Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE

Slides:

Advertisements

Similar presentations

San Mateo County, CA  FAST FACTS:  Founded: 1856  Size: 455 sq miles  Coastline: 57 miles  Population: 718,451  Cities: 20  County Employees: more.

Advertisements

1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Midwest Regional Conference March 13, 2007 Steve Worona EDUCAUSE

Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.

Is There a Security Problem in Computing? Network Security / G. Steffen1.

1 The Patriot Act After 9/11 Attorney General John Ashcroft recommended a series of laws to fight terrorism. George Bush signed this Act into law in Oct.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

1 Balancing Privacy and Security in the Age of Cyberterror Steve Worona EDUCAUSE Wayne State University October 7, 2008.

Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference May 8, 2007 Steve Worona EDUCAUSE

Your Papers, Please: The Government Discovers Identity Management EDUCAUSE Annual Conference October 10, 2006 Steve Worona

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.

Data Protection Act. Lesson Objectives To understand the data protection act.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Copyright © 2014 by The University of Kansas Acting as a Watchdog.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Last Topic - The Rule of Law History - Concept Rule of Law in Pakistan.

Government and Utah Chapter 15: Government for and by the People.

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and.

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.

OBEYING LAWS Laws are the rules under which a society or community is governed. Everyone who lives in the United States, regardless if they are citizens.

Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.

Biometric Information Databases To Use, Or Not To Use? With computers, cloud storage, and wireless communications we are pierced upon the horns of a three-pronged.

1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Information Security Training for People who Supervise Computer Users.

Homeland Security. Hey, It’s Me! I’m Tek – your i-SAFE guide. I’m a part of i-SAFE America. i-SAFE is concerned with teaching you how to be safe online.

Class Name, Instructor Name Date, Semester Comparative Criminal Justice Systems / 6 th edition Chapter 3: An American Perspective on Criminal Law.

Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

1 GOVERNMENT AND THE STATE Government – the institution through which a society makes and enforces public policies Public policies – all things a government.

Digital Life: Our Kids’ Connected Culture. A life online…

Get Safe Online Expert advice for everyone In association with.

Acting as a Watchdog. What is a watchdog? A watchdog is an individual or group (generally non-profit) that keeps an eye on a particular entity or a particular.

Scott Charney Cybercrime and Risk Management PwC.

Assessing Cyberspace Security and Vulnerabilities: The Critical Impact on Civil Liberties and Privacy Is there a trade-off between civil liberties and.

Computers in Society Electronic Voting. Team Projects What is your name? Application? Presentation? Copyright The software industry The open source business.

1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall.

12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.

Managing the Privacy of Student Data Paige Kowalski, Data Quality Campaign.

BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Cosponsoring Organizations EDUCAUSE American Association of Community Colleges American Association of State Colleges and Universities American Council.

Carroll County Advisement Program FINANCIAL LITERACY *IDENTITY THEFT *MONEY MANAGEMENT.

Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.

Liberalism in a Post-9/11 World Peter J. Boettke Constitutional Economics Econ 828/Fall December.

Chapter 9 - Interest GroupsReview. Why are lobby groups such an important part of politics today?

Information Security and Privacy in HRIS

Your Role as a Campus Security Authority

Hacking: public policy

UNIT.III/ Political Participation

Understanding Android Security

Securing Information Systems

Pre AP – 08/20/2018 Pick up a laptop

Understanding Android Security

Privacy & Interfederation

Marcial Quinones-Cardona

Presentation transcript:

Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE Tracy Mitrano Cornell University

A Campaign Finance Poll

All citizens should be able to find out who each candidate is taking money from

A Campaign Finance Poll All citizens should be able to find out who each candidate is taking money from All citizens should be able to find out what candidate you are giving money to

A Campaign Finance Poll All citizens should be able to find out who each candidate is taking money from All citizens should be able to find out what candidate you are giving money to Demo:

Lessons Law of unintended consequences Logic can’t be legislated Technology can’t “fix” unintended consequences In fact, it’s often technology that creates them Technical/social interactions are tricky We make trade-offs on privacy all the time

“You can’t have Privacy without Security” Privacy: Ensuring that your personal information doesn’t fall into the wrong hands Choicepoint; Lexis-Nexis; Ameritrade; BofA; etc. Tufts; CMU; Berkeley; etc. FERPA; GLB; HIPAA Data-spill notification laws in CA, US Security: Limiting everyone’s activity to only the things they have a right to see and do Who is trying to access data (“Authentication”) Whether they have the right (“Authorization”)

A Few Authentication/Authorization Issues Authenticate at network or application level? What to do with logs? How long to keep? When/how/why to access? Machine vs person Cross-institutional information distribution The government USA/Patriot

Another Definition of Privacy Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

The Importance of Anonymity “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” – Hugo Black, Talley v. California, 1960

Privacy 1 vs Privacy 2 Privacy 1 : Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”) Privacy 2 : The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

The Dilemma in a Nutshell We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (with us?) to be known And if we don’t, others do, to minimize Phishing Spoofing Fraud Spam Viruses Hacking Denial-of-service attacks Cyber-terrorism

The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)

The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755) “While the Constitution protects against invasions of individual rights, it is not a suicide pact.” – Arthur Goldberg (1963)

“The Constitution Is Not a Suicide Pact”

What Has Changed Since 1963? The potential threats Limitless damage from an individual act Even death is not a deterrent Emphasis switches from punishment to prevention The potential responses RFID; micro- and macro-cameras; linked databases; unlimited storage; unlimited processing power; unlimited communication capacity;… And that’s just today Technology is no longer the limit; we must decide What to collect How to use what’s collected Narrowly drawn limits or “just in case” When and how to change the rules

Whether by intention or by default, we will decide on the tradeoffs

Some simple examples Toll-gate license-plate photos Not needed if the bell doesn’t ring But sure useful if you want to get a list of possible suspects for yesterday’s crime Metro-passes Anonymous or registered? Rules for access (probable cause or dragnet?) ATM cameras If no robbery occurred, no need to retain But might have caught a glimpse of a kidnapper

The Tradeoff Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999)

Your Mission as a Citizen: Think about the Tradeoffs Be aware of how your own activities are being monitored Think about options Decide how you feel Let your legislators know Apply these lessons on your own campuses

Some Closing Plugs EDUCAUSE/Cornell Institute for Computer Policy and Law, 10th Annual Seminar Ithaca, NY: June 28-July 1, 2005 Flyers available here EDUCAUSE Policy Page EDUCAUSE Annual Policy Conference Washington, DC: April 26-27, 2006

End