Balancing Security and Privacy in Times of Cyberterror

1
Balancing Security and Privacyin Times of
Cyberterror

• EDUCAUSE Mid-Atlantic Regional Conference
• January 18, 2007
• Steve Worona
• EDUCAUSE
• sworona_at_educause.edu

2
The Internet ObeysOnly One Law
3
The Internet ObeysOnly One Law

• The Law of
• Unintended Consequences

4
or
5
Be careful what you ask for
6
you might just get it
7
Example 1 A Story from the Dawn of (Internet)
Time

• It all started in 1995 with a simple question
• Whats the best resource for filtering out adult
  material for K-12 students?
• Net Nanny
• Cybersitter
• Surfwatch
• Cyber Patrol
• Etc.

8
Example 2A Poll on Campaign Finance
9
Example 2A Poll on Campaign Finance

• Proposition 1Who are our political candidates
  taking money from? This should be public
  information.(Agree/Disagree?)

10
Example 2A Poll on Campaign Finance

• Proposition 1Who are our political candidates
  taking money from? This should be public
  information.(Agree/Disagree?)
• Proposition 2What political candidates are you
  giving money to? This should be public
  information.(Agree/Disagree?)

11
www.fec.gov
12
Example 3Do you want Privacyor Privacy?
13
Example 3Do you want Privacyor Privacy?

• Sorry, you cant have both.

14
You cant have Privacywithout Security
15
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands

16
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands
• VA Data Files on Millions of Veterans Stolen
• Bank of America Loses A Million Customer
  Records
• UCLA Warns 800,000 of Computer Break-In

17
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands
• VA Data Files on Millions of Veterans Stolen
• Bank of America Loses A Million Customer
  Records
• UCLA Warns 800,000 of Computer Break-In
• HIPAA, FERPA, etc.
• State and federal data-spill notification mandates

18
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands
• VA Data Files on Millions of Veterans Stolen
• Bank of America Loses A Million Customer
  Records
• UCLA Warns 800,000 of Computer Break-In
• HIPAA, FERPA, etc.
• State and federal data-spill notification
  mandates
• Security Limiting everyones activity to only
  the things they have a right to see and do
• Who is trying to access data (Authentication)
• Whether they have the right (Authorization)

19
So Whenever Anyone Does Anything Online,We Want
to Know
20
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are

21
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are
• What theyre doing

22
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are
• What theyre doing
• Why theyre doing it

23
Authentication Mechanisms

• Accounts and passwords
• ATM cards and PINs
• Smart cards
• Challenge/response systems
• Digital certificates
• Key-fob tokens
• Biometrics
• Etc

24
When to Authenticate

• Each time a data element is accessed
• Each time a screen is presented
• Each time a transaction is initiated
• Once every minute/15 minutes/hour/day
• Single Sign-On

25
To Whom to Authenticate

• The program youre talking to
• The server youre talking to
• The network

26
The Trend

• Single sign-on
• With possible refresh for sensitive transactions
• Network sign-on
• Stronger authentication
• Guest authentication
• Wireless authentication
• Identity intermediaries
• Shibboleth

27
Another Definition of Privacy

• Privacy The ability to go about your daily life
  without leaving a trail the ability to read,
  speak, attend meetings, etc. anonymously

28
The Importance of Anonymity

• Anonymous pamphlets, leaflets, brochures and
  even books have played an important role in the
  progress of mankind. Persecuted groups and sects
  from time to time throughout history have been
  able to criticize oppressive practices and laws
  either anonymously or not at all. Hugo Black,
  Talley v. California, 1960

29
Privacy1 vs Privacy2

• Privacy1 Ensuring that your personal information
  doesnt fall into the wrong hands.
  (Confidentiality)
• Privacy2 The ability to go about your daily life
  without leaving a trail the ability to read
  (speak, attend meetings, etc.) anonymously.
  (Anonymity)

30
The Dilemma
31
The Dilemma

• We want to go through cyber-life without leaving
  a trail

32
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored

33
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored
• Spam
• Phishing
• Threats
• Poison-pen postings
• Baseless accusations
• Etc

34
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored

Not Much Different Than

• We want everyone to know who the candidates are
  getting money from
• But we dont want anyone to know who we are
  giving money to

35
Privacy Can Be TrickyConsider Chat Rooms

• In general you have no legal expectation of
  privacy in a chat room because you dont know
  who else is listening
• Youre essentially speaking in public
• You have no reason to believe a police officer
  (on- or off-duty) isnt present
• US vs Charbonneau

36
Privacy Can Be TrickyConsider Chat Rooms

• In general you have no legal expectation of
  privacy in a chat room because you dont know
  who else is listening
• Youre essentially speaking in public
• You have no reason to believe a police officer
  (on- or off-duty) isnt present
• US vs Charbonneau
• What are the limitations on government
  surveillance of chat rooms?

37
Privacy Can Be TrickyConsider Chat Rooms

• In general you have no legal expectation of
  privacy in a chat room because you dont know
  who else is listening
• Youre essentially speaking in public
• You have no reason to believe a police officer
  (on- or off-duty) isnt present
• US vs Charbonneau
• What are the limitations on government
  surveillance of chat rooms?
• Child molestors

38
Privacy Can Be TrickyConsider Chat Rooms

• In general you have no legal expectation of
  privacy in a chat room because you dont know
  who else is listening
• Youre essentially speaking in public
• You have no reason to believe a police officer
  (on- or off-duty) isnt present
• US vs Charbonneau
• What are the limitations on government
  surveillance of chat rooms?
• Child molestors
• Dissident political groups

39
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored

Not Much Different Than

• We want everyone to know who the candidates are
  getting money from
• But we dont want anyone to know who we are
  giving money to

40
Identified and Monitored

• Government Plans Massive Data Sweep
• Feds Get Wide Wiretap Authority
• NSA Has Massive Database of Americans Phone
  Calls
• Finance-Monitoring Program Amounts to Spying
• Police Chief Wants Surveillance Cameras in
  Houston Apartments
• Future Fuzzy for Government Use of Public
  Surveillance Cameras

41
Why Now?
42
Why Now?

• Because we can

43
Why Now?

• Because we can
• Technology now makes it possible to collect,
  maintain, and process everything you do
• Moores Law is not being repealed
• Brain 1TB 500 retail
• Gordon Bell MyLifeBits (10TB)
• Library of Congress 100TB
• WORM drives
• The Internet Archive
• Ray Kurzweil The Singularity Is Near

44
Why Now?

• Because we can
• And so our only limitations are those we choose
  to impose on ourselves

45
Why Now?

• Because we can
• Because we (think we) must

46
Why Now?

• Because we can
• Because we (think we) must
• Why?

47
Why Now?

• Because we can
• Because we (think we) must
• Because it makes law enforcement easier

48
Law Enforcement and Data

• Specific, focused, temporary
• Tap, probe, monitor, investigate whats needed to
  deal with a particular crime or threat

49
The Fourth Amendment

• The right of the people to be secure in their
  persons, houses, papers, and effects, against
  unreasonable searches and seizures, shall not be
  violated, and no Warrants shall issue, but upon
  probable cause, supported by Oath or affirmation,
  and particularly describing the place to be
  searched, and the persons or things to be seized.

50
Law Enforcement and Data

• Specific, focused, temporary
• Tap, probe, monitor, investigate whats needed to
  deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
  whenever something goes wrong, we can just play
  back the tape

51
Some simple examples

• Toll-gate license-plate photos
• No longer needed if the bell doesnt ring
• But very helpful if you want to get a list of
  possible suspects for yesterdays crime
• Metro cards
• Paying for your trip
• Who was where when?
• ATM cameras
• If no robbery occurred, no need to retain
• But might have caught a glimpse of a kidnapper

52
Déjà Vu?

• Homeland Security Monitored Students
• surveillance by the Pentagon database of
  military protests and demonstrations at
  institutions of higher education
• Although there does not appear to be any direct
  terrorist nexus to the event, a large gathering,
  especially on a college campus, may gain momentum
  and create public safety concerns. I do not see
  an issue of civil liberties being violated,
  rather proactive precautionary measures being
  taken by DHS and DoD. William H. Parrish,
  Assoc. Prof. of Homeland Security, VCU

53
Airport Security Tomorrow

• Airport security chiefs and efficiency geeks will
  be able to keep close tabs on airport passengers
  by tagging them with a high powered radio chip
  developed at the University of Central London.
  The technology is to be trialled in Debrecen
  Airport in Hungary after being in development for
  two-and-a-half years by University College London
  as part of an EU-funded consortium called Optag.
• Dr Paul Brennan, of UCLs antennas and radar
  group, said his team had developed a radio
  frequency identification tag far in advance of
  any that had been used to now to label
  supermarket produce.
• People will be told to wear radio tags round
  their necks when they get to the airport. The tag
  would notify a computer system of their identity
  and whereabouts. The system would then track
  their activities in the airport using a network
  of high definition cameras.
• The Register (UK), Oct. 12, 2006

54
Network Authentication Today

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.

55
Network Authentication Today

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.
• Will we do it?

56
Network Authentication Today

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.
• Will we do it?
• Why?

57
Network Authentication Today

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.
• Will we do it?
• Why?
• Who should be involved in the decision?

58
The Dilemma in Other Words

• They that can give up essential liberty to
  obtain a little temporary safety deserve neither
  liberty nor safety. Benjamin Franklin (1755)

59
The Dilemma in Other Words

• They that can give up essential liberty to
  obtain a little temporary safety deserve neither
  liberty nor safety. Benjamin Franklin (1755)
• While the Constitution protects against
  invasions of individual rights, it is not a
  suicide pact. Arthur Goldberg (1963)

60
The Constitution Is Nota Suicide Pact
61
The Constitution Is Nota Suicide Pact
62
Or

• Give me Liberty or give me Death!
• Patrick Henry
• (Delegate, Virginia, 1775)

63
Or

• Give me Liberty or give me Death!
• Patrick Henry
• (Delegate, Virginia, 1775)
• You have no civil liberties if youre dead!
• Patrick Roberts
• (Senator, Kansas, 2006)

64
The Eternal Value of Privacy(Bruce Schneier)

• The most common retort against privacy advocates
  is this line If you arent doing anything
  wrong, what do you have to hide?
• Some clever answers If Im not doing anything
  wrong, then you have no cause to watch me.
  Because the government gets to define whats
  wrong, and they keep changing the definition.
  Because you might do something wrong with my
  information.
• My problem with quips like these as right as
  they are is that they accept the premise that
  privacy is about hiding a wrong. Its not.
  Privacy is an inherent human right, and a
  requirement for maintaining the human condition
  with dignity and respect.
• Cardinal Richelieu understood the value of
  surveillance when he famously said, If one would
  give me six lines written by the hand of the most
  honest man, I would find something in them to
  have him hanged. Watch someone long enough, and
  youll find something to arrest or just
  blackmail with.
• Privacy protects us from abuses by those in
  power, even if were doing nothing wrong at the
  time of surveillance.
• We do nothing wrong when we make love or go to
  the bathroom. We are not deliberately hiding
  anything when we seek out private places for
  reflection or conversation. We keep private
  journals, sing in the privacy of the shower, and
  write letters to secret lovers and then burn
  them. Privacy is a basic human need.

65
The Privacy/Security Rorschach
66
The Privacy/Security Rorschach

• Law enforcement is not supposed to be easy.
  Where it is easy, its called a police state.
  Jeff Schiller, in Wired (1999)

67
End