Balancing Security and Privacy in Times of Cyberterror
description
Transcript of Balancing Security and Privacy in Times of Cyberterror
![Page 1: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/1.jpg)
Balancing Security and Privacyin Times of Cyberterror
EDUCAUSE Western Regional Conference 2005
April 28, 2005
Steve WoronaEDUCAUSE
Tracy MitranoCornell University
![Page 2: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/2.jpg)
A Campaign Finance Poll
![Page 3: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/3.jpg)
A Campaign Finance Poll
• All citizens should be able to find out who each candidate is taking money from
![Page 4: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/4.jpg)
A Campaign Finance Poll
• All citizens should be able to find out who each candidate is taking money from
• All citizens should be able to find out what candidate you are giving money to
![Page 5: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/5.jpg)
A Campaign Finance Poll
• All citizens should be able to find out who each candidate is taking money from
• All citizens should be able to find out what candidate you are giving money to
• Demo: http://www.fec.gov
![Page 6: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/6.jpg)
Lessons
• Law of unintended consequences• Logic can’t be legislated
• Technology can’t “fix” unintended consequences• In fact, it’s often technology that creates them
• Technical/social interactions are tricky
• We make trade-offs on privacy all the time
![Page 7: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/7.jpg)
“You can’t have Privacywithout Security”
• Privacy: Ensuring that your personal information doesn’t fall into the wrong hands• Choicepoint; Lexis-Nexis; Ameritrade; BofA; etc.• Tufts; CMU; Berkeley; etc.• FERPA; GLB; HIPAA• Data-spill notification laws in CA, US
• Security: Limiting everyone’s activity to only the things they have a right to see and do• Who is trying to access data (“Authentication”)• Whether they have the right (“Authorization”)
![Page 8: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/8.jpg)
A FewAuthentication/Authorization Issues
• Authenticate at network or application level?
• What to do with logs?• How long to keep?• When/how/why to access?
• Machine vs person
• Cross-institutional information distribution
• The government• USA/Patriot
![Page 9: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/9.jpg)
Another Definition of Privacy
• Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously
![Page 10: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/10.jpg)
The Importance of Anonymity
“Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.”
– Hugo Black, Talley v. California, 1960
![Page 11: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/11.jpg)
Privacy1 vs Privacy2
• Privacy1: Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”)
• Privacy2: The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)
![Page 12: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/12.jpg)
The Dilemma in a Nutshell• We want to go through cyber-life without
leaving a trail• But we want everyone who comes in contact
with our data (with us?) to be known• And if we don’t, others do, to minimize
• Phishing• Spoofing• Fraud• Spam• Viruses• Hacking• Denial-of-service attacks• Cyber-terrorism
![Page 13: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/13.jpg)
The Dilemma in Other Words…
“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
– Benjamin Franklin (1755)
![Page 14: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/14.jpg)
The Dilemma in Other Words…
“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)
“While the Constitution protects against invasions of individual rights, it is not a suicide pact.”
– Arthur Goldberg (1963)
![Page 15: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/15.jpg)
“The Constitution Is Nota Suicide Pact”
![Page 16: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/16.jpg)
“The Constitution Is Nota Suicide Pact”
![Page 17: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/17.jpg)
What Has Changed Since 1963?• The potential threats
• Limitless damage from an individual act• Even death is not a deterrent• Emphasis switches from punishment to prevention
• The potential responses• RFID; micro- and macro-cameras; linked databases;
unlimited storage; unlimited processing power; unlimited communication capacity;…
• And that’s just today• Technology is no longer the limit; we must decide
• What to collect• How to use what’s collected• Narrowly drawn limits or “just in case”• When and how to change the rules
![Page 18: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/18.jpg)
Whether by intention
or by default,
we will decide
on the tradeoffs
![Page 19: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/19.jpg)
Some simple examples
• Toll-gate license-plate photos• Not needed if the bell doesn’t ring• But sure useful if you want to get a list of possible
suspects for yesterday’s crime
• Metro-passes• Anonymous or registered?• Rules for access (probable cause or dragnet?)
• ATM cameras• If no robbery occurred, no need to retain• But might have caught a glimpse of a kidnapper
![Page 20: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/20.jpg)
The Tradeoff Rorschach
“Law enforcement is not supposed to be easy.
Where it is easy, it’s called a police state.”
– Jeff Schiller, in Wired (1999)
![Page 21: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/21.jpg)
Your Mission as a Citizen:Think about the Tradeoffs
• Be aware of how your own activities are being monitored
• Think about options
• Decide how you feel
• Let your legislators know
• Apply these lessons on your own campuses
![Page 22: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/22.jpg)
Some Closing Plugs
• EDUCAUSE/Cornell Institute for Computer Policy and Law, 10th Annual Seminar• Ithaca, NY: June 28-July 1, 2005• Flyers available here
• EDUCAUSE Policy Page• http://www.educause.edu/policy
• EDUCAUSE Annual Policy Conference• Washington, DC: April 26-27, 2006
![Page 23: Balancing Security and Privacy in Times of Cyberterror](https://reader036.fdocuments.net/reader036/viewer/2022070406/568140a7550346895dac6591/html5/thumbnails/23.jpg)
End