Кибергейт: Как выжить в мире умных вещей — Брюс Шнайер — страница notes читать онлайн бесплатно

Сноски

1

16,09 км. – Прим. ред.

2

Оригинальное название подстанции – Пивнична. – Прим. ред.

3

От англ. smart – умный. – Прим. пер.

4

В России распространены другие голосовые помощники, например Алиса. – Прим. ред.

5

Приведенные статистические данные и прогнозы действительны для 2018 г. – года написания книги. В действительности к 2021 г. число активных умных вещей достигло 10 млрд; https://dataprot.net/statistics/iot-statistics/. – Прим. ред.

6

Пропатчивание – автоматизированное устранение обнаруженных проблем. – Прим. ред.

7

Defcon – крупнейшая в мире ежегодная конференция хакеров, проходит в Лас-Вегасе. – Прим. пер.

8

DNSSEC – набор расширений протокола DNS, которые позволяют минимизировать атаки, связанные с подменой DNS-адреса при разрешении доменных имен. – Прим. пер.

9

От англ. back door – черный ход. – Прим. пер.

10

Fortinet – американская компания, специализирующаяся на разработке и продвижении ПО, решений и сервисов в области информационной безопасности. – Прим. пер.

11

Зеттабайт – единица измерения количества информации, равная 10²¹ (секстиллион) байт. – Прим. пер.

12

Target Corporation – одна из крупнейших американских компаний в области розничной торговли. – Прим. пер.

13

От англ. Distributed Denial of Service Attack – распределенная атака на отказ в обслуживании. – Прим. ред.

14

Черви – вредоносные программы, самостоятельно распространяющиеся через локальные и глобальные компьютерные сети. – Прим. пер.

15

Вирусы и руткиты – набор программных средств, которые хакер устанавливает на взломанном компьютере после получения первоначального доступа. Руткит позволяет злоумышленнику закрепиться в системе и скрыть следы своей деятельности. – Прим. пер.

16

Фонд электронных рубежей (Electronic Frontier Foundation) – американская правозащитная организация. – Прим. пер.

17

Патч, или «заплата», – код для оперативного исправления или нейтрализации ошибки в программе. – Прим. пер.

18

iOS – мобильная операционная система для смартфонов, электронных планшетов, портативных цифровых плееров Apple. – Прим. пер.

19

VisiCalc – первая электронная таблица для персональных компьютеров. – Прим. пер.

20

Технология «незаконный посредник» означает, что злоумышленник выдает себя за авторизованного пользователя: ретранслирует и при необходимости меняет связь между двумя сторонами, которые считают, что продолжают общаться друг с другом. – Прим. пер.

21

Хактивист – лицо, использующее компьютерные сети для распространения той или иной идеологии. – Прим. пер.

22

Деятельность компании Meta Platforms, Inc. (в т. ч. по реализации сетей Facebook и Instagram) запрещена в Российской Федерации как экстремистская. – Прим. ред.

23

24

25

26

27

28

29

30

31

32

33

На момент подготовки русскоязычного издания к печати камеры научились распознавать лица. – Прим. ред.

34

35

36

Предупреждающий ярлык (Parental Advisory), размещаемый на аудиозаписи и информирующий родителей о том, что она содержит ненормативную лексику, а значит, неприемлема для детей. – Прим. ред.

37

38

39

40

Вероятно, речь идет о линейке потребительских устройств Pixel, разработанной Google. – Прим. пер.

41

42

43

44

Неофициальное название, аналогия с Great Wall of China, в действительности проект носит название The Golden Shield. – Прим. ред.

45

С января 2021 г. в Китае был принят новый гражданский кодекс, официально узаконивший систему социального рейтинга. В отдельных провинциях она действует, но единой сети, судя по всему, пока нет. – Прим. ред.

46

Запрещено на территории РФ. – Прим. ред.

47

Сирийская электронная армия – группа хакеров, впервые появившаяся в интернете в 2011 г., чтобы поддержать правительство президента Сирии Башара аль-Асада. – Прим. ред.

48

Вилли Саттон – знаменитый американский преступник, за свою жизнь ограбивший более 100 банков. – Прим. пер.

49

CAPTCHA (Completely Automatic Public Turing Test to Tell Computers and Humans Apart) – полностью автоматизированный тест Тьюринга для различения компьютеров и людей. – Прим. пер.

50

Слово «окирпичить» применительно к ПО означает «привести в неработоспособное состояние». – Прим. пер.

51

Ashley Madison – канадская виртуальная служба знакомств и социальная сеть, предназначенная для людей, состоящих в браке или в постоянных отношениях, но желающих завязать роман. – Прим. пер.

52

Одна из лабораторий Министерства энергетики США. – Прим. пер.

53

Машинное обучение – подраздел ИИ, ориентированный на создание систем, обучающихся посредством анализа данных. – Прим. ред.

54

«Синий воротничок» – понятие, обозначающее принадлежность человека к рабочему классу. – Прим. пер.

55

Вероятно, имеются в виду машины, снабженные ИИ. – Прим. ред.

56

VHS – формат видеокассеты. – Прим. ред.

57

Запрещено на территории РФ. – Прим. ред.

58

Запрещено на территории РФ. – Прим. ред.

59

Речь идет о ложном срабатывании советской системы предупреждения о ракетном нападении «Око», выдавшей 26 сентября 1983 г. сигнал о том, что с территории США произведен запуск МБР «Минитмен». – Прим. ред.

60

Два взрыва, прогремевшие c интервалом в 12 секунд на финише Бостонского марафона в зрительской зоне. – Прим. ред.

61

Многократные попытки избавиться от того, что возникает снова и снова (перен.). – Прим. пер.

62

Школа управления им. Джона Ф. Кеннеди (Harvard Kennedy School) – один из факультетов Гарвардского университета. – Прим. пер.

63

US-CERT – Компьютерная команда экстренной готовности США, подразделение Национального управления кибербезопасности Министерства внутренней безопасности США. – Прим. пер.

64

Речь идет об утечке данных 500 млн пользователей компании, произошедшей в 2014 г. Об инциденте было объявлено осенью 2016 г. – Прим. пер.

65

Фундаментальная проблема в теории игр, согласно которой игроки не всегда будут сотрудничать друг с другом, даже если это в их интересах. Предполагается, что игрок («заключенный») максимизирует свой выигрыш, не заботясь о выгоде других. – Прим. пер.

66

Речь идет о Конгрессе США – законодательном органе государственной власти Америки. – Прим. ред.

67

Джон Грир – американский писатель, занимающийся вопросами экологии, технологий, политики и др. – Прим. ред.

68

Под регулируемыми понимаются такие сферы деятельности, работа в которых требует соответствия условиям, прописанным в законодательстве той или иной страны. – Прим. ред.

69

Покупатель, будь бдительным (лат.). Другими словами, покупатель несет ответственность за проверку качества приобретаемого товара. – Прим. пер.

70

«“Рынок лимонов”: неопределенность качества и рыночный механизм» – научная работа Джорджа Акерлофа, опубликованная в 1970 г. Работа посвящена асимметрии доступной информации: в ней анализируются рыночные последствия ситуаций, в которых продавец знает о качестве товара больше, чем покупатель. – Прим. пер.

71

На момент подписания книги в печать рейтинг все еще не разработан. – Прим. ред.

72

Друг суда (лат., букв.). Здесь словосочетание применяется в значении «привлечение независимого эксперта». – Прим. пер.

73

74

75

Никто, кроме нас (англ.). – Прим. пер.

76

Английское название морского кота – ската из семейства хвостоколовых. Несмотря на широкое распространение этого вида, образ жизни ската изучен плохо. – Прим. ред.

77

Амберджек – атлантическая и тихоокеанская рыба рода Seriola, обитающая в теплых частях океанов. – Прим. ред.

78

79

С 13 марта 2023 г. переименован в National Protective Security Authority. – Прим. ред.

80

81

82

83

84

85

86

87

88

С 5 июля 2024 г. пост премьер-министра Великобритания занимает Кир Стармер. – Прим. ред.

89

90

Речь идет о самом крупном (до событий 11 сентября 2001 г.) теракте в истории Америки, унесшем жизни 168 человек. Подготовил и осуществил его Маквей в 1995 г. практически в одиночку. – Прим. ред.

91

Каперское свидетельство – правительственный документ, действовавший во времена парусного флота и позволявший частному судну захватывать и атаковать суда, принадлежащие неприятельской державе. – Прим. ред.

92

93

94

95

96

97

98

1

Andy Greenberg (21 Jul 2015), “Hackers remotely kill a Jeep on the highway – with me in it,” Wired, https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, https://www.youtube.com/watch?v=MK0SrxBC1xs.

2

Andy Greenberg (1 Aug 2016), “The Jeep hackers are back to prove car hacking can get much worse,” Wired, https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks.

3

Ishtiaq Rouf et al. (12 Aug 2010), “Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study,” 19th USENIX Security Symposium, https://www.usenix.org/legacy/events/sec10/tech/full_papers/Rouf.pdf.

4

Jim Finkle and Bernie Woodall (30 Jul 2015), “Researcher says can hack GM’s OnStar app, open vehicle, start engine,” Reuters, http://www.reuters.com/article/us-gm-hacking-idUSKCN0Q42FI20150730.

5

6

Kim Zetter (16 Jun 2016), “Feds say that banned researcher commandeered plane,” Wired, https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/.

7

Sam Grobart (12 Apr 2013), “Hacking an airplane with only an Android phone,” Bloomberg, http://www.bloomberg.com/news/articles/2013–04–12/hacking-an-airplane-with-only-an-android-phone.

8

Calvin Biesecker (8 Nov 2017), “Boeing 757 testing shows airplanes vulnerable to hacking, DHS says,” Aviation Today, http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says.

9

Kim Zetter (3 Mar 2016), “Inside the cunning, unprecedented hack of Ukraine’s power grid,” Wired, https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid.

10

C&M News (24 Jun 2017), “Watch how hackers took over a Ukrainian power station,” YouTube, https://www.youtube.com/watch?v=8ThgK1WXUgk.

11

Dragos, Inc. (13 Jun 2017), “CRASHOVERRIDE: Analysis of the threat to electric grid operations,” https://dragos.com/blog/crashoverride/CrashOverride-01.pdf.

12

Security Response Attack Investigation Team (20 Oct 2017), “Dragonfly: Western energy sector targeted by sophisticated attack group,” Symantec Corporation, https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks. Nicole Perlroth and David Sanger (15 Mar 2018), “Cyberattacks put Russian fingers on the switch at power plants, U.S. says,” The New York Times, https://www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.html.

13

Christopher Meyer (8 Feb 2017), “This teen hacked 150,000 printers to show how the Internet of Things is shit,” Vice Motherboard, https://motherboard.vice.com/en_us/article/nzqayz/this-teen-hacked-150000-printers-to-show-how-the-internet-of-things-is-shit.

14

Carl Straumsheim (27 Jan 2017), “More anti-Semitic fliers printed at universities,” Inside Higher Ed, https://www.insidehighered.com/quicktakes/2017/01/27/more-anti-semitic-fliers-printed-universities.

15

Jennifer Kite-Powell (29 Oct 2014), “3D printed virus to attack cancer cells,” Forbes, https://www.forbes.com/sites/jenniferhicks/2014/10/29/3d-printed-virus-to-attack-cancer-cells/#7a8dbddb104b. Katie Collins (16 Oct 2014), “Meet the biologist hacking 3D printed cancer-fighting viruses,” Wired UK, https://www.wired.co.uk/article/andrew-hessel-autodesk.

16

University of the Basque Country (28 Jan 2015), “Pacemakers with Internet connection, a not-so-distant goal,” Science Daily, https://www.sciencedaily.com/releases/2015/01/150128113715.htm.

17

Brooke McAdams and Ali Rizvi (4 Jan 2016), “An overview of insulin pumps and glucose sensors for the generalist,” Journal of Clinical Medicine 5, no. 1, http://www.mdpi.com/2077–0383/5/1/5. Tim Vanderveen (27 May 2014), “From smart pumps to intelligent infusion systems: The promise of interoperability,” Patient Safety and Quality Healthcare, http://psqh.com/may-june-2014/from-smart-pumps-to-intelligent-infusion-systems-the-promise-of-interoperability.

18

Pam Belluck (13 Nov 2017), “First digital pill approved to worries about biomedical ‘Big Brother,’” The New York Times, https://www.nytimes.com/2017/11/13/health/digital-pill-fda.html.

19

Diego Barretino (25 Jul 2017), “Smart contact lenses and eye implants will give doctors medical insights,” IEEE Spectrum, https://spectrum.ieee.org/biomedical/devices/smart-contact-lenses-and-eye-implants-will-give-doctors-medical-insights.

20

Brendan Borrell (29 Jun 2017), “Precise devices: Fitness trackers are more accurate than ever,” Consumer Reports, https://www.consumerreports.org/fitness-trackers/precise-devices-fitness-trackers-are-more-accurate-than-ever.

21

Anthony Cuthbertson (12 Apr 2016), “This smart collar turns your pet into a living Tamagotchi,” Newsweek, http://www.newsweek.com/smart-collar-pet-kyon-tamagotchi-gps-dog-446754.

22

Owen Williams (21 Feb 2016), “All I want for Christmas is LG’s adorable cat toy,” The Next Web, http://thenextweb.com/gadgets/2016/02/21/all-i-want-for-christmas-is-lgs-adorable-cat-toy.

23

Livescribe, Inc. (дата обращения 5 ноября 2024), “Livescribe Smartpens,” http://www.livescribe.com/en-us/smartpen.

24

Brandon Griggs (22 Feb 2014), “‘Smart’ toothbrush grades your brushing habits,” CNN, http://www.cnn.com/2014/01/09/tech/innovation/smart-toothbrush-kolibree. Sarmistha Acharya (23 Feb 2016), “MWC2016: Oral-B unveils smart toothbrush that uses mobile camera to help you brush your teeth,” International Business Times, http://www.ibtimes.co.uk/mwc-2016-oral-b-unveils-smart-toothbrush-that-uses-mobile-camera-help-you-brush-better-1545414.

25

Diana Budds (9 Nov 2017), “A smart coffee cup? It’s more useful than it sounds,” Fast Company, https://www.fastcodesign.com/90150019/the-perfect-smart-coffee-cup-is-here.

26

Phoebe Luckhurst (3 Aug 2017), “These sex toys and smart hook-up apps will make your summer hotter than ever,” Evening Standard, https://www.standard.co.uk/lifestyle/london-life/these-sex-toys-and-smart-apps-will-make-your-summer-hotter-than-ever-a3603056.html.

27

Samuel Gibbs (13 Mar 2015), “Privacy fears over ‘smart’ Barbie that can listen to your kids,” The Guardian, https://www.theguardian.com/technology/2015/mar/13/smart-barbie-that-can-listen-to-your-kids-privacy-fears-mattel.

28

Stanley, “Smart Measure Pro,” http://www.stanleytools.com/explore/stanley-mobile-apps/stanley-smart-measure-pro.

29

April Glaser (26 Apr 2016), “Dig gardening? Plant some connected tech this spring,” Wired, https://www.wired.com/2016/04/connected-gardening-tech-iot.

30

Samar Warsi (26 Dec 2017), “A motorcycle helmet will call an ambulance and text your family if you have an accident,” Vice Motherboard, https://motherboard.vice.com/en_us/article/a37bwp/smart-motorcycle-helmet-helli-will-call-ambulance-skully-pakistan.

31

Christopher Snow (14 Mar 2017), “Everyone’s buying a smart thermostat – here’s how to pick one,” USA Today, https://www.usatoday.com/story/tech/reviewedcom/2017/03/14/smart-thermostats-are-2017s-hottest-home-gadgetheres-how-to-pick-the-right-one-for-you/99125582.

32

Kashmir Hill and Surya Mattu (7 Feb 2018), “The house that spied on me,” Gizmodo, https://gizmodo.com/the-house-that-spied-on-me-1822429852.

33

Rose Kennedy (14 Aug 2017), “Want a scale that tells more than your weight? Smart scales are it,” Atlanta Journal-Constitution, http://www.ajc.com/news/health-med-fit-science/want-scale-that-tells-more-than-your-weight-smart-scales-are/XHpLELYnLgn8cQtBtsay6J.

34

Alina Bradford (1 Feb 2016), “Why smart toilets might actually be worth the upgrade,” CNET, http://www.cnet.com/how-to/smart-toilets-make-your-bathroom-high-tech.

35

Alex Colon and Timothy Torres (30 May 2017), “The best smart light bulbs of 2017,” PC Magazine, https://www.pcmag.com/article2/0,2817,2483488,00.as.

36

Adam Gabbatt (5 Jan 2017), “Don’t lose your snooze: The technology that’s promising a better night’s sleep,” The Guardian, https://www.theguardian.com/technology/2017/jan/05/sleep-technology-ces-2017-las-vegas-new-products.

37

Eugene Kim and Christina Farr (10 Oct 2017), “Amazon is exploring ways to deliver items to your car trunk and the inside of your home,” CNBC, https://www.cnbc.com/2017/10/10/amazon-is-in-talks-with-phrame-and-is-working-on-a-smart-doorbell.html.

38

Matt Hamblen (1 Oct 2015), “Just what IS a smart city?” Computerworld, https://www.computerworld.com/article/2986403/internet-of-things/just-what-is-a-smart-city.html.

39

Tim Johnson (20 Sep 2017), “Smart billboards are checking you out – and making judgments,” Miami Herald, https://www.miamiherald.com/news/nation-world/national/article174197441.html.

40

Gartner, “Internet of Things,” Gartner IT Glossary, https://www.gartner.com/it-glossary/internet-of-things.

41

Gartner (7 Feb 2017), “Gartner says 8.4 billion connected ‘things’ will be in use in 2017, up 31 percent from 2016,” https://www.gartner.com/newsroom/id/3598917.

42

Tony Danova (2 Oct 2013), “Morgan Stanley: 75 billion devices will be connected to the Internet of Things by 2020,” The Business Insider, http://www.businessinsider.com/75-billion-devices-will-be-connected-to-the-internet-by-2020–2013–10. Peter Brown (25 Jan 2017), “20 billion connected Internet of Things devices in 2017, IHS Markit says,” Electronics 360, http://electronics360.globalspec.com/article/8032/20-billion-connected-internet-of-things-devices-in-2017-ihs-markit-says. Julia Boorstin (1 Feb 2016), “An Internet of Things that will number ten billions,” CNBC, https://www.cnbc.com/2016/02/01/an-internet-of-things-that-will-number-ten-billions.html. Statista (2018), “Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions),” https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide.

43

Michael Sawh (26 Sep 2017), “The best smart clothing: From biometric shirts to contactless payment jackets,” Wareable, https://www.wareable.com/smart-clothing/best-smart-clothing.

44

J. R. Raphael (7 Jan 2016), “The ‘smart’-everything trend has officially turned stupid,” Computerworld, http://www.computerworld.com/article/3019713/internet-of-things/smart-everything-trend.html.

45

Robin R. Murphy (2000), “Robotic paradigms,” in Introduction to AI Robotics, MIT Press, https://books.google.com/books/about/?id=RVlnL_X6FrwC.

46

Bruce Schneier (2 Feb 2016), “The Internet of Things will be the world’s biggest robot,” Forbes, https://www.forbes.com/sites/bruceschneier/2016/02/02/the-internet-of-things-will-be-the-worlds-biggest-robot.

47

. The Economist (8 Apr 2017), “How to manage the computer-security threat,” https://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage.

48

Alexander Klimburg (2017), The Darkening Web: The War for Cyberspace, Penguin, https://books.google.com/books/about/?id=kytBvgAACAAJ.

49

Cambridge Cyber Security Summit (4 Oct 2017), “Transparency, communication and conflict,” CNBC, https://www.cnbc.com/video/2017/10/09/cambridge-cyber-security-summit-transparency-communication-and-conflict.html.

50

Ankit Anubhav (20 Jul 2017), “IoT thermostat bug allows hackers to turn up the heat,” NewSky Security, https://blog.newskysecurity.com/iot-thermostat-bug-allows-hackers-to-turn-up-the-heat-948e554e5e8b.

51

Lorenzo Franceschi-Bicchierai (7 Aug 2016), “Hackers make the first-ever ransomware for smart thermostats,” Vice Motherboard, https://motherboard.vice.com/en_us/article/aekj9j/internet-of-things-ransomware-smart-thermostat.

52

David Hambling (10 Aug 2017), “Ships fooled in GPS spoofing attack suggest Russian cyberweapon,” New Scientist, https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon.

53

Kim Zetter (26 May 2015), “Is it possible for passengers to hack commercial aircraft?” Wired, http://www.wired.com/2015/05/possible-passengers-hack-commercial-aircraft. Gerald L. Dillingham, Gregory C. Wilshusen, and Nabajyoti Barkakati (14 Apr 2015), “Air traffic control: FAA needs a more comprehensive approach to address cybersecurity as agency transitions to NextGen,” GAO-15–370, US Government Accountability Office, http://www.gao.gov/assets/670/669627.pdf.

54

Andy Greenberg (21 Jul 2015), “Hackers remotely kill a Jeep on the highway – with me in it,” Wired, https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway, https://www.youtube.com/watch?v=MK0SrxBC1xs.

55

Liviu Arsene (20 Nov 2014), “Hacking vulnerable medical equipment puts millions at risk,” Information Week, http://www.informationweek.com/partner-perspectives/bitdefender/hacking-vulnerable-medical-equipment-puts-millions-at-risk/a/d-id/1319873.

56

Colin Neagle (2 Apr 2015), “Smart home hacking is easier than you think,” Network World, http://www.networkworld.com/article/2905053/security0/smart-home-hacking-is-easier-than-you-think.html.

57

Sean Blanchfield (1 Feb 2017), “The state of the blocked web: 2017 global adblock report,” PageFair, https://unruly.co/wp-content/uploads/2017/05/PageFair-2017-Adblock-Report.pdf.

58

Kate Murphy (20 Feb 2016), “The ad blocking wars,” The New York Times, https://www.nytimes.com/2016/02/21/opinion/sunday/the-ad-blocking-wars.html.

59

Pedro H. Calais Guerra et al. (13–14 Jul 2010), “Exploring the spam arms race to characterize spam evolution,” Electronic Messaging, Anti-Abuse and Spam Conference (CEAS2010), https://honeytarg.cert.br/spampots/papers/spampots-ceas10.pdf.

60

Alfred Ng (1 Oct 2017), “Credit card thieves are getting smarter. You can, too,” CNET, https://www.cnet.com/news/credit-card-skimmers-thieves-are-getting-smarter-you-can-too.

61

David Sancho, Numaan Huq, and Massimiliano Michenzi (2017), “Cashing in on ATM malware: A comprehensive look at various attack types,” Trend Micro, https://documents.trendmicro.com/assets/white_papers/wp-cashing-in-on-atm-malware.pdf.

62

Цит. по: A. K. Dewdney (1 Mar 1989), “Computer recreations: Of worms, viruses and core war,” Scientific American, http://corewar.co.uk/dewdney/1989–03.htm.

63

Rod Beckstrom (2 Nov 2011), “Statement to the London Conference on Cyberspace, Internet Corporation for Assigned Names and Numbers (ICANN),” https://www.icann.org/en/system/files/files/beckstrom-speech-cybersecurity-london-02nov11-en.pdf.

64

Bruce Schneier (1 Apr 2000), “The process of security,” Information Security, https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html.

65

Roger A. Grimes (8 Jul 2014), “5 reasons why software bugs still plague us,” CSO, https://www.csoonline.com/article/2608330/security/5-reasons-why-software-bugs-still-plague-us.html. David Heinemeier Hansson (7 Mar 2016), “Software has bugs. This is normal,” Signal v. Noise, https://m.signalvnoise.com/software-has-bugs-this-is-normal-f64761a262ca.

66

Abhishek Baxi (10 Mar 2014), “From a Bill Gates memo to an industry practice: The story of Security Development Lifecycle,” Windows Central, https://www.windowscentral.com/bill-gates-memo-industry-practice-story-security-development-cycle.

67

Adrian Kingsley-Hughes (19 Dec 2017), “Apple seems to have forgotten about the whole ‘it just works’ thing,” ZDNet, http://www.zdnet.com/article/apple-seems-to-have-forgotten-about-the-whole-it-just-works-thing.

68

National Research Council (1996), “Case study: NASA space shuttle flight control software,” in Statistical Software Engineering, National Academies Press, https://www.nap.edu/read/5018/chapter/4.

69

Peter Bright (25 Aug 2015), “How security flaws work: The buffer overflow,” Ars Technica, https://arstechnica.com/information-technology/2015/08/how-security-flaws-work-the-buffer-overflow.

70

Eric Rescorla (1 Jan 2005), “Is finding security holes a good idea?” IEEE Security & Privacy 3, no. 1, https://dl.acm.org/citation.cfm?id=1048817. Andy Ozment and Stuart Schechter (1 Jul 2006), “Milk or wine: Does software security improve with age?” in Proceedings of the 15th USENIX Security Symposium, https://www.microsoft.com/en-us/research/publication/milk-or-wine-does-software-security-improve-with-age.

71

Heather Kelly (9 Apr 2014), “The ‘Heartbleed’ security flaw that affects most of the Internet,” CNN, https://www.cnn.com/2014/04/08/tech/web/heartbleed-openssl/index.html.

72

Andy Greenberg (7 Jan 2018), “Triple Meltdown: How so many researchers found a 20-year-old chip flaw at the same time,” Wired, https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery.

73

Sandy Clark et al. (6–10 Dec 2010), “Familiarity breeds contempt: The honeymoon effect and the role of legacy code in zero-day vulnerabilities,” in Proceedings of the 26th Annual Computer Security Applications Conference, https://dl.acm.org/citation.cfm?id=1920299.

74

Nate Anderson (17 Nov 2010), “How China swallowed 15 % of ’Net traffic for 18 minutes,” Ars Technica, https://arstechnica.com/information-technology/2010/11/how-china-swallowed-15-of-net-traffic-for-18-minutes.

75

Yakov Rekhter and Tony Li (Mar 1995), “A Border Gateway Protocol 4 (BGP-4),” Network Working Group, Internet Engineering Task Force, https://tools.ietf.org/html/rfc1771.

76

Axel Arnbak and Sharon Goldberg (30 Jun 2014), “Loopholes for circumventing the Constitution: Unrestrained bulk surveillance on Americans by collecting network traffic abroad,” Michigan Telecommunications and Technology Law Review 21, no. 2, https://repository.law.umich.edu/cgi/viewcontent.cgi?article=1204&context=mttlr. Sharon Goldberg (22 Jun 2017), “Surveillance without borders: The ‘traffic shaping’ loophole and why it matters,” Century Foundation, https://tcf.org/content/report/surveillance-without-borders-the-traffic-shaping-loophole-and-why-it-matters.

77

Jim Cowie (19 Nov 2013), “The new threat: Targeted Internet traffic misdirection,” Vantage Point, Oracle + Dyn, https://cyber-peace.org/wp-content/uploads/2018/01/The-New-Threat_-Targeted-Internet-Traffic-Misdirection-_-Dyn-Blog.pdf.

78

Dan Goodin (13 Dec 2017), “‘Suspicious’ event routes traffic for big-name sites through Russia,” Ars Technica, https://arstechnica.com/information-technology/2017/12/suspicious-event-routes-traffic-for-big-name-sites-through-russia.

79

Dan Goodin (27 Aug 2008), “Hijacking huge chunks of the internet: A new How To,” The Register, https://www.theregister.co.uk/2008/08/27/bgp_exploit_revealed.

80

Craig Timberg (30 May 2015), “A flaw in the design,” The Washington Post, http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1.

81

Brian E. Carpenter, ed. (Jun 1996), “Architectural principles of the Internet,” Network Working Group, Internet Engineering Task Force, https://www.ietf.org/rfc/rfc1958.txt.

82

Tyler Moore (2010), “The economics of cybersecurity: Principles and policy options,” International Journal of Critical Infrastructure Protection, https://tylermoore.utulsa.edu/ijcip10.pdf.

83

Internet Corporation for Assigned Names and Numbers (27 Sep 2017), “KSK rollover postponed,” https://www.icann.org/news/announcement-2017–09–27-en.

84

Michael Jordon (12 Sep 2014), “Hacking Canon Pixma printers: Doomed encryption,” Context Information Security, https://www.contextis.com/blog/hacking-canon-pixma-printers-doomed-encryption.

85

Ralph Kinney (25 May 2017), “Will it run Doom? Smart thermostat running classic FPS game Doom,” Zareview, https://www.zareview.com/will-run-doom-smart-thermostat-running-classic-fps-game-doom.

86

Kyle Orland (19 Oct 2017), “Denuvo’s DRM now being cracked within hours of release,” Ars Technica, https://arstechnica.com/gaming/2017/10/denuvos-drm-ins-now-being-cracked-within-hours-of-release.

87

Seth Schoen (17 Mar 2016), “Thinking about the term ‘backdoor,’” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2016/03/thinking-about-term-backdoor.

88

Bruce Schneier (18 Feb 2016), “Why you should side with Apple, not the FBI, in the San Bernardino iPhone case,” The Washington Post, https://www.washingtonpost.com/posteverything/wp/2016/02/18/why-you-should-side-with-apple-not-the-fbi-in-the-san-bernardino-iphone-case.

89

Dan Goodin (12 Jan 2016), “Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears,” Ars Technica, https://arstechnica.com/information-technology/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fears.

90

Maria Korolov (6 Dec 2017), “What is a bot-net? And why they aren’t going away anytime soon,” CSO, https://www.csoonline.com/article/3240364/hacking/what-is-a-botnet-and-why-they-arent-going-away-anytime-soon.html.

91

Roger R. Schell (Jan–Feb 1979), “Computer security: The Achilles’ heel of the electronic Air Force?” Air University Review 30, no. 2 (reprinted in Air & Space Power Journal, Jan–Feb 2013), http://insct.syr.edu/wp-content/uploads/2015/05/Schell_Achilles_Heel.pdf.

92

Bruce Schneier (19 Nov 1999), “A plea for simplicity: You can’t secure what you don’t understand,” Information Security, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html.

93

David McCandless (24 Sep 2015), “How many lines of code does it take?” Information Is Beautiful, http://www.informationisbeautiful.net/visualizations/million-lines-of-code.

94

Lily Hay Newman (12 Mar 2017), “Hacker lexicon: What is an attack surface?” Wired, https://www.wired.com/2017/03/hacker-lexicon-attack-surface.

95

Robert McMillan (17 Sep 2017), “An unexpected security problem in the cloud,” The Wall Street Journal, https://www.wsj.com/articles/an-unexpected-security-problem-in-the-cloud-1505700061.

96

Elena Kadavny (1 Dec 2017), “Thousands of records exposed in Stanford data breaches,” Palo Alto Online, https://www.paloaltoonline.com/news/2017/12/01/thousands-of-records-exposed-in-stanford-data-breaches.

97

Dan Geer (6 Aug 2014), “Cybersecurity as realpolitik,” Black Hat 2014, http://geer.tinho.net/geer.blackhat.6viii14.txt.

98

Elizabeth A. Harris et al. (17 Jan 2014), “A sneaky path into Target customers’ wallets,” The New York Times, https://www.nytimes.com/2014/01/18/business/a-sneaky-path-into-target-customers-wallets.html.

99

Catalin Cimpanu (30 Mar 2017), “New Mirai botnet slams U.S. college with 54-hour DDoS attack,” Bleeping Computer, https://www.bleepingcomputer.com/news/security/new-mirai-botnet-slams-us-college-with-54-hour-ddos-attack. Manos Antonakakis et al. (8 Aug 2017), “Understanding the Mirai botnet,” in Proceedings of the 26th USENIX Security Symposium, https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf.

100

Alex Schiffer (21 Jul 2017), “How a fish tank helped hack a casino,” The Washington Post, https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino.

101

James Fisher (7 Apr 2018), “The dots do matter: How to scam a Gmail user,” Jameshfisher.com, https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html.

102

Mat Honan (6 Aug 2012), “How Apple and Amazon security flaws led to my epic hacking,” Wired, https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking. Mat Honan (17 Aug 2012), “How I resurrected my digital life after an epic hacking,” Wired, https://www.wired.com/2012/08/mat-honan-data-recovery.

103

Pedro Venda (18 Aug 2015), “Hacking DefCon 23’s IoT Village Samsung fridge,” Pen Test Partners, http://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge. John Leyden (25 Aug 2015), “Samsung smart fridge leaves Gmail logins open to attack,” The Register, http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar.

104

Yan Michalevsky, Gabi Nakibly, and Dan Boneh (20–22 Aug 2014), “Gyrophone: Recognizing speech from gyroscope signals,” in Proceedings of the 23rd USENIX Security Symposium, https://crypto.stanford.edu/gyrophone.

105

106

Tara Seals (18 May 2016), “Enormous malware as a service infrastructure fuels ransomware epidemic,” Infosecurity Magazine, https://www.infosecurity-magazine.com/news/enormous-malware-as-a-service.

107

Aaron Sankin (9 Jul 2015), “Forget Hacking Team – many other companies sell surveillance tech to repressive regimes,” Daily Dot, https://www.dailydot.com/layer8/hacking-team-competitors.

108

US Department of Justice (28 Nov 2017), “Canadian hacker who conspired with and aided Russian FSB officers pleads guilty,” https://www.justice.gov/opa/pr/canadian-hacker-who-conspired-and-aided-russian-fsb-officers-pleads-guilty.

109

Bruce Schneier (3 Jan 2017), “Class breaks,” Schneier on Security, https://www.schneier.com/blog/archives/2017/01/class_breaks.html.

110

Dan Goodin (6 Nov 2017), “Flaw crippling millions of crypto keys is worse than first disclosed,” Ars Technica, https://arstechnica.com/information-technology/2017/11/flaw-crippling-millions-of-crypto-keys-is-worse-than-first-disclosed.

111

US Department of Homeland Security (Nov 2012), “National risk estimate: Risks to U.S. critical infrastructure from global positioning system disruptions,” https://www.hsdl.org/?abstract&did=739832.

112

Andy Greenberg (26 Nov 2012), “Security flaw in common keycard locks exploited in string of hotel room break-ins,” Forbes, https://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins.

113

Andy Greenberg (6 Dec 2012), “Lock firm Onity starts to shell out for security fixes to hotels’ hackable locks,” Forbes, https://www.forbes.com/sites/andygreenberg/2012/12/06/lock-firm-onity-starts-to-shell-out-for-security-fixes-to-hotels-hackable-locks. Andy Greenberg (15 May 2013), “Hotel lock hack still being used in burglaries months after lock firm’s fix,” Forbes, https://www.forbes.com/sites/andygreenberg/2013/05/15/hotel-lock-hack-still-being-used-in-burglaries-months-after-lock-firms-fix. Andy Greenberg (1 Aug 2017), “The hotel room hacker,” Wired, https://www.wired.com/2017/08/the-hotel-hacker.

114

Whitfield Diffie and Martin E. Hellman (1 Jun 1977), “Exhaustive cryptanalysis of the NBS Data Encryption Standard,” Computer, https://www-ee.stanford.edu/~hellman/publications/27.pdf

115

Шнайер Б. Прикладная криптография. Протоколы, алгоритмы, исходные тексты на языке Си. – М.: Триумф, 2012.

116

Electronic Frontier Foundation (1998), Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, O’Reilly & Associates.

117

Stephanie K. Pell and Christopher Soghoian (29 Dec 2014), “Your secret Stingray’s no secret anymore: The vanishing government monopoly over cell phone surveillance and its impact on national security and consumer privacy,” Harvard Journal of Law and Technology 28, no. 1, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2437678.

118

Don Coppersmith (May 1994), “The Data Encryption Standard (DES) and its strength against attacks,” IBM Journal of Research and Development 38, no. 3, http://simson.net/ref/1994/coppersmith94.pdf.

119

Eli Biham and Adi Shamir (1990), “Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology 4, no. 1, https://link.springer.com/article/10.1007/BF00630563.

120

В 2014 г. Facebook[95] поменял девиз. Samantha Murphy (30 Apr 2014), “Facebook changes its ‘Move fast and break things’ motto,” Mashable, http://mashable.com/2014/04/30/facebooks-new-mantra-move-fast-with-stability/#ebhnHppqdPq9.

121

Stephen A. Shepherd (22 Apr 2003), “How do we define responsible disclosure?” SANS Institute, https://www.sans.org/reading-room/whitepapers/threats/define-responsible-disclosure-932.

122

Andy Greenberg (16 Jul 2014), “Meet ‘Project Zero,’ Google’s secret team of bug-hunting hackers,” Wired, https://www.wired.com/2014/07/google-project-zero. Robert Hackett (23 Jun 2017), “Google’s elite hacker SWAT team vs. everyone,” Fortune, http://fortune.com/2017/06/23/google-project-zero-hacker-swat-team.

123

Andy Ozment and Stuart Schechter (1 Jul 2006), “Milk or wine: Does software security improve with age?” in Proceedings of the 15th USENIX Security Symposium, https://www.microsoft.com/en-us/research/publication/milk-or-wine-does-software-security-improve-with-age.

124

Malwarebytes (4 Oct 2017), “PUP reconsideration information: How do we identify potentially unwanted software?” https://www.malwarebytes.com/pup.

125

Cyrus Farivar (15 Sep 2017), “Equifax CIO, CSO ‘retire’ in wake of huge security breach,” Ars Technica, https://arstechnica.com/tech-policy/2017/09/equifax-cio-cso-retire-in-wake-of-huge-security-breach.

126

John Leyden (7 Apr 2017), “‘Amnesia’ IoT botnet feasts on year-old unpatched vulnerability,” The Register, https://www.theregister.co.uk/2017/04/07/amnesia_iot_botnet.

127

Fredric Paul (7 Sep 2017), “Fixing, upgrading and patching IoT devices can be a real nightmare,” Network World, https://www.networkworld.com/article/3222651/internet-of-things/fixing-upgrading-and-patching-iot-devices-can-be-a-real-nightmare.html.

128

Lucian Constantin (17 Feb 2016), “Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking,” PC World, https://www.pcworld.com/article/3034265/hard-coded-password-exposes-up-to-46000-video-surveillance-dvrs-to-hacking.html.

129

Craig Heffner (6 Jul 2010), “How to hack millions of routers,” DefCon 18, https://www.defcon.org/images/defcon-18/dc-18-presentations/Heffner/DEFCON-18-Heffner-Routers.pdf. Craig Heffner (5 Oct 2010), “DEFCON18: How to hack millions of routers,” YouTube, http://www.youtube.com/watch?v=stnJiPBIM6o.

130

Jennifer Valentino-DeVries (18 Jan 2016), “Rarely patched software bugs in home routers cripple security,” The Wall Street Journal, https://www.wsj.com/articles/rarely-patched-software-bugs-in-home-routers-cripple-security-1453136285.

131

Graham Cluley (1 Oct 2012), “How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes,” Naked Security, http://nakedsecurity.sophos.com/2012/10/01/hacked-routers-brazil-vb2012.

132

Dan Goodin (27 Nov 2013), “New Linux worm targets routers, cameras, ‘Internet of things’ devices,” Ars Technica, http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-Internet-of-things-devices.

133

Robinson Meyer (21 Oct 2016), “How a bunch of hacked DVR machines took down Twitter and Reddit,” Atlantic, https://www.theatlantic.com/technology/archive/2016/10/how-a-bunch-of-hacked-dvr-machines-took-down-twitter-and-reddit/505073, Manos Antonakakis et al. (8 Aug 2017), “Understanding the Mirai botnet,” in Proceedings of the 26th USENIX Security Symposium, https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf.

134

Andy Greenberg (24 Jul 2016), “After Jeep hack, Chrysler recalls 1.4m vehicles for bug fix,” Wired, https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1–4m-vehicles-bug-fix.

135

Dan Goodin (30 Aug 2017), “465k patients told to visit doctor to patch critical pacemaker vulnerability,” Ars Technica, https://www.arstechnica.com/information-technology/2017/08/465k-patients-need-a-firmware-update-to-prevent-serious-pacemaker-hacks.

136

Kyree Leary (27 Apr 2017), “How to update your Kindle and Kindle Fire devices,” Digital Trends, https://www.digitaltrends.com/mobile/how-to-update-your-kindle.

137

Alex Dobie (16 Sep 2012), “Why you’ll never have the latest version of Android,” Android Central, http://www.androidcentral.com/why-you-ll-never-have-latest-version-android.

138

Gregg Keizer (23 Mar 2017), “Google: Half of Android devices haven’t been patched in a year or more,” Computerworld, https://www.computerworld.com/article/3184400/android/google-half-of-android-devices-havent-been-patched-in-a-year-or-more.html.

139

Adrian Kingsley-Hughes (24 Sep 2014), “Apple pulls iOS8.0.1 update, after killing cell service, Touch ID,” ZDNet, http://www.zdnet.com/article/apple-pulls-ios-8–0–1-update-after-killing-cell-service-touch-id.

140

Dan Goodin (14 Aug 2017), “Update gone wrong leaves 500 smart locks inoperable,” Ars Technica, https://www.arstechnica.com/information-technology/2017/08/500-smart-locks-arent-so-smart-anymore-thanks-to-botched-update.

141

Mathew J. Schwartz (9 Jan 2018), “Microsoft pauses Windows security updates to AMD devices,” Data Breach Today, https://www.databreachtoday.com/microsoft-pauses-windows-security-updates-to-amd-devices-a-10567.

142

Larry Seltzer (15 Dec 2014), “Microsoft update blunders going out of control,” ZDNet, http://www.zdnet.com/article/has-microsoft-stopped-testing-their-updates.

143

Microsoft Corporation (дата обращения 5 ноября 2024), “Windows lifecycle fact sheet,” https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet.

144

Brian Barrett (14 Jun 2017), “If you still use Windows XP, prepare for the worst,” Wired, https://www.wired.com/2017/05/still-use-windows-xp-prepare-worst.

145

Jeff Parsons (15 May 2017), “This is how many computers are still running Windows XP,” Mirror, https://www.mirror.co.uk/tech/how-many-computers-still-running-10425650.

146

147

Catalin Cimpanu (26 Oct 2017), “Backdoor account found in popular ship satellite communications system,” Bleeping Computer, https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-popular-ship-satellite-communications-system.

148

Dan Goodin (30 Aug 2017), “465k patients told to visit doctor to patch critical pacemaker vulnerability,” Ars Technica, https://arstechnica.com/information-technology/2017/08/465k-patients-need-a-firmware-update-to-prevent-serious-pacemaker-hacks.

149

Electronic Frontier Foundation (1 Jul 2011; last updated 7 Aug 2012), “US v. ElcomSoft Sklyarov,” https://www.eff.org/cases/us-v-elcomsoft-sklyarov.

150

John Leyden (31 Jul 2002), “HP invokes DMCA to quash Tru64 bug report,” The Register, https://www.theregister.co.uk/2002/07/31/hp_invokes_dmca_to_quash. Declan McCullagh (2 Aug 2002), “HP backs down on copyright warning,” CNET, https://www.cnet.com/news/hp-backs-down-on-copyright-warning.

151

Electronic Frontier Foundation (1 Mar 2013), “Unintended consequences: Fifteen years under the DMCA,” https://www.eff.org/pages/unintended-consequences-fifteen-years-under-dmca.

152

Charlie Osborne (31 Oct 2016), “US DMCA rules updated to give security experts legal backing to research,” ZDNet, http://www.zdnet.com/article/us-dmca-rules-updated-to-give-security-experts-legal-backing-to-research.

153

Maria A. Pallante (Oct 2015), “Section 1201 rulemaking: Sixth triennial proceeding to determine exemptions to the prohibition on circumvention,” United States Copyright Office, https://www.copyright.gov/1201/2015/registers-recommendation.pdf.

154

Kim Zetter (9 Sep 2008), “DefCon: Boston subway officials sue to stop talk on fare card hacks,” Wired, https://www.wired.com/2008/08/injunction-requ.

155

Chris Perkins (14 Aug 2015), “Volkswagen suppressed a paper about car hacking for 2 years,” Mashable, http://mashable.com/2015/08/14/volkswagen-suppress-car-vulnerability.

156

Kim Zetter (11 Sep 2016), “A bizarre twist in the debate over vulnerability disclosures,” Wired, https://www.wired.com/2015/09/fireeye-enrw-injunction-bizarre-twist-in-the-debate-over-vulnerability-disclosures.

157

Electronic Frontier Foundation (21 Jul 2016), “EFF lawsuit takes on DMCA section 1201: Research and technology restrictions violate the First Amendment,” https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate.

158

Winston Royce (25–28 Aug 1970), “Managing the development of large software systems,” 1970 WESCON Technical Papers 26, https://books.google.com/books?id=9U1GAQAAIAAJ.

159

Agile Alliance (дата обращения 5 ноября 2024), “Agile 101,” https://www.agilealliance.org/agile101.

160

Gio Benitez (7 Nov 2017), “How to protect yourself from downloading fake apps and getting hacked,” ABC News, http://abcnews.go.com/US/protect-downloading-fake-apps-hacked/story?id=50972286.

161

Statista (Oct 2017), “Global spam volume as percentage of total e-mail traffic from January 2014 to September 2017, by month,” https://www.statista.com/statistics/420391/spam-email-traffic-share.

162

Jordan Robertson (19 Jan 2016), “E-mail spam goes artisanal,” Bloomberg, https://www.bloomberg.com/news/articles/2016–01–19/e-mail-spam-goes-artisanal.

163

Steven J. Murdoch (3 Oct 2017), “Liability for push payment fraud pushed onto the victims,” Bentham’s Gaze, https://www.benthamsgaze.org/2017/10/03/liability-for-push-payment-fraud-pushed-onto-the-victims. Steven J. Murdoch and Ross Anderson (9 Nov 2014), “Security protocols and evidence: Where many payment systems fail,” FC2014: International Conference on Financial Cryptography and Data Security, https://link.springer.com/chapter/10.1007/978-3–662–45472–5_2.

164

Patrick Jenkins and Sam Jones (25 May 2016), “Bank customers may cover cost of fraud under new UK proposals,” Financial Times, https://www.ft.com/content/e335211c-2105-11e6-aa98-db1e01fabc0c.

165

Federal Trade Commission (Aug 2012), “Lost or stolen credit, ATM, and debit cards,” https://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards.

166

Bruce Schneier (2012), Liars and Outliers: Enabling the Trust That Society Needs to Thrive, Wiley, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118143302.html.

167

Arjun Jayadev and Samuel Bowles (Apr 2006), “Guard labor,” Journal of Development Economics 79, no. 2, http://www.sciencedirect.com/science/article/pii/S0304387806000125.

168

Gartner (16 Aug 2017), “Gartner says worldwide information security spending will grow 7 percent to reach $86.4 billion in 2017,” https://www.gartner.com/newsroom/id/3784965.

169

Allison Gatlin (8 Feb 2016), “Cisco, IBM, Dell M&A brawl may whack Symantec, Palo Alto, Fortinet,” Investor’s Business Daily, https://www.investors.com/news/technology/cisco-ibm-dell-ma-brawl-whacks-symantec-palo-alto-fortinet.

170

Ponemon Institute (20 Jun 2017) “2017 cost of data breach study,” http://info.resilientsystems.com/hubfs/IBM_Resilient_Branded_Content/White_Papers/2017_Global_CODB_Report_Final.pdf.

171

Symantec Corporation (23 Jan 2018), “2017 Norton cyber security insights report: Global results,” https://www.symantec.com/content/dam/symantec/docs/about/2017-ncsir-global-results-en.pdf.

172

Paul Dreyer et al. (14 Jan 2018), “Estimating the global cost of cyber risk,” RAND Corporation, https://www.rand.org/pubs/research_reports/RR2299.html.

173

Finn Lützow-Holm Myrstad (1 Dec 2016), “#Toyfail: An analysis of consumer and privacy issues in three internet-connected toys,” Forbrukerrådet,https://consumermediallc.files.wordpress.com/2016/12/toyfail_report_desember2016.pdf.

174

Philip Oltermann (17 Feb 2017), “German parents told to destroy doll that can spy on children,” The Guardian, https://www.theguardian.com/world/2017/feb/17/german-parents-told-to-destroy-my-friend-cayla-doll-spy-on-children.

175

Samuel Gibbs (26 Nov 2015), “Hackers can hijack Wi-Fi Hello Barbie to spy on your children,” The Guardian, https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children.

176

Tara Siegel Bernard et al. (7 Sep 2017), “Equifax says cyberattack may have affected 143 million in the U.S.,” The New York Times, https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html. Stacy Cowley (2 Oct 2017), “2.5 million more people potentially exposed in Equifax breach,” The New York Times, https://www.nytimes.com/2017/10/02/business/equifax-breach.html.

177

Lukasz Lenart (9 Mar 2017), “S2–045:Possible remote code execution when performing file upload based on Jakarta Multipart parser,” Apache Struts 2 Documentation, https://cwiki.apache.org/confluence/display/WW/S2–045. Dan Goodin (9 Mar 2017), “Critical vulnerability under ‘massive’ attack imperils high-impact sites,” Ars Technica, https://arstechnica.com/information-technology/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites.

178

Dan Goodin (2 Oct 2017), “A series of delays and major errors led to massive Equifax breach,” Ars Technica, https://arstechnica.com/information-technology/2017/10/a-series-of-delays-and-major-errors-led-to-massive-equifax-breach.

179

180

James Scott (20 Sep 2017), “Equifax: America’s in-credible insecurity,” Institute for Critical Infrastructure Technology, http://icitech.org/wp-content/uploads/2017/09/ICIT-Analysis-Equifax-Americas-In-Credible-Insecurity-Part-One.pdf.

181

Bruce Schneier (1 Nov 2017), “Testimony and statement for the record: Hearing on ‘securing consumers’ credit data in the age of digital commerce’ before the Subcommittee on Digital Commerce and Consumer Protection Committee on Energy and Commerce, United States House of Representatives,” http://docs.house.gov/meetings/IF/IF17/20171101/106567/HHRG-115-IF17-Wstate-SchneierB-20171101.pdf.

182

Thomas Fox-Brewster (8 Sep 2017), “A brief history of Equifax security fails,” Forbes, https://www.forbes.com/sites/thomasbrewster/2017/09/08/equifax-data-breach-history.

183

Open Web Application Security Project (last modified 3 Aug 2016), “Security by design principles,” https://www.owasp.org/index.php/Security_by_Design_Principles.

184

Jonathan Zittrain et al. (Feb 2018), “‘Don’t Panic’ Meets the Internet of Things: Recommendations for a Responsible Future,” Berklett Cybersecurity Project, Berkman Center for Internet and Society at Harvard University, неопубликованный черновик.

185

Bruce Schneier (9 Feb 2017), “Security and privacy guidelines for the Internet of Things,” Schneier on Security, https://www.schneier.com/blog/archives/2017/02/security_and_pr.html.

186

Latanya Sweeney, “Research accomplishments of Latanya Sweeney, Ph.D.: Policy and law: Identifiability of de-identified data,” http://latanyasweeney.org/work/identifiability.html.

187

В это верят далеко не все. См: Debra Littlejohn Shinder (27 Jul 2016), “From mainframe to cloud: It’s technology déjà vu all over again,” TechTalk, https://techtalk.gfi.com/from-mainframe-to-cloud-its-technology-deja-vu-all-over-again.

188

Erica Kochi et al. (12 Mar 2018), “How to prevent discriminatory outcomes in machine learning,” Global Future Council on Human Rights 2016–2018, World Economic Forum, http://www3.weforum.org/docs/WEF_40065_White_Paper_How_to_Prevent_Discriminatory_Outcomes_in_Machine_Learning.pdf.

189

Will Knight (11 Apr 2017), “The dark secret at the heart of AI,” MIT Technology Review, https://www.technologyreview.com/s/604087/the-dark-secret-at-the-heart-of-ai.

190

Larry Hardesty (27 Oct 2016), “Making computers explain themselves,” MIT News, http://news.mit.edu/2016/making-computers-explain-themselves-machine-learning-1028. Sara Castellanos and Steven Norton (10 Aug 2017), “Inside DARPA’s push to make artificial intelligence explain itself,” The Wall Street Journal, https://blogs.wsj.com/cio/2017/08/10/inside-darpas-push-to-make-artificial-intelligence-explain-itself. Matthew Hutson (31 May 2017), “Q&A: Should artificial intelligence be legally required to explain itself?” Science, http://www.sciencemag.org/news/2017/05/qa-should-artificial-intelligence-be-legally-required-explain-itself.

191

Bryce Goodman and Seth Flaxman (28 Jun 2016), “European Union regulations on algorithmic decision-making and a ‘right to explanation,’” 2016 ICML Workshop on Human Interpretability in Machine Learning, https://arxiv.org/abs/1606.08813. Sandra Wachter, Brent Mittelstadt, and Luciano Floridi (24 Jan 2017), “Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation,” International Data Privacy Law 2017, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2903469.

192

Will Knight (11 Apr 2017), “The dark secret at the heart of AI,” MIT Technology Review, https://www.technologyreview.com/s/604087/the-dark-secret-at-the-heart-of-ai.

193

Cliff Kuang (21 Nov 2017), “Can A.I. be taught to explain itself?” The New York Times Magazine, https://www.nytimes.com/2017/11/21/magazine/can-ai-be-taught-to-explain-itself.html.

194

Nicholas Diakopoulos et al. (17 Nov 2016), “Principles for accountable algorithms and a social impact statement for algorithms,” Fairness, Accountability, and Transparency in Machine Learning,https://www.fatml.org/resources/principles-for-accountable-algorithms.

195

Tad Hirsch (9 Sep 2017), “Designing contestability: Interaction design, machine learning, and mental health,” 2017 Conference on Designing Interactive Systems, https://dl.acm.org/citation.cfm?doid=3064663.3064703.

196

Philip Adler et al. (23 Feb 2016), “Auditing black-box models for indirect influence,” 2016 IEEE 16th International Conference on Data Mining (ICDM),http://ieeexplore.ieee.org/document/7837824.

197

Julia Angwin et al. (23 May 2016), “Machine bias,” ProPublica,https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing.

198

Melissa E. Hathaway and John E. Savage (9 Mar 2012), “Stewardship of cyberspace: Duties for internet service providers,” CyberDialogue 2012, University of Toronto.

199

Там же.

200

Linda Rosencrance (10 Jun 2008), “3 top ISPs to block access to sources of child porn,” Computerworld, https://www.computerworld.com/article/2535175/networking/3-top-isps-to-block-access-to-sources-of-child-porn.html.

201

Eliot Lear, Ralph Droms, and Dan Romascanu (24 Oct 2017), “Manufacturer Usage Description specification,” Internet Engineering Task Force, https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud. Max Pritikin et al. (30 Oct 2017), “Bootstrapping remote secure key infrastructures (BRSKI),” Internet Engineering Task Force, https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra.

202

Melissa E. Hathaway and John E. Savage (9 Mar 2012), “Stewardship of cyberspace: Duties for internet service providers,” CyberDialogue 2012, University of Toronto.

203

Bruce Schneier (9 Apr 2014), “Heartbleed,” Schneier on Security, https://www.schneier.com/blog/archives/2014/04/heartbleed.html.

204

Paul Mutton (8 Apr 2014), “Half a million widely trusted websites vulnerable to Heartbleed bug,” Netcraft, https://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html.

205

Ben Grubb (11 Apr 2014), “Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately,” The Sydney Morning Herald, http://www.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-flaw-denies-he-inserted-it-deliberately-20140410-zqta1.html. Alex Hern (11 Apr 2014), “Heartbleed: Developer who introduced the error regrets ‘oversight,’” The Guardian, https://www.theguardian.com/technology/2014/apr/11/heartbleed-developer-error-regrets-oversight.

206

Steven J. Vaughan-Nichols (28 Apr 2014), “Cash, the Core Infrastructure Initiative, and open source projects,” ZDNet, http://www.zdnet.com/article/cash-the-core-infrastructure-initiative-and-open-source-projects.

207

Alex McKenzie (5 Dec 2009), “Early sketch of ARPANET’s first four nodes,” Scientific American, https://www.scientificamerican.com/gallery/early-sketch-of-arpanets-first-four-nodes.

208

Dan Goodin (10 Dec 2014), “Hack said to cause fiery pipeline blast could rewrite history of cyberwar,” Ars Technica,https://arstechnica.com/information-technology/2014/12/hack-said-to-cause-fiery-pipeline-blast-could-rewrite-history-of-cyberwar.

209

Simon Romero (9 Sep 2013), “N.S.A. spied on Brazilian oil company, report says,” The New York Times, http://www.nytimes.com/2013/09/09/world/americas/nsa-spied-on-brazilian-oil-company-report-says.html.

210

211

Office of Homeland Security (15 Jul 2002), “National strategy for homeland security,” https://www.hsdl.org/?view&did=856. George W. Bush (5 Feb 2003), “The national strategy for the physical protection of critical infrastructures and key assets,” Office of the President of the United States, https://www.hsdl.org/?abstract&did=1041. Homeland Security Council (5 Oct 2007), “National strategy for homeland security,” https://www.dhs.gov/xlibrary/assets/nat_strat_homelandsecurity_2007.pdf. George W. Bush (28 Feb 2003), “Directive on management of domestic incidents,” Office of the Federal Register, https://www.hsdl.org/?view&did=439105. George W. Bush (17 Dec 2003), “Directive on national preparedness,” Office of the Federal Register, https://www.hsdl.org/?view&did=441951.

212

Barack Obama (12 Feb 2013), “Directive on critical infrastructure security and resilience,” White House Office, https://www.hsdl.org/?view&did=731087.

213

Donald J. Trump (Dec 2017), “National security strategy of the United States of America,” https://www.whitehouse.gov/wp-content/uploads/2017/12/NSS-Final-12-18-2017-0905.pdf.

214

Office of Homeland Security (15 Jul 2002), “National strategy for homeland security,” https://www.hsdl.org/?view&did=856.

215

Jerome H. Saltzer, David P. Reed, and David D. Clark (1 Nov 1984), “End-to-end arguments in system design,” ACM Transactions on Computer Systems 2, no. 4, http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf.

216

Tim Wu (6 Dec 2017), “How the FCC’s net neutrality plan breaks with 50 years of history,” Wired, https://www.wired.com/story/how-the-fccs-net-neutrality-plan-breaks-with-50-years-of-history.

217

ISO 27001 is a good example. International Organization for Standardization (дата обращения 5 ноября 2024), “ISO/IEC 27000 family: Information security management systems,” http://www.iso.org/iso/home/standards/management-standards/iso27001.htm.

218

Cary Coglianese (2016), “Performance-based regulation: Concepts and challenges,” in Francesca Bignami and David Zaring, eds., Comparative Law and Regulation: Understanding the Global Regulatory Process, Edward Elgar Publishing, http://onlinepubs.trb.org/onlinepubs/PBRLit/Coglianese3.pdf.

219

Michael Rapaport and Theo Francis (26 Sep 2017), “Equifax says departing CEO won’t get $5.2 million in severance pay,” The Wall Street Journal, https://www.wsj.com/articles/equifax-says-departing-ceo-wont-get-5-2-million-in-severance-pay-1506449778.

220

Catalin Cimpanu (11 Nov 2017), “Hack cost Equifax only $87.5 million–for now,” Bleeping Computer, https://www.bleepingcomputer.com/news/business/hack-cost-equifax-only-87-5-million-for-now.

221

Nathan Bomey (14 Jul 2016), “BP’s Deepwater Horizon costs total $62B,” USA Today, https://www.usatoday.com/story/money/2016/07/14/bp-deepwater-horizon-costs/87087056.

222

Bruce Schneier (Jul/Aug 2008), “How the human brain buys security,” IEEE Security & Privacy, https://www.schneier.com/essays/archives/2008/07/how_the_human_brain.html.

223

224

Jamie Condliffe (15 Dec 2016), “A history of Yahoo hacks,” MIT Technology Review, https://www.technologyreview.com/s/603157/a-history-of-yahoo-hacks.

225

Andy Greenberg (21 Nov 2017), “Hack brief: Uber paid off hackers to hide a 57-million user data breach,” Wired, https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach.

226

Russell Lange and Eric W. Burger (27 Dec 2017), “Long-term market implications of data breaches, not,” Journal of Information Privacy and Security, http://www.tandfonline.com/doi/full/10.1080/15536548.2017.1394070.

227

John Michael Greer (2011), The Wealth of Nature: Economics as if Survival Mattered, New Society Publishers, https://books.google.com/books?id=h3-eVcJImqMC.

228

Flynn McRoberts et al. (1 Sep 2002), “The fall of Andersen,” Chicago Tribune, http://www.chicagotribune.com/news/chi-0209010315sep01-story.html.

229

Megan Gross (3 Mar 2016), “Volkswagen details what top management knew leading up to emissions revelations,” Ars Technica, http://arstechnica.com/cars/2016/03/volkswagen-says-ceo-was-in-fact-briefed-about-emissions-issues-in-2014. Danielle Ivory and Keith Bradsher (8 Oct 2015), “Regulators investigating 2nd VW computer program on emissions,” The New York Times,http://www.nytimes.com/2015/10/09/business/international/vw-diesel-emissions-scandal-congressional-hearing.html. Guilbert Gates et al. (8 Oct 2015; revised 28 Apr 2016), “Explaining Volkswagen’s emissions scandal,” The New York Times, http://www.nytimes.com/interactive/2015/business/international/vw-diesel-emissions-scandal-explained.html.

230

Jan Schwartz and Victoria Bryan (29 Sep 2017), “VW’s Dieselgate bill hits $30 bln after another charge,” Reuters, https://www.reuters.com/article/legal-uk-volkswagen-emissions/vws-dieselgate-bill-hits-30-bln-after-another-charge-idUSKCN1C4271.

231

Bill Vlasic (6 Dec 2017), “Volkswagen official gets 7-year term in diesel-emissions cheating,” The New York Times, https://www.nytimes.com/2017/12/06/business/oliver-schmidt-volkswagen.html.

232

Joseph B. Crace Jr. (3 Apr 2017), “When does data breach liability extend to the boardroom?” Law 360, https://www.law360.com/articles/907786.

233

Matt Burgess (1 Feb 2017), “TalkTalk’s chief executive Dido Harding has resigned,” Wired, https://www.wired.co.uk/article/talktalk-dido-harding-resign-quit.

234

Charles Cresson Wood (4 Dec 2016), “Solving the information security & privacy crisis by expanding the scope of top management personal liability,” Journal of Legislation 43, no. 1, http://scholarship.law.nd.edu/jleg/vol43/iss1/5.

235

Earlence Fernandes, Jaeyeon Jung, and Atul Prakash (18 Aug 2016), “Security analysis of emerging smart home applications,” 2016 IEEE Symposium on Security and Privacy, http://ieeexplore.ieee.org/document/7546527.

236

Jonathan A. Obar and Anne Oeldorf-Hirsch (24 Aug 2016), “The biggest lie on the Internet: Ignoring the privacy policies and terms of service policies of social networking services,” 44th Research Conference on Communication, Information and Internet Policy 2016 (TPRC 44), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2757465.

237

Jessica Silver-Greenberg and Robert Gebeloff (31 Oct 2015), “Arbitration everywhere, stacking the deck of justice,” The New York Times, https://www.nytimes.com/2015/11/01/business/dealbook/arbitration-everywhere-stacking-the-deck-of-justice.html.

238

Jane Chong (30 Oct 2013), “We need strict laws if we want more secure software,” The New Republic, https://newrepublic.com/article/115402/sad-state-software-liability-law-bad-code-part-4.

239

Brenda R. Sharton and David S. Kantrowitz (22 Sep 2017), “Equifax and why it’s so hard to sue a company for losing your personal information,” Harvard Business Review, https://hbr.org/2017/09/equifax-and-why-its-so-hard-to-sue-a-company-for-losing-your-personal-information.

240

Janis Kestenbaum, Rebecca Engrav, and Erin Earl (6 Oct 2017), “4 takeaways from FTC v. D-Link Systems,” Law 360, https://www.law360.com/cybersecurity-privacy/articles/971473.

241

Federal Trade Commission (29 Jul 2016), “In the matter of LabMD, Inc., a corporation: Opinion of the commission,” Docket No. 9357, https://www.ftc.gov/system/files/documents/cases/160729labmd-opinion.pdf.

242

Craig A. Newman (18 Dec 2017), “LabMD appeal has privacy world waiting,” Lexology, https://www.lexology.com/library/detail.aspx?g=129a4ea7-cc38-4976-94af-3f09e8e280d0.

243

Andy Greenberg (15 May 2013), “Hotel lock hack still being used in burglaries months after lock firm’s fix,” Forbes, https://www.forbes.com/sites/andygreenberg/2013/05/15/hotel-lock-hack-still-being-used-in-burglaries-months-after-lock-firms-fix.

244

Roger J. Traynor (5 Jul 1944), Escola v. Coca Cola Bottling Co. of Fresno, S.F. 16951, Supreme Court of California, https://repository.uchastings.edu/cgi/viewcontent.cgi?article=1150&context=traynor_opinions.

245

United States Code (2011), “18 U.S. Code § 2520–Recovery of civil damages authorized,” in United States Code, 2006 edition, Supp. 5, Title 18–Crimes and Criminal Procedure, https://www.gpo.gov/fdsys/search/pagedetails.action?packageId=USCODE-2011-title18&granuleId=USCODE-2011-title18-partI-chap119-sec2520.

246

US Copyright Office (Oct 2009; дата обращения 5 ноября 2024), “504. Remedies for infringement: Damages and profits,” in Copyright Law of the United States (Title 17), Chapter 5: “Copyright Notice, Deposit, and Registration,” https://www.copyright.gov/title17/92chap5.html.

247

Donna L. Burden and Hilarie L. Henry (1 Aug 2015), “Security software vendors battle against impending strict products liability,” Product Liability Committee Newsletter, International Association of Defense Counsel, http://www.iadclaw.org/securedocument.aspx?file=1/19/Product_Liability_August_2015.pdf.

248

Adam Janofsky (17 Sep 2017), “Insurance grows for cyberattacks,” The Wall Street Journal, https://www.wsj.com/articles/insurance-grows-for-cyberattacks-1505700360.

249

Paul Christiano (17 Feb 2018), “Liability insurance,” Sideways View, https://sideways-view.com/2018/02/17/liability-insurance.

250

US House of Representatives (22 Mar 2016), “The role of cyber insurance in risk management,” Hearing before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, https://www.gpo.gov/fdsys/pkg/CHRG-114hhrg22625/html/CHRG-114hhrg22625.htm.

251

Adam Janofsky (17 Sep 2017), “Cyberinsurers look to measure risk,” The Wall Street Journal, https://www.wsj.com/articles/cyberinsurers-look-to-measure-risk-1505700301.

252

Craig Silverman (24 Jul 2015), “7 creepy baby monitor stories that will terrify all parents,” BuzzFeed, https://www.buzzfeed.com/craigsilverman/creeps-hack-baby-monitors-and-say-terrifying-thing.

253

Carl Franzen (4 Aug 2017), “How to find a hack-proof baby monitor,” Lifehacker, https://offspring.lifehacker.com/how-to-find-a-hack-proof-baby-monitor-1797534985.

254

Amazon.com (дата обращения 5 ноября 2024), “VTech DM111 audio baby monitor with up to 1,000 ft of range, 5-level sound indicator, digitized transmission & belt clip,” https://www.amazon.com/VTech-DM111-Indicator-Digitized-Transmission/dp/B00JEV5UI8/ref=pd_lpo_vtph_75_bs_lp_t_1.

255

George A. Akerlof (1 Aug 1970), “The market for ‘lemons’: Quality uncertainty and the market mechanism,” The Quarterly Journal of Economics 84, no. 3, https://academic.oup.com/qje/article-abstract/84/3/488/1896241.

256

Bruce Schneier (19 Apr 2007), “How security companies sucker us with lemons,” Wired, https://www.wired.com/2007/04/securitymatters-0419.

257

Aleecia M. McDonald and Lorrie Faith Cranor (1 Oct 2008), “The cost of reading privacy policies,” I/S: A Journal of Law and Policy for the Information Society, 2008 Privacy Year in Review issue, http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf.

258

Samsung (дата обращения 5 ноября 2024), “Samsung local privacy policy–SmartTV supplement,” http://www.samsung.com/hk_en/info/privacy/smarttv.

259

Samuel Gibbs (24 Jul 2017), “Smart fridges and TVs should carry security rating, police chief says,” The Guardian, https://www.theguardian.com/technology/2017/jul/24/smart-tvs-fridges-should-carry-security-rating-police-chief-says.

260

Catherine Stupp (5 Oct 2016), “Commission plans cybersecurity rules for internet-connected machines,” Euractiv, http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines. John E. Dunn (11 Oct 2016), “The EU’s latest idea to secure the Internet of Things? Sticky labels,” Naked Security, https://nakedsecurity.sophos.com/2016/10/11/the-eus-latest-idea-to-secure-the-internet-of-things-sticky-labels.

261

US Congress (1 Aug 2017), “S.1691–Internet of Things (IoT) Cybersecurity Improvement Act of 2017,” https://www.congress.gov/bill/115th-congress/senate-bill/1691/actions. Morgan Chalfant (27 Oct 2017), “Dems push for program to secure internet-connected devices,” The Hill, http://thehill.com/policy/cybersecurity/357509-dems-push-for-program-to-secure-internet-connected-devices.

262

Nate Cardozo et al. (Jul 2017), “Who Has Your Back? 2017,” Electronic Frontier Foundation, https://www.eff.org/files/2017/07/08/whohasyourback_2017.pdf.

263

Rebecca MacKinnon et al. (March 2017), “2017 corporate accountability index,” Ranking Digital Rights, https://rankingdigitalrights.org/index2017/assets/static/download/RDRindex2017report.pdf.

264

Kim Zetter (29 Jul 2016), “A famed hacker is grading thousands of programs–and may revolutionize software in the process,” Intercept, https://theintercept.com/2016/07/29/a-famed-hacker-is-grading-thousands-of-programs-and-may-revolutionize-software-in-the-process.

265

Foley & Lardner LLP (17 Jan 2018), “State data breach notification laws,” https://www.foley.com/state-data-breach-notification-laws.

266

Selena Larson (1 Dec 2017), “Senators introduce data breach disclosure bill,” CNN, http://money.cnn.com/2017/12/01/technology/bill-data-breach-laws/index.html.

267

268

Bruce Schneier (Sep/Oct 2013), “Security design: Stop trying to fix the user,” IEEE Security & Privacy, https://www.schneier.com/blog/archives/2016/10/security_design.html.

269

International Organization for Standardization (дата обращения 5 ноября 2024), “ISO/IEC 27000 family: Information security management systems,” http://www.iso.org/iso/home/standards/management-standards/iso27001.htm.

270

Julie Peeler and Angela Messer (17 Apr 2015), “(ISC)² study: Workforce shortfall due to hiring difficulties despite rising salaries, increased budgets and high job satisfaction rate,” (ISC)² Blog,http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html. Jeff Kauflin (16 Mar 2017), “The fast-growing job with a huge skills gap: Cyber security,” Forbes, https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security. ISACA (Jan 2016), “2016 cybersecurity skills gap,” https://image-store.slidesharecdn.com/be4eaf1a-eea6-4b97-b36e-b62dfc8dcbae-original.jpeg. Steve Morgan (2017), “Cybersecurity jobs report: 2017 edition,” Herjavec Group, https://www.herjavecgroup.com/wp-content/uploads/2017/06/HG-and-CV-The-Cybersecurity-Jobs-Report-2017.pdf.

271

Mark Goodman (21 Jan 2015), “We need a Manhattan project for cyber security,” Wired, https://www.wired.com/2015/01/we-need-a-manhattan-project-for-cyber-security.

272

Faye Bowers (29 Oct 1997), “Building a 747: 43 days and 3 million fasteners,” The Christian Science Monitor, https://www.csmonitor.com/1997/1029/102997.us.us.2.html.

273

Katie Hafner (2 Oct 2006), “And if you liked the movie, a Netflix contest may reward you handsomely,” The New York Times, http://www.nytimes.com/2006/10/02/technology/02netflix.html.

274

Arvind Narayanan and Vitaly Shmatikov (18 May 2008), “Robust de-anonymization of large sparse datasets,” 2008 IEEE Symposium on Security and Privacy (SP ’08), https://dl.acm.org/citation.cfm?id=1398064.

275

Paul Ohm (13 Aug 2009), “Broken promises of privacy: Responding to the surprising failure of anonymization,” UCLA Law Review 57, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006.

276

Ryan Singel (12 Mar 2010), “Netflix cancels recommendation contest after privacy lawsuit,” Wired, https://www.wired.com/2010/03/netflix-cancels-contest.

277

Melissa E. Hathaway and John N. Stewart (25 Jul 2014), “Taking control of our cyber future,” Georgetown Journal of International Affairs.

278

Eireann Leverett, Richard Clayton, and Ross Anderson (6 Jun 2017), “Standardization and certification of the ‘Internet of Things,’” Institute for Consumer Policy, https://www.conpolicy.de/en/news-detail/standardization-and-certification-of-the-internet-of-things.

279

Jedidiah Bracy (7 Apr 2016), “McSweeny, Soltani, and regulating the IoT,” International Association of Privacy Professionals, https://iapp.org/news/a/mcsweeney-soltani-and-regulating-the-iot.

280

Ryan Calo (15 Sep 2014), “The case for a federal robotics commission,” Brookings Institution, https://www.brookings.edu/research/the-case-for-a-federal-robotics-commission.

281

Matthew U. Scherer (Spring 2016), “Regulating artificial intelligence systems: Risks, challenges, competencies, and strategies,” Harvard Journal of Law & Technology 29, no. 2, http://jolt.law.harvard.edu/articles/pdf/v29/29HarvJLTech353.pdf.

282

. https://www.gov.il/en/departments/israel_national_cyber_directorate/govil-landing-page.

283

National Cyber Security Centre (9 Jun 2017; дата обращения 5 ноября 2024), “About the NCSC,” https://www.ncsc.gov.uk/information/about-ncsc.

284

Andrew Odlyzko (1 Mar 2009), “Network neutrality, search neutrality, and the never-ending conflict between efficiency and fairness in markets,” Review of Network Economics 8, no. 1, https://www.degruyter.com/view/j/rne.2009.8.issue-1/rne.2009.8.1.1169/rne.2009.8.1.1169.xml.

285

Food and Drug Administration (дата обращения 5 ноября 2024), “The FDA’s role in medical device cybersecurity,” https://www.fda.gov/downloads/MedicalDevices/DigitalHealth/UCM544684.pdf.

286

Charles Ornstein (17 Nov 2015), “Federal privacy law lags far behind personal-health technologies,” The Washington Post, https://www.washingtonpost.com/news/to-your-health/wp/2015/11/17/federal-privacy-law-lags-far-behind-personal-health-technologies.

287

Russell Brandom (25 Nov 2013), “Body blow: How 23andMe brought down the FDA’s wrath,” The Verge, https://www.theverge.com/2013/11/25/5144928/how-23andme-brought-down-fda-wrath-personal-genetics-wojcicki. Gina Kolata (6 Apr 2017), “F.D.A. will allow 23andMe to sell genetic tests for disease risk to consumers,” The New York Times, https://www.nytimes.com/2017/04/06/health/fda-genetic-tests-23andme.html.

288

Electronic Privacy Information Center (24 Aug 2015), “FTC v. Wyndham,” https://epic.org/amicus/ftc/wyndham.

289

Federal Trade Commission (9 Dec 2015), “Wyndham settles FTC charges it unfairly placed consumers’ payment card information at risk,” https://www.ftc.gov/news-events/press-releases/2015/12/wyndham-settles-ftc-charges-it-unfairly-placed-consumers-payment.

290

Josh Constine (27 Jun 2017), “Facebook[96] now has 2 billion monthly users… and responsibility,” TechCrunch, https://techcrunch.com/2017/06/27/facebook-2-billion-users.

291

Eric R. Hinz (1 Nov 2012), “A distinctionless distinction: Why the RCS/ECS distinction in the Stored Communications Act does not work,” Notre Dame Law Review 88, no. 1, https://scholarship.law.nd.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=1115&context=ndlr.

292

David Kravets (21 Oct 2011), “Aging ‘privacy’ law leaves cloud email open to cops,” Wired, https://www.wired.com/2011/10/ecpa-turns-twenty-five.

293

Olivia Solon and Sabrina Siddiqui (3 Sep 2017), “Forget Wall Street: Silicon Valley is the new political power in Washington,” The Guardian, https://www.theguardian.com/technology/2017/sep/03/silicon-valley-politics-lobbying-washington.

294

Jonathan Taplin (30 Jul 2017), “Why is Google spending record sums on lobbying Washington?” The Guardian, https://www.theguardian.com/technology/2017/jul/30/google-silicon-valley-corporate-lobbying-washington-dc-politics.

295

Food and Drug Administration, Center for Devices and Radiological Health (29 Jul 2016), “General wellness: Policy for low risk devices, guidance for industry and Food and Drug Administration staff,” Federal Register, https://www.federalregister.gov/documents/2016/07/29/2016-17902/general-wellness-policy-for-low-risk-devices-guidance-for-industry-and-food-and-drug-administration.

296

Brian Fung (29 Mar 2017), “What to expect now that Internet providers can collect and sell your Web browser history,” The Washington Post, https://www.washingtonpost.com/news/the-switch/wp/2017/03/29/what-to-expect-now-that-internet-providers-can-collect-and-sell-your-web-browser-history.

297

Yochai Benkler and Julie Cohen (17 Nov 2017), “Networks 2” (conference session), After the Digital Tornado Conference, Wharton School, University of Pennsylvania, http://digitaltornado.net. Supernova Group (19 Nov 2017), “After the Tornado 05: Networks 2,” YouTube, https://www.youtube.com/watch?v=pCGZ8tIrrIU.

298

Brian Krebs (2 Jul 2017), “Is it time to can the CAN-SPAM Act?” Krebs on Security, https://krebsonsecurity.com/2017/07/is-it-time-to-can-the-can-spam-act.

299

Mitchell J. Katz (13 Jan 2017), “FTC announces crackdown on two massive illegal robocall operations,” Federal Trade Commission, https://www.ftc.gov/news-events/press-releases/2017/01/ftc-announces-crackdown-two-massive-illegal-robocall-operations. Mike Snider (22 Jun 2017), “FCC hits robocaller with agency’s largest-ever fine of $120 million,” USA Today, https://www.usatoday.com/story/tech/news/2017/06/22/fcc-hits-robocaller-agencys-largest-ever-fine-120-million/103102546.

300

Mitchell J. Katz (6 Jun 2017), “FTC and DOJ case results in historic decision awarding $280 million in civil penalties against Dish Network and strong injunctive relief for Do Not Call violations,” Federal Trade Commission, https://www.ftc.gov/news-events/press-releases/2017/06/ftc-doj-case-results-historic-decision-awarding-280-million-civil.

301

Mitchell J. Katz (11 Mar 2015), “FTC charges DIRECTV with deceptively advertising the cost of its satellite television service,” Federal Trade Commission, https://www.ftc.gov/news-events/press-releases/2015/03/ftc-charges-directv-deceptively-advertising-cost-its-satellite.

302

Cecilia Kang (8 Jan 2018), “Toymaker VTech settles charges of violating child privacy law,” The New York Times, https://www.nytimes.com/2018/01/08/business/vtech-child-privacy.html.

303

Juliana Gruenwald Henderson (6 Feb 2017), “VIZIO to pay $2.2 million to FTC, state of New Jersey to settle charges it collected viewing histories on 11 million smart televisions without users’ consent,” Federal Trade Commission, https://www.ftc.gov/news-events/press-releases/2017/02/vizio-pay-22-million-ftc-state-new-jersey-settle-charges-it.

304

Adam Thierer (11 Mar 2012), “Avoiding a precautionary principle for the Internet,” Forbes, https://www.forbes.com/sites/adamthierer/2012/03/11/avoiding-a-precautionary-principle-for-the-internet. Andy Stirling (8 Jul 2013), “Why the precautionary principle matters,” The Guardian, https://www.theguardian.com/science/political-science/2013/jul/08/precautionary-principle-science-policy.

305

Micah Singleton (26 Mar 2018), “Europol arrests suspects in bank heists that stole $1.2 billion using malware,” The Verge, https://www.theverge.com/2018/3/26/17165300/europol-arrest-suspect-bank-heists-1-2-billion-cryptocurrency-malware.

306

Noah Rayman (7 Aug 2014), “The world’s top 5 cybercrime hotspots,” Time, http://time.com/3087768/the-worlds-5-cybercrime-hotspots.

307

Christine Kim (27 Jul 2017), “North Korea hacking increasingly focused on making money more than espionage: South Korea study,” Reuters, https://www.reuters.com/article/us-northkorea-cybercrime/north-korea-hacking-increasingly-focused-on-making-money-more-than-espionage-south-korea-study-idUSKBN1AD0BO.

308

Council of Europe (дата обращения 5 ноября 2024), “Details of Treaty No. 185: Convention on Cybercrime,” https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185.

309

Joseph S. Nye (forthcoming), “Normative restraints on cyber conflict,” Cyber Security.

310

Ariel Rabkin (3 Mar 2015), “Cyber-arms cannot be controlled by treaties,” American Enterprise Institute, https://www.aei.org/publication/cyber-arms-cannot-be-controlled-by-treaties.

311

Matt Thomlinson (31 Jan 2014), “Microsoft announces Brussels Transparency Center at Munich Security Conference,” Microsoft on the Issues, https://blogs.microsoft.com/on-the-issues/2014/01/31/microsoft-announces-brussels-transparency-center-at-munich-security-conference.

312

Brad Smith (14 Feb 2017), “The need for a Digital Geneva Convention,” Microsoft on the Issues, https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention.

313

Kent Walker (31 Oct 2017), “Digital security and due process: Modernizing cross-border government access standards for the cloud era,” Google, https://blog.google/documents/2/CrossBorderLawEnforcementRequestsWhitePaper_2.pdf.

314

John Ferris (1 Mar 2010), “Signals intelligence in war and power politics, 1914–2010,” in The Oxford Handbook of National Security Intelligence, Oxford, http://www.oxfordhandbooks.com/view/10.1093/oxfordhb/9780195375886.001.0001/oxfordhb-9780195375886-e-0010.

315

Dan Patterson (9 Jan 2017), “Gallery: The top zero day Dark Web markets,” TechRepublic, https://www.techrepublic.com/pictures/gallery-the-top-zero-day-dark-web-markets.

316

Andy Greenberg (21 Mar 2012), “Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees),” Forbes, http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees.

317

Joseph Cox and Lorenzo Franceschi-Bicchierai (7 Feb 2018), “How a tiny startup became the most important hacking shop you’ve never heard of,” Vice Motherboard, https://motherboard.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-security.

318

Adam Segal (19 Sep 2016), “Using incentives to shape the zero-day market,” Council on Foreign Relations, https://www.cfr.org/report/using-incentives-shape-zero-day-market.

319

Tor Project (last updated 20 Sep 2017), “Policy [re Tor bug bounties],” HackerOne, Inc., https://hackerone.com/torproject.

320

Zerodium (13 Sep 2017; expired 1 Dec 2017), “Tor browser zero-day exploits bounty (expired),” https://zerodium.com/tor.html.

321

Cory Doctorow (11 Mar 2014), “If GCHQ wants to improve national security it must fix our technology,” The Guardian, http://www.theguardian.com/technology/2014/mar/11/gchq-national-security-technology.

322

Bruce Schneier (20 Feb 2014), “It’s time to break up the NSA,” CNN, http://edition.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/index.html.

323

Dan Geer (3 Apr 2013), “Three policies,” http://geer.tinho.net/three.policies.2013Apr03Wed.PDF.

324

Brad Smith (14 May 2017), “The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack,” Microsoft on the Issues, https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack.

325

Heather West (7 Mar 2017), “Mozilla statement on CIA/WikiLeaks,” Open Policy & Advocacy, https://blog.mozilla.org/netpolicy/2017/03/07/mozilla-statement-on-cia-wikileaks. Jochai Ben-Avie (3 Oct 2017), “Vulnerability disclosure should be part of new EU cybersecurity strategy,” Open Policy & Advocacy, https://blog.mozilla.org/netpolicy/2017/10/03/vulnerability-disclosure-should-be-in-new-eu-cybersecurity-strategy.

326

Richard A. Clarke et al. (12 Dec 2013), “Liberty and security in a changing world,” President’s Review Group on Intelligence and Communications Technologies, https://obamawhitehouse.archives.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.

327

David E. Sanger (28 Apr 2014), “White House details thinking on cybersecurity flaws,” The New York Times, http://www.nytimes.com/2014/04/29/us/white-house-details-thinking-on-cybersecurity-gaps.html.

328

Rick Ledgett (7 Aug 2017), “No, the U.S. government should not disclose all vulnerabilities in its possession,” Lawfare, https://www.lawfareblog.com/no-us-government-should-not-disclose-all-vulnerabilities-its-possession.

329

Andrea Peterson (4 Oct 2013), “Why everyone is left less secure when the NSA doesn’t help fix security flaws,” The Washington Post, https://www.washingtonpost.com/news/the-switch/wp/2013/10/04/why-everyone-is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws.

330

Lily Hay Newman (16 Jun 2017), “Why governments won’t let go of secret software bugs,” Wired, https://www.wired.com/2017/05/governments-wont-let-go-secret-software-bugs.

331

Andrew Crocker (19 Jan 2016), “EFF pries more information on zero days from the government’s grasp,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2016/01/eff-pries-more-transparency-zero-days-governments-grasp.

332

Rob Joyce (15 Nov 2017), “Improving and making the vulnerability equities process transparent is the right thing to do,” Wayback Machine, https://web.archive.org/web/20171115151504/https://www.whitehouse.gov/blog/2017/11/15/improving-and-making-vulnerability-equities-process-transparent-right-thing-do.

333

Ellen Nakashima and Craig Timberg (16 May 2017), “NSA officials worried about the day its potent hacking tool would get loose. Then it did,” The Washington Post, https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html.

334

Dan Goodin (17 May 2017), “Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft,” Ars Technica, https://arstechnica.com/information-technology/2017/05/fearing-shadow-brokers-leak-nsa-reported-critical-flaw-to-microsoft.

335

336

Trey Herr, Bruce Schneier, and Christopher Morris (7 Mar 2017), “Taking stock: Estimating vulnerability recovery,” Belfer Cyber Security Project White Paper Series, Harvard Kennedy School Belfer Center for Science and International Affairs, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758. Lillian Ablon and Timothy Bogart (9 Mar 2017), “Zero days, thousands of nights: The life and times of zero-day vulnerabilities and their exploits,” RAND Corporation, https://www.rand.org/pubs/research_reports/RR1751.html.

337

Scott Shane, Matthew Rosenberg, and Andrew W. Lehren (7 Mar 2017), “WikiLeaks releases trove of alleged C.I.A. hacking documents,” The New York Times, https://www.nytimes.com/2017/03/07/world/europe/wikileaks-cia-hacking.html. Scott Shane, Nicole Perlroth, and David E. Sanger (12 Nov 2017), “Security breach and spilled secrets have shaken the N.S.A. to its core,” The New York Times, https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html.

338

Bruce Schneier (28 Jul 2017), “Zero-day vulnerabilities against Windows in the NSA tools released by the Shadow Brokers,” Schneier on Security, https://www.schneier.com/blog/archives/2017/07/zero-day_vulner.html.

339

Dan Goodin (16 Apr 2017), “Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers,” Ars Technica, https://arstechnica.co.uk/information-technology/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch.

340

Bruce Schneier (19 May 2014), “Should U.S. hackers fix cybersecurity holes or exploit them?” Atlantic, https://www.schneier.com/essays/archives/2014/05/should_us_hackers_fi.html. Ari Schwartz and Rob Knake (1 Jun 2016), “Government’s role in vulnerability disclosure: Creating a permanent and accountable vulnerability equities process,” Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/publication/governments-role-vulnerability-disclosure-creating-permanent-and-accountable.

341

Oren J. Falkowitz (10 Jan 2017), “U.S. cyber policy makes Americans vulnerable to our own government,” Time, http://time.com/4625798/donald-trump-cyber-policy.

342

Niels Ferguson and Bruce Schneier (Dec 2003), “A cryptographic evaluation of IPsec,” Counterpane Internet Security, https://www.schneier.com/academic/paperfiles/paper-ipsec.pdf.

343

Nicole Perlroth, Jeff Larson, and Scott Shane (5 Sep 2013), “Secret documents reveal N.S.A. campaign against encryption,” The New York Times, http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html. Nicole Perlroth, Jeff Larson, and Scott Shane (5 Sep 2013), “N.S.A. able to foil basic safeguards of privacy on web,” The New York Times, http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html. Julian Ball, Julian Borger, and Glenn Greenwald (6 Sep 2013), “Revealed: How US and UK spy agencies defeat internet privacy and security,” The Guardian, https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security.

344

Albert Gidari (22 Feb 2016), “More CALEA and why it trumps the FBI’s All Writs Act order,” Center for Internet and Society, Stanford Law School, http://cyberlaw.stanford.edu/blog/2016/02/more-calea-and-why-it-trumps-fbis-all-writs-act-order.

345

InfoSec Institute (8 Jan 2016), “Cellphone surveillance: The secret arsenal,” http://resources.infosecinstitute.com/cellphone-surveillance-the-secret-arsenal.

346

Kim Zetter (19 Jun 2014), “Emails show feds asking Florida cops to deceive judges,” Wired, http://www.wired.com/2014/06/feds-told-cops-to-deceive-courts-about-stingray.

347

Robert Patrick (19 Apr 2015), “Controversial secret phone tracker figured in dropped St. Louis case,” St. Louis Post-Dispatch, http://www.stltoday.com/news/local/crime-and-courts/controversial-secret-phone-tracker-figured-in-dropped-st-louis-case/article_fbb82630-aa7f-5200-b221-a7f90252b2d0.html. Cyrus Farivar (29 Apr 2015), “Robbery suspect pulls guilty plea after stingray disclosure, case dropped,” Ars Technica, http://arstechnica.com/tech-policy/2015/04/29/alleged-getaway-driver-challenges-stingray-use-robbery-case-dropped.

348

349

Kim Zetter (21 Jul 2010), “Hacker spoofs cell phone tower to intercept calls,” Wired, http://www.wired.com/2010/07/intercepting-cellphone-calls.

350

Ashkan Soltani and Craig Timberg (17 Sep 2014), “Tech firm tries to pull back curtain on surveillance efforts in Washington,” The Washington Post, http://www.washingtonpost.com/world/national-security/researchers-try-to-pull-back-curtain-on-surveillance-efforts-in-washington/2014/09/17/f8c1f590-3e81-11e4-b03f-de718edeb92f_story.html.

351

Charlie Savage et al. (4 Jun 2015), “Hunting for hackers, NSA secretly expands Internet spying at U.S. border,” The New York Times, https://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-expands-internet-spying-at-us-border.html.

352

Vassilis Prevelakis and Diomidis Spinellis (29 Jun 2007), “The Athens affair,” IEEE Spectrum, https://spectrum.ieee.org/telecom/security/the-athens-affair.

353

Tom Cross (3 Feb 2010), “Exploiting lawful intercept to wiretap the Internet,” Black Hat DC 2010, http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI–Intercept-wp.pdf.

354

Цит. по: Susan Landau (1 Mar 2016), “Testimony for House Judiciary Committee hearing on ‘The encryption tightrope: Rebalancing Americans’ security and privacy,’” https://judiciary.house.gov/wp-content/uploads/2016/02/Landau-Written-Testimony.pdf.

355

356

Harold Abelson et al. (7 Jul 2015), “Keys under doormats: Mandating insecurity by requiring government access to all data and communications,” MIT CSAIL Technical Report 2015-026, MIT Computer Science and Artificial Intelligence Laboratory, https://dspace.mit.edu/handle/1721.1/97690.

357

Ellen Nakashima (2 Feb 2016), “National Security Agency plans major reorganization,” The Washington Post, https://www.washingtonpost.com/world/national-security/national-security-agency-plans-major-reorganization/2016/02/02/2a66555e-c960-11e5-a7b2-5a2f824b02c9_story.html.

358

Nicholas Weaver makes this point well. Nicholas Weaver (10 Feb 2016), “Trust and the NSA reorganization,” Lawfare, https://www.lawfareblog.com/trust-and-nsa-reorganization.

359

Arash Khamooshi (3 Mar 2016), “Breaking down Apple’s iPhone fight with the U.S. government,” The New York Times, https://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html.

360

Thomas Fox-Brewster (26 Feb 2018), “The feds can now (probably) unlock every iPhone model in existence,” Forbes, https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite. Sean Gallagher (28 Feb 2018), “Cellebrite can unlock any iPhone (for some values of ‘any’),” Ars Technica, https://arstechnica.com/information-technology/2018/02/cellebrite-can-unlock-any-iphone-for-some-values-of-any.

361

Matt Zapotosky (28 Mar 2016), “FBI has accessed San Bernardino shooter’s phone without Apple help,” The Washington Post, https://www.washingtonpost.com/world/national-security/fbi-has-accessed-san-bernardino-shooters-phone-without-apples-help/2016/03/28/e593a0e2-f52b-11e5-9804-537defcc3cf6_story.html. David Kravets (1 Oct 2017), “FBI may keep secret the name of vendor that cracked terrorist’s iPhone,” Ars Technica, https://arstechnica.com/tech-policy/2017/10/fbi-does-not-have-to-disclose-payments-to-vendor-for-iphone-cracking-tool.

362

Jonathan Zittrain et al. (Feb 2016), “Don’t panic: Making progress on the ‘going dark’ debate,” Berkman Center for Internet and Society, Harvard University, https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf.

363

Susan Landau (2017), Listening In: Cybersecurity in an Insecure Age, Yale University Press, https://books.google.com/books?id=QZ47DwAAQBAJ.

364

Susan Landau (1 Mar 2016), “Testimony for House Judiciary Committee hearing on ‘The encryption tightrope: Rebalancing Americans’ security and privacy,’” https://judiciary.house.gov/wp-content/uploads/2016/02/Landau-Written-Testimony.pdf.

365

Steven M. Bellovin et al. (19 Aug 2014), “Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet,” Northwestern Journal of Technology and Intellectual Property 12, no. 1, https://www.ssrn.com/abstract=2312107.

366

Federal Bureau of Investigation (29 Dec 2014), “Most wanted talent: Seeking tech experts to become cyber special agents,” https://www.fbi.gov/news/stories/fbi-seeking-tech-experts-to-become-cyber-special-agents.

367

Neil Robinson and Emma Disley (10 Sep 2010), “Incentives and challenges for information sharing in the context of network and information security,” European Network and Information Security Agency, https://www.enisa.europa.eu/publications/incentives-and-barriers-to-information-sharing/at_download/fullReport.

368

Jonathan Bair et al. (forthcoming), “That was close! Reward reporting of cybersecurity ‘near misses,’” Colorado Technology Law Journal 16, no. 2, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3081216.

369

Neil Robinson (19 Jun 2012), “The case for a cyber-security safety board: A global view on risk,” RAND Blog, https://www.rand.org/blog/2012/06/the-case-for-a-cyber-security-safety-board-a-global.html.

370

Sean Michael Kerner (27 Oct 2017), “Cyber Threat Alliance adds new members to security sharing group,” eWeek, http://www.eweek.com/security/cyber-threat-alliance-adds-new-members-to-security-sharing-group.

371

Michael S. Schmidt and David E. Sanger (19 May 2014), “5 in China army face U.S. charges of cyberattacks,” The New York Times, https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html.

372

Nicole Gaouette (10 Jan 2017), “FBI’s Comey: Republicans also hacked by Russia,” CNN, http://www.cnn.com/2017/01/10/politics/comey-republicans-hacked-russia/index.html.

373

Frank Konkel (21 Jun 2017), “Lawmaker: Cyber National Guard could fill federal workforce gaps,” Nextgov, http://www.nextgov.com/cybersecurity/2017/06/lawmaker-cyber-national-guard-could-fill-federal-workforce-gaps/138851.

374

Monica M. Ruiz (9 Jan 2018), “Is Estonia’s approach to cyber defense feasible in the United States?” War on the Rocks, https://warontherocks.com/2018/01/estonias-approach-cyber-defense-feasible-united-states.

375

Martin Matishak (1 Jan 2018), “After Equifax breach, anger but no action in Congress,” Politico, https://www.politico.com/story/2018/01/01/equifax-data-breach-congress-action-319631.

376

Robert McLean (15 Sep 2017), “Elizabeth Warren’s Equifax bill would make credit freezes free,” CNN, http://money.cnn.com/2017/09/15/pf/warren-schatz-equifax/index.html.

377

Devin Coldewey (24 Oct 2017), “Congress votes to disallow consumers from suing Equifax and other companies with arbitration agreements,” TechCrunch,https://techcrunch.com/2017/10/24/congress-votes-to-disallow-consumers-from-suing-equifax-and-other-companies-with-arbitration-agreements/amp.

378

Barack Obama (9 Feb 2016), “Presidential executive order: Commission on Enhancing National Cybersecurity,” Office of the President of the United States,https://www.whitehouse.gov/the-press-office/2016/02/09/executive-order-commission-enhancing-national-cybersecurity.

379

Nick Marinos (13 Feb 2018), “Critical infrastructure protection: Additional actions are essential for assessing cybersecurity framework adoption,” GAO-18-211, US Government Accountability Office, https://www.gao.gov/assets/700/690112.pdf.

380

. Economist (8 Apr 2017), “How to manage the computer-security threat,” https://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage.

381

Christopher Jensen (26 Nov 2015), “50 years ago, Unsafe at Any Speed shook the auto world,” The New York Times, https://www.nytimes.com/2015/11/27/automobiles/50-years-ago-unsafe-at-any-speed-shook-the-auto-world.html.

382

European Union (27 Apr 2016), “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),” Official Journal of the European Union, http://eur-lex.europa.eu/eli/reg/2016/679/oj.

383

Cennydd Bowles (12 Jan 2018), “A techie’s rough guide to GDPR,” https://www.cennydd.com/writing/a-techies-rough-guide-to-gdpr.

384

Mark Scott and Laurens Cerulus (31 Jan 2018), “Europe’s new data protection rules export privacy standards worldwide,” Politico, https://www.politico.eu/article/europe-data-protection-privacy-standards-gdpr-general-protection-data-regulation.

385

Rebecca Ricks, “How PayPal shares your data,” https://rebecca-ricks.com/paypal-data.

386

387

Nick Ismail (2 May 2017), “Only 43 % of organisations are preparing for GDPR,” Information Age, http://www.information-age.com/43-organisations-preparing-gdpr-123465995. Sarah Gordon (18 Jun 2017), “Businesses failing to prepare for EU rules on data protection,” Financial Times, https://www.ft.com/content/28f4eff8-51bf-11e7-a1f2-db19572361bb.

388

Mark Scott (27 Jun 2017), “Google fined record $2.7 billion in E.U. antitrust ruling,” The New York Times, https://www.nytimes.com/2017/06/27/technology/eu-google-fine.html. Aoife White and Mark Bergen (29 Aug 2017), “Google to comply with EU search demands to avoid more fines,” Bloomberg, https://www.bloomberg.com/news/articles/2017-08-29/google-faces-tuesday-deadline-as-clock-ticks-toward-new-eu-fines.

389

Hayley Tsukayama (18 May 2017), “Facebook[97] will pay $122 million in fines to the E.U.,” The Washington Post, https://www.washingtonpost.com/news/the-switch/wp/2017/05/18/facebook-will-pay-122-million-in-fines-to-the-eu.

390

Paul Roberts (2 Nov 2017), “Hilton was fined $700K for a data breach. Under GDPR it would be $420M,” Digital Guardian, https://digitalguardian.com/blog/hilton-was-fined-700k-data-breach-under-gdpr-it-would-be-420m.

391

392

Cyrus Farivar (4 Apr 2018), “CEO says Facebook[98] will impose new privacy rules ‘everywhere,’” Ars Technica, https://arstechnica.com/tech-policy/2018/04/ceo-says-facebook-will-impose-new-eu-privacy-rules-everywhere.

393

Wire Staff (24 Aug 2017), “Right to privacy a fundamental right, says Supreme Court in unanimous verdict,” The Wire, https://thewire.in/170303/supreme-court-aadhaar-right-to-privacy.

394

Bryan Tan (9 Feb 2018), “Singapore finalises new Cybersecurity Act,” Out-Law, https://www.out-law.com/en/articles/2018/february/singapore-finalises-new-cybersecurity-act.

395

Omer Tene (22 Mar 2017), “Israel enacts landmark data security notification regulations,” Privacy Tracker, https://iapp.org/news/a/israel-enacts-landmark-data-security-notification-regulations.

396

Steve Eder (24 Sep 2016), “Donald Trump’s hotel chain to pay penalty over data breaches,” The New York Times, https://www.nytimes.com/2016/09/25/us/politics/trump-hotel-data.html.

397

Adolfo Guzman-Lopez (2 Nov 2016), “California attorney general warns tech companies about mining student data for profit,” Southern California Public Radio, https://www.scpr.org/news/2016/11/02/65908/attorney-general-warns-tech-companies-to-follow-ne.

398

Nitasha Tiku (14 Nov 2017), “State attorneys general are Google’s next headache,” Wired, https://www.wired.com/story/state-attorneys-general-are-googles-next-headache.

399

Brian Krebs (18 Mar 2018), “San Diego sues Experian over ID theft service,” Krebs on Security, https://krebsonsecurity.com/2018/03/san-diego-sues-experian-over-id-theft-service.

400

Michael Krimminger (25 Mar 2017), “New York cybersecurity regulations for financial institutions enter into effect,” Harvard Law School Forum on Corporate Governance and Financial Regulation,https://corpgov.law.harvard.edu/2017/03/25/new-york-cybersecurity-regulations-for-financial-institutions-enter-into-effect.

401

Eyragon Eidam and Jessica Mulholland (10 Apr 2017), “10 states take Internet privacy matters into their own hands,” Government Technology, http://www.govtech.com/policy/10-States-Take-Internet-Privacy-Matters-Into-Their-Own-Hands.html.

402

California Legislative Information (дата обращения 5 ноября 2024), “SB-327 Information privacy: Connected devices,” https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=201720180SB327.

403

Elizabeth Zima (23 Feb 2018), “California wants to govern bots and police user privacy on social media,” Government Technology, http://www.govtech.com/social/California-Wants-to-Govern-bots-and-Police-User-Privacy-on-Social-Media.html.

404

Deborah Gage (15 Sep 2017), “Eight questions to ask before buying an internet-connected device,” The Wall Street Journal, https://www.wsj.com/articles/eight-questions-to-ask-before-buying-an-internet-connected-device-1505487931.

405

Electronic Frontier Foundation (21 Oct 2014, last updated 21 Sep 2015), “Surveillance self-defense,” https://ssd.eff.org. Motherboard Staff (15 Nov 2017), “The Motherboard guide to not getting hacked,” Vice Motherboard, https://motherboard.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide.

406

Rick Falkvinge (21 Jul 2017), “Worst known governmental leak ever is slowly coming to light: Agency moved nation’s secret data to ‘the cloud,’” Privacy News Online, https://www.privateInternetaccess.com/blog/2017/07/swedish-transport-agency-worst-known-governmental-leak-ever-is-slowly-coming-to-light.

407

Micah Lee (22 Jun 2016), “Battle of the secure messaging apps: How Signal beats WhatsApp,” The Intercept, https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp.

408

Joe Uchill (23 Jun 2017), “DOJ applies to take Microsoft data warrant case to Supreme Court,” The Hill, http://thehill.com/policy/cybersecurity/339281-doj-applies-to-take-microsoft-data-warrant-case-to-supreme-court.

409

Bruce Schneier (2015), Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, W. W. Norton, https://books.google.com/books/?id=MwF-BAAAQBAJ.

410

Ian Urbina (23 Mar 2007), “Court rejects law limiting online pornography,” The New York Times, www.nytimes.com/2007/03/23/us/23porn.html.

411

Electronic Frontier Foundation (1 Mar 2013), “Unintended consequences: Fifteen years under the DMCA,” https://www.eff.org/pages/unintended-consequences-fifteen-years-under-dmca.

412

Louis J. Freeh (9 Sep 1997), “The impact of encryption on public safety: Statement of the Director, Federal Bureau of Investigation, before the Permanent Select Committee on Intelligence, United States House of Representatives,” https://fas.org/irp/congress/1997_hr/h970909f.htm.

413

Valerie Caproni (17 Feb 2011), “Statement before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security,” Federal Bureau of Investigation, https://archives.fbi.gov/archives/news/testimony/going-dark-lawful-electronic-surveillance-in-the-face-of-new-technologies.

414

James B. Comey (8 Jul 2015), “Going dark: Encryption, technology, and the balances between public safety and privacy,” Federal Bureau of Investigation, https://www.fbi.gov/news/testimony/going-dark-encryption-technology-and-the-balances-between-public-safety-and-privacy.

415

Rod J. Rosenstein (4 Oct 2017), “Deputy Attorney General Rod J. Rosenstein delivers remarks at the Cambridge Cyber Summit,” US Department of Justice, https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-cambridge-cyber-summit.

416

Andi Wilson, Danielle Kehl, and Kevin Bankston (17 Jun 2015), “Doomed to repeat history? Lessons from the crypto wars of the 1990s,” New America Foundation, https://www.newamerica.org/oti/doomed-to-repeat-history-lessons-from-the-crypto-wars-of-the-1990s.

417

Federal Bureau of Investigation (3 Jun 1999), “Encryption: Impact on law enforcement,” https://web.archive.org/web/20000815210233/https://www.fbi.gov/library/encrypt/en60399.pdf.

418

Ellen Nakashima (16 Oct 2014), “FBI director: Tech companies should be required to make devices wiretap-friendly,” The Washington Post, https://www.washingtonpost.com/world/national-security/fbi-director-tech-companies-should-be-required-to-make-devices-wire-tap-friendly/2014/10/16/93244408-555c-11e4-892e-602188e70e9c_story.html.

419

Rod J. Rosenstein (10 Oct 2017), “Deputy Attorney General Rod J. Rosenstein delivers remarks on encryption at the United States Naval Academy,” US Department of Justice, https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-encryption-united-states-naval.

420

Bhairav Acharya et al. (28 Jun 2017), “Deciphering the European encryption debate: United Kingdom,” New America, https://www.newamerica.org/oti/policy-papers/deciphering-european-encryption-debate-united-kingdom.

421

Amar Tooer (24 Aug 2016), “France and Germany want Europe to crack down on encryption,” The Verge, https://www.theverge.com/2016/8/24/12621834/france-germany-encryption-terorrism-eu-telegram. Catherine Stupp (22 Nov 2016), “Five member states want EU-wide laws on encryption,” Euractiv, https://www.euractiv.com/section/social-europe-jobs/news/five-member-states-want-eu-wide-laws-on-encryption.

422

Samuel Gibbs (19 Jun 2017), “EU seeks to outlaw ‘backdoors’ in new data privacy proposals,” The Guardian, https://www.theguardian.com/technology/2017/jun/19/eu-outlaw-backdoors-new-data-privacy-proposals-uk-government-encrypted-communications-whatsapp.

423

Vinod Sreeharsha (19 Jul 2016), “WhatsApp is briefly shut down in Brazil for a third time,” The New York Times, https://www.nytimes.com/2016/07/20/technology/whatsapp-is-briefly-shut-down-in-brazil-for-a-third-time.html.

424

Mariella Moon (20 Dec 2016), “Egypt has blocked encrypted messaging app Signal,” Engadget, https://www.engadget.com/2016/12/20/egypt-blocks-signal.

425

Mallory Locklear (23 Oct 2017), “FBI tried and failed to unlock 7,000 encrypted devices,” Engadget, https://www.engadget.com/2017/10/23/fbi-failed-unlock-7-000-encrypted-devices.

426

Fred Upton et al. (20 Dec 2016), “Encryption working group year-end report,” House Judiciary Committee and House Energy and Commerce Committee Encryption Working Group, US House of Representatives, https://judiciary.house.gov/wp-content/uploads/2016/12/20161220EWGFINALReport.pdf.

427

Steve Cannane (9 Nov 2017), “Cracking down on encryption could ‘make it easier for hackers’ to penetrate private services,” ABC News Australia,http://www.abc.net.au/news/2017-11-10/former-mi5-chief-says-encryption-cut-could-lead-to-more-hacking/9136746.

428

Lily Hay Newman (21 Apr 2017), “Encrypted chat took over. Let’s encrypt calls, too,” Wired, https://www.wired.com/2017/04/encrypted-chat-took-now-encrypted-callings-turn.

429

British Broadcasting Corporation (12 Jan 2015), “David Cameron says new online data laws needed,” BBC News, http://www.bbc.com/news/uk-politics-30778424. Andrew Griffin (12 Jan 2015), “WhatsApp and Snapchat could be banned under new surveillance plans,” Independent, https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-plans-9973035.html.

430

Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar (11 Feb 2016), “A worldwide survey of encryption products,” Publication 2016-2, Berkman Center for Internet & Society, Harvard University, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2731160.

431

Cory Doctorow (4 Jun 2017), “Theresa May wants to ban crypto: Here’s what that would cost, and here’s why it won’t work anyway,” Boing Boing, https://boingboing.net/2017/06/04/theresa-may-king-canute.html.

432

Daniel Moore and Thomas Rid (Feb 2016), “Cryptopolitik and the Darknet,” Survival 58, no. 1, https://www.tandfonline.com/doi/abs/10.1080/00396338.2016.1142085.

433

Mike McConnell, Michael Chertoff, and William Lynn (28 Jul 2015), “Why the fear over ubiquitous data encryption is overblown,” The Washington Post, https://www.washingtonpost.com/opinions/the-need-for-ubiquitous-data-encryption/2015/07/28/3d145952-324e-11e5-8353-1215475949f4_story.html.

434

Charlie Savage (2 May 2017), “Reined-in NSA still collected 151 million phone records in ’16,” The New York Times, https://www.nytimes.com/2017/05/02/us/politics/nsa-phone-records.html.

435

Catherine Crump et al. (17 Jul 2013), “You are being tracked: How license plate readers are being used to record Americans’ movements,” American Civil Liberties Union, https://www.aclu.org/files/assets/071613-aclu-alprreport-opt-v05.pdf.

436

Jeanne Guillemin (1 Jul 2006), “Scientists and the history of biological weapons: A brief historical overview of the development of biological weapons in the twentieth century,” EMBO Reports 7, http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1490304.

437

Jim Harper (10 Nov 2009), “The search for answers in Fort Hood,” Cato at Liberty, http://www.cato.org/blog/search-answers-fort-hood. Jim Harper (11 Nov 2009), “Fort Hood: Reaction, response, and rejoinder,” Cato at Liberty,http://www.cato.org/blog/fort-hood-reaction-response-rejoinder.

438

Irving Lachow (22 Feb 2013), “Active cyber defense: A framework for policymakers,” Center for a New American Security, https://www.cnas.org/publications/reports/active-cyber-defense-a-framework-for-policymakers.

439

Patrick Lin (26 Sep 2016), “Ethics of hacking back: Six arguments from armed conflict to zombies,” California Polytechnic State University, Ethics + Emerging Sciences Group, http://ethics.calpoly.edu/hackingback.pdf.

440

Josephine Wolff (17 Oct 2017), “Attack of the hack back,” Slate, http://www.slate.com/articles/technology/future_tense/2017/10/hacking_back_the_worst_idea_in_cybersecurity_rises_again.html.

441

Josephine Wolff (14 Jul 2017), “When companies get hacked, should they be allowed to hack back?” The Atlantic, https://www.theatlantic.com/business/archive/2017/07/hacking-back-active-defense/533679.

442

Stewart A. Baker (8 May 2013), “The attribution revolution: Raising the costs for hackers and their customers: Statement of Stewart A. Baker, Partner, Steptoe & Johnson LLP, before the Judiciary Committee’s Subcommittee on Crime and Terrorism, United States Senate,” https://www.judiciary.senate.gov/imo/media/doc/5-8-13BakerTestimony.pdf. Stewart A. Baker (11 Sep 2013), “Testimony of Stewart A. Baker before the Committee on Homeland Security and Governmental Affairs, United States Senate: The Department of Homeland Security at 10 Years: Examining Challenges and Addressing Emerging Threats,” https://www.hsgac.senate.gov/hearings/the-department-of-homeland-security-at-10-years-examining-challenges-and-achievements-and-addressing-emerging-threats. Stewart A. Baker, Orin Kerr, and Eugene Volokh (2 Nov 2012), “The hackback debate,” Steptoe Cyberblog, https://www.steptoecyberblog.com/2012/11/02/the-hackback-debate. Stewart A. Baker (22 Jul 2016), “The case for limited hackback rights,” The Washington Post, https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/07/22/the-case-for-limited-hackback-rights.

443

Charles Finocchiaro (18 Mar 2013), “Personal factory or catalyst for piracy? The hype, hysteria, and hard realities of consumer 3-D printing,” Cardozo Arts and Entertainment Law Journal 31, http://www.cardozoaelj.com/issues/archive/2012-13. Matthew Adam Susson (Apr 2013), “Watch the world ‘burn’: Copyright, micropatent and the emergence of 3D printing,” Chapman University School of Law, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2253109.

444

Cory Doctorow (10 Jan 2012), “Lockdown: The coming war on general-purpose computing,” Boing Boing, http://boingboing.net/2012/01/10/lockdown.html. Cory Doctorow (23 Aug 2012), “The coming civil war over general purpose computing,” Boing Boing, http://boingboing.net/2012/08/23/civilwar.html.

445

Kristen Ann Woyach et al. (23–26 Sep 2008), “Crime and punishment for cognitive radios,” 2008 46th Annual Allerton Conference on Communication, Control, and Computing, http://ieeexplore.ieee.org/document/4797562.

446

Jean M. Twenge, W. Keith Campbell, and Nathan T. Carter (9 Sep 2014), “Declines in trust in others and confidence in institutions among American adults and late adolescents, 1972–2012,” Psychological Science 25, no. 10, http://journals.sagepub.com/doi/abs/10.1177/0956797614545133. Eric D. Gould and Alexander Hijzen (22 Aug 2016), “Growing apart, losing trust? The impact of inequality on social capital,” International Monetary Fund Working Paper No. 16/176, https://www.imf.org/en/Publications/WP/Issues/2016/12/31/Growing-Apart-Losing-Trust-The-Impact-of-Inequality-on-Social-Capital-44197. Laura D’Olimpio (25 Oct 2016), “Fear, trust, and the social contract: What’s lost in a society on permanent alert,” ABC News,http://www.abc.net.au/news/2016-10-26/fear-trust-social-contract-society-on-permanent-alert/7959304.

447

Kenneth Olmstead (27 Sep 2017), “Most Americans think the government could be monitoring their phone calls and emails,” Pew Research Center, http://www.pewresearch.org/fact-tank/2017/09/27/most-americans-think-the-government-could-be-monitoring-their-phone-calls-and-emails.

448

Thomas E. Donilon et al. (1 Dec 2016), “Report on securing and growing the digital economy,” Commission on Enhancing National Cybersecurity.

449

Tim Hwang and Adi Kamdar (9 Oct 2013), “The theory of peak advertising and the future of the web,” version 1, Working Paper, Nesson Center for Internet Geophysics, http://peakads.org/images/Peak_Ads.pdf.

450

Charles Perrow (1999), Normal Accidents: Living with High-Risk Technologies, Princeton University Press, https://www.amazon.com/Normal-Accidents-Living-High-Risk-Technologies/dp/0691004129. Charles Perrow (1 Sep 1999), “Organizing to reduce the vulnerabilities of complexity,” Journal of Contingencies and Crisis Management 7, no. 3, http://onlinelibrary.wiley.com/doi/10.1111/1468-5973.00108/full.

451

Aaron B. Wildavsky (1988), Searching for Safety, Transaction Publishers, https://books.google.com/books?id=rp6U8JsPlM0C.

452

Bruce Schneier (14 Nov 2001), “Resilient security and the Internet,” ICANN Community Meeting on Security and Stability of the Internet Naming and Address Allocation Systems, Los Angeles, California, http://cyber.law.harvard.edu/icann/mdr2001/archive/pres/schneier.html. Black Hat (дата обращения 5 ноября 2024), “Speakers,” Black Hat Briefings ’01, July 11–12 Las Vegas, https://www.blackhat.com/html/bh-usa-01/bh-usa-01-speakers.html.

453

Bruce Schneier (2006), Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Springer, https://books.google.com/books?id=btgLBwAAQBAJ&pg=PA120.

454

World Economic Forum (7 Jun 2012), “Risk and responsibility in a hyperconnected world: Pathways to global cyber resilience,” https://www.weforum.org/reports/risk-and-responsibility-hyperconnected-world-pathways-global-cyber-resilience.

455

Gregory Treverton et al. (5 Jan 2017), “Global trends: Paradox of progress,” NIC 2017-001, National Intelligence Council, https://www.dni.gov/files/documents/nic/GT-Full-Report.pdf.

456

Heather M. Roff (24 Feb 2016), “Cyber peace: Cybersecurity through the lens of positive peace,” New America Foundation, https://static.newamerica.org/attachments/12554-cyber-peace/FOR%20PRINTING-Cyber_Peace_Roff.2fbbb0b16b69482e8b6312937607ad66.pdf.

457

Dan Geer (6 Aug 2007), “Measuring security,” USENIX Security Symposium, http://geer.tinho.net/measuringsecurity.tutorial.pdf.

458

Economist Tim Harford recently pointed this out. Tim Harford (8 Jul 2017), “What we get wrong about technology,” FT Magazine, http://timharford.com/2017/08/what-we-get-wrong-about-technology.

459

Matt Ridley (12 Nov 2017), “Amara’s law,” Matt Ridley Online, http://www.rationaloptimist.com/blog/amaras-law.

460

Bruce Schneier (Mar/Apr 2018), “Artificial intelligence and the attack/defense balance,” IEEE Security & Privacy, https://www.schneier.com/essays/archives/2018/03/artificial_intellige.html.

461

Nicholas Bohm, Ian Brown, and Brian Gladman (31 Oct 2000), “Electronic commerce: Who carries the risk of fraud?” Journal of Information, Law & Technology 2000, no. 3, http://www.ernest.net/writing/FraudRiskAllocation.pdf.

462

James Titcomb (14 Jul 2017), “Malcolm Turnbull says laws of Australia trump laws of mathematics as tech giants told to hand over encrypted messages,” Telegraph, http://www.telegraph.co.uk/technology/2017/07/14/malcolm-turnbull-says-laws-australia-trump-laws-mathematics.

463

Latanya Sweeney (8 Jan 2001), “Computational disclosure control: A primer on data privacy protection,” http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/sweeney-thesis-draft.pdf.

464

Latanya Sweeney (2002), “k-Anonymity: A model for protecting privacy,” International Journal on Uncertainty, Fuzziness and Knowledge-Based Systems 10, no. 5, https://dataprivacylab.org/dataprivacy/projects/kanonymity/kanonymity.html.

465

Latanya Sweeney (Jan 2013), “Discrimination in online ad delivery,” Communications of the Association of Computing Machinery 56, no. 5, https://arxiv.org/abs/1301.6822.

466

Susan Landau (2017), Listening In: Cybersecurity in an Insecure Age, Yale University Press, https://books.google.com/books?id=QZ47DwAAQBAJ.

467

Susan Landau (1 Mar 2016), “Testimony for House Judiciary Committee hearing on ‘The encryption tightrope: Balancing Americans’ security and privacy,’” https://judiciary.house.gov/wp-content/uploads/2016/02/Landau-Written-Testimony.pdf.

468

Ariel Feldman, J. Alex Halderman, and Edward W. Felten (13 Sep 2006), “Security analysis of the Diebold AccuVote-TS voting machine,” 2007 USENIX/ACCURATE Electronic Voting Technology Workshop, https://citp.princeton.edu/research/voting.

469

American Civil Liberties Union (дата обращения 5 ноября 2024), “About the ACLU’s Project on Speech, Privacy, and Technology,” https://www.aclu.org/other/about-aclus-project-speech-privacy-and-technology.

470

Alan Davidson, Maria White, and Alex Fiorille (26 Feb 2018), “Building the future: Educating tomorrow’s leaders in an era of rapid technological change,” New America/Freedman Consulting.

471

Internet Policy Research Initiative (дата обращения 5 ноября 2024), Massachusetts Institute of Technology, https://internetpolicy.mit.edu.

472

Georgetown Law (дата обращения 5 ноября 2024), “Center on Privacy & Technology,” https://www.law.georgetown.edu/academics/centers-institutes/privacy-technology.

473

Freedman Consulting (3 Mar 2006), “Here to there: Lessons from public interest law,” неопубликованные заметки.

474

Robert L. Graham (1977), “Balancing the scales of justice: Financing public interest law in America,” Loyola University Chicago Law Journal 8, no. 3, http://lawecommons.luc.edu/luclj/vol8/iss3/10.

475

Pete Davis (26 Oct 2017), “Our bicentennial crisis: A call to action for Harvard Law School’s public interest mission,” Harvard Law Record, http://hlrecord.org/wp-content/uploads/2017/10/OurBicentennialCrisis.pdf.

Стр. notes из 59