Privacy 6

Varieties of Terrorism

• International terrorism - One person’s terrorist is another person’s freedom fighter.– Abdullah Ocalan of the PKK (a Kurdish group)– Lashkar-e-Omar (Kashmir)

• Home grown terrorism – Ethnic hatred and other causes– Timothy McVeigh– Ted Kaczynski

Vehicles of Terror

• Bombs– Availability of fissile material

• Chemicals – Aum Shinirkyo– Goal was to hasten the Apocalypse– Book by Haruki Murakami

• Biologicals – Rajneesh followers• Luck prevented huge disasters

Goals of Terrorism

• The goal of terrorism is to thrust people into chaos, confusion, to fan fear and mistrust.

• Thought experiment – You are the CEO of International Terrorism LLC. What metrics would you use to decide how well your international terrorist campaign is going? At this point, how well is your side doing?

The Question of Torture

• Is it justified to torture a suspect to gain information about a possible terrorist act?

• This is essentially a question of the ends justifying the means.

• There are other ends-means questions that can be implicitly justified if this is, e.g. government surveillance, racial profiling, WW2 Japanese internment ….

Torture Consequences

• So called extraordinary rendition or the outsourcing of torture– Jane Mayer article in the New Yorker magazine –

February 23, 2005.

• Opposition within the FBI and CIA to this program – It is ineffective since it produces no credible

information.– It undermines the criminal justice system.– It is a travesty in that it violates the most

fundamental of human rights– It undermines our credibility in the world

Law Enforcement

• Difficulties of the job• Wire tapping as a crime fighting

tool• Translating wiretap law to the age

of Internet and mobile communications

Law Enforcement – The Dark Side

• Leveraging terror to expand power• Scope creep and the expansion of

power and other ethical compromises

• Compromise of separation of powers

The Dilemma

• Is it possible to guarantee security by giving up civil rights and turning control over to the government?

• Lord Acton – “Power corrupts. Absolute power corrupts absolutely”

• History of governmental abuse of civil rights.

• How can security be enhanced without compromising ethical standards and civil rights?

Technology is not Neutral• What is technology?

– Technology involves the invention, development, and cognitive deployment of tools and other artifacts, brought to bear on raw materials and intermediate stock parts with a view to the resolution of perceived problems (Larry Hickman).

– Orientation around productive inquiry and the solution of problems insures that technology is not neutral.

– Used by people to solve problems• An affordance is a property of an object, or a feature of

the immediate environment, that indicates how to interface with that object or feature.

• Functional orientation and affordances assure that technology will not be neutral

• Incremental design of technology leads to a view of technology as a force external to people.

Artificial Intelligence

• To what extent is AI able to simulate living things?– Eliza– Robotics– Chess players – ‘Deep Blue’ and Gary

Kasparov– Natural language understanding– The Turing test

Bots and Agents

• Search bots• Software agents for stock market

or auction transactions• Avatars

Privacy Enhancing Technologies (PETs)

• Technology designed to guard or enhance a person’s privacy

• Examples– Sites that allow anonymous web surfing– Business software to manage customer data while

protecting privacy– Privacy assessment tool

• What should people be able to do anonymously? – surf the web, conduct financial transactions, vote, ?

Encryption

• Fundamental technology for security and privacy

• Symmetric encryption– plaintext + key + algorithm ciphertext– ciphertext + key + algorithm plaintext

• Asymmetric or Public Key encryption– Each individual has a private key and a public

key– Encryption with recipient’s public key,

decryption with recipient’s private key

Encryption Tools

• Secure Socket Layer (SSL) – A protocol for internet communications that provides a mechanism to verify the identity of an internet client and/or server, and to encrypt the messages sent between them.

• Pretty Good Privacy (PGP) – Free PKI encryption system.

Blind Signatures

• Use PKE so a signature is signed with a private key and decrypted with the public key

• Digital cash uses the same principle– Loaded on a smart card– Like cash, the only verification necessary is

that it’s good

• Note potential parallel to secure voting systems

Anonymizers

• Guardster http://www.guardster.com/• Tor http://tor.eff.org/index.html.en• Anonymizer

http://www.anonymizer.com/• Invisiblog - http://www.invisiblog.com/• Pingomatic - http://pingomatic.com/

WC3 and P3P

• World Wide Web Consortium• Standards that enable a website to

supply information about its use of PII

• Example – Privacy Bird

P3P Criticisms

• Does not assure compliance• Technology oversimplifies privacy

policies• However, simplification enables

web users to better understand policies and perhaps make better choices

Various Services

• IBM Enterprise Privacy Architecture• Tivoli SecureWay Privacy Manager• www.idcide.com• Privacy Council, Privacy Watch,

Watchfire

Some of Simson’s Suggestions

• Make the FCRA’s function data protection

• Rethink consent• Security is essential to ensure that

we trust our basic institutions• Bring back the Office of

Technology Assessment

Steps for Business from Cavoukian

1) Build a privacy team.2) Develop a privacy policy.3) Implement the policy by establishing

consistent practices.4) Handle data in a privacy aware manner.5) Maintain appropriate security.6) Keep abreast of privacy initiatives.7) Ensure employee involvement.