Balancing Security and Privacy Off-Campus and On-

Download Report

Transcript Balancing Security and Privacy Off-Campus and On- 

Balancing Privacy and Security
in
the Age of Cyberterror
Steve Worona
EDUCAUSE
[email protected]
Wayne State University
October 7, 2008
1
The Internet Obeys
Only One Law
2
The Internet Obeys
Only One Law
The Law of
Unintended Consequences
3
Example 1: A Story from the
Dawn of (Internet) Time
It all started in 1995 with a simple question:
What’s the best resource for filtering out adult
material for K-12 students?
• Net Nanny
• Cybersitter
• Surfwatch
• Cyber Patrol
• Etc.…
4
Example 2: An Election-Year Poll
5
Example 2: An Election-Year Poll
Proposition 1:
Everyone should be able to find out
who our candidates are taking money from.
(Agree/Disagree?)
6
Example 2: An Election-Year Poll
Proposition 1:
Everyone should be able to find out
who our candidates are taking money from.
(Agree/Disagree?)
Proposition 2:
Everyone should be able to find out
what candidates you are giving money to.
(Agree/Disagree?)
7
www.fec.gov
8
www.fec.gov
• Candidate Search
• Search for contributions received by a specific
campaign using candidate’s name, state, or
party affiliation.
9
www.fec.gov
• Candidate Search
• Search for contributions received by a specific
campaign using candidate’s name, state, or
party affiliation.
• Individual Search
• Search for contributions made by individuals
using contributor name, city, state, zip code,
principal place of business, date, and amount.
10
Example 3:
Do you want Privacy
or Privacy?
11
Example 3:
Do you want Privacy
or Privacy?
Sorry, you can’t have both.
12
“You can’t have Privacy
without Security”
13
“You can’t have Privacy
without Security”
• Privacy: Ensuring that your personal information
doesn’t fall into the wrong hands
14
“You can’t have Privacy
without Security”
• Privacy: Ensuring that your personal information
doesn’t fall into the wrong hands
•
•
•
•
•
“VA Data Files on Millions of Veterans Stolen”
“Bank of America Loses A Million Customer Records”
“UCLA Warns 800,000 of Computer Break-In”
HIPAA, FERPA, etc.
State and federal data-spill notification mandates
15
“You can’t have Privacy
without Security”
• Privacy: Ensuring that your personal information
doesn’t fall into the wrong hands
•
•
•
•
•
“VA Data Files on Millions of Veterans Stolen”
“Bank of America Loses A Million Customer Records”
“UCLA Warns 800,000 of Computer Break-In”
HIPAA, FERPA, etc.
State and federal data-spill notification mandates
• Security: Limiting everyone’s activity to only the
things they have a right to see and do
• Who is trying to access data (“Authentication”)
• Whether they have the right (“Authorization”)
16
So Whenever Anyone Does
Anything Online,
We Want to Know…
17
So Whenever Anyone Does
Anything Online,
We Want to Know…
• Who they are
18
So Whenever Anyone Does
Anything Online,
We Want to Know…
• Who they are
• What they’re doing
19
So Whenever Anyone Does
Anything Online,
We Want to Know…
• Who they are
• What they’re doing
• Why they’re doing it
20
So Whenever Anyone Does
Anything Online,
We Want to Know…
•
•
•
•
Who they are
What they’re doing
Why they’re doing it
Etc.
21
Another Definition of Privacy
• Privacy: The ability to go about your daily
life without leaving a trail; the ability to
read, speak, attend meetings, etc.
anonymously
22
The Importance of Anonymity
“Anonymous pamphlets, leaflets, brochures
and even books have played an important
role in the progress of mankind. Persecuted
groups and sects from time to time
throughout history have been able to criticize
oppressive practices and laws either
anonymously or not at all.”
– Hugo Black, Talley v. California, 1960
23
Privacy1 vs Privacy2
• Privacy1: Ensuring that your personal
information doesn’t fall into the wrong
hands. (“Confidentiality”)
• Privacy2: The ability to go about your daily
life without leaving a trail; the ability to
read (speak, attend meetings, etc.)
anonymously. (“Anonymity”)
24
The Dilemma
25
The Dilemma
• We want to go through cyber-life without
leaving a trail
26
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored
27
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
28
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
• Spam
29
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
• Spam
• Phishing
30
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
• Spam
• Phishing
• Threats
31
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
• Spam
• Phishing
• Threats
• Poison-pen postings
32
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
• Spam
• Phishing
• Threats
• Poison-pen postings
• Baseless accusations
33
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored, in order to detect, punish,
prevent
• Spam
• Phishing
• Threats
• Poison-pen postings
• Baseless accusations
• Etc…
34
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored
Not Much Different Than
• We want everyone to know who the
candidates are getting money from
• But we don’t want anyone to know who we
are giving money to
35
The Dilemma
• We want to go through cyber-life without
leaving a trail
• But we want everyone who comes in contact
with our data (and with us) to be identified
and monitored
Not Much Different Than
• We want everyone to know who the
candidates are getting money from
• But we don’t want anyone to know who we
are giving money to
36
“Identified and Monitored”
•
•
•
•
•
“Government Plans Massive Data Sweep”
“Feds Get Wide Wiretap Authority”
“NSA Has Massive Database of Americans’ Phone Calls”
“Finance-Monitoring Program Amounts to Spying”
“Police Chief Wants Surveillance Cameras in Houston
Apartments”
• “Big Brother Is Listening”
• “New Surveillance Program Will Turn Military Satellites
on U.S.”
37
Airport Security Tomorrow
Airport security chiefs and efficiency geeks will be able to keep
close tabs on airport passengers by tagging them with a high powered
radio chip developed at the University of Central London. The
technology is to be trialled in Debrecen Airport in Hungary after being
in development for two-and-a-half years by University College London
as part of an EU-funded consortium called Optag.
Dr Paul Brennan, of UCL’s antennas and radar group, said his team
had developed a radio frequency identification tag far in advance of any
that had been used to now to label supermarket produce.
People will be told to wear radio tags round their necks when they
get to the airport. The tag would notify a computer system of their
identity and whereabouts. The system would then track their activities
in the airport using a network of high definition cameras.
– The Register (UK), Oct. 12, 2006
38
“Big Brother Is Listening”
(Daily Telegraph (UK) – May 2, 2007)
Hidden microphones that can eavesdrop on conversations in the
street are the next step in the march towards a “Big Brother”
society, MPs were warned yesterday.
Richard Thomas, the Information Commissioner, said a debate had
begun about whether listening devices should be set up alongside
Britain’s 4.5 million CCTV cameras.
In evidence to the Commons home affairs committee, Mr. Thomas
said he would be hostile to such an idea.
He was also alarmed by the prospect of tiny cameras, hidden in
lamp posts, replacing more obvious monitors.
He said it was arguable that surveillance in Britain - which is
greater than in any other democratic nation - may already have gone
too far.
39
“Big Brother Database
Will Ruin British Way of Life”
(London Daily Mail – July 16, 2008)
Plans for a massive database snooping on the entire population were
condemned yesterday as a step too far for the British way of life. In
an Orwellian move, the Home Office is proposing to detail every
phone call, e-mail, text message, internet search and online purchase
in the fight against terrorism and other serious crime.
Town halls are already using extraordinary surveillance powers under
the controversial Regulation of Investigatory Powers Act to
investigate minor issues such as littering. The Home Office defended
the need to keep its surveillance powers up to date with changing
internet technology. Officials said the internet was rapidly
revolutionizing communications and it was vital for surveillance
powers to keep up with technology in order to fight serious crime and
terrorism. […]
40
“Big Brother Database
Will Ruin British Way of Life”
(London Daily Mail – July 16, 2008)
Britain’s crime-fighting DNA database was the world’s first and is
now the world’s largest. Originally samples were taken from those
arrested but destroyed if they were not convicted. Today anyone who
is arrested has DNA taken without consent. It is added to the
database, and is virtually impossible to have it removed.
Police forces use hundreds of Automatic Number Plate Recognition
cameras across the UK, some at fixed sites and some in cars.
Computers are able to compare numbers with a national database of
cars which may be stolen, or whose owners are wanted for
questioning. Each check takes around four seconds. Since last year,
the Government has been developing a central database which also
records the details every time a car passes an ANPR camera,
anywhere in Britain.
41
Why Now?
42
Why Now?
• Because we can
• Technology now makes it possible to collect,
maintain, and process everything you do
• Moore’s Law is not being repealed
• Brain = 1TB = $250 retail
• Coming soon: Terabyte thumb-drives
•
•
•
•
•
Gordon Bell: MyLifeBits (10TB)
Library of Congress = 100TB
WORM drives
The Internet Archive
Ray Kurzweil: “The Singularity Is Near”
43
Why Now?
• Because we can
• And so our only limitations are those we choose
to impose on ourselves
44
Why Now?
• Because we can
• Because we (think we) must
• Why?
45
Why Now?
• Because we can
• Because we (think we) must
• Because it makes law enforcement easier
46
Why Now?
• Because we can
• Because we (think we) must
• Because it makes law enforcement easier
“The Home Office defended the need to keep its
surveillance powers up to date with changing internet
technology. Officials said the internet was rapidly
revolutionizing communications and it was vital for
surveillance powers to keep up with technology in
order to fight serious crime and terrorism.”
47
Law Enforcement and Data
• Specific, focused, temporary
• Tap, probe, monitor, investigate what’s needed
to deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
whenever something goes wrong, we can just
play back the tape
48
Law Enforcement and Data
• Specific, focused, temporary
• Tap, probe, monitor, investigate what’s needed
to deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
whenever something goes wrong, we can just
play back the tape
49
The Fourth Amendment
The right of the people to be secure in their
persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not
be violated, and no Warrants shall issue, but
upon probable cause, supported by Oath or
affirmation, and particularly describing the
place to be searched, and the persons or things
to be seized.
50
Law Enforcement and Data
• Specific, focused, temporary
• Tap, probe, monitor, investigate what’s needed
to deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
whenever something goes wrong, we can just
play back the tape
51
Some “just in case” examples
• Toll-gate license-plate photos
• No longer needed if the bell doesn’t ring
• But very helpful if you want to get a list of possible
suspects for yesterday’s crime
• Metro cards
• Paying for your trip
• Who was where when?
• ATM cameras
• If no robbery occurred, no need to retain
• But might have caught a glimpse of a kidnapper
52
Network Authentication
• For every bit originating on our campus
networks, we have the capability to know
who put it there, when, and from where.
53
Network Authentication
• For every bit originating on our campus
networks, we have the capability to know
who put it there, when, and from where.
• Will we do it?
54
Network Authentication
• For every bit originating on our campus
networks, we have the capability to know
who put it there, when, and from where.
• Will we do it?
• Why?
55
Network Authentication
• For every bit originating on our campus
networks, we have the capability to know
who put it there, when, and from where.
• Will we do it?
• Why?
• Who should be involved in the decision?
56
Déjà Vu?
• “Homeland Security Monitored Students”
• “…surveillance by the Pentagon … database [of] …
military protests and demonstrations at institutions of
higher education …”
57
Déjà Vu?
• “Homeland Security Monitored Students”
• “…surveillance by the Pentagon … database [of] …
military protests and demonstrations at institutions of
higher education …”
• “Although there does not appear to be any direct
terrorist nexus to the event, a large gathering,
especially on a college campus, may gain momentum
and create public safety concerns. I do not see an issue
of civil liberties being violated, rather proactive
precautionary measures being taken by DHS and
DoD.” – William H. Parrish, Assoc. Prof. of Homeland
Security, VCU
58
The Dilemma in Other Words…
“They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor
safety.”
– Benjamin Franklin (1755)
59
The Dilemma in Other Words…
“They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor
safety.”
– Benjamin Franklin (1755)
“While the Constitution protects against invasions
of individual rights, it is not a suicide pact.”
– Arthur Goldberg (1963)
60
“The Constitution Is Not
a Suicide Pact”
61
“The Constitution Is Not
a Suicide Pact”
62
Or…
“Give me Liberty or give me Death!”
– Patrick Henry
(Delegate, Virginia, 1775)
63
Or…
“Give me Liberty or give me Death!”
– Patrick Henry
(Delegate, Virginia, 1775)
“You have no civil liberties if you’re dead!”
– Patrick Roberts
(Senator, Kansas, 2006)
64
The Privacy/Security Rorschach
65
The Privacy/Security Rorschach
“Law enforcement is not supposed to be easy.
Where it is easy, it’s called a police state.”
– Jeff Schiller, in Wired (1999)
66
“The Eternal Value of Privacy”
(Bruce Schneier)
The most common retort against privacy advocates is this line: “If you aren’t doing anything
wrong, what do you have to hide?”
Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch
me.” “Because the government gets to define what’s wrong, and they keep changing the
definition.” “Because you might do something wrong with my information.”
My problem with quips like these – as right as they are – is that they accept the premise that
privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement
for maintaining the human condition with dignity and respect.
Cardinal Richelieu understood the value of surveillance when he famously said, “If one
would give me six lines written by the hand of the most honest man, I would find something in
them to have him hanged.” Watch someone long enough, and you’ll find something to arrest – or
just blackmail – with.
Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the
time of surveillance.
We do nothing wrong when we make love or go to the bathroom. We are not deliberately
hiding anything when we seek out private places for reflection or conversation. We keep private
journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them.
Privacy is a basic human need.
67
Privacy
Is a
Basic
Human
Need
68
End
69