1 / 23

Balancing Security and Privacy in Times of Cyberterror

Balancing Security and Privacy in Times of Cyberterror. EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE sworona@educause.edu Tracy Mitrano Cornell University TBM3@cornell.edu. A Campaign Finance Poll. A Campaign Finance Poll.

allayna
Download Presentation

Balancing Security and Privacy in Times of Cyberterror

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Balancing Security and Privacyin Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE sworona@educause.edu Tracy Mitrano Cornell University TBM3@cornell.edu

  2. A Campaign Finance Poll

  3. A Campaign Finance Poll • All citizens should be able to find out who each candidate is taking money from

  4. A Campaign Finance Poll • All citizens should be able to find out who each candidate is taking money from • All citizens should be able to find out what candidate you are giving money to

  5. A Campaign Finance Poll • All citizens should be able to find out who each candidate is taking money from • All citizens should be able to find out what candidate you are giving money to • Demo: http://www.fec.gov

  6. Lessons • Law of unintended consequences • Logic can’t be legislated • Technology can’t “fix” unintended consequences • In fact, it’s often technology that creates them • Technical/social interactions are tricky • We make trade-offs on privacy all the time

  7. “You can’t have Privacywithout Security” • Privacy: Ensuring that your personal information doesn’t fall into the wrong hands • Choicepoint; Lexis-Nexis; Ameritrade; BofA; etc. • Tufts; CMU; Berkeley; etc. • FERPA; GLB; HIPAA • Data-spill notification laws in CA, US • Security: Limiting everyone’s activity to only the things they have a right to see and do • Who is trying to access data (“Authentication”) • Whether they have the right (“Authorization”)

  8. A FewAuthentication/Authorization Issues • Authenticate at network or application level? • What to do with logs? • How long to keep? • When/how/why to access? • Machine vs person • Cross-institutional information distribution • The government • USA/Patriot

  9. Another Definition of Privacy • Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

  10. The Importance of Anonymity “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” – Hugo Black, Talley v. California, 1960

  11. Privacy1 vs Privacy2 • Privacy1: Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”) • Privacy2: The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

  12. The Dilemma in a Nutshell • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (with us?) to be known • And if we don’t, others do, to minimize • Phishing • Spoofing • Fraud • Spam • Viruses • Hacking • Denial-of-service attacks • Cyber-terrorism

  13. The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)

  14. The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755) “While the Constitution protects against invasions of individual rights, it is not a suicide pact.” – Arthur Goldberg (1963)

  15. “The Constitution Is Nota Suicide Pact”

  16. “The Constitution Is Nota Suicide Pact”

  17. What Has Changed Since 1963? • The potential threats • Limitless damage from an individual act • Even death is not a deterrent • Emphasis switches from punishment to prevention • The potential responses • RFID; micro- and macro-cameras; linked databases; unlimited storage; unlimited processing power; unlimited communication capacity;… • And that’s just today • Technology is no longer the limit; we must decide • What to collect • How to use what’s collected • Narrowly drawn limits or “just in case” • When and how to change the rules

  18. Whether by intentionor by default,we will decideon the tradeoffs

  19. Some simple examples • Toll-gate license-plate photos • Not needed if the bell doesn’t ring • But sure useful if you want to get a list of possible suspects for yesterday’s crime • Metro-passes • Anonymous or registered? • Rules for access (probable cause or dragnet?) • ATM cameras • If no robbery occurred, no need to retain • But might have caught a glimpse of a kidnapper

  20. The Tradeoff Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999)

  21. Your Mission as a Citizen:Think about the Tradeoffs • Be aware of how your own activities are being monitored • Think about options • Decide how you feel • Let your legislators know • Apply these lessons on your own campuses

  22. Some Closing Plugs • EDUCAUSE/Cornell Institute for Computer Policy and Law, 10th Annual Seminar • Ithaca, NY: June 28-July 1, 2005 • Flyers available here • EDUCAUSE Policy Page • http://www.educause.edu/policy • EDUCAUSE Annual Policy Conference • Washington, DC: April 26-27, 2006

  23. End

More Related