1 / 16

Overview

“Better Security and Privacy for Home Broadband” Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference September 26, 2002 Overview Home broadband benefits and risks Existing proposals for the security risks

Faraday
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. “Better Security and Privacy for Home Broadband”Peter P. SwireMoritz College of LawThe Ohio State UniversityMorrison & Foerster LLPPrivacy 2002 ConferenceSeptember 26, 2002

  2. Overview • Home broadband benefits and risks • Existing proposals for the security risks • Internet privacy as a useful analogy • A proposal to speed protection of security and privacy in home broadband

  3. I. Home Broadband • Benefits of home broadband • 56 K dial-up not good enough • Slows growth of e-commerce and the economy • Educational and many other desirable aps • Consensus policy goal to encourage home broadband • Similarly, encourage small business broadband

  4. Risks of Home Broadband • “Always on” • Static or near-static IP addresses help attackers • Attackers scan for weak defenses, and can get in before the user signs off • Broadband • Broadband itself makes many attacks easier -- bigger pipe to the home computer • Broadband means that user can do applications and not notice the “overhead” of spyware or non-approved uses

  5. “Wipeout” -- Risks to the Individual User • Many users have no firewall or virus detection • Risk of virus -- lose data or wrecked hardware • Risk of no firewall -- attacker takes control of the home computer • HARD to install today -- often not part of standard installation

  6. “Zombie” -- Risks to Critical Infrastructure • Zombie sites controlled by the attacker • Used to launch distributed denial of service attacks in winter, 2000 • Can be used to disguise source of all cyber-attacks (attack coming from John Smith’s home) • Now installing millions of broadband users, each a potential zombie site

  7. II. Proposed Solutions • Draft Cybersecurity Report, 9/02 • Correctly identifies the risk to critical infrastructure • Recommendation that home broadband users “should consider installing firewall software.” • Recommendation that it is important to update this software regularly

  8. Solution -- User Education • FTC Commission Swindle initiative on home computer security • Yes, an essential part of the solution • How to move users up the learning curve? • Car users learn they have to get an oil change -- government doesn’t require them every 3,000 miles • Publicity, education are essential

  9. Solution -- Legislation? • I don’t think so. • Do we know how to write one rule for the diversity of home computer systems? • DSL and Cable • Different sorts of home, small business users • Very hard to write the rules

  10. Legislation (continued) • Should solutions be hardware or software? • What about the liability for ISPs or software vendors? • Would take a long time to work out these complex issues, even if legislation were a desirable outcome • Conclusion -- do not support legislation, at least until we have tried other routes

  11. III. Internet Privacy as an Analogy • Similar structure -- how make progress on a social concern (privacy, security) while encouraging use of the technology (the Web, broadband) • Similar complexity and fear of legislation • So many kinds of web sites, did not even know what a good privacy policy would look like • Now, so many kinds of broadband -- we don’t know the one best approach

  12. Internet Privacy Comparison • Role of Bully Pulpit • Involvement of Dept. of Commerce Secretary Daley in making the case for better Internet privacy -- praise for industry leaders • Involvement of FTC, including Chairman Pitofsky • The role of public reporting • 1998, survey shows 15% have privacy policies • 2000, survey shows 88% have privacy policies

  13. Internet Privacy Comparison • Why we got progress on Internet Privacy • Public reporting -- pressure not to be a laggard • Leadership by the Administration -- privacy policy was the right thing to do • Credible, often unstated threat, that would have more intrusive government action if industry did not act responsibly

  14. IV. Sketch of a Proposal • Recognize home broadband risks: • Security of home computer (“wipeouts”) • Security of critical infrastructure (“zombies”) • Risk to privacy of home users when attackers get through • Administration leadership on the issue • Praise for industry leaders • Message to industry -- patriotic duty to respond to these important threats

  15. Proposal (continued) • How to create information and surveys about installation of protection • Reporting by ISPs? • Reporting by major software vendors? • Other ways to learn the baseline of having protection and progress over time? • The Federal government should lead by example, be a place to try out solutions

  16. Conclusion • Known, significant cybersecurity and privacy problem of unprotected home broadband • How to get on a path to improvement • Vital now as millions of broadband users -come on-line • Without legislation, we can create momentum for much better protection

More Related