1 Balancing Privacy and Security in the Age of Cyberterror Steve Worona EDUCAUSE Wayne State University October 7, 2008

2 The Internet Obeys Only One Law

3 The Law of Unintended Consequences

4 Example 1: A Story from the Dawn of (Internet) Time It all started in 1995 with a simple question: What’s the best resource for filtering out adult material for K-12 students? Net Nanny Cybersitter Surfwatch Cyber Patrol Etc.…

5 Example 2: An Election-Year Poll

6 Proposition 1: Everyone should be able to find out who our candidates are taking money from. (Agree/Disagree?)

7 Example 2: An Election-Year Poll Proposition 1: Everyone should be able to find out who our candidates are taking money from. (Agree/Disagree?) Proposition 2: Everyone should be able to find out what candidates you are giving money to. (Agree/Disagree?)

8

9 Candidate Search Search for contributions received by a specific campaign using candidate’s name, state, or party affiliation.

10 Candidate Search Search for contributions received by a specific campaign using candidate’s name, state, or party affiliation. Individual Search Search for contributions made by individuals using contributor name, city, state, zip code, principal place of business, date, and amount.

11 Example 3: Do you want Privacy or Privacy?

12 Example 3: Do you want Privacy or Privacy? Sorry, you can’t have both.

13 “You can’t have Privacy without Security”

14 “You can’t have Privacy without Security” Privacy: Ensuring that your personal information doesn’t fall into the wrong hands

15 “You can’t have Privacy without Security” Privacy: Ensuring that your personal information doesn’t fall into the wrong hands “VA Data Files on Millions of Veterans Stolen” “Bank of America Loses A Million Customer Records” “UCLA Warns 800,000 of Computer Break-In” HIPAA, FERPA, etc. State and federal data-spill notification mandates

16 “You can’t have Privacy without Security” Privacy: Ensuring that your personal information doesn’t fall into the wrong hands “VA Data Files on Millions of Veterans Stolen” “Bank of America Loses A Million Customer Records” “UCLA Warns 800,000 of Computer Break-In” HIPAA, FERPA, etc. State and federal data-spill notification mandates Security: Limiting everyone’s activity to only the things they have a right to see and do Who is trying to access data (“Authentication”) Whether they have the right (“Authorization”)

17 So Whenever Anyone Does Anything Online, We Want to Know…

18 So Whenever Anyone Does Anything Online, We Want to Know… Who they are

19 So Whenever Anyone Does Anything Online, We Want to Know… Who they are What they’re doing

20 So Whenever Anyone Does Anything Online, We Want to Know… Who they are What they’re doing Why they’re doing it

21 So Whenever Anyone Does Anything Online, We Want to Know… Who they are What they’re doing Why they’re doing it Etc.

22 Another Definition of Privacy Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

23 The Importance of Anonymity “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” – Hugo Black, Talley v. California, 1960

24 Privacy 1 vs Privacy 2 Privacy 1 : Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”) Privacy 2 : The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

25 The Dilemma

26 The Dilemma We want to go through cyber-life without leaving a trail

27 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored

28 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent

29 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent Spam

30 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent Spam Phishing

31 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent Spam Phishing Threats

32 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent Spam Phishing Threats Poison-pen postings

33 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent Spam Phishing Threats Poison-pen postings Baseless accusations

34 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored, in order to detect, punish, prevent Spam Phishing Threats Poison-pen postings Baseless accusations Etc…

35 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored Not Much Different Than We want everyone to know who the candidates are getting money from But we don’t want anyone to know who we are giving money to

36 The Dilemma We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (and with us) to be identified and monitored Not Much Different Than We want everyone to know who the candidates are getting money from But we don’t want anyone to know who we are giving money to

37 “Identified and Monitored” “Government Plans Massive Data Sweep” “Feds Get Wide Wiretap Authority” “NSA Has Massive Database of Americans’ Phone Calls” “Finance-Monitoring Program Amounts to Spying” “Police Chief Wants Surveillance Cameras in Houston Apartments” “Big Brother Is Listening” “New Surveillance Program Will Turn Military Satellites on U.S.”

38 Airport Security Tomorrow Airport security chiefs and efficiency geeks will be able to keep close tabs on airport passengers by tagging them with a high powered radio chip developed at the University of Central London. The technology is to be trialled in Debrecen Airport in Hungary after being in development for two-and-a-half years by University College London as part of an EU-funded consortium called Optag. Dr Paul Brennan, of UCL’s antennas and radar group, said his team had developed a radio frequency identification tag far in advance of any that had been used to now to label supermarket produce. People will be told to wear radio tags round their necks when they get to the airport. The tag would notify a computer system of their identity and whereabouts. The system would then track their activities in the airport using a network of high definition cameras. – The Register (UK), Oct. 12, 2006

39 “Big Brother Is Listening” (Daily Telegraph (UK) – May 2, 2007) Hidden microphones that can eavesdrop on conversations in the street are the next step in the march towards a “Big Brother” society, MPs were warned yesterday. Richard Thomas, the Information Commissioner, said a debate had begun about whether listening devices should be set up alongside Britain’s 4.5 million CCTV cameras. In evidence to the Commons home affairs committee, Mr. Thomas said he would be hostile to such an idea. He was also alarmed by the prospect of tiny cameras, hidden in lamp posts, replacing more obvious monitors. He said it was arguable that surveillance in Britain - which is greater than in any other democratic nation - may already have gone too far.

40 “Big Brother Database Will Ruin British Way of Life” (London Daily Mail – July 16, 2008) Plans for a massive database snooping on the entire population were condemned yesterday as a step too far for the British way of life. In an Orwellian move, the Home Office is proposing to detail every phone call, , text message, internet search and online purchase in the fight against terrorism and other serious crime. Town halls are already using extraordinary surveillance powers under the controversial Regulation of Investigatory Powers Act to investigate minor issues such as littering. The Home Office defended the need to keep its surveillance powers up to date with changing internet technology. Officials said the internet was rapidly revolutionizing communications and it was vital for surveillance powers to keep up with technology in order to fight serious crime and terrorism. […]

41 “Big Brother Database Will Ruin British Way of Life” (London Daily Mail – July 16, 2008) Britain’s crime-fighting DNA database was the world’s first and is now the world’s largest. Originally samples were taken from those arrested but destroyed if they were not convicted. Today anyone who is arrested has DNA taken without consent. It is added to the database, and is virtually impossible to have it removed. Police forces use hundreds of Automatic Number Plate Recognition cameras across the UK, some at fixed sites and some in cars. Computers are able to compare numbers with a national database of cars which may be stolen, or whose owners are wanted for questioning. Each check takes around four seconds. Since last year, the Government has been developing a central database which also records the details every time a car passes an ANPR camera, anywhere in Britain.

42 Why Now?

43 Why Now? Because we can Technology now makes it possible to collect, maintain, and process everything you do Moore’s Law is not being repealed Brain = 1TB = $250 retail Coming soon: Terabyte thumb-drives Gordon Bell: MyLifeBits (10TB) Library of Congress = 100TB WORM drives The Internet Archive Ray Kurzweil: “The Singularity Is Near”

44 Why Now? Because we can And so our only limitations are those we choose to impose on ourselves

45 Why Now? Because we can Because we (think we) must Why?

46 Why Now? Because we can Because we (think we) must Because it makes law enforcement easier

47 Why Now? Because we can Because we (think we) must Because it makes law enforcement easier “The Home Office defended the need to keep its surveillance powers up to date with changing internet technology. Officials said the internet was rapidly revolutionizing communications and it was vital for surveillance powers to keep up with technology in order to fight serious crime and terrorism.”

48 Law Enforcement and Data Specific, focused, temporary Tap, probe, monitor, investigate what’s needed to deal with a particular crime or threat Just in case Capture all possible information so that, whenever something goes wrong, we can just play back the tape

49 Law Enforcement and Data Specific, focused, temporary Tap, probe, monitor, investigate what’s needed to deal with a particular crime or threat Just in case Capture all possible information so that, whenever something goes wrong, we can just play back the tape

50 The Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

51 Law Enforcement and Data Specific, focused, temporary Tap, probe, monitor, investigate what’s needed to deal with a particular crime or threat Just in case Capture all possible information so that, whenever something goes wrong, we can just play back the tape

52 Some “just in case” examples Toll-gate license-plate photos No longer needed if the bell doesn’t ring But very helpful if you want to get a list of possible suspects for yesterday’s crime Metro cards Paying for your trip Who was where when? ATM cameras If no robbery occurred, no need to retain But might have caught a glimpse of a kidnapper

53 Network Authentication For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where.

54 Network Authentication For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where. Will we do it?

55 Network Authentication For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where. Will we do it? Why?

56 Network Authentication For every bit originating on our campus networks, we have the capability to know who put it there, when, and from where. Will we do it? Why? Who should be involved in the decision?

57 Déjà Vu? “Homeland Security Monitored Students” “…surveillance by the Pentagon … database [of] … military protests and demonstrations at institutions of higher education …”

58 Déjà Vu? “Homeland Security Monitored Students” “…surveillance by the Pentagon … database [of] … military protests and demonstrations at institutions of higher education …” “Although there does not appear to be any direct terrorist nexus to the event, a large gathering, especially on a college campus, may gain momentum and create public safety concerns. I do not see an issue of civil liberties being violated, rather proactive precautionary measures being taken by DHS and DoD.” – William H. Parrish, Assoc. Prof. of Homeland Security, VCU

59 The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)

60 The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755) “While the Constitution protects against invasions of individual rights, it is not a suicide pact.” – Arthur Goldberg (1963)

61 “The Constitution Is Not a Suicide Pact”

62 “The Constitution Is Not a Suicide Pact”

63 Or… “Give me Liberty or give me Death!” – Patrick Henry (Delegate, Virginia, 1775)

64 Or… “Give me Liberty or give me Death!” – Patrick Henry (Delegate, Virginia, 1775) “You have no civil liberties if you’re dead!” – Patrick Roberts (Senator, Kansas, 2006)

65 The Privacy/Security Rorschach

66 The Privacy/Security Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999)

67 “The Eternal Value of Privacy” (Bruce Schneier) The most common retort against privacy advocates is this line: “If you aren’t doing anything wrong, what do you have to hide?” Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.” My problem with quips like these – as right as they are – is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. Cardinal Richelieu understood the value of surveillance when he famously said, “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” Watch someone long enough, and you’ll find something to arrest – or just blackmail – with. Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance. We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

68 Privacy Is a Basic Human Need

69 End