Search for: All records

This Article reviews the recent emergence of the space-cyber nexus as a distinct warfighting domain, solidified during the Russian invasion of Ukraine, and analyzes the (missing?) laws of space-cyber warfare. The Article further suggests a roadmap for the development of norms and rules under the constraints of contemporary geopolitics and difficulties in multilateral rulemaking. As space-based infrastructure became critical to modern militaries and economies, it has, as a result, become a prime target. While only four countries possess antisatellite missiles (United States, Russia, China, and India), cyberattacks require much less in terms of funds and technological sophistication and can also be launched by nonstate organizations. They are powerful asymmetric weapons that allow an attacker to cover their tracks, leaving the attacked country uncertain about attribution, thus rendering retaliation and deterrence challenging. The war in Ukraine, dubbed by some as “the first space-cyber war,” saw, for the first time, the targeting of space-based services as part of a military campaign. Significantly, this was achieved through cyberattacks—a telling choice given that Russia, to which the attack was attributed, also possesses antisatellite missiles. This Article suggests that current multilateral regimes are insufficient to address the new space-cyber nexus and that there is an urgent need to develop an integrated, flexible, multilateral regime. Considering the gridlock in traditional international lawmaking and the rise of nonbinding international agreements, the Article suggests a polycentric approach to regime building. Advocated by Nobel Laureate Elinor Ostrom for commons governance, polycentric governance is increasingly used to address a diverse range of global collective action challenges. The Article thus envisions multi-track diplomacy in which multiple forums introduce a series of nonbinding international agreements that together would amount to a feasible and flexible, albeit imperfect, corpus of the laws of space-cyber warfare. 

Silicon Valley, and the U.S. tech sector more broadly, have changed the world in part by embracing a “move fast and break things” mentality popularized by Mark Zuckerberg. While it is true that the tech sector has attempted to break with such a reactive and flippant response to security concerns, including at Microsoft itself through its Security Development Lifecycle, cyberattacks continue at an alarming rate. As a result, there are growing calls from regulators around the world to change the risk equation. An example is the 2023 U.S. National Cybersecurity Strategy, which argues that “[w]e must hold the stewards of our data accountable for the protection of personal data; drive the development of more secure connected devices; and reshape laws that govern liability for data losses and harm caused by cybersecurity errors, software vulnerabilities, and other risks created by software and digital technologies.” What exact form such liability should take is up for debate. The defect model of products liability law is one clear option, and courts across the United States have already been applying it using both strict liability and risk utility framings in a variety of cases. This Article delves into the debates by considering how other cyber powers around the world—including the European Union—are extending products liability law to cover software, and it examines the lessons these efforts hold for U.S. policymakers with case studies focusing on liability for AI- generated content and Internet-connected critical infrastructure. 

The global rise in mental disorders, particularly in workplaces, necessitated innovative and scalable solutions for delivering therapy. Large Language Model (LLM)-based mental health chatbots have rapidly emerged as a promising tool for overcoming the time, cost, and accessibility constraints often associated with traditional mental health therapy. However, LLM-based mental health chatbots are in their nascency, with significant opportunities to enhance their capabilities to operate within organizational contexts. To this end, this research seeks to examine the role and development of LLMs in mental health chatbots over the past half-decade. Through our review, we identified over 50 mental health-related chatbots, including 22 LLM-based models targeting general mental health, depression, anxiety, stress, and suicide ideation. These chatbots are primarily used for emotional support and guidance but often lack capabilities specifically designed for workplace mental health, where such issues are increasingly prevalent. The review covers their development, applications, evaluation, ethical concerns, integration with traditional services, LLM-as-a-Service, and various other business implications in organizational settings. We provide a research illustration of how LLM-based approaches could overcome the identified limitations and also offer a system that could help facilitate systematic evaluation of LLM-based mental health chatbots. We offer suggestions for future research tailored to workplace mental health needs. 

The increasing societal concern for consumer information privacy has led to the enforcement of privacy regulations worldwide. In an effort to adhere to privacy regulations such as the General Data Protection Regulation (GDPR), many companies’ privacy policies have become increasingly lengthy and complex. In this study, we adopted the computational design science paradigm to design a novel privacy policy evolution analytics framework to help identify how companies change and present their privacy policies based on privacy regulations. The framework includes a self-attentive annotation system (SAAS) that automatically annotates paragraph-length segments in privacy policies to help stakeholders identify data practices of interest for further investigation. We rigorously evaluated SAAS against state-of-the-art machine learning (ML) and deep learning (DL)-based methods on a well-established privacy policy dataset, OPP-115. SAAS outperformed conventional ML and DL models in terms of F1-score by statistically significant margins. We demonstrate the proposed framework’s practical utility with an in-depth case study of GDPR’s impact on Amazon’s privacy policies. The case study results indicate that Amazon’s post-GDPR privacy policy potentially violates a fundamental principle of GDPR by causing consumers to exert more effort to find information about first-party data collection. Given the increasing importance of consumer information privacy, the proposed framework has important implications for regulators and companies. We discuss several design principles followed by the SAAS that can help guide future design science-based e-commerce, health, and privacy research.