1. Privacy vs. Security
By: Ilse Genovese, BreAnn Fields, Yonatan Brand, Kuang Htet, and Dana
Daniel
2. Privacy vs Security
What do the terms “privacy”
and “security” mean?
How do they relate and how
are they different?
3. Privacy vs Security
❏Privacy is part of the civil liberties reflected in the Bill
of Rights, the 1st, 3rd, 4th and 5th Amendments to the U.S. Constitution
❏Security = being free from harm and dangers
❏Safeguarding private information contributes to greater trust in whoever
holds that information (government, organizations, social media)
❏Keeping citizens secure, i.e., free from harm and dangers, is one of the
basic responsibilities of government
Privacy and security come to life in the case of Linux
4. The Case of Linux
exible and free
source: Created in the spirit of “naive
mentation”, just for fun [Just for Fun, 1992]
ed from 10,000 to 19 million lines of code
ssing the cognitive surplus of an unruly
who tailored the operating system to their
stes and purpose
5. The Case of Linux
❏ Elaborate, remarkably functioning system
❏ Works on almost any chip
❏ Stable and reliable managing the demands
of many programs
❏ Frequent free updates
❏ More popular than Microsoft’s Windows or
Apple’s iOX
6. The Case of Linux
But, world’s largest collaborative project,
Linus Torvald’s “hobby”, had a flaw--
the heart of the operating system, the kernel, has
become a popular target of botnets.
In September, a massive botnet attacked up to 20 targets a day,
worldwide | AshleyMadison.com in July
7. The Case of Linux
Efforts to “toughen” Linux with security
features (NSA’s SELinux for “sensitive work”)
Even with defenses around the kernel, though,
blackhats’ bugs can penetrate it
Torvald adamant : “There are no security bugs, just
“normal” bugs. Tracking them and making details
public encourages hackers.”
8. The Case of SELinux
❏ NSA’s SELinux = advanced security features
for “sensitive work”.
❏ But, building walls around Linux does not
solve the problem as Linux kernel easily
penetrable
❏ Brand Spengler (Grsecurity) circulated a “spoof
on NSA’s SELinux illusion”
10. From SELinux to KALI LINUX
❏ Kees Cook: Linux “the ultimate attack
surface”; hackers can make it do
anything they want.” --- like DDoS attacks
❏ KALI LINUX = Great news for hackers
and Backtrack Linux fans!
11. Release date: 13th of March, 2013
Completely free, Open source
Vast wireless device support
GPG signed packages and repos
Multi-language
Completely customizable
.
One of the best available masterpieces
of the hacking community
The Case of KALI LINUX
12. The Cybersecurity Information Sharing Act
❏The fact of our times: private information is no longer secure
❏Congress wades in into the privacy vs. security debate with a new
cybersecurity bill, the CyberSecurity Information Sharing (CISA)
❏“A system that lets companies share evidence of hackers’
footsteps among themselves and with the U.S. government
without the risk of being sued for breaking privacy
protection or anti-trust laws” [Laura Hautala]
13. The Cybersecurity Information Sharing Act
“Critics, including more than 20 of the biggest
companies in the tech industry argue that the bill does
not do enough to protect the privacy of individuals and
could lead to mass government surveillance” [Laura
Hautala]
15. The Double-Edged Sword: Encryption
How do we know which app or chat
program is encrypted and which is
not?
Popular Encrypted Chat Programs
Cryptocat
Skype (Encrypted but cooperates with DHS)
Whatsapp (cooperates with DHS)
Telegram (mostly used by ISIS)
Blackberry messenger
AIM (Cooperates with DHS)
16. The Double-Edged Sword: Encryption
Fact: encryption helps terrorists as much as it
does law-abiding citizens, by keeping their
activities hidden from authorities
Terrorists have gone to school on encryption”
-- John Brennan, CIA Director
17. The Double-Edged Sword: Encryption
How encryption can be used for malicious purposes
Paris
❏ Playstation Messenger in Playstation 4 allegedly used by the
attackers to communicate with their base in Syria
❏ Voice communication in first-person shooters video games used to
communicate threat. Can throw law enforcement off of a valid threat
Australia
❏Playstation 4 used by a teen to download plans for a bomb via the
Playstation network
18. Encryption for Meaningful Purpose
❏ VPN connection can help individuals
❏ Encryption can prevent government
from following communication
among terrorists
❏ Snowden’s disclosures about NSA’s
metadata collection
❏ Prevent government from obtaining
personal data.
❏ USA Patriot Act II prohibits NSA from collecting telephone metadata from U.S
citizens (Section 2015)
19. Privacy, Security and Democracy
❏ Open source projects
Cognitive surplus used for the greater good
Promote productivity, ingenuity, innovation
Democratic in nature
Ethical intent
Can be misused
Fallacy that privacy and security can exist
independently of each other
20. Discussion/Questions
Q1: Should law enforcement be granted “extraordinary access”
to devices known to be used by terrorists?
Q2: Where should we draw the line between privacy vs security
when it comes to government tracking online activities
and messages?
Q3: Would you be willing to forego total encryption of your
information if that means that security agencies would be better
able to track terrorist chatter?
Q4: What do you think about the sunsetting of Section 215 in the
Freedom Act?
Hinweis der Redaktion
Privacy is one of the most important issue affecting the use of technology and information sharing
Linux the largest online collaborative project
White hacks
Too much security affects innovation
The long tail
User space: users as creators of content; should not be impeded