security in cyberspace torbjörn lundqvist. overview ● written on the body: biometrics and...
TRANSCRIPT
Security in Cyberspace
Torbjörn Lundqvist
Overview
● Written on the body: Biometrics and Identity, Irma van Der Ploeg – In what way does biometrics contain information about ourselves
that previous token-based systems don't ● Terrorism or Civil Disobedience: Toward a
Hacktivist Ethic, Mark Manion & Abby Goodrum– How does one go about distinguishing computer terrorism from
civil disobediance, and in what way does one define the ethics of hacking and civil disobediance?
Privacy and Security
● Security: – Ambiguous, Safety vs. security distinction,
being free from danger, hard to assure– Computer security vs. data security,
protection from worms, hackers vs. data loss ● Privacy:
– Often used synonymously with “anonymity” – Psychological Privacy/ Informational privacy– Control vs. Restricted Access theory– Impossible without security
Security
● As an ethical issue: is true security achievable? If so: is it desirable? Conflict:– Pros
● anonymity and privacy can be ensured (on a personal level, information-restriction becomes easier)
● Identity can be established more easily (seems to conflict with the latter)
– Cons● Anonymity and privacy can lead to unlawful
behavior (due to the ease of restricting information)
● “Easy identification” makes it harder to hide from others (again, conflict with the latter)
Biometrics
● In what way does biometrics contain information about ourselves that common token-based systems don't?
● How can this information be used to ”ensure our security” by ”invading our privacy”?
Biometrics
● Van der Ploeg: In 1996 I-scan software implemented in the Department of Public Affairs in Illinois● All welfare clients were called to an interview,
and made to submit a retinal scan● Failure to comply meant disqualification from
social service benefits and other sanctions● Reason: The need to ensure against social
welfare fraud
Biometrics
● Biometrics: stipulated as “The Collection of physical features using a sensory device to record digital representations of physical features unique to the individual”● Retinal scan● Fingerprints● Voice patterns● Movements/Body odor
Biometrics● The method consists of using digital representations as
templates to which a match is made upon identification, if the template matches the sample the subject is known, if not, the subject is unknown
Template:Stored indefinetly
Sample
T1Match, Known
Sample
TX
Mismatch, Unknown
Biometrics
● Older systems of identification, ID-cards etc. are ”token-based”, biometrics are not– ”Biometrics are turning the human body into the
universal id of the future” ABC News Jan 15, 1998– Possible buyers: military forces, governments,
private corporations● Development of genetic API in 1998
– BioAPI Consortium – IBM, Microsoft, Novell, Compaq ● Specifications for a global standard to allow easy
implementation of biometrics into computer software begins
Biometrics
● Of course: Biometrics is concerned with maintainence of security through identity check– Question: what is identity? Can identity be
established in relation to the human body● Van der Ploeg
– Biometrics requires a theory of identity that takes the body and the embodied nature of subjectivity into full account
– there is a need to investigate what kind of body the biometric body is
Biometrics● van Kraligen (Biometrician) – Distinction of
identity and verification of identity– Biometrics is regarded as the later
● Schrectman (Philosopher), Philosophical distinction between– Identity– Sameness of body (where identity is to self
knowledge what sameness of body is to re-identification)
● Necessary and sufficient conditions why p1 is p1 at both T1 and T2?
Biometrics
● ... is able to detect both sameness and difference of ”token”, (token-based systems can't)
● ... can re identify the body, but of course, not the ”essence” or ”beliefs and values” of the individual
● ... may seem to be able to be better at establishing psychological identity, but due to the above, cannot be any more effective than token-based systems
Biometrics● Since the body is very much a part of personal identity, and ”identity”
can be regared as more profound than ”sameness of body” ● it may be easy to identify the body using biometrics, however, it is
highly difficult to characterize a psychological individual over time, ● Parfit (Reasons & Persons): Personality does not persist over time
– P.: Personality changes over time, token identity does not, and we can not be certain that psychological identity changes over time
– P.: Wether or not psychological identity persists over time is therefore not relevant
– P.:What matters – psychological connectedness (of memory and character) between p1 and p2 over time
● From this perspective. Biometrics is not any better in characterizing the psychological identity of the individual
Biometrics
● van der Ploeg: – identity can be viewed from a third
person perspective (sameness of person)
– Identity can be viewed from a first person perspective (self knowledge)
– The distinction between can lead to an assumption that biometrics is only concerned with ”sameness of person”, but, the person is a ”performance piece”
Biometrics
● Van der Ploeg:– Personality is something that is
constantly being reshaped by (among other things) information technology
– With information technology, it becomes possible to fragment personal identity
– Suddenly bodies are irrelevant to identity, identification may be near impossible without the use of the body as identification
Biometrics
● The problem is of course that biometrics removes the boundaries between nature and culture, – Split second identification makes it
possible to map identity patterns over individuals that may not exist,
– Van der Ploeg: biometrics investigations prompts cultural determinism. One is judged but rather by ones cultural background and previous exploits
Hacktivism
● Terrorism or Civil Disobedience: Toward a Hacktivist Ethic, Mark Manion & Abby Goodrum– How does one go about distinguishing computer terrorism from civil
disobediance, and in what way does one define the ethics of hacking and civil disobediance?
Hacktivism
● Terrorism vs. civil disobedience – “One mans terrorist is another mans freedom
fighter” - William Laqueur, 1977● Violence breeds more violence, Non-violence does
not, (Ghandi, “Satyagraha”)– Violent struggle vs. civil disobedience
● Peaceful breaking of unjust laws (direct action)– Non-violent protest: Boycotts, sanctions, “sabotage” (s. f.
Plowshares-movement), “information-war”– Non-violent protest takes moral high-ground, in that it
confronts power without resorting to violence– Protesters take responsibility of their actions,
(imprisonment, etc.)
Hacktivism
● Hacktivism– “The (sometimes) clandestine use of computer
hacking to help advance political causes” - Manion and Goodrum
● Hacking– “The practice of exploiting or gaining
unauthorized access to computer systems through clever tactics and detailed knowledge” - Wikipedia
Hacktivism
● Hackers attack commercial websites – Feb. 8, 2000– 18 page statement, claiming responsibility is
released (MSNBC)– Alleged reason: Growing commodification and
capitalization of the Internet– No one is arrested, no one is charged
Hacktivism
● Valentines day, 2000, plowshares movement restricts access to Faslane naval base, Scotland– Faslane is the base of UK Trident-class
submarines – Reason: These submarines are armed with
nuclear weapons– Plowshares movement claims responsibility
due to ethical concerns– 185 arrested
Hacktivism
● 1998, Eugene Kashpureff usurps traffic from interNIC – Manion & Goodrum– Action taken non-anonymously– Ethically motivated, protest of domain-name
policy– Jailed as result
● “Under a government which imprisons any unjustly, the true place for a just man is also a prison” - David Henry Thoreau, 1849
Hacktivism
● Hacktivism, civil disobedience?– Has been used to protest
● Anti-democratic crackdowns in china● Indonesian occupation of west-timor● Human rights abusers
– Targets● Governments & national security● Private industry and intellectual property● Human rights abusers
Hacktivism
● Core principles – Manion & Goodrum– No damage done to persons or property– Non-violent– Not for personal Profit– Ethically motivated– Willingness to accept personal responsibility
for ones actions
Hacktivism
● Hacktivism, cyber-terrorism?– RAND Corp. John Arquilla and David Ronfeldt
● “Netwar” - The study of network based conflict and crime, Networks and Netwars, 2001
● “... terrorist and social activist organizations will be most effective if they develop networking capabilities ... attuned to the information age.”
● “If governmental powers can understand how modern-day netwar organizations are formed, they may be better able to target and dismantle those terrorist ... groups ...”
● “Act of violence for the purpose of intimidating or coercing a government or civilian population” - US Law
Hacktivism
● Internet provides forums for the organization of Electronic Civil Disobedience (ECD) – Manion & Goodrum– What CONSTITUTES Hacktivism (or ECD)
● Running FloodNet?● Hacking CNN.com?
– The point is not destruction of information, rather disruption of the flow of information
● New type of non-violent protest?– If so: why is hacking judged harsher than traditional non-
violent protests?
Hacktivism
● “Legitimate Hacking”? – First objective of invasion: control information
● S.f. The Phone book (don't trust the media)● Information Warfare (Op. Desert Storm)● Propaganda (WW2)
– When is it okey to breach security?● Whenever it does not concern us?● Whenever it concerns multinational cooperations? ● Whenever it concerns other governments? ● Whenever there is a need for it?
– Who decides?● Whenever it happens in our favor?● Whenever “we” condone it?
Hacktivism
● Often, Hackers take stance against warfare and even information war – Against the LoU “Declaring war in anyone is a
most deplorable act” (2600, CDC, ) - Hackernews 12/28/98
● Why label the hacktivist as a terrorist?– Labeling the hacktivist as a threat to security
furthers legitimization of erasure of individual privacy
Hacktivism
● Is hacking democratic activity? (Levy 1984)– Freedom of information– Computer access– Mistrust Authority – Promote decentralization
● Do these principles conflict with the tenants of democracy?– Foucault – Failure to confirm authority leads to
uproar (Foucault 1987)– For whom does hacking really compromise
security?