We would like to explore practices in the policy and governance domain which have significant impact on security and privacy. We are interesting in practices which are related to organisational policies, jurisdictional context and governance of software development projects.
We've put together a short starter list of domains of practice for review and discussion which includes:
A number of projects such as Terms of Service Didn't Read and academic research from the Centro de Technologia e Sociedade focus on the impact of Terms of Services on end users. These projects have developed methodologies and collected data on how various online platforms bind their users to terms that impact their privacy and freedom of expression.
Areas that have been explored cover aspects such as :
The 2015 Ranking Digital Rights Corporate Accountability Index evaluates 16 of the world’s most powerful Internet and telecommunications companies on their public commitments and disclosed policies affecting users’ freedom of expression and privacy.
Organisations such as Citizen Lab and Access Now with the Transparency Reporting Index have been researching and disseminating information about how technology companies disclose threats to user privacy and free expression.
In addition to the above cross-cutting themes, Tactical Tech's Trackography and the WebXRay project have been collecting and presenting data about how websites track, collect and aggregate data with the purpose of creating individual and group profiles.
Despite the existence of the ACM's Software Engineering Code of Ethics, ethical aspects of software engineering that would apply to the IT industry are don't receive alot of interest. On the research side the Oxford Internet Insitute Networked Systems Ethics project aim to create cross-disciplinary conversation between gatekeepers of ethics standards and researchers about the ethical and social impact of technical Internet research projects.