1

Balancing Security and Privacyin Times of Cyberterror

EDUCAUSE Mid-Atlantic Regional ConferenceJanuary 18, 2007

Steve WoronaEDUCAUSE

sworona@educause.edu

2

The Internet ObeysOnly One Law

3

The Internet ObeysOnly One Law

The Law of

Unintended Consequences

4

or…

5

Be careful what you ask for…

6

…you might just get it

7

Example 1: A Story from the Dawn of (Internet) Time

It all started in 1995 with a simple question:

What’s the best resource for filtering out adult material for K-12 students?

• Net Nanny

• Cybersitter

• Surfwatch

• Cyber Patrol

• Etc.…

8

Example 2:A Poll on Campaign Finance

9

Example 2:A Poll on Campaign Finance

Proposition 1:Who are our political candidates taking money from? This should be public information.(Agree/Disagree?)

10

Example 2:A Poll on Campaign Finance

Proposition 1:Who are our political candidates taking money from? This should be public information.(Agree/Disagree?)

Proposition 2:What political candidates are you giving money to? This should be public information.(Agree/Disagree?)

11

www.fec.gov

12

Example 3:Do you want Privacy

or Privacy?

13

Example 3:Do you want Privacy

or Privacy?

Sorry, you can’t have both.

14

“You can’t have Privacywithout Security”

15

“You can’t have Privacywithout Security”

• Privacy: Ensuring that your personal information doesn’t fall into the wrong hands

16

“You can’t have Privacywithout Security”

• Privacy: Ensuring that your personal information doesn’t fall into the wrong hands• “VA Data Files on Millions of Veterans Stolen”• “Bank of America Loses A Million Customer Records”• “UCLA Warns 800,000 of Computer Break-In”

17

“You can’t have Privacywithout Security”

• Privacy: Ensuring that your personal information doesn’t fall into the wrong hands• “VA Data Files on Millions of Veterans Stolen”• “Bank of America Loses A Million Customer Records”• “UCLA Warns 800,000 of Computer Break-In”• HIPAA, FERPA, etc.• State and federal data-spill notification mandates

18

“You can’t have Privacywithout Security”

• Privacy: Ensuring that your personal information doesn’t fall into the wrong hands• “VA Data Files on Millions of Veterans Stolen”• “Bank of America Loses A Million Customer Records”• “UCLA Warns 800,000 of Computer Break-In”• HIPAA, FERPA, etc.• State and federal data-spill notification mandates

• Security: Limiting everyone’s activity to only the things they have a right to see and do• Who is trying to access data (“Authentication”)• Whether they have the right (“Authorization”)

19

So Whenever Anyone Does Anything Online,

We Want to Know…

20

So Whenever Anyone Does Anything Online,

We Want to Know…• Who they are

21

So Whenever Anyone Does Anything Online,

We Want to Know…• Who they are

• What they’re doing

22

So Whenever Anyone Does Anything Online,

We Want to Know…• Who they are

• What they’re doing

• Why they’re doing it

23

Authentication Mechanisms

• Accounts and passwords

• ATM cards and PINs

• Smart cards

• Challenge/response systems

• Digital certificates

• Key-fob tokens

• Biometrics

• Etc…

24

When to Authenticate

• Each time a data element is accessed

• Each time a screen is presented

• Each time a transaction is initiated

• Once every minute/15 minutes/hour/day

• “Single Sign-On”

25

“To Whom” to Authenticate

• The program you’re talking to

• The server you’re talking to

• The network

26

The Trend

• Single sign-on

• With possible refresh for sensitive transactions

• Network sign-on

• Stronger authentication

• “Guest” authentication

• Wireless authentication

• Identity intermediaries• Shibboleth

27

Another Definition of Privacy

• Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

28

The Importance of Anonymity

“Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.”

– Hugo Black, Talley v. California, 1960

29

Privacy1 vs Privacy2

• Privacy1: Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”)

• Privacy2: The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

30

The Dilemma

31

The Dilemma• We want to go through cyber-life without

leaving a trail

32

The Dilemma• We want to go through cyber-life without

leaving a trail• But we want everyone who comes in contact

with our data (and with us) to be identified and monitored

33

The Dilemma• We want to go through cyber-life without

leaving a trail• But we want everyone who comes in contact

with our data (and with us) to be identified and monitored• Spam• Phishing• Threats• Poison-pen postings• Baseless accusations• Etc…

34

The Dilemma• We want to go through cyber-life without leaving

a trail• But we want everyone who comes in contact with

our data (and with us) to be identified and monitored

Not Much Different Than• We want everyone to know who the

candidates are getting money from• But we don’t want anyone to know who we

are giving money to

35

Privacy Can Be Tricky:Consider Chat Rooms

• In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening• You’re essentially speaking in public• You have no reason to believe a police officer

(on- or off-duty) isn’t present• US vs Charbonneau

36

Privacy Can Be Tricky:Consider Chat Rooms

• In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening• You’re essentially speaking in public• You have no reason to believe a police officer

(on- or off-duty) isn’t present• US vs Charbonneau

• What are the limitations on government surveillance of chat rooms?

37

Privacy Can Be Tricky:Consider Chat Rooms

• In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening• You’re essentially speaking in public• You have no reason to believe a police officer

(on- or off-duty) isn’t present• US vs Charbonneau

• What are the limitations on government surveillance of chat rooms?• Child molestors

38

Privacy Can Be Tricky:Consider Chat Rooms

• In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening• You’re essentially speaking in public• You have no reason to believe a police officer

(on- or off-duty) isn’t present• US vs Charbonneau

• What are the limitations on government surveillance of chat rooms?• Child molestors• Dissident political groups

39

The Dilemma• We want to go through cyber-life without leaving

a trail• But we want everyone who comes in contact with

our data (and with us) to be identified and monitored

Not Much Different Than• We want everyone to know who the

candidates are getting money from• But we don’t want anyone to know who we

are giving money to

40

“Identified and Monitored”• “Government Plans Massive Data Sweep”

• “Feds Get Wide Wiretap Authority”

• “NSA Has Massive Database of Americans’ Phone Calls”

• “Finance-Monitoring Program Amounts to Spying”

• “Police Chief Wants Surveillance Cameras in Houston Apartments”

• “Future Fuzzy for Government Use of Public Surveillance Cameras”

41

Why Now?

42

Why Now?

• Because we can

43

Why Now?

• Because we can• Technology now makes it possible to collect,

maintain, and process everything you do• Moore’s Law is not being repealed• Brain = 1TB = $500 retail• Gordon Bell: MyLifeBits (10TB)• Library of Congress = 100TB• WORM drives• The Internet Archive• Ray Kurzweil: “The Singularity Is Near”

44

Why Now?

• Because we can• And so our only limitations are those we choose

to impose on ourselves

45

Why Now?

• Because we can

• Because we (think we) must

46

Why Now?

• Because we can

• Because we (think we) must• Why?

47

Why Now?

• Because we can

• Because we (think we) must• Because it makes law enforcement easier

48

Law Enforcement and Data

• Specific, focused, temporary• Tap, probe, monitor, investigate what’s needed

to deal with a particular crime or threat

49

The Fourth Amendment

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

50

Law Enforcement and Data

• Specific, focused, temporary• Tap, probe, monitor, investigate what’s needed

to deal with a particular crime or threat

• Just in case• Capture all possible information so that,

whenever something goes wrong, we can just play back the tape

51

Some simple examples

• Toll-gate license-plate photos• No longer needed if the bell doesn’t ring• But very helpful if you want to get a list of possible

suspects for yesterday’s crime

• Metro cards• Paying for your trip• Who was where when?

• ATM cameras• If no robbery occurred, no need to retain• But might have caught a glimpse of a kidnapper

52

Déjà Vu?• “Homeland Security Monitored Students”

• “…surveillance by the Pentagon … database [of] … military protests and demonstrations at institutions of higher education …”

• “Although there does not appear to be any direct terrorist nexus to the event, a large gathering, especially on a college campus, may gain momentum and create public safety concerns. I do not see an issue of civil liberties being violated, rather proactive precautionary measures being taken by DHS and DoD.” – William H. Parrish, Assoc. Prof. of Homeland Security, VCU

53

Airport Security TomorrowAirport security chiefs and efficiency geeks will be able to keep

close tabs on airport passengers by tagging them with a high powered radio chip developed at the University of Central London. The technology is to be trialled in Debrecen Airport in Hungary after being in development for two-and-a-half years by University College London as part of an EU-funded consortium called Optag.

Dr Paul Brennan, of UCL’s antennas and radar group, said his team had developed a radio frequency identification tag far in advance of any that had been used to now to label supermarket produce.

People will be told to wear radio tags round their necks when they get to the airport. The tag would notify a computer system of their identity and whereabouts. The system would then track their activities in the airport using a network of high definition cameras.

– The Register (UK), Oct. 12, 2006

54

Network Authentication Today

• For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where.

55

Network Authentication Today

• For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where.

• Will we do it?

56

Network Authentication Today

• For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where.

• Will we do it?

• Why?

57

Network Authentication Today

• For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where.

• Will we do it?

• Why?

• Who should be involved in the decision?

58

The Dilemma in Other Words…

“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”

– Benjamin Franklin (1755)

59

The Dilemma in Other Words…

“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)

“While the Constitution protects against invasions of individual rights, it is not a suicide pact.”

– Arthur Goldberg (1963)

60

“The Constitution Is Nota Suicide Pact”

61

“The Constitution Is Nota Suicide Pact”

62

Or…

“Give me Liberty or give me Death!”– Patrick Henry

(Delegate, Virginia, 1775)

63

Or…

“Give me Liberty or give me Death!”– Patrick Henry

(Delegate, Virginia, 1775)

“You have no civil liberties if you’re dead!”– Patrick Roberts

(Senator, Kansas, 2006)

64

“The Eternal Value of Privacy”(Bruce Schneier)

The most common retort against privacy advocates is this line: “If you aren’t doing anything wrong, what do you have to hide?”

Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.”

My problem with quips like these – as right as they are – is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.

Cardinal Richelieu understood the value of surveillance when he famously said, “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” Watch someone long enough, and you’ll find something to arrest – or just blackmail – with.

Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.

We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

65

The Privacy/Security Rorschach

66

The Privacy/Security Rorschach

“Law enforcement is not supposed to be easy.

Where it is easy, it’s called a police state.”

– Jeff Schiller, in Wired (1999)

67

End