Presentation is loading. Please wait.

Presentation is loading. Please wait.

Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE

Published byBranden Sutton Modified over 9 years ago

Similar presentations

Presentation on theme: "Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE"— Presentation transcript:

1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE sworona@educause.edu Tracy Mitrano Cornell University TBM3@cornell.edu

2 A Campaign Finance Poll

3 All citizens should be able to find out who each candidate is taking money from

4 A Campaign Finance Poll All citizens should be able to find out who each candidate is taking money from All citizens should be able to find out what candidate you are giving money to

5 A Campaign Finance Poll All citizens should be able to find out who each candidate is taking money from All citizens should be able to find out what candidate you are giving money to Demo: http://www.fec.gov

6 Lessons Law of unintended consequences Logic can’t be legislated Technology can’t “fix” unintended consequences In fact, it’s often technology that creates them Technical/social interactions are tricky We make trade-offs on privacy all the time

7 “You can’t have Privacy without Security” Privacy: Ensuring that your personal information doesn’t fall into the wrong hands Choicepoint; Lexis-Nexis; Ameritrade; BofA; etc. Tufts; CMU; Berkeley; etc. FERPA; GLB; HIPAA Data-spill notification laws in CA, US Security: Limiting everyone’s activity to only the things they have a right to see and do Who is trying to access data (“Authentication”) Whether they have the right (“Authorization”)

8 A Few Authentication/Authorization Issues Authenticate at network or application level? What to do with logs? How long to keep? When/how/why to access? Machine vs person Cross-institutional information distribution The government USA/Patriot

9 Another Definition of Privacy Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

10 The Importance of Anonymity “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” – Hugo Black, Talley v. California, 1960

11 Privacy 1 vs Privacy 2 Privacy 1 : Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”) Privacy 2 : The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

12 The Dilemma in a Nutshell We want to go through cyber-life without leaving a trail But we want everyone who comes in contact with our data (with us?) to be known And if we don’t, others do, to minimize Phishing Spoofing Fraud Spam Viruses Hacking Denial-of-service attacks Cyber-terrorism

13 The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)

14 The Dilemma in Other Words… “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755) “While the Constitution protects against invasions of individual rights, it is not a suicide pact.” – Arthur Goldberg (1963)

15 “The Constitution Is Not a Suicide Pact”

16

17 What Has Changed Since 1963? The potential threats Limitless damage from an individual act Even death is not a deterrent Emphasis switches from punishment to prevention The potential responses RFID; micro- and macro-cameras; linked databases; unlimited storage; unlimited processing power; unlimited communication capacity;… And that’s just today Technology is no longer the limit; we must decide What to collect How to use what’s collected Narrowly drawn limits or “just in case” When and how to change the rules

18 Whether by intention or by default, we will decide on the tradeoffs

19 Some simple examples Toll-gate license-plate photos Not needed if the bell doesn’t ring But sure useful if you want to get a list of possible suspects for yesterday’s crime Metro-passes Anonymous or registered? Rules for access (probable cause or dragnet?) ATM cameras If no robbery occurred, no need to retain But might have caught a glimpse of a kidnapper

20 The Tradeoff Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999)

21 Your Mission as a Citizen: Think about the Tradeoffs Be aware of how your own activities are being monitored Think about options Decide how you feel Let your legislators know Apply these lessons on your own campuses

22 Some Closing Plugs EDUCAUSE/Cornell Institute for Computer Policy and Law, 10th Annual Seminar Ithaca, NY: June 28-July 1, 2005 Flyers available here EDUCAUSE Policy Page http://www.educause.edu/policy EDUCAUSE Annual Policy Conference Washington, DC: April 26-27, 2006

23 End

Download ppt "Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference 2005 April 28, 2005 Steve Worona EDUCAUSE"

Similar presentations

San Mateo County, CA  FAST FACTS:  Founded: 1856  Size: 455 sq miles  Coastline: 57 miles  Population: 718,451  Cities: 20  County Employees: more.

San Mateo County, CA  FAST FACTS:  Founded: 1856  Size: 455 sq miles  Coastline: 57 miles  Population: 718,451  Cities: 20  County Employees: more.
1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Midwest Regional Conference March 13, 2007 Steve Worona EDUCAUSE

1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Midwest Regional Conference March 13, 2007 Steve Worona EDUCAUSE
Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.

Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 The Patriot Act After 9/11 Attorney General John Ashcroft recommended a series of laws to fight terrorism. George Bush signed this Act into law in Oct.

1 The Patriot Act After 9/11 Attorney General John Ashcroft recommended a series of laws to fight terrorism. George Bush signed this Act into law in Oct.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
1 Balancing Privacy and Security in the Age of Cyberterror Steve Worona EDUCAUSE Wayne State University October 7, 2008.

1 Balancing Privacy and Security in the Age of Cyberterror Steve Worona EDUCAUSE Wayne State University October 7, 2008.
Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference May 8, 2007 Steve Worona EDUCAUSE

1 Balancing Security and Privacy in Times of Cyberterror EDUCAUSE Western Regional Conference May 8, 2007 Steve Worona EDUCAUSE
Your Papers, Please: The Government Discovers Identity Management EDUCAUSE Annual Conference October 10, 2006 Steve Worona

Your Papers, Please: The Government Discovers Identity Management EDUCAUSE Annual Conference October 10, 2006 Steve Worona
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.

Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Similar presentations

Ads by Google