Balancing Security and Privacyin Times of Cyberterror

EDUCAUSE Western Regional Conference 2005

April 28, 2005

Steve WoronaEDUCAUSE

sworona@educause.edu

Tracy MitranoCornell University

TBM3@cornell.edu

A Campaign Finance Poll

A Campaign Finance Poll

• All citizens should be able to find out who each candidate is taking money from

A Campaign Finance Poll

• All citizens should be able to find out who each candidate is taking money from

• All citizens should be able to find out what candidate you are giving money to

A Campaign Finance Poll

• All citizens should be able to find out who each candidate is taking money from

• All citizens should be able to find out what candidate you are giving money to

• Demo: http://www.fec.gov

Lessons

• Law of unintended consequences• Logic can’t be legislated

• Technology can’t “fix” unintended consequences• In fact, it’s often technology that creates them

• Technical/social interactions are tricky

• We make trade-offs on privacy all the time

“You can’t have Privacywithout Security”

• Privacy: Ensuring that your personal information doesn’t fall into the wrong hands• Choicepoint; Lexis-Nexis; Ameritrade; BofA; etc.• Tufts; CMU; Berkeley; etc.• FERPA; GLB; HIPAA• Data-spill notification laws in CA, US

• Security: Limiting everyone’s activity to only the things they have a right to see and do• Who is trying to access data (“Authentication”)• Whether they have the right (“Authorization”)

A FewAuthentication/Authorization Issues

• Authenticate at network or application level?

• What to do with logs?• How long to keep?• When/how/why to access?

• Machine vs person

• Cross-institutional information distribution

• The government• USA/Patriot

Another Definition of Privacy

• Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

The Importance of Anonymity

“Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.”

– Hugo Black, Talley v. California, 1960

Privacy1 vs Privacy2

• Privacy1: Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”)

• Privacy2: The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

The Dilemma in a Nutshell• We want to go through cyber-life without

leaving a trail• But we want everyone who comes in contact

with our data (with us?) to be known• And if we don’t, others do, to minimize

• Phishing• Spoofing• Fraud• Spam• Viruses• Hacking• Denial-of-service attacks• Cyber-terrorism

The Dilemma in Other Words…

“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”

– Benjamin Franklin (1755)

The Dilemma in Other Words…

“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)

“While the Constitution protects against invasions of individual rights, it is not a suicide pact.”

– Arthur Goldberg (1963)

“The Constitution Is Nota Suicide Pact”

“The Constitution Is Nota Suicide Pact”

What Has Changed Since 1963?• The potential threats

• Limitless damage from an individual act• Even death is not a deterrent• Emphasis switches from punishment to prevention

• The potential responses• RFID; micro- and macro-cameras; linked databases;

unlimited storage; unlimited processing power; unlimited communication capacity;…

• And that’s just today• Technology is no longer the limit; we must decide

• What to collect• How to use what’s collected• Narrowly drawn limits or “just in case”• When and how to change the rules

Whether by intention

or by default,

we will decide

on the tradeoffs

Some simple examples

• Toll-gate license-plate photos• Not needed if the bell doesn’t ring• But sure useful if you want to get a list of possible

suspects for yesterday’s crime

• Metro-passes• Anonymous or registered?• Rules for access (probable cause or dragnet?)

• ATM cameras• If no robbery occurred, no need to retain• But might have caught a glimpse of a kidnapper

The Tradeoff Rorschach

“Law enforcement is not supposed to be easy.

Where it is easy, it’s called a police state.”

– Jeff Schiller, in Wired (1999)

Your Mission as a Citizen:Think about the Tradeoffs

• Be aware of how your own activities are being monitored

• Think about options

• Decide how you feel

• Let your legislators know

• Apply these lessons on your own campuses

Some Closing Plugs

• EDUCAUSE/Cornell Institute for Computer Policy and Law, 10th Annual Seminar• Ithaca, NY: June 28-July 1, 2005• Flyers available here

• EDUCAUSE Policy Page• http://www.educause.edu/policy

• EDUCAUSE Annual Policy Conference• Washington, DC: April 26-27, 2006

End