,中国社会在价值体系、经济环境、组织基础、利益格局等方面的转型造成了我国统战阶层的多元化、统战结构的复杂化、统战地位的强势化及统战力量的分散化,也使得我国统战工作面临新的问题。对此,我国各级统战部门在开展统战工作的过程中,必须积极创新统战工作理论、建立利益协调机制、拓宽政治参与渠道、搭建互动沟通平台。     

A walk in to the cloud and cloudy it remains: The challenges and prospects of ‘processing’ and ‘transferring’ personal data

Cloud computing is an information technology technique that promises greater efficiency and reduced-cost to consumers, businesses and public institutions. However, to the extent it has brought better efficiency and minimal cost, the emergence of cloud computing has posed a significant regulatory challenge on the application of data protection rules particularly on the regime regulating cross-border data flow. The Data Protection Directive (DPD), which dates back to 1995, is at odds with some of the basic technological and business-related features of the cloud. As a result, it is claimed that the Directive hardly offers any help in using the legal bases to ‘process’ and ‘transfer’ data as well as to determine when a transfer to a third country occurs in cloud computing. Despite such assertions, the paper argues that the ECJ's Bodil Lindqvist decision can to a certain extent help to delineate circumstances where transfer should and should not occur in the cloud. Concomitantly, the paper demonstrates that controllers can still make the most of the available possibilities in justifying their ‘processing’ as well as ‘transferring’ of data to a third country in cloud arrangements. In doing so, the paper also portrays the challenges that arise down the road. All legal perspectives are largely drawn from EU level though examples are given from member states and other jurisdictions when relevant.     

Autonomous weapon system: Law of armed conflict (LOAC) and other legal challenges

The legality of autonomous weapon systems (AWS) under international law is a swiftly growing issue of importance as technology advances and machines acquire the capacity to operate without human control. This paper argues that the existing laws are ineffective and that a different set of laws are needed. This paper examines several issues that are critical for the development and use of AWS in warfare. It argues that a preemptive ban on AWS is irrelevant at this point and urges the appropriate authorities to develop a modern legal framework that is tailored to embrace these state-of-the-art weapons as the Law of Armed Conflict (LOAC) develops. First, this paper explores the myriad of laws designed to govern the potential future development and deployment of artificial intelligence and AWS in the context of International Humanitarian Law or LAOC. Second, the paper argues that it will be challenging for AWS to fulfill the requirements laid out under the International Committee of the Red Cross and LOAC for the rules of humanity, military necessity, distinction, proportionality and precaution, especially as it is related to noncombatants. Third, the paper discusses command responsibility and argues that states should establish accountability for wrongful acts committed by the AWS. Finally, this paper contends that there is an urgent need for a new legal framework to regulate these AWS and presents different solutions for the legal framework of AWS.     

A new method for the recovery and evidential comparison of footwear impressions using 3D structured light scanning

Footwear impressions are one of the most common forms of evidence to be found at a crime scene, and can potentially offer the investigator a wealth of intelligence. Our aim is to highlight a new and improved technique for the recovery of footwear impressions, using three-dimensional structured light scanning. Results from this preliminary study demonstrate that this new approach is non-destructive, safe to use and is fast, reliable and accurate. Further, since this is a digital method, there is also the option of digital comparison between items of footwear and footwear impressions, and an increased ability to share recovered footwear impressions between forensic staff thus speeding up the investigation.     

The strategic value of new university technology and its impact on exclusivity of licensing transactions: An empirical study

Commercialization of new university technology within the new product development process is an important tool by which established firms can expand their innovative capabilities. The strategic importance of the university technology to the firm, however, can vary considerably. An exclusivity agreement is a useful tool to protect the firm’s investment and help ensure that value is appropriated through the commercialization process. An empirical study of 66 technology transfer projects in the information and communications technology industry reveals that licensing transactions are usually secured by some form of exclusivity agreements when the product innovation enabled by the new university technology is new-to-the-firm or new-to-the-market and the firm’s perception of the strategic value of the new technologies is high.      

The ICO and artificial intelligence: The role of fairness in the GDPR framework

The year 2017 has seen many EU and UK legislative initiatives and proposals to consider and address the impact of artificial intelligence on society, covering questions of liability, legal personality and other ethical and legal issues, including in the context of data processing. In March 2017, the Information Commissioner's Office (UK) updated its big data guidance to address the development of artificial intelligence and machine learning, and to provide (GDPR), which will apply from 25 May 2018.This paper situates the ICO's guidance in the context of wider legal and ethical considerations and provides a critique of the position adopted by the ICO. On the ICO's analysis, the key challenge for artificial intelligence processing personal data is in establishing that such processing is fair. This shift reflects the potential for artificial intelligence to have negative social consequences (whether intended or unintended) that are not otherwise addressed by the GDPR. The question of ‘fairness’ is an important one, to address the imbalance between big data organisations and individual data subjects, with a number of ethical and social impacts that need to be evaluated.     

套牌车整治情报信息战略研究

汽车数量的膨胀,涉车违法犯罪愈加猖獗,车辆套牌违法行为呈多发态势,公安机关的整治行动一度陷入困境。科学治理套牌车非法上路行驶,需要树立情报信息主导警务理念,既要采取法律手段、技术手段,更要采取信息手段;需要建立部门联动机制,使用先进装备,培养信息专门人才,规范情报信息的采集与录入。     

Legislative genesis and judicial death of a directive: The European Court of Justice invalidated the data retention directive (2006/24/EC) thereby creating a sustained period of legal uncertainty about the validity of national laws which enacted it

The Grand Chamber has ruled that the data retention directive was invalid ex tunc since it seriously interfered with the fundamental rights to respect for private life and protection of personal data and exceeded the limits of the principle of proportionality which are provided for in the Charter. The scope and temporal effects of this ruling should be clarified, especially its legal impacts on national laws of Member States which enacted the directive. In addition, the findings of the Grand Chamber on geographical safeguards have far-reaching implications on the retention and storage of personal data in the EU.     

我国师范教育体制转换中的问题与建议

我国师范教育由独立型、定向型的体制向非定向型、开放型的体制转换是一种必然趋向。在师范教育体制转换的过程中,存在着综合性高等学校如何参与师资培养与培训,现行的师范院校何去何从、如何重组师范教育资源及如何推进师范教育层级提升等一系列重要问题。综合性高校参与师资培养与培训要发挥其自身优势;要有重点地加强师范院校建设,促进师范教育健康发展,要加大师范教育资源重组力度,使之合理有效地得到利用,要重点促进中等师范教育向高等师专教育提升。     

Impact of Defense-Only and Opposing Eyewitness Experts on Juror Judgments

Previous research shows that expert testimony on eyewitness memory influences mock-juror judgments. We examined the extent to which opposing expert testimony mitigates the impact of defense-only expert testimony. Participants (N = 497) viewed a video-taped trial involving an eyewitness identification and individually rendered verdicts and evaluated the evidence and the experts. We manipulated the Foils (unbiased vs. biased) and Instructions (unbiased vs. biased) of the lineup and Expert Testimony (no expert vs. defense-only expert vs. opposing experts). Expert testimony did not significantly influence juror judgments, but the opposing expert testimony diminished the credibility of the defense expert in the eyes of the jurors. Results point to the need for further research on conditions that qualify the impact of expert testimony.     

Discriminating natural images and computer generated graphics based on the impact of CFA interpolation on the correlation of PRNU

To discriminate natural images from computer generated graphics, a novel identification method based on the features of the impact of color filter array (CFA) interpolation on the local correlation of photo response non-uniformity noise (PRNU) is proposed. As CFA interpolation generally exists in the generation of natural images and it imposes influence on the local correlation of PRNU, the differences between the PRNU correlations of natural images and those of computer generated graphics are investigated. Nine dimensions of histogram features are extracted from the local variance histograms of PRNU to represent the identification features. The discrimination is accomplished by using a support vector machine (SVM) classifier. Experimental results and analysis show that it can achieve an average identification accuracy of 99.43%, and it is robust against scaling, JPEG compression, rotation and additive noise. Thus, it has great potential to be used in image source pipelines forensics.     

论科学技术发展对法律的影响

科学技术发展对法律有影响深远,但是也有许多限制。科学技术发展促进了法律的深化,集中体现在科技法及其重要组成部分的知识产权法的产生和发展上。科学技术发展又从人与自然关系的高度,促进生态法的诞生与发展。     

WTO协定对欧盟法的影响及启示--从欧盟法院的角度

WTO协定在欧共体被视为法律渊源之一,但是在欧共体并不具有直接效力;欧共体法被假定为与WTO协定相一致,但是欧盟法院在具体案件中不以WTO协定作为评价欧共体法合法性的依据。欧盟法院在其判决中对二者之间关系之精心设计,对于刚加入世贸组织的我国来说,不乏借鉴意义。     

互联网、大数据、人工智能与科学立法

在具有连接一切、去中心化、跨界融合、计算一切等特征的互联网、大数据、人工智能的新时代背景下,立法正面临一场历史性的变革:立法要靠数据说话,更需要数据思维;可以广泛征求民意,更需要高度关注网络舆情;既面临破除部门利益法制化的重要机遇,也面临难以找到立法共识的重大难题;立法要么主动创新,要么被动改革;部分工作可能被人工智能所替代。深化依法治国实践,需要推动互联网、大数据、人工智能和全面依法治国的深度融合,树立数据思维,发挥"众智"作用,深入进行数据挖掘,以创新思维推进跨界融合,应用人工智能,运用互联网技术和信息化手段来推动科学立法。