Torbj rn lundqvist
Sponsored Links
This presentation is the property of its rightful owner.
1 / 29

Security in Cyberspace PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on
  • Presentation posted in: General

Torbjörn Lundqvist. Security in Cyberspace. Overview. Written on the body: Biometrics and Identity, Irma van Der Ploeg In what way does biometrics contain information about ourselves that previous token-based systems don't

Download Presentation

Security in Cyberspace

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Torbjörn Lundqvist

Security in Cyberspace


Overview

  • Written on the body: Biometrics and Identity, Irma van Der Ploeg

    • In what way does biometrics contain information about ourselves that previous token-based systems don't

  • Terrorism or Civil Disobedience: Toward a Hacktivist Ethic, Mark Manion & Abby Goodrum

    • How does one go about distinguishing computer terrorism from civil disobediance, and in what way does one define the ethics of hacking and civil disobediance?


Privacy and Security

  • Security:

    • Ambiguous, Safety vs. security distinction, being free from danger, hard to assure

    • Computer security vs. data security, protection from worms, hackers vs. data loss

  • Privacy:

    • Often used synonymously with “anonymity”

    • Psychological Privacy/ Informational privacy

    • Control vs. Restricted Access theory

    • Impossible without security


Security

  • As an ethical issue: is true security achievable? If so: is it desirable? Conflict:

    • Pros

      • anonymity and privacy can be ensured (on a personal level, information-restriction becomes easier)

      • Identity can be established more easily (seems to conflict with the latter)

    • Cons

      • Anonymity and privacy can lead to unlawful behavior (due to the ease of restricting information)

      • “Easy identification” makes it harder to hide from others (again, conflict with the latter)


Biometrics

  • In what way does biometrics contain information about ourselves that common token-based systems don't?

  • How can this information be used to ”ensure our security” by ”invading our privacy”?


Biometrics

  • Van der Ploeg: In 1996 I-scan software implemented in the Department of Public Affairs in Illinois

    • All welfare clients were called to an interview, and made to submit a retinal scan

    • Failure to comply meant disqualification from social service benefits and other sanctions

    • Reason: The need to ensure against social welfare fraud


Biometrics

  • Biometrics: stipulated as “The Collection of physical features using a sensory device to record digital representations of physical features unique to the individual”

    • Retinal scan

    • Fingerprints

    • Voice patterns

    • Movements/Body odor


Biometrics

  • The method consists of using digital representations as templates to which a match is made upon identification, if the template matches the sample the subject is known, if not, the subject is unknown

Match, Known

T1

TX

Sample

Template:

Stored

indefinetly

Sample

Mismatch, Unknown


Biometrics

  • Older systems of identification, ID-cards etc. are ”token-based”, biometrics are not

    • ”Biometrics are turning the human body into the universal id of the future” ABC News Jan 15, 1998

    • Possible buyers: military forces, governments, private corporations

  • Development of genetic API in 1998

    • BioAPI Consortium – IBM, Microsoft, Novell, Compaq

      • Specifications for a global standard to allow easy implementation of biometrics into computer software begins


Biometrics

  • Of course: Biometrics is concerned with maintainence of security through identity check

    • Question: what is identity? Can identity be established in relation to the human body

  • Van der Ploeg

    • Biometrics requires a theory of identity that takes the body and the embodied nature of subjectivity into full account

    • there is a need to investigate what kind of body the biometric body is


Biometrics

  • van Kraligen (Biometrician) – Distinction of identity and verification of identity

    • Biometrics is regarded as the later

  • Schrectman (Philosopher), Philosophical distinction between

    • Identity

    • Sameness of body (where identity is to self knowledge what sameness of body is to re-identification)

  • Necessary and sufficient conditions why p1 is p1 at both T1 and T2?


Biometrics

  • ... is able to detect both sameness and difference of ”token”, (token-based systems can't)

  • ... can re identify the body, but of course, not the ”essence” or ”beliefs and values” of the individual

  • ... may seem to be able to be better at establishing psychological identity, but due to the above, cannot be any more effective than token-based systems


Biometrics

  • Since the body is very much a part of personal identity, and ”identity” can be regared as more profound than ”sameness of body”

  • it may be easy to identify the body using biometrics, however, it is highly difficult to characterize a psychological individual over time,

  • Parfit (Reasons & Persons): Personality does not persist over time

    • P.: Personality changes over time, token identity does not, and we can not be certain that psychological identity changes over time

    • P.: Wether or not psychological identity persists over time is therefore not relevant

    • P.:What matters – psychological connectedness (of memory and character) between p1 and p2 over time

  • From this perspective. Biometrics is not any better in characterizing the psychological identity of the individual


Biometrics

  • van der Ploeg:

    • identity can be viewed from a third person perspective (sameness of person)

    • Identity can be viewed from a first person perspective (self knowledge)

    • The distinction between can lead to an assumption that biometrics is only concerned with ”sameness of person”, but, the person is a ”performance piece”


Biometrics

  • Van der Ploeg:

    • Personality is something that is constantly being reshaped by (among other things) information technology

    • With information technology, it becomes possible to fragment personal identity

    • Suddenly bodies are irrelevant to identity, identification may be near impossible without the use of the body as identification


Biometrics

  • The problem is of course that biometrics removes the boundaries between nature and culture,

    • Split second identification makes it possible to map identity patterns over individuals that may not exist,

    • Van der Ploeg: biometrics investigations prompts cultural determinism. One is judged but rather by ones cultural background and previous exploits


Hacktivism

  • Terrorism or Civil Disobedience: Toward a Hacktivist Ethic, Mark Manion & Abby Goodrum

    • How does one go about distinguishing computer terrorism from civil disobediance, and in what way does one define the ethics of hacking and civil disobediance?


Hacktivism

  • Terrorism vs. civil disobedience

    • “One mans terrorist is another mans freedom fighter” - William Laqueur, 1977

      • Violence breeds more violence, Non-violence does not, (Ghandi, “Satyagraha”)

    • Violent struggle vs. civil disobedience

      • Peaceful breaking of unjust laws (direct action)

        • Non-violent protest: Boycotts, sanctions, “sabotage” (s. f. Plowshares-movement), “information-war”

        • Non-violent protest takes moral high-ground, in that it confronts power without resorting to violence

        • Protesters take responsibility of their actions, (imprisonment, etc.)


Hacktivism

  • Hacktivism

    • “The (sometimes) clandestine use of computer hacking to help advance political causes” - Manion and Goodrum

  • Hacking

    • “The practice of exploiting or gaining unauthorized access to computer systems through clever tactics and detailed knowledge” - Wikipedia


Hacktivism

  • Hackers attack commercial websites – Feb. 8, 2000

    • 18 page statement, claiming responsibility is released (MSNBC)

    • Alleged reason: Growing commodification and capitalization of the Internet

    • No one is arrested, no one is charged


Hacktivism

  • Valentines day, 2000, plowshares movement restricts access to Faslane naval base, Scotland

    • Faslane is the base of UK Trident-class submarines

    • Reason: These submarines are armed with nuclear weapons

    • Plowshares movement claims responsibility due to ethical concerns

    • 185 arrested


Hacktivism

  • 1998, Eugene Kashpureff usurps traffic from interNIC – Manion & Goodrum

    • Action taken non-anonymously

    • Ethically motivated, protest of domain-name policy

    • Jailed as result

  • “Under a government which imprisons any unjustly, the true place for a just man is also a prison” - David Henry Thoreau, 1849


Hacktivism

  • Hacktivism, civil disobedience?

    • Has been used to protest

      • Anti-democratic crackdowns in china

      • Indonesian occupation of west-timor

      • Human rights abusers

    • Targets

      • Governments & national security

      • Private industry and intellectual property

      • Human rights abusers


Hacktivism

  • Core principles – Manion & Goodrum

    • No damage done to persons or property

    • Non-violent

    • Not for personal Profit

    • Ethically motivated

    • Willingness to accept personal responsibility for ones actions


Hacktivism

  • Hacktivism, cyber-terrorism?

    • RAND Corp. John Arquilla and David Ronfeldt

      • “Netwar” - The study of network based conflict and crime, Networks and Netwars, 2001

      • “... terrorist and social activist organizations will be most effective if they develop networking capabilities ... attuned to the information age.”

      • “If governmental powers can understand how modern-day netwar organizations are formed, they may be better able to target and dismantle those terrorist ... groups ...”

      • “Act of violence for the purpose of intimidating or coercing a government or civilian population” - US Law


Hacktivism

  • Internet provides forums for the organization of Electronic Civil Disobedience (ECD) – Manion & Goodrum

    • What CONSTITUTES Hacktivism (or ECD)

      • Running FloodNet?

      • Hacking CNN.com?

    • The point is not destruction of information, rather disruption of the flow of information

      • New type of non-violent protest?

        • If so: why is hacking judged harsher than traditional non-violent protests?


Hacktivism

  • “Legitimate Hacking”?

    • First objective of invasion: control information

      • S.f. The Phone book (don't trust the media)

      • Information Warfare (Op. Desert Storm)

      • Propaganda (WW2)

    • When is it okey to breach security?

      • Whenever it does not concern us?

      • Whenever it concerns multinational cooperations?

      • Whenever it concerns other governments?

      • Whenever there is a need for it?

        • Who decides?

      • Whenever it happens in our favor?

      • Whenever “we” condone it?


Hacktivism

  • Often, Hackers take stance against warfare and even information war

    • Against the LoU “Declaring war in anyone is a most deplorable act” (2600, CDC, ) - Hackernews 12/28/98

  • Why label the hacktivist as a terrorist?

    • Labeling the hacktivist as a threat to security furthers legitimization of erasure of individual privacy


Hacktivism

  • Is hacking democratic activity? (Levy 1984)

    • Freedom of information

    • Computer access

    • Mistrust Authority – Promote decentralization

  • Do these principles conflict with the tenants of democracy?

    • Foucault – Failure to confirm authority leads to uproar (Foucault 1987)

    • For whom does hacking really compromise security?


  • Login