View
216
Download
0
Category
Tags:
Preview:
Citation preview
Computer Insecurity & PrivacyThrowing people in the mix
Brad TempletonElectronic Frontier Foundation
bt@eff.org
It sucks
• But it's amazing how well we get along• Most people are pretty decent• The automation of good and evil
Firewall Hoax
Monoculture
• Attractive targets• Liability won't work
Botnets
• Underworld• Intelligence• 30% of computers botted!• DDOS Attack
Design vs. Deployment
• Algorithm vs. Protocol vs Deployment• Public Key Encryption
– Like a Mailslot– Also does Signature
• Key management• Certificates• ZUI: Hard to use means rarely used
Phishing & Social Engineering
Crypto & Export Control
• Quantum computing & Quantum Crypto• Weak Systems (DES, WEP)
Clouds, Transparency,Time travel and Privacy
Some topics
• Value of Privacy• Threats to Privacy
– Now and in the future and other countries
• Erasure of 4th amendment• Ease of use and user choice as negatives
Privacy is Freedom – the Heisenberg problem
• A Watched Populace never boils• Apes the only ones who need privacy• Surveillance doesn’t chill all freedom, but why
give up any important freedom?• Anonymous communication the foundation of free
societies• Each generation defines a new concept.• “Privacy is what you take away from someone
when you want to torture them.”
Blinded me with bad science
• Look hard enough, in a big enough sea of data
• You’ll probably find whatever you’re looking for
• Seattle firefighter learned this
• Scientists barely know this, ordinary people and juries don’t.
Why be a privacy Zealot?
• You don't care about your privacy until after it's invaded– They’ll trade it for a chance to win an iPod
• You must protect other's privacy to protect yours• There really is a slope -- "we accept this, why not
more?“• You must not walk even near the edge of the
police state
Shy people need privacy
In a way extroverts won’t understand…
Cloud Applications
• Storing Applications in the cloud• Roaming, Scalability• What does it look like…
User
User
User
User
ServerFarm
The Pendulum
• Timesharing• Personal Computing – nobody can say no• Timesharing
Data out of your hands
• No “reasonable expectation of privacy” says the supreme court.
• Some statutory protection, but they no longer have to go through you and your lawyer to get at your data.
• If we move all our data out of our homes and into the cloud...
• Erasing the 4th Amendment
• Let's think this through
• Recently we've had big changes!
We must take care not to build the infrastructure of a police state
• Don't install the switch, by making it a question of policy rather than implementation.
AI Privacy Invasion
• Understanding natural language documents in bulk
• Face and person recognition• Speech recognition• Facial expression and body language
recognition• Patterns of network activity
Scalability is the Key
• Always been possible to follow people• It didn't scale• Computers have scaled a lot of it• AI can scale the rest
Time traveling robots from the futureTime traveling robots from the future
Time Travel
• We don't have good AI today• We will have more of it in the future• We do have cheap storage today• We're recording what goes on• AI systems will be able to scan the past• “Are you now or have you ever been...”
Sins of the Future Are visited in the Past
• We know what to look out for today• We keep private what could hurt us• We don't know what will be the sins of the
future• What we consider bad today they may not
care about
Other countries
• Facebook for Falun Gong • Or Burmese Monks• Or German Jews• Don’t be big brother’s “preferred vendor.”
The balance is changing
We should ask ourselves with each step, did we want to change the
balance?
Ease of Use is a Bug
Mag stripe on your driver’s licenceLong web form is impediment
End-User control prevents negotiation
• Negotiated vs. non-negotiated• Negotiation only happens with power• What’s the history of success? P3P?
Agents? Reputations?• Bizarrely, Passport could have done better!• Proxies
Data Portability or BEPSI
Or data hosting?
What to do?
• Consider privacy invasive uses of what we design today
• Consider its use in other regimes and future regimes
• Be a bit paranoid, even with things you don't think you have to protect -- yet.
Robots and Cameras Everywhere
• Robot cars are coming, with many positive results
• It means cameras and other sensors recording everything, everywhere
• It means records of everywhere we travel, everybody we travel with
Pause
– Click to agree contracts replacing law
– Software Monoculture
– National Security
– Trusted Computing & DRM
– Spam & Parasites
– Censorship, censorship avoidance and the collapse of borders
– Cheap nanotech sensors & cameras
– Suing AT&T for $1 Trillion
– Strong cockpit doors
– Capability OS
– Threat Models
They’ll abuse it
• Hey, it’s not like they would tap people without warrants
• Echelon program and international cooperation
• The scalability of good and evil
Other future risks
• Nanotech sensing– Chemical sensors, drugs– DNA sensors
• Cheap electronic sensors– Cameras– RFID
Views of the future
• “Privacy is dead, get over it.”
• European Privacy Laws
• Children raised without privacy
• The transparent society
• Privacy must die
The Transparent Society
Three competing forces
• Freedom to observe, record, share and publish information
• Desire for security
• Need for privacy
Not always a tradeoff
• It’s not necessary security vs. privacy
• For each problem, we must find the “strengthened cockpit door.”
• It’s not always so obvious, it may be more work, but it’s worth it.
• The boogeymen: Terrorists, kiddie pornographers, music pirates
Can we stop the surveillance?
• Not with laws
• Perhaps with tech
• Perhaps with convention
EFF vs. AT&T
• President orders NSA to do wiretaps
• The phone companies do the dirty work
• Boxes installed in secret rooms at major switching centers
• Suspicion of data mining everybody’s call records
Extreme Suggestions
• Watch everybody • Watch the profiled• Rewire the brains of the profiled• Rewire everybody!• Hope prosperity discourages attack?• Will prosperity (destroying ideology)
trigger the attack?
Is surveillance that effective?
• Not even in china or prison camps
• Oppressed always win, at least in the small
• But it’s always abused
• And what we build is used in less enlightened places
You can't stop terrorism with enhanced security
• You can't win a "war on terrorism", not with technology, not with surveillance
The more you ban privacy, the more people will want it
• And the more people will help them
• The blind eye
• Deliberate noise
We've always used social convention
• This is not like trying to command the tide not to come in.
• Human behaviour is much more fungible than gravity.
Live Free or Die
• If privacy is freedom it's worth defending
Thank you
Recommended