“Better Security and Privacy for
1 / 16

Overview - PowerPoint PPT Presentation

  • Updated On :

“Better Security and Privacy for Home Broadband” Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference September 26, 2002 Overview Home broadband benefits and risks Existing proposals for the security risks

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Overview' - Faraday

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

“Better Security and Privacy for Home Broadband”Peter P. SwireMoritz College of LawThe Ohio State UniversityMorrison & Foerster LLPPrivacy 2002 ConferenceSeptember 26, 2002

Overview l.jpg

  • Home broadband benefits and risks

  • Existing proposals for the security risks

  • Internet privacy as a useful analogy

  • A proposal to speed protection of security and privacy in home broadband

I home broadband l.jpg
I. Home Broadband

  • Benefits of home broadband

    • 56 K dial-up not good enough

    • Slows growth of e-commerce and the economy

    • Educational and many other desirable aps

    • Consensus policy goal to encourage home broadband

    • Similarly, encourage small business broadband

Risks of home broadband l.jpg
Risks of Home Broadband

  • “Always on”

    • Static or near-static IP addresses help attackers

    • Attackers scan for weak defenses, and can get in before the user signs off

  • Broadband

    • Broadband itself makes many attacks easier -- bigger pipe to the home computer

    • Broadband means that user can do applications and not notice the “overhead” of spyware or non-approved uses

Wipeout risks to the individual user l.jpg
“Wipeout” -- Risks to the Individual User

  • Many users have no firewall or virus detection

  • Risk of virus -- lose data or wrecked hardware

  • Risk of no firewall -- attacker takes control of the home computer

  • HARD to install today -- often not part of standard installation

Zombie risks to critical infrastructure l.jpg
“Zombie” -- Risks to Critical Infrastructure

  • Zombie sites controlled by the attacker

    • Used to launch distributed denial of service attacks in winter, 2000

    • Can be used to disguise source of all cyber-attacks (attack coming from John Smith’s home)

  • Now installing millions of broadband users, each a potential zombie site

Ii proposed solutions l.jpg
II. Proposed Solutions

  • Draft Cybersecurity Report, 9/02

    • Correctly identifies the risk to critical infrastructure

    • Recommendation that home broadband users “should consider installing firewall software.”

    • Recommendation that it is important to update this software regularly

Solution user education l.jpg
Solution -- User Education

  • FTC Commission Swindle initiative on home computer security

  • Yes, an essential part of the solution

    • How to move users up the learning curve?

    • Car users learn they have to get an oil change -- government doesn’t require them every 3,000 miles

  • Publicity, education are essential

Solution legislation l.jpg
Solution -- Legislation?

  • I don’t think so.

  • Do we know how to write one rule for the diversity of home computer systems?

    • DSL and Cable

    • Different sorts of home, small business users

    • Very hard to write the rules

Legislation continued l.jpg
Legislation (continued)

  • Should solutions be hardware or software?

  • What about the liability for ISPs or software vendors?

  • Would take a long time to work out these complex issues, even if legislation were a desirable outcome

  • Conclusion -- do not support legislation, at least until we have tried other routes

Iii internet privacy as an analogy l.jpg
III. Internet Privacy as an Analogy

  • Similar structure -- how make progress on a social concern (privacy, security) while encouraging use of the technology (the Web, broadband)

  • Similar complexity and fear of legislation

    • So many kinds of web sites, did not even know what a good privacy policy would look like

    • Now, so many kinds of broadband -- we don’t know the one best approach

Internet privacy comparison l.jpg
Internet Privacy Comparison

  • Role of Bully Pulpit

    • Involvement of Dept. of Commerce Secretary Daley in making the case for better Internet privacy -- praise for industry leaders

    • Involvement of FTC, including Chairman Pitofsky

  • The role of public reporting

    • 1998, survey shows 15% have privacy policies

    • 2000, survey shows 88% have privacy policies

Internet privacy comparison13 l.jpg
Internet Privacy Comparison

  • Why we got progress on Internet Privacy

    • Public reporting -- pressure not to be a laggard

    • Leadership by the Administration -- privacy policy was the right thing to do

    • Credible, often unstated threat, that would have more intrusive government action if industry did not act responsibly

Iv sketch of a proposal l.jpg
IV. Sketch of a Proposal

  • Recognize home broadband risks:

    • Security of home computer (“wipeouts”)

    • Security of critical infrastructure (“zombies”)

    • Risk to privacy of home users when attackers get through

  • Administration leadership on the issue

    • Praise for industry leaders

    • Message to industry -- patriotic duty to respond to these important threats

Proposal continued l.jpg
Proposal (continued)

  • How to create information and surveys about installation of protection

    • Reporting by ISPs?

    • Reporting by major software vendors?

    • Other ways to learn the baseline of having protection and progress over time?

  • The Federal government should lead by example, be a place to try out solutions

Conclusion l.jpg

  • Known, significant cybersecurity and privacy problem of unprotected home broadband

  • How to get on a path to improvement

  • Vital now as millions of broadband users -come on-line

  • Without legislation, we can create momentum for much better protection