Balancing Privacy and Security in the Age of Cyberterror

1
Balancing Privacy and Securityinthe Age of
Cyberterror

• Steve Worona
• EDUCAUSE
• sworona_at_educause.edu
• Wayne State University
• October 7, 2008

2
The Internet ObeysOnly One Law
3
The Internet ObeysOnly One Law

• The Law of
• Unintended Consequences

4
Example 1 A Story from the Dawn of (Internet)
Time

• It all started in 1995 with a simple question
• Whats the best resource for filtering out adult
  material for K-12 students?
• Net Nanny
• Cybersitter
• Surfwatch
• Cyber Patrol
• Etc.

5
Example 2 An Election-Year Poll
6
Example 2 An Election-Year Poll

• Proposition 1Everyone should be able to find
  outwho our candidates are taking money
  from.(Agree/Disagree?)

7
Example 2 An Election-Year Poll

• Proposition 1Everyone should be able to find
  outwho our candidates are taking money
  from.(Agree/Disagree?)
• Proposition 2Everyone should be able to find
  outwhat candidates you are giving money
  to.(Agree/Disagree?)

8
www.fec.gov
9
www.fec.gov

• Candidate Search
• Search for contributions received by a specific
  campaign using candidates name, state, or party
  affiliation.

10
www.fec.gov

• Candidate Search
• Search for contributions received by a specific
  campaign using candidates name, state, or party
  affiliation.
• Individual Search
• Search for contributions made by individuals
  using contributor name, city, state, zip code,
  principal place of business, date, and amount.

11
Example 3Do you want Privacyor Privacy?
12
Example 3Do you want Privacyor Privacy?

• Sorry, you cant have both.

13
You cant have Privacywithout Security
14
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands

15
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands
• VA Data Files on Millions of Veterans Stolen
• Bank of America Loses A Million Customer
  Records
• UCLA Warns 800,000 of Computer Break-In
• HIPAA, FERPA, etc.
• State and federal data-spill notification mandates

16
You cant have Privacywithout Security

• Privacy Ensuring that your personal information
  doesnt fall into the wrong hands
• VA Data Files on Millions of Veterans Stolen
• Bank of America Loses A Million Customer
  Records
• UCLA Warns 800,000 of Computer Break-In
• HIPAA, FERPA, etc.
• State and federal data-spill notification
  mandates
• Security Limiting everyones activity to only
  the things they have a right to see and do
• Who is trying to access data (Authentication)
• Whether they have the right (Authorization)

17
So Whenever Anyone Does Anything Online,We Want
to Know
18
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are

19
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are
• What theyre doing

20
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are
• What theyre doing
• Why theyre doing it

21
So Whenever Anyone Does Anything Online,We Want
to Know

• Who they are
• What theyre doing
• Why theyre doing it
• Etc.

22
Another Definition of Privacy

• Privacy The ability to go about your daily life
  without leaving a trail the ability to read,
  speak, attend meetings, etc. anonymously

23
The Importance of Anonymity

• Anonymous pamphlets, leaflets, brochures and
  even books have played an important role in the
  progress of mankind. Persecuted groups and sects
  from time to time throughout history have been
  able to criticize oppressive practices and laws
  either anonymously or not at all. Hugo Black,
  Talley v. California, 1960

24
Privacy1 vs Privacy2

• Privacy1 Ensuring that your personal information
  doesnt fall into the wrong hands.
  (Confidentiality)
• Privacy2 The ability to go about your daily life
  without leaving a trail the ability to read
  (speak, attend meetings, etc.) anonymously.
  (Anonymity)

25
The Dilemma
26
The Dilemma

• We want to go through cyber-life without leaving
  a trail

27
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored

28
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent

29
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent
• Spam

30
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent
• Spam
• Phishing

31
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent
• Spam
• Phishing
• Threats

32
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent
• Spam
• Phishing
• Threats
• Poison-pen postings

33
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent
• Spam
• Phishing
• Threats
• Poison-pen postings
• Baseless accusations

34
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored, in order to detect, punish, prevent
• Spam
• Phishing
• Threats
• Poison-pen postings
• Baseless accusations
• Etc

35
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored

Not Much Different Than

• We want everyone to know who the candidates are
  getting money from
• But we dont want anyone to know who we are
  giving money to

36
The Dilemma

• We want to go through cyber-life without leaving
  a trail
• But we want everyone who comes in contact with
  our data (and with us) to be identified and
  monitored

Not Much Different Than

• We want everyone to know who the candidates are
  getting money from
• But we dont want anyone to know who we are
  giving money to

37
Identified and Monitored

• Government Plans Massive Data Sweep
• Feds Get Wide Wiretap Authority
• NSA Has Massive Database of Americans Phone
  Calls
• Finance-Monitoring Program Amounts to Spying
• Police Chief Wants Surveillance Cameras in
  Houston Apartments
• Big Brother Is Listening
• New Surveillance Program Will Turn Military
  Satellites on U.S.

38
Airport Security Tomorrow

• Airport security chiefs and efficiency geeks will
  be able to keep close tabs on airport passengers
  by tagging them with a high powered radio chip
  developed at the University of Central London.
  The technology is to be trialled in Debrecen
  Airport in Hungary after being in development for
  two-and-a-half years by University College London
  as part of an EU-funded consortium called Optag.
• Dr Paul Brennan, of UCLs antennas and radar
  group, said his team had developed a radio
  frequency identification tag far in advance of
  any that had been used to now to label
  supermarket produce.
• People will be told to wear radio tags round
  their necks when they get to the airport. The tag
  would notify a computer system of their identity
  and whereabouts. The system would then track
  their activities in the airport using a network
  of high definition cameras.
• The Register (UK), Oct. 12, 2006

39
Big Brother Is Listening(Daily Telegraph (UK)
May 2, 2007)

• Hidden microphones that can eavesdrop on
  conversations in the street are the next step in
  the march towards a Big Brother society, MPs
  were warned yesterday.
• Richard Thomas, the Information Commissioner,
  said a debate had begun about whether listening
  devices should be set up alongside Britains 4.5
  million CCTV cameras.
• In evidence to the Commons home affairs
  committee, Mr. Thomas said he would be hostile to
  such an idea.
• He was also alarmed by the prospect of tiny
  cameras, hidden in lamp posts, replacing more
  obvious monitors.
• He said it was arguable that surveillance in
  Britain - which is greater than in any other
  democratic nation - may already have gone too far.

40
Big Brother DatabaseWill Ruin British Way of
Life(London Daily Mail July 16, 2008)

• Plans for a massive database snooping on the
  entire population were condemned yesterday as a
  step too far for the British way of life. In an
  Orwellian move, the Home Office is proposing to
  detail every phone call, e-mail, text message,
  internet search and online purchase in the fight
  against terrorism and other serious crime.
• Town halls are already using extraordinary
  surveillance powers under the controversial
  Regulation of Investigatory Powers Act to
  investigate minor issues such as littering. The
  Home Office defended the need to keep its
  surveillance powers up to date with changing
  internet technology. Officials said the internet
  was rapidly revolutionizing communications and it
  was vital for surveillance powers to keep up with
  technology in order to fight serious crime and
  terrorism.

41
Big Brother DatabaseWill Ruin British Way of
Life(London Daily Mail July 16, 2008)

• Britains crime-fighting DNA database was the
  worlds first and is now the worlds largest.
  Originally samples were taken from those arrested
  but destroyed if they were not convicted. Today
  anyone who is arrested has DNA taken without
  consent. It is added to the database, and is
  virtually impossible to have it removed.
• Police forces use hundreds of Automatic Number
  Plate Recognition cameras across the UK, some at
  fixed sites and some in cars. Computers are able
  to compare numbers with a national database of
  cars which may be stolen, or whose owners are
  wanted for questioning. Each check takes around
  four seconds. Since last year, the Government has
  been developing a central database which also
  records the details every time a car passes an
  ANPR camera, anywhere in Britain.

42
Why Now?
43
Why Now?

• Because we can
• Technology now makes it possible to collect,
  maintain, and process everything you do
• Moores Law is not being repealed
• Brain 1TB 250 retail
• Coming soon Terabyte thumb-drives
• Gordon Bell MyLifeBits (10TB)
• Library of Congress 100TB
• WORM drives
• The Internet Archive
• Ray Kurzweil The Singularity Is Near

44
Why Now?

• Because we can
• And so our only limitations are those we choose
  to impose on ourselves

45
Why Now?

• Because we can
• Because we (think we) must
• Why?

46
Why Now?

• Because we can
• Because we (think we) must
• Because it makes law enforcement easier

47
Why Now?

• Because we can
• Because we (think we) must
• Because it makes law enforcement easier

The Home Office defended the need to keep its
surveillance powers up to date with changing
internet technology. Officials said the internet
was rapidly revolutionizing communications and it
was vital for surveillance powers to keep up with
technology in order to fight serious crime and
terrorism.
48
Law Enforcement and Data

• Specific, focused, temporary
• Tap, probe, monitor, investigate whats needed to
  deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
  whenever something goes wrong, we can just play
  back the tape

49
Law Enforcement and Data

• Specific, focused, temporary
• Tap, probe, monitor, investigate whats needed to
  deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
  whenever something goes wrong, we can just play
  back the tape

50
The Fourth Amendment

• The right of the people to be secure in their
  persons, houses, papers, and effects, against
  unreasonable searches and seizures, shall not be
  violated, and no Warrants shall issue, but upon
  probable cause, supported by Oath or affirmation,
  and particularly describing the place to be
  searched, and the persons or things to be seized.

51
Law Enforcement and Data

• Specific, focused, temporary
• Tap, probe, monitor, investigate whats needed to
  deal with a particular crime or threat
• Just in case
• Capture all possible information so that,
  whenever something goes wrong, we can just play
  back the tape

52
Some just in case examples

• Toll-gate license-plate photos
• No longer needed if the bell doesnt ring
• But very helpful if you want to get a list of
  possible suspects for yesterdays crime
• Metro cards
• Paying for your trip
• Who was where when?
• ATM cameras
• If no robbery occurred, no need to retain
• But might have caught a glimpse of a kidnapper

53
Network Authentication

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.

54
Network Authentication

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.
• Will we do it?

55
Network Authentication

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.
• Will we do it?
• Why?

56
Network Authentication

• For every bit originating on our campus networks,
  we have the capability to know who put it there,
  when, and from where.
• Will we do it?
• Why?
• Who should be involved in the decision?

57
Déjà Vu?

• Homeland Security Monitored Students
• surveillance by the Pentagon database of
  military protests and demonstrations at
  institutions of higher education

58
Déjà Vu?

• Homeland Security Monitored Students
• surveillance by the Pentagon database of
  military protests and demonstrations at
  institutions of higher education
• Although there does not appear to be any direct
  terrorist nexus to the event, a large gathering,
  especially on a college campus, may gain momentum
  and create public safety concerns. I do not see
  an issue of civil liberties being violated,
  rather proactive precautionary measures being
  taken by DHS and DoD. William H. Parrish,
  Assoc. Prof. of Homeland Security, VCU

59
The Dilemma in Other Words

• They that can give up essential liberty to
  obtain a little temporary safety deserve neither
  liberty nor safety. Benjamin Franklin (1755)

60
The Dilemma in Other Words

• They that can give up essential liberty to
  obtain a little temporary safety deserve neither
  liberty nor safety. Benjamin Franklin (1755)
• While the Constitution protects against
  invasions of individual rights, it is not a
  suicide pact. Arthur Goldberg (1963)

61
The Constitution Is Nota Suicide Pact
62
The Constitution Is Nota Suicide Pact
63
Or

• Give me Liberty or give me Death!
• Patrick Henry
• (Delegate, Virginia, 1775)

64
Or

• Give me Liberty or give me Death!
• Patrick Henry
• (Delegate, Virginia, 1775)
• You have no civil liberties if youre dead!
• Patrick Roberts
• (Senator, Kansas, 2006)

65
The Privacy/Security Rorschach
66
The Privacy/Security Rorschach

• Law enforcement is not supposed to be easy.
  Where it is easy, its called a police state.
  Jeff Schiller, in Wired (1999)

67
The Eternal Value of Privacy(Bruce Schneier)

• The most common retort against privacy advocates
  is this line If you arent doing anything
  wrong, what do you have to hide?
• Some clever answers If Im not doing anything
  wrong, then you have no cause to watch me.
  Because the government gets to define whats
  wrong, and they keep changing the definition.
  Because you might do something wrong with my
  information.
• My problem with quips like these as right as
  they are is that they accept the premise that
  privacy is about hiding a wrong. Its not.
  Privacy is an inherent human right, and a
  requirement for maintaining the human condition
  with dignity and respect.
• Cardinal Richelieu understood the value of
  surveillance when he famously said, If one would
  give me six lines written by the hand of the most
  honest man, I would find something in them to
  have him hanged. Watch someone long enough, and
  youll find something to arrest or just
  blackmail with.
• Privacy protects us from abuses by those in
  power, even if were doing nothing wrong at the
  time of surveillance.
• We do nothing wrong when we make love or go to
  the bathroom. We are not deliberately hiding
  anything when we seek out private places for
  reflection or conversation. We keep private
  journals, sing in the privacy of the shower, and
  write letters to secret lovers and then burn
  them. Privacy is a basic human need.

68
PrivacyIs aBasicHumanNeed
69
End