→ Sociotechnical Security, Vulnerabilities, and Cybersecurity Policy
Related to my work on privacy and data protection, I am fascinated by the notion of sociotechnical security and vulnerabilities in the context of computing. If technology is an extension of our social interactions, what does it mean for a community to be secure?
The phrase ‘sociotechnical security’ is not my own; I personally heard it first through discussions with a friend, Matt Goerzen — who’s written a fabulous co-authored piece on the topic, which explores vulnerabilities and security in the context of social media platforms and the communities most often in need of protection.
Another core aspect of my work on cybersecurity explores how the law can be improved to better protect computer hackers who work to protect our privacy. I’ve been working at these intersections and on the topic of cybersecurity since 2015, when I also began working on privacy and data protection after working for Prof. Gabriella Coleman.
Writing
- Ryan Ellis & Yuan Stevens. Bounty Everything: Hackers and the Making of the Global Bug Marketplace, Data & Society Research Institute, 2022
- Yuan Stevens, Stephanie Tran & Ryan Atkinson. See Something, Say Something? Coordinating the Disclosure of Vulnerabilities in Canada’s Infrastructure, IEEE International Symposium on Technology and Society (ISTAS), 2021
- Yuan Stevens. Survivability and Resilience: A View into Windows of Vulnerabilities, Terms: Vulnerability series by the Leonard & Bina Ellen Gallery, Concordia University, 2021
- Yuan Stevens. Canada’s Data Protection and Security Laws are Falling Behind, The Toronto Star, 2020
-
Ryan Ellis, Katie Moussouris & Yuan Stevens. Comment on Binding Operational Directive 20-01, 2020
Submitted to US Cybersecurity and Infrastructure Security Agency (CISA), United States Department of Homeland Security
- Kate Stapleton & Yuan Stevens. AI Powered Malware: The New Frontier for Cybersecurity, Medium, 2019
- Yuan Stevens. Don’t Hate the Player, Hate the Game, HackCurio: Decoding the Cultures of Hacking, 2019
- Sergey Bratus, Gabriella Coleman, Tor Ekeland, Mark Jaffe, Frederic Jennings, Marina Medvin, Nathan Reitinger & Yuan Stevens, Brief Amicus Curiae in Support of Petitioner, Nosal v. United States (16-1344), 2017
Submitted to the Supreme Court of the United States
Speaking
- Ryan Ellis & Yuan Stevens. Bounty Everything: Hackers and the Making of the Global Bug Marketplace, Cybersecurity Expertise: Practice, Performance, Power, Cornell University, 2022
- Camille François, Josh Kenway, Ryan Ellis, & Yuan Stevens. Debugging Bug Bounties in Cyberspace: From Vulnerability Discovery to Algorithmic Harms Redress, Columbia School of International and Public Affairs, Columbia University, 2022
- Yuan Stevens, Stephanie Tran & Ryan Atkinson. Coordinating the Disclosure of Vulnerabilities in Canada’s Infrastructure, IEEE Technological Stewardship & Responsible Innovation International Symposium (ISTAS 2021), 2021
- MC Forelle, Sarah Myers West, Britt Paris & Yuan Stevens. Choosing to Refuse, Repair or Render Asunder in Technological Practice, Society for Social Studies of Science (4S), 2021
Presentation: Hacker, Pieceworker, Labor Organizer? Commodification and Resistance in the Bug Bounty Industry
- Alan McCafferty, Po Tea-Duncan & Yuan Stevens. Maintaining Open and Safe Cyber Security Design for All, Canada School of Public Service, 2021
- Ryan Ellis & Yuan Stevens. A Valuable Flaw: Bug Bounty Programs, Software Maintenance, and Infrastructure Labor, Maintainers III: Policy, Practice, and Care, 2019
- Ryan Ellis, Yuan Stevens & Matt Goerzen. Systems We Should Trust? The Cultural Logics of Finding Flaws, International Communication Association (ICA), 2019
- Yuan Stevens & Ryan Ellis. Theft, War or Mere Mischief? Anti-Hacking Laws in the U.S. and Canada, Association of Internet Researchers (AoIR), 2018
- Yuan Stevens & Ryan Ellis. The Birth of Anti-Hacking Laws in the U.S. and Canada, Digital HKS, Harvard University, 2018
- Ryan Ellis & Yuan Stevens. ‘No More Free Bugs’: The History, Organization, and Implications of the Market for Software Vulnerabilities, Data & Society Research Institute, 2018
In The News
- Data Privacy as a Human Right Must Be Recognized by Privacy and AI Bill, Say Advocates – The Hill Times, May 2024
- Unpacking Cyberattacks on Healthcare Institutions: Gaps & Possibilities in Canadian Legal Frameworks – McGill Journal of Law and Health Podcast (Podcast), Jan. 2022
- T-Mobile Says Hack Exposed Personal Data of 40 Million People – The New York Times, Aug. 2021
- Canada Lags in Coordinated Disclosure of Cybersecurity Risks – The Logic, June 2021
Workshops and Roundtables
- Building a Safe and Respectful Digital World, The Governor General’s Office, Government of Canada, 2024
- Journalists and Online Hate: What Can or Should Be Done, Canadian Association of Journalists and School of Journalism and Communication, Carleton University, 2021
- Yuan Stevens & Doron Lurie. See Something, Say Something: Whistleblowing, Society, and the Law, McGill Law Journal Podcast, 2016