slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Overview PowerPoint Presentation
Download Presentation
Overview

Loading in 2 Seconds...

play fullscreen
1 / 16

Overview - PowerPoint PPT Presentation


  • 283 Views
  • Uploaded on

“Better Security and Privacy for Home Broadband” Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference September 26, 2002 Overview Home broadband benefits and risks Existing proposals for the security risks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Overview' - Faraday


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

“Better Security and Privacy for Home Broadband”Peter P. SwireMoritz College of LawThe Ohio State UniversityMorrison & Foerster LLPPrivacy 2002 ConferenceSeptember 26, 2002

overview
Overview
  • Home broadband benefits and risks
  • Existing proposals for the security risks
  • Internet privacy as a useful analogy
  • A proposal to speed protection of security and privacy in home broadband
i home broadband
I. Home Broadband
  • Benefits of home broadband
    • 56 K dial-up not good enough
    • Slows growth of e-commerce and the economy
    • Educational and many other desirable aps
    • Consensus policy goal to encourage home broadband
    • Similarly, encourage small business broadband
risks of home broadband
Risks of Home Broadband
  • “Always on”
    • Static or near-static IP addresses help attackers
    • Attackers scan for weak defenses, and can get in before the user signs off
  • Broadband
    • Broadband itself makes many attacks easier -- bigger pipe to the home computer
    • Broadband means that user can do applications and not notice the “overhead” of spyware or non-approved uses
wipeout risks to the individual user
“Wipeout” -- Risks to the Individual User
  • Many users have no firewall or virus detection
  • Risk of virus -- lose data or wrecked hardware
  • Risk of no firewall -- attacker takes control of the home computer
  • HARD to install today -- often not part of standard installation
zombie risks to critical infrastructure
“Zombie” -- Risks to Critical Infrastructure
  • Zombie sites controlled by the attacker
    • Used to launch distributed denial of service attacks in winter, 2000
    • Can be used to disguise source of all cyber-attacks (attack coming from John Smith’s home)
  • Now installing millions of broadband users, each a potential zombie site
ii proposed solutions
II. Proposed Solutions
  • Draft Cybersecurity Report, 9/02
    • Correctly identifies the risk to critical infrastructure
    • Recommendation that home broadband users “should consider installing firewall software.”
    • Recommendation that it is important to update this software regularly
solution user education
Solution -- User Education
  • FTC Commission Swindle initiative on home computer security
  • Yes, an essential part of the solution
    • How to move users up the learning curve?
    • Car users learn they have to get an oil change -- government doesn’t require them every 3,000 miles
  • Publicity, education are essential
solution legislation
Solution -- Legislation?
  • I don’t think so.
  • Do we know how to write one rule for the diversity of home computer systems?
    • DSL and Cable
    • Different sorts of home, small business users
    • Very hard to write the rules
legislation continued
Legislation (continued)
  • Should solutions be hardware or software?
  • What about the liability for ISPs or software vendors?
  • Would take a long time to work out these complex issues, even if legislation were a desirable outcome
  • Conclusion -- do not support legislation, at least until we have tried other routes
iii internet privacy as an analogy
III. Internet Privacy as an Analogy
  • Similar structure -- how make progress on a social concern (privacy, security) while encouraging use of the technology (the Web, broadband)
  • Similar complexity and fear of legislation
    • So many kinds of web sites, did not even know what a good privacy policy would look like
    • Now, so many kinds of broadband -- we don’t know the one best approach
internet privacy comparison
Internet Privacy Comparison
  • Role of Bully Pulpit
    • Involvement of Dept. of Commerce Secretary Daley in making the case for better Internet privacy -- praise for industry leaders
    • Involvement of FTC, including Chairman Pitofsky
  • The role of public reporting
    • 1998, survey shows 15% have privacy policies
    • 2000, survey shows 88% have privacy policies
internet privacy comparison13
Internet Privacy Comparison
  • Why we got progress on Internet Privacy
    • Public reporting -- pressure not to be a laggard
    • Leadership by the Administration -- privacy policy was the right thing to do
    • Credible, often unstated threat, that would have more intrusive government action if industry did not act responsibly
iv sketch of a proposal
IV. Sketch of a Proposal
  • Recognize home broadband risks:
    • Security of home computer (“wipeouts”)
    • Security of critical infrastructure (“zombies”)
    • Risk to privacy of home users when attackers get through
  • Administration leadership on the issue
    • Praise for industry leaders
    • Message to industry -- patriotic duty to respond to these important threats
proposal continued
Proposal (continued)
  • How to create information and surveys about installation of protection
    • Reporting by ISPs?
    • Reporting by major software vendors?
    • Other ways to learn the baseline of having protection and progress over time?
  • The Federal government should lead by example, be a place to try out solutions
conclusion
Conclusion
  • Known, significant cybersecurity and privacy problem of unprotected home broadband
  • How to get on a path to improvement
  • Vital now as millions of broadband users -come on-line
  • Without legislation, we can create momentum for much better protection