Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.

Slides:

Advertisements

Similar presentations

MEDEFs View on Dot EU Domain Day – 5 novembre 2002 – Palazzo Stelline – Milano Catherine GABAY – Director Innovation and Research - Medef.

Advertisements

Telecom, Privacy & Security After September 11 Professor Peter P. Swire Ohio State University Ohio Telecommunications Industry Association October 2, 2001.

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

Trustwrap: The Importance of Legal Rules to E-Commerce and Internet Privacy Professor Peter P. Swire Moritz College of Law The Ohio State University Enforcing.

The Need for Government-Wide Privacy Policy Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP DHS Privacy Advisory Committee.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

Internet Safety and Standard Operating Procedures School Board Meeting-February 14, 2012.

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.

Let’s Talk About Cyber Security

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Security Leadership Essentials – Defense-in-Depth – © 2006 SANS Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard.

Bloxx - the hard working Internet filtering appliance which locks out unproductive web material through multiple layers – in a single unit that’s easy.

Network Security of The United States of America By: Jeffery T. Pelletier.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

(Geneva, Switzerland, September 2014)

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Estimating the Market for Internet Service Provider-Based Cyber Security Solutions Brent Rowe – RTI International Doug Reeves – NC State University Dallas.

Internet safety By Lydia Snowden.

Security for Seniors SeniorNet Help Desk

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

IT Security for Users By Matthew Moody.

How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

WV GIS Conference Jimmy Gianato Director WV Division of Homeland Security and Emergency Management.

I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.

 The purpose of this report is to inform people that the spyware and virus threat is growing and what people can do to stop the spread of spyware and.

Honeypot and Intrusion Detection System

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 7, 2015 DRAFT1.

Spyware By: Sydney Langley. Spyware Is software installed on your computer without your consent Spyware monitors or controls your computer use.

Computer Security! By Bailey Hoover. Opening: “Computer viruses are an urban legend.” -Peter Norton Actually: Virus: software reproduces itself; causes.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Cybersecurity : Optimal Approach for PSAPs

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Security Awareness – Essential Part of Security Management Ilze Murane.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Spyware By Rachel Gaines. 55% of online users have been infected with Spyware.

NetTech Solutions Protecting the Computer Lesson 10.

Computer Security By Duncan Hall.

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

Information Security: Current Threats Marc Scarborough Information Security Officer

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

A presentation by John Rowley for IUP COSC 356 Dr. William Oblitey Faculty member in attendance.

BY JENNA SAUDER SLIDE OVERVIEW This presentation will discuss the following This presentation will discuss the following : What a Virus is… How a Virus.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Privacy and Security Challenge Just Browsing Keep out - Private! Pushing IT You sound like a broken record Legal Beagles

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Educause/Internet 2 Computer and Network Security Task Force

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

North Carolina Law Review Symposium

IS4680 Security Auditing for Compliance

Networking for Home and Small Businesses – Chapter 8

“Court Records and Data Privacy: Online or Over the Line?”

Networking for Home and Small Businesses – Chapter 8

Networking for Home and Small Businesses – Chapter 8

Presentation transcript:

Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference September 26, 2002

Overview n Home broadband benefits and risks n Existing proposals for the security risks n Internet privacy as a useful analogy n A proposal to speed protection of security and privacy in home broadband

I. Home Broadband n Benefits of home broadband – 56 K dial-up not good enough – Slows growth of e-commerce and the economy – Educational and many other desirable aps – Consensus policy goal to encourage home broadband – Similarly, encourage small business broadband

Risks of Home Broadband n Always on – Static or near-static IP addresses help attackers – Attackers scan for weak defenses, and can get in before the user signs off n Broadband – Broadband itself makes many attacks easier -- bigger pipe to the home computer – Broadband means that user can do applications and not notice the overhead of spyware or non-approved uses

Wipeout -- Risks to the Individual User n Many users have no firewall or virus detection n Risk of virus -- lose data or wrecked hardware n Risk of no firewall -- attacker takes control of the home computer n HARD to install today -- often not part of standard installation

Zombie -- Risks to Critical Infrastructure n Zombie sites controlled by the attacker – Used to launch distributed denial of service attacks in winter, 2000 – Can be used to disguise source of all cyber- attacks (attack coming from John Smiths home) n Now installing millions of broadband users, each a potential zombie site

II. Proposed Solutions n Draft Cybersecurity Report, 9/02 – Correctly identifies the risk to critical infrastructure – Recommendation that home broadband users should consider installing firewall software. – Recommendation that it is important to update this software regularly

Solution -- User Education n FTC Commission Swindle initiative on home computer security n Yes, an essential part of the solution – How to move users up the learning curve? – Car users learn they have to get an oil change -- government doesnt require them every 3,000 miles n Publicity, education are essential

Solution -- Legislation? n I dont think so. n Do we know how to write one rule for the diversity of home computer systems? – DSL and Cable – Different sorts of home, small business users – Very hard to write the rules

Legislation (continued) n Should solutions be hardware or software? n What about the liability for ISPs or software vendors? n Would take a long time to work out these complex issues, even if legislation were a desirable outcome n Conclusion -- do not support legislation, at least until we have tried other routes

III. Internet Privacy as an Analogy n Similar structure -- how make progress on a social concern (privacy, security) while encouraging use of the technology (the Web, broadband) n Similar complexity and fear of legislation – So many kinds of web sites, did not even know what a good privacy policy would look like – Now, so many kinds of broadband -- we dont know the one best approach

Internet Privacy Comparison n Role of Bully Pulpit – Involvement of Dept. of Commerce Secretary Daley in making the case for better Internet privacy -- praise for industry leaders – Involvement of FTC, including Chairman Pitofsky n The role of public reporting – 1998, survey shows 15% have privacy policies – 2000, survey shows 88% have privacy policies

Internet PrivacyComparison n Why we got progress on Internet Privacy – Public reporting -- pressure not to be a laggard – Leadership by the Administration -- privacy policy was the right thing to do – Credible, often unstated threat, that would have more intrusive government action if industry did not act responsibly

IV. Sketch of a Proposal n Recognize home broadband risks: – Security of home computer (wipeouts) – Security of critical infrastructure (zombies) – Risk to privacy of home users when attackers get through n Administration leadership on the issue – Praise for industry leaders – Message to industry -- patriotic duty to respond to these important threats

Proposal (continued) n How to create information and surveys about installation of protection – Reporting by ISPs? – Reporting by major software vendors? – Other ways to learn the baseline of having protection and progress over time? n The Federal government should lead by example, be a place to try out solutions

Conclusion n Known, significant cybersecurity and privacy problem of unprotected home broadband n How to get on a path to improvement n Vital now as millions of broadband users - come on-line n Without legislation, we can create momentum for much better protection