Ökonomische Analyse der Modernisierungsanreize im deutschen Mietrecht

Die deutsche Wohnungswirtschaft unterliegt einer tiefgreifenden staatlichen Regulierung. Hiervon sind insbesondere Heizungsanlagen betroffen. Durch die vorgeschriebene Aufteilung in Kaltmiete und Nebenkosten stellt sich die Investition in eine neue, effiziente Heizungsanlage für den Vermieter als nicht mehr wirtschaftlich dar. Auch die vom Gesetzgeber eingeräumte Möglichkeit, einen Teil der Investitionskosten jährlich auf den Mieter umzulegen, vermag den Modernisierungsstau nicht zu überwinden, wie empirische Daten zeigen. Der Beitrag untersucht vor diesem Hintergrund die Wirkung der gesetzlichen Modernisierungsanreize aus betriebswirtschaftlicher und spieltheoretischer Sicht. Es kann gezeigt werden, dass der momentane Modernisierungsstau eine plausible Folge rationalen Handelns aller Marktakteure ist. Summary: German residential leases and their associated fringe costs such as heating are subject to strict regulations. Because of the mandatory rental cost allocation into basic rent and associated costs, investments in new and efficient heating systems turned out to be no longer economical for landlords. In order to still ensure a high efficiency level of heating systems, the legislator gives landlords the opportunity to pass on some of the investment costs annually to tenants. Nevertheless, as shown by empirical data, the backlog of modernization has not been over- come yet. Against this background, we analyse the impact of the current statutory incentives for modernization from an economic and game theoretic point of view. It can be shown that the existing backlog of modernization is a plausible consequence of rational behavior of all market actors. Key words: Tenancy law, Modernization incentives, Regulation, Housing industry, Energy efficiency, Free rider problem, Game theoryMietrecht, Modernisierungsanreize, Regulierung, Wohnungswirtschaft, Energieeffizienz, Free-Rider-Problem, Spieltheorie

A Multi-perspective Analysis of Carrier-Grade NAT Deployment

As ISPs face IPv4 address scarcity they increasingly turn to network address translation (NAT) to accommodate the address needs of their customers. Recently, ISPs have moved beyond employing NATs only directly at individual customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply address translation to many independent and disparate endpoints spanning physical locations, a phenomenon that so far has received little in the way of empirical assessment. In this work we present a broad and systematic study of the deployment and behavior of these middleboxes. We develop a methodology to detect the existence of hosts behind CGNs by extracting non-routable IP addresses from peer lists we obtain by crawling the BitTorrent DHT. We complement this approach with improvements to our Netalyzr troubleshooting service, enabling us to determine a range of indicators of CGN presence as well as detailed insights into key properties of CGNs. Combining the two data sources we illustrate the scope of CGN deployment on today's Internet, and report on characteristics of commonly deployed CGNs and their effect on end users

Erfolgskontrolle von Hartholzauenwald-Aufforstungen in der Kliekener Aue

Hartholz-Auenwälder (Querco-Ulmetum minoris und weitere Vegetationseinheiten des Ulmenion) sind charakteristische Vegetationsgesellschaften entlang der großen Flussauen und wichtige Retentionsräume. Bedingt durch den Wechsel von Überflutung und Trockenheit sowie eine hohe standörtliche Dynamik und Heterogenität sind Hartholz-Auenwälder die struktur- und artenreichsten Lebensräume in Mitteleuropa. In früheren Jahrhunderten wurden viele Auenwälder zu Gunsten von Siedlungen und landwirtschaftlichen Nutzflächen gerodet, was eine erhebliche Verringerung des Flächenanteils der Auenwälder zur Folge hatte. Die verbliebenen Hartholz-Auenwälder wurden im 19. Jahrhundert durch zahlreiche wasserbaulichen Maßnahmen beeinträchtigt. Angesichts der hohen naturschutzfachlichen Bedeutung regelmäßig überfluteter Hartholz-Auenwälder und ihres heute geringen Flächenanteiles ist deren Erhaltung, Entwicklung und Erweiterung ein wesentliches Ziel des Naturschutzes in Flusslandschaften. Ziel des von der Biosphärenreservatsverwaltung „Mittlere Elbe“ 2000/2001 durchgeführten EU-LIFE-Projektes „Renaturierung von Fluss, Altwasser und Auenwald an der Mittleren Elbe“ war u. a. die Entwicklung von ca. 60 ha Auenwald auf ehemals beweideten Alteichenbeständen und Grünland. Da bisher Erfolgskontrollen von Hartholz-Auenwaldanpflanzungen fast vollständig fehlen, erfolgte 2007 eine flächendeckende Erhebung des aktuellen Zustandes aller gepflanzten Gehölzbestände in der Kliekener Aue

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.Comment: ACM CCS 1

Lumen: Fine-Grained Visibility and Control of Mobile Traffic in User-Space

http://cps-vo.org/group/satc-pi-meeting-17/program-agendaYour mobile phone hosts a rich array of information about you and your behavior. This includes a wide range of unique identifiers and sensitive personal information that enables online tracking, often times for delivering targeted advertisement. It is, however, striking how little insight and control we, as mobile users have into the operation and performance of our devices, into how (or whether) they protect information we entrust to them, and who they share it with. Further, it is not just regular users that are in the dark; much of the operation of mobile devices remains mysterious even to experts. The ICSI Haystack project aims to overcome the limitations found on previous methodologies to better illuminate the mobile ecosystem at scale. At the core of the project is the Lumen app, available for free on Google Play. The app runs on the mobile phone itself and can comprehensively observe app, device and network activity. This will allow ICSI researchers to understand the operation, performance and personal information flow---including online third-party services collecting this information---at unprecedented scales with real user stimuli. Specifically, Lumen’s comprehensive vantage point facilitates four research thrusts: network performance analysis, mobile traffic characterization, analysis of the mobile tracking ecosystem, and mobile networking security assessment.FALSEpu

"Is Our Children's Apps Learning?" Automatically Detecting COPPA Violations

In recent years, a market of games and learning apps for children has flourished in the mobile world. Many of these often ``free'' mobile apps have access to a variety of sensitive personal information about the user, which app developers can monetize via advertising or other means. In the United States, the Children's Online Privacy Protection Act (COPPA) protects children's privacy, requiring parental consent to the use of personal information and prohibiting behavioral advertising and online tracking. In this work, we present our ongoing effort to develop a method to automatically evaluate mobile apps' COPPA compliance. Our method combines dynamic execution analysis (to track sensitive resource access at runtime) with traffic monitoring (to reveal private information leaving the device and recording with whom it gets shared, even if encrypted). We complement empirical technical observations with legal analysis of the apps' corresponding privacy policies. As a proof of concept, we scraped the Google Play store for apps distributed in categories specifically targeting users under than 13 years of age, which subjects these products to COPPA's regulations. We automated app execution on an instrumented version of the Android OS, recording the apps' access to and transmission of sensitive information. To contextualize third parties (e.g., advertising networks) with whom the apps share information, we leveraged a crowdsourced dataset collected by the Lumen Privacy Tool (formerly Haystack), an Android-based device-local traffic inspection platform. Our effort seeks to illuminate apps' compliance with COPPA and catalog the organizations that collect sensitive user information. In our preliminary results, we find several likely COPPA violations, including omission of prior consent and active sharing of persistent identifiers with third-party services for tracking and profiling of children. These results demonstrate our testbed's capability to detect different types of possible violations in the market for children's apps.TRUEpu

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

Third-party services form an integral part of the mobile ecosystem: they ease application development and enable features such as analytics, social network integration, and app monetization through ads. However, aided by the general opacity of mobile systems, such services are also largely invisible to users. This has negative consequences for user privacy as third-party services can potentially track users without their consent, even across multiple applications. Using real-world mobile traffic data gathered by the Lumen Privacy Monitor (Lumen), a privacy enhancing app with the ability to analyze network traffic on mobile devices in user space, we present insights into the mobile advertising and tracking ecosystem and its stakeholders. In this study, we develop automated methods to detect third-party advertising and tracking services at the traffic level. Using this technique we identify 2,121 such services, of which 233 were previously unknown to other popular advertising and tracking blacklists. We then uncover the business relationships between the providers of these services and characterize them by their prevalence in the mobile and Web ecosystem. Our analysis of the privacy policies of the largest advertising and tracking service providers shows that sharing harvested data with subsidiaries and third-party affiliates is the norm. Finally, we seek to identify the services likely to be most impacted by privacy regulations such as the European General Data Protection Regulation (GDPR) and ePrivacy directives.TRUEpu

Opportunities and Challenges of Ad-based Measurements from the Edge of the Network

For many years, the research community, practitioners, and regulators have used myriad methods and tools to understand the complex structure and behavior of ISPs from the edge of the network. Unfortunately, the nature of these techniques forces the researcher to find a balance between ISP-coverage, user scale, and accuracy. In this paper we present AdTag, a network measurement paradigm that leverages the opportunistic nature of online targeted advertising to measure the Internet from the edge of the network. We discuss and formalize AdTag's design space---including technical, ethical, deployability and economic factors---and its potential to analyze a wide spectrum of Internet connectivity aspects from the browser. We run several experiments to demonstrate that AdTag can be tailored towards geographic and device-based user groups, finding also several challenges to be faced in order to maximize the number of samples. In a 7-day campaign, AdTag could access more than 20K ISPs at a global scale (185 countries) using millions of edge nodes.TRUEpu