Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.

Published byPrince Biles Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013."— Presentation transcript:

1 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013

2 Something you should know Cloud computing has significant implications for the privacy of personal information A users privacy and confidentiality risks vary significantly with the terms of service and privacy policy established by the cloud provider Law could oblige a cloud provider to examine user records for evidence of criminal activities CISC2

3 Something you should know The legal status of some types of information may change when stored in the cloud The location of the information in the cloud may affect the privacy and confidentiality protections of the information Information in the cloud may have more than 1 legal location at the same time, with different legal consequence CISC3

4 Something I didnt know until June 2013, how about you? FISA and FISC The PRISM The MTI … CISC4 I dont want to live in a society that does these sort of things… I do not want to live in a world where everything I do and say is recorded. by Snowden (The Guardian, June 2013) I learnt it from Snowden

5 Who is Snowden? American former CIA employee A former contractor for the NSA Leaked details of NSA mass surveillance programs to the press 2004: US Army Special Forces 2007: CIA computer technician, stationed with diplomatic cover in Geneva, Switzerland, responsible for maintaining computer network security 2009: left CIA and joined a private contractor inside an NSA facility on a US military base in Japan 2013 (< 3 months): consultant with Booz Allen Hamilton as a system administrator inside the NSA at the Kunia Regional SIGINT Operations Center in Hawaii

6 Disclosures Stories Disclosures Stories 5 June - a top secret order of Foreign Intelligence Surveillance Court (FISC) Ordered a business division to provide metadata for all telephone calls wholly within the United States, including local telephone calls and all calls between the United States and abroad. 6 June – PRISM (begin from 2007) A clandestine electronic surveillance program that allegedly allows the NSA to access e-mail, web searches, and other Internet traffic in real-time. 9 June – Boundless Informant A system "details and even maps by country the voluminous amount of information [the NSA] collects from computer and telephone networks." 15 June - Government Communications Headquarters (GCHQ) A British intelligence agency, worked jointly with the NSA to eavesdrop on a meeting of industrialized nations in London in 2009. 21 June -- GCHQ has secretly gained access to the network of cables and has started to process vast streams (The MTI Project)

7 Major Programs/Events FISC (Foreign Intelligence Surveillance Court) PRISM Program and Boundless Informant China and Hong Kong Hacking GCHQ (Government Communication Headquarters) & British eavesdropping MTI (Master The Internet) CISC7

8 8 FISC

9 FISC Foreign Intelligence Surveillance Court (FISC) ordered a business division of Verizon Communications to provide on an ongoing daily basis metadata for all telephone calls wholly within the United States, including local telephone calls and all calls made between the United States and abroad NO CONTENT CISC9

10 10 What are the metadata? Caller and receiver Caller and receiver current location Length of call …

11 11 How the data was used? CISC Boundless Informant

12 The NSA's powerful tool for cataloguing global surveillance data – including figures on US collection CISC12 The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance). Note the '2007' date in the image relates to the document from which the interactive map derives its top secret classification, not to the map itself.

13 Boundless Informant Recording and analysing where its intelligence comes from Use advanced data mining techniques: details and maps by country the voluminous amount of information it collects from computer and telephone networks Focus on counting and categorizing the records of communications, known as metadata, rather than the content of an email or instant message The agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30- day period ending in March 2013 13

14 14 The Prism CISC Besides Verizon Communication, who else?

15 The PRISM Program The seal of Special Source Operations, the NSA term for alliances with trusted U.S. companies. The program is called PRISM, after the prisms used to split light, which is used to carry information on fiber-optic cables. This note indicates that the program is the number one source of raw intelligence used for NSA analytic reports. NSA slides explain the PRISM data-collection program http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

16 Monitoring a target's communication NSA slides explain the PRISM data-collection program http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

17 Providers and data NSA slides explain the PRISM data-collection program http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ Why the companies willing to participate?

18 Companies Participation Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA), the U.S. intelligence community can gain access to the servers of nine Internet companies for a wide range of digital data. (Washington Post 6 Jun 2013) CISC18

19 Participating providers NSA slides explain the PRISM data-collection program http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

20 The PRISM Data collected –Search history –Contents of emails –File transfers –Live chats NOT METADATA anymore, it includes contents CISC20

21 Where is the law? Allows NSA to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders In the past, NSA needed individual authorization, and confirmation that all parties were outside USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA CISC21

22 What the PRISM found The number of obtained communications increased in 2012 by 248% for Skype 131% increase in requests for Facebook data 63% increase in requests for Google data Plan to add Dropbox as a PRISM provider CISC22

23 If you are using the cloud and you dont know where the data is, CISC23 It is very likely that NSA is watching you.

24 If you are using the cloud and the data is moving around the world, CISC24 According to FISA, it is likely that NSA is gaining access to the servers that store the data.

25 25 MTI Mastering the Internet CISC The web is for everyone and so is surveillance. (The Guardian, 21 Jun 2013)

26 MTI Under GCHQ (Government Communications Headquarters) Mastering the Internet, started in 2007 Capture and analyse a large quantity of international traffic consisting of –emails, texts, phone calls, internet searches, chat, photographs, blogposts, videos and many uses of Google Collecting signals from up to 200 fiber-optic cables at the physical points of entry into the country, each with 10 gigabits per second, approx. 21.6 petabytes in a day CISC26

27 Internet Buffer Internet traffics into and out of UK are intercepted and collected, then filtered to get rid of uninteresting content The filtered traffics are then stored: 3 days for content and 30 days for metadata Some degree of co-operation from companies operating either the cables or the stations which they came into the country: referred to as the special source provider CISC27

28 Project Tempora Core programme in MTI The evolution of a secret programme to capture vast amounts of web and phone data CISC28

29 The Real Big Data MTI produces larger amounts of metadata collection than the NSA NSA analysts effectively exploit GCHQ metadata for intelligence production, target development/discovery purposes With Tempora's "buffering capability", and Britain's access to the cables that carry internet traffic in and out of the country, GCHQ has been able to collect and store a huge amount of information Every area of ops can get real benefit from this capability, especially for target discovery and target development CISC29

30 Where is the law? The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary. A clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad CISC30

31 TINT By March 2010, analysts from the NSA had been allowed some preliminary access to the project MTI Refer to as "joint GCHQ/NSA research initiative TINT: "uniquely allows retrospective analysis for attribution" – a storage system of sorts, which allowed analysts to capture traffic on the internet and then review it CISC31

32 If you are using the cloud and the data in located in Europe CISC32 It is likely that the data will travel through the fiber in UK, and got buffered by GCHQ.

33 Conclusion Data privacy protection: laws exist to protect data in a particular country Unfortunately, laws cannot protect data resided in another country where the intelligent agencies do not observed, or laws exist allow unlimited access of data that are potential dangerous in the oversea CISC33

34 34 Thank You

Download ppt "1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013."

Similar presentations

31511230/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.

/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
doi> Digital Object Identifier: overview

doi> Digital Object Identifier: overview
Using Information at the University University Secretarys Office

Using Information at the University University Secretarys Office
Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
A presentation by Werardt Systemss P Ltd An Online Machine Monitoring System.

A presentation by Werardt Systemss P Ltd An Online Machine Monitoring System.
1 Surveillance of cables for civil communication by the National Defence Radio Establishment (FRA) Mark Klamberg, doctoral candidate 5 October 2008.

1 Surveillance of cables for civil communication by the National Defence Radio Establishment (FRA) Mark Klamberg, doctoral candidate 5 October 2008.
Spies, Drones, and Snowden: What’s the Future of US Intelligence? Dennis Bowden Adjunct Professor University of Central Florida.

Spies, Drones, and Snowden: What’s the Future of US Intelligence? Dennis Bowden Adjunct Professor University of Central Florida.
NHnetWORKS December 14, 2009.  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.

NHnetWORKS December 14,  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Electronic Privacy Does it exist?. Issue: Privacy concerns with library and bookseller records continue due to the reauthorization of Section 215. The.

Electronic Privacy Does it exist?. Issue: Privacy concerns with library and bookseller records continue due to the reauthorization of Section 215. The.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
How to keep your kids safe online

How to keep your kids safe online
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
TC2-Computer Literacy Mr. Sencer February 4, 2010.

TC2-Computer Literacy Mr. Sencer February 4, 2010.
Harvard University CSCI E-2a Life, Liberty, and Happiness After the Digital Explosion 2: Privacy.

Harvard University CSCI E-2a Life, Liberty, and Happiness After the Digital Explosion 2: Privacy.

Similar presentations

Ads by Google