Workshop on Governance of Technology, Information, and Policies (GTIP) Addressing the Challenges of Worldwide Interconnectivity December 6, 2011 The online CFP is at: http://www.acsac.org/2011/workshops/gtip/ A PDF version is at: http://nob.cs.ucdavis.edu/~bishop/announce/GTIP2011.pdf http://www.acsac.org/2011/workshop/ In many nations, governments and businesses rely on information technology and the Internet for mission-critical functionality. A vast number of people also rely on computers and the Internet to conduct business and to establish and maintain personal and professional relationships. The worldwide adoption of these new technologies, however, has stressed the minimalist governance systems that were established when information technology and the Internet were used much more sparingly. These developments have produced unprecedented legal, policy, and technological issues. For example, when cloud computing crosses national borders, which jurisdiction's privacy laws apply to data management and access? What types of disclosures should be required for customer/participant protection, and what regulatory structures are best suited for governing this rapidly moving data? For the Internet as a whole, what governance or regulatory structures,standards, and protocols are needed, and how do we ensure that regulatory decisions are based on sound scientific and technological information? Despite laudable national, international and formal United Nations efforts, the "governance gap" is becoming more exacerbated as the use of collaborative technologies, virtual worlds, and cloud computing expands. This workshop is dedicated to exploring the governance issues that arise in this world-wide explosion of technology. It focuses on governance designed to achieve objectives of security, privacy, reliability, resiliency, and accountability, both technically and by governmental or quasi-governmental regulatory structures. A broad range of original position and research papers are within the workshop's scope. These may address the policies, processes and technologies that may prove useful in dealing with these problems generated by world interconnectivity; the security, technological, societal, and legal issues that arise from computing and data management in a world of fragmented and incompatible rules; and the foreseeable problems for technological and business development, for human values, and for governments or international relations due to inadequate governance structures and regulatory policies for the networked world. The workshop will embrace the topics that follow as well as other questions generated by multi-jurisdiction computation, data management, and networking. * Governance and technologies designed to: - Reduce cyber-crime, cyberattack, malicious computing and otherwise enhance security; - Protect Internet access during natural disasters, and major social and political crises; - Promote privacy and limit governmental surveillance; and, - Provide mechanisms for monitoring compliance with governance. * Governance and mechanisms for achieving governance of: - Cloud computing; - Electronic personal health records and other mission-critical or human safety-critical database systems; and - Networking. * Frameworks for Internet and data governance, particularly at the international level for determining Internet standards and protocols. * Compliance issues for multinational entities (networks, corporations). * Emerging areas of transnational conflict and co-operation. * Anonymity (including the need or lack of need). * Attribution and identity management. * Incident response and handling, and forensics. * Issues related to those above. We particularly welcome papers that raise new concepts, describe emerging issues, and highlight work in progress that contributes to a better understanding of critical issues or their resolution. In addition to academic submissions, we encourage papers from non-academic groups, nonprofits, and institutions involved with these issues. Final papers must be 8 pages long at most. Please use any of the templates at http://www.acm.org/sigs/publications/proceedings-templates to prepare your submission, as accepted papers will be posted to the ACM Digital Library. Papers previously published elsewhere will not be accepted. Papers published at GTIP may, under certain circumstances, be resubmitted elsewhere; see the details at: https://www.acsac.org/2011/workshops/gtip/ To submit a paper or an abstract, go to: http://www.acsac.org/2011/workshops/gtip/openconf/ This workshop is co-located with the 2011 Annual Computer Security Applications Conference (ACSAC 2011). See http://www.acsac.org/ for more information. Important dates: Abstract of proposed paper August 15, 2011 (preferred but optional) Full paper due September 7, 2011 Notification of acceptance October 10, 2011 Camera-ready artwork due November 1, 2011 Workshop date December 6, 2011 Program Committee (in formation; acceptances include): Candice Hoke, C|M| Law, Cleveland State University, 2011 Chair Michael Aisenberg, The MITRE Corporation Matt Bishop, University of California, Davis Lizzie Coles-Kemp, University of London Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada Mary Ann Davidson, Oracle David Farber, Carnegie Mellon University Carrie Gates, CA Labs, CA Technologies Sharona Hoffman, Case Western Reserve University Jeffrey Hunker, JH Associates Peter Matthews, CA Labs, CA Technologies Peter Neumann, SRI International Andy Podgurski, Case Western Reserve University Harvey Rubinovitz, The MITRE Corporation Organizing Committee: Matt Bishop, University of California, Davis Carrie Gates, CA Labs, CA Technologies Candice Hoke, C|M| Law, Cleveland State University Peter Matthews, CA Labs, CA Technologies Harvey Rubinovitz, The MITRE Corporation