privacy vs security
TRANSCRIPT
Privacy vs. Security By: Ilse Genovese, BreAnn Fields, Yonatan Brand, Kuang Htet, and Dana Daniel
Privacy vs Security
What do the terms “privacy” and “security” mean?
How do they relate and how are they different?
Privacy vs Security❏Privacy is part of the civil liberties reflected in the Bill
of Rights, the 1st, 3rd, 4th and 5th Amendments to the U.S. Constitution
❏Security = being free from harm and dangers
❏Safeguarding private information contributes to greater trust in whoever holds that information (government, organizations, social media)
❏Keeping citizens secure, i.e., free from harm and dangers, is one of the basic responsibilities of government
Privacy and security come to life in the case of Linux
The Case of Linux
❏ Fast, flexible and free❏ Open source: Created in the spirit of
“naive experimentation”, just for fun [Just for Fun, 1992]
❏ Exploded from 10,000 to 19 million lines of code
❏ Harnessing the cognitive surplus of an unruly army who tailored the operating system to their own tastes and purpose
The Case of Linux
❏ Elaborate, remarkably functioning system❏ Works on almost any chip❏ Stable and reliable managing the
demands of many programs❏ Frequent free updates❏ More popular than Microsoft’s Windows
or Apple’s iOX
The Case of Linux
But, world’s largest collaborative project, Linus Torvald’s “hobby”, had a flaw--the heart of the operating system, the kernel,
has become a popular target of botnets.
In September, a massive botnet attacked up to 20 targets a day, worldwide | AshleyMadison.com in July
The Case of Linux
Efforts to “toughen” Linux with security features (NSA’s SELinux for “sensitive work”)
Even with defenses around the kernel, though, blackhats’ bugs can penetrate it
Torvald adamant : “There are no security bugs, just “normal” bugs. Tracking them and making details public encourages hackers.”
The Case of SELinux
❏ NSA’s SELinux = advanced security features for “sensitive work”.
❏ But, building walls around Linux does not solve the problem as Linux kernel easily penetrable
❏ Brand Spengler (Grsecurity) circulated a “spoof on NSA’s SELinux illusion”
The Case of SELinux
From SELinux to KALI LINUX
❏ Kees Cook: Linux “the ultimate attack surface”; hackers can make it do anything they want.” --- like DDoS attacks
❏ KALI LINUX = Great news for hackers and Backtrack Linux fans!
Release date: 13th of March, 2013Completely free, Open sourceVast wireless device supportGPG signed packages and repos Multi-languageCompletely customizable .
One of the best available masterpieces of the hacking community
The Case of KALI LINUX
The Cybersecurity Information Sharing Act
❏The fact of our times: private information is no longer secure❏Congress wades in into the privacy vs. security debate with a new
cybersecurity bill, the CyberSecurity Information Sharing (CISA) ❏“A system that lets companies share evidence of
hackers’ footsteps among themselves and with the U.S. government without the risk of being sued for breaking privacy protection or anti-trust laws” [Laura Hautala]
The Cybersecurity Information Sharing Act
“Critics, including more than 20 of the biggest companies in the tech industry argue that the bill does not do enough to protect the privacy of individuals and could lead to mass government surveillance” [Laura Hautala]
Senate Vote on The Cybersecurity bill
The Double-Edged Sword: Encryption
How do we know which app or chat program is encrypted and which is not?Popular Encrypted Chat Programs
CryptocatSkype (Encrypted but cooperates with
DHS)Whatsapp (cooperates with DHS)Telegram (mostly used by ISIS)Blackberry messengerAIM (Cooperates with DHS)
The Double-Edged Sword: Encryption
Fact: encryption helps terrorists as much as it does law-abiding citizens, by keeping their activities hidden from authorities
Terrorists have gone to school on encryption”
-- John Brennan, CIA Director
The Double-Edged Sword: Encryption
How encryption can be used for malicious purposes Paris ❏ Playstation Messenger in Playstation 4 allegedly used by the
attackers to communicate with their base in Syria ❏ Voice communication in first-person shooters video games
used to communicate threat. Can throw law enforcement off of a valid threat
Australia❏Playstation 4 used by a teen to download plans for a bomb
via the Playstation network
Encryption for Meaningful Purpose❏ VPN connection can help individuals❏ Encryption can prevent government
from following communication among terrorists
❏ Snowden’s disclosures about NSA’s metadata collection
❏ Prevent government from obtainingpersonal data.
❏ USA Patriot Act II prohibits NSA from collecting telephone metadata from U.S. citizens (Section 2015)
Privacy, Security and Democracy
❏ Open source projects Cognitive surplus used for the greater good
Promote productivity, ingenuity, innovation
Democratic in natureEthical intentCan be misused
Fallacy that privacy and security can exist independently of each other
Discussion/Questions
Q1: Should law enforcement be granted “extraordinary access” to devices known to be used by terrorists?Q2: Where should we draw the line between privacy vs security when it comes to government tracking online activities and messages?Q3: Would you be willing to forego total encryption of your information if that means that security agencies would be better able to track terrorist chatter?Q4: What do you think about the sunsetting of Section 215 in the Freedom Act?