Presentation on theme: "Some Thoughts on Cyber-Resiliency, Time, and Surveillance Peter Swire Huang Professor of Law and Ethics Georgia Institute of Technology NAS/NRC Forum on."— Presentation transcript:
Some Thoughts on Cyber-Resiliency, Time, and Surveillance Peter Swire Huang Professor of Law and Ethics Georgia Institute of Technology NAS/NRC Forum on Cyber-Resiliency April 6, 2015
Overview 1.My initial thoughts when Lynette Millett and Fred Schneider asked: 1.My favorite example of resilient vs. non-resilient 2.Resilience is a function of time 3.Resilience is often unevenly distributed across sub- populations 2.Thoughts on the intersection of resilience and surveillance
1. My favorite example of resilient vs. non-resilient Credit cards Very resilient; if fraud, cancel and new card almost immediately; some loss during time before cards are canceled Even more resilient if one-time number (Apple Pay goal), so theft of database creates zero value Biometrics Horribly un-resilient If they get your fingerprint, can’t get a new finger Database of fingerprints (DNA, retina scans, etc.) thus a perfect example of un-resilient: the credentials are copyable and compromised for millions, with no ready way to use fingerprints reliably for those people
2. Resilience as a Function of Time When t -> ∞ Keynes: “In the long run, we are all dead.” Swire: “In the long run, all systems are resilient.” True unless immortality or destruction of all human endeavors When t -> 0 The bad thing happens It is too soon to bounce back Perhaps others here have a different definition of resiliency, but my common sense is that the typical question is “how resilient over what period of time”
3. Resilience and Variation Among Populations In a monoculture world, the speed and quality of resilience is quite similar across the population In most real systems, by contrast, the speed and quality of resilience will vary Distribution of and variation in resilience are thus often crucial Consider the willingness to trust online commerce after a breach – how will the resilience of trust vary across demographics and other populations? Current example – how much have your views of the US government (and the US tech sector) returned to pre-Snowden levels? Answer about the resilience of trust is highly variable. That is super-important if dealing with the new skeptic.
Thus, Resilience is Not a Yes/No Function Misleading to say “the system is resilient” or “it is not” Resilience is a function of time Roman Empire to Dark Ages to Renaissance, about 1200 years Resilience varies across populations Italy, England/Flanders, Russia had Renaissance in different centuries The fingerprint example Time - fingerprints useful again in a generation, when have new fingerprints Fingerprints useful for the sub-population whose fingerprints were not compromised
Part 2: Resilience and Surveillance What is the relationship between resilience and surveillance? Upon initial reflection (at least for me) was not obvious My friends who are good in math Turn a new and hard problem into a familiar and solved problem What problem in surveillance can guide our understanding of resilience?
Proposal: Lessons from the Crypto Wars Surveillance roughly means more knowledge by a powerful agency If [insert your favorite 3-letter agency here] knows more-or-less everything, is that good or bad for [stopping crime and terrorism] or [making the system resilient]?
The Claimed Benefits of Surveillance In crypto wars, law enforcement and national security agencies want more access to data: Detect, catch, and deter “bad guys” Analogy to resiliency: When the breach happens, forensics to detect what happened, attribute the attack, and thus learn how to remediate Block and deter follow-up attacks Disaster recovery – if a private database is destroyed, surveillance agencies can use their data to help reconstruct
The Claimed Costs of Surveillance Critiques of weak crypto: Agency database of keys can become single point of failure – the bad guys get that, they learn everything If “good” governments have the keys, then “bad” governments will get them (and their criminal friends) Civil liberties – dangerous to let the government have that data Analogy to resilience Agency database can become single point of failure (all the data is breached) If “good” governments surveil, then easier for “bad” governments Resilience of the political system – stop surveillance before the secret police get too powerful
Summary on Crypto and Resilience Analogy of crypto wars to resilience Surveillance improves resilience: Benefits of more knowledge when the surveillance data is helpful in responding to attacks Surveillance reduces resilience: Costs of more knowledge when the surveillance data facilitates attacks or impedes response to attacks Resilience and the political system Worries in the crypto wars that agencies undermine political system Worries about resilience of the political system if surveillance goes too far
In Conclusion My themes: Big potential harms from non-resilient systems (fingerprints) Resilience is a function of time Distributional aspects -- resilience varies among sub-populations Resilience is thus not a Yes/No attribute For surveillance, consider the new problem (resilience) based on our understanding of a familiar problem (the crypto wars) A great pleasure to think about problems in this new framework – “resiliency” A creative opportunity – not usually easy to fit fingerprints, the Renaissance, and Keynes into a short talk I look forward to the many other creative approaches we will develop in this Forum