Abstract
All privacy laws, security policies, and even individual actions are subject to an often-forgotten factor – the “Law of Unintended Consequences” (LUC.) Yet LUC is not a “law” in the sense of appearing in the Criminal Code, nor is it a Law of Nature like gravity. It is actually a manifestation of our inadequate efforts at foresight, and there are things we can do to counteract it. This paper identifies classes of factors which have lead to unintended consequences in the privacy and computer security domains, though the list is by no means exhaustive. It is primarily intended to inspire further thinking and research. We clearly need to make a stronger effort to “foresee the unforeseeable” or at least “expect the unexpected” to maintain public confidence in technological systems. The disciplines of strategic foresight and automated policy analysis may prove useful in attaining this goal.
Chapter PDF
References
Healy, T.: The Unanticipated Consequences of Technology. articled posted at Santa Clara University website, http://www.scu.edu/ethics/publications/submitted/healy/consequences.html (accessed February 10, 2011)
Perrow, C.: Normal Accidents: Living with High Risk Technologies. Princeton University Press, Princeton (1999)
Tenner, E.: Why Things Bite Back: Technology and the Revenge of Unintended Consequences. Vintage Books, New York (1996)
Taleb, N.: The Black Swan. In: The Impact of the Highly Improbable. Random House, New York (2007)
Dörner, D.: The Logic of Failure: Why Things Go Wrong and What We Can Do To Make Them Right. Metropolitan Books, New York (1989) (English Translation, 1996)
Retail Council of Canada Submission – On Copyrights, September 11 (2009), http://www.ic.gc.ca/eic/site/008.nsf/eng/02560.html (accessed February 10, 2011)
eur-lex.europa.eu (accessed February 10, 2011)
Flatley, Joseph, L.: Is Canada’s iPod Tax Back? posted March 17 (2010), http://www.engadget.com (accessed February 10, 2011)
Antognini, Richard, L.: The law of unintended consequences: HIPAA and liability insurers; at first glance, the Privacy Regulations appear to be adverse to insurers and defense counsel, but McCarran-Ferguson and exceptions may save the day. Defense Counsel Journal 69(3), 296–305 (2002)
Kapushian, M.: Hungry, Hungry HIPPA: When Privacy Regulations Go Too Far. Fordham Urban Law Journal 31(6), 1483–1506 (2004)
Vogel, P.: US Law Against Online Gambling Makes it the Biggest Loser. E-Commerce Times, September 9 (2010), http://www.ecommercetimes.com/rsstory/70775.html?wlc=1287123815 (accessed February 10, 2011)
Cameron, K.: More Unintended Consequences of Browser Leakage, http://www.identityblog.com/?p=1088 (accessed February 10, 2011)
Wondracek, G., Holz, T., et al.: A Practical Attack to De-Anonymize Social Network Users. Technical Report TR-iSecLab-0110-001, http://www.iseclab.org/papers/sonda-TR.pdf (accessed February 11, 2011)
http://www.iseclab.org/people/gilbert/experiment (accessed February 10, 2011)
Eckersley, P.: How Unique is Your Web Browser?, https://panopticlick.eff.org/browser-uniqueness.pdf (accessed February 11, 2011)
Schumacher, E.F.: Small is Beautiful – Economics as if People Mattered. Harper & Row, New York (1975)
Gaudin, S.: TJ Maxx Breach Costs Hit $17 Million, http://www.informationweek.com/news/security/showArticle.jhtml?articleID=199601551 (accessed February 10, 2011)
http://www.huffingtonpost.com/2010/02/26/emma-jones-british-teache_n_477337.html (accessed February 10, 2011)
http://www.dailymail.co.uk/news/article-1294700/Facebooks-Raoul-Moat-tribute-page-breached-terms-conditions.html#ixzz0v4NoxM50 (accessed February 10, 2010)
Levy, S.J.: Hackers: Heroes of the Computer Revolution – 25th Anniversary Edition. O’Reilly, Sebastopol (2010)
Metzger, T.: Prank Uses Obama in Attempt to Obtain Centurion Bling, http://blogs.creditcards.com/2008/10/the-amex-centurion-card.php (accessed October 15, 2010)
As explained, https://assessmentsearch.calgary.ca (accessed February 10, 2011)
US Patent Office, http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=7814163.PN.&OS=PN/7814163&RS=PN/7814163 (accessed February 10, 2011)
Gibson, W.: Wordfest speech at the University of Calgary (October 13, 2010)
http://www.sbs.ox.ac.uk/execed/strategy/scenarios/Pages/default.aspx (accessed February 10, 2011)
Lin, et al.: EXAM – a Comprehensive Environment for the Analysis of Access Control Policies, CERIAS Tech Report 2008-13, http://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2008-13.pdf (accessed February 10, 2011)
Damianou, N., et al.: Tools for Domain-Based Management of Distributed Systems. In: IEEE/IFIP Network Operations and Management Symposium (NOMS 2002) Florence, Italy, April 15-19, pp. 213–218 (2002)
Siren, E.: Automated Policy Analysis: HIPAA, XACML and OWL, http://weblog.clarkparsia.com/2008/12/10/automated-policy-analysis-hipaa-xacml-and-owl/ (accessed February 10, 2011)
Bertino, E.: Private communication, May 7 (2010)
http://www.sri.com/risks (accessed February 10, 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Keenan, T.P. (2011). Oops - We Didn’t Mean to Do That! – How Unintended Consequences Can Hijack Good Privacy and Security Policies. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)