1 / 25

E-Surveillance and User Privacy

E-Surveillance and User Privacy. Yvonne Gladden Lauran Hollar Tim Kennedy Grant Wood. E-Surveillance. Surveillance – “The act of observing or the condition of being observed”.

burtt
Download Presentation

E-Surveillance and User Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Surveillance and User Privacy Yvonne Gladden Lauran Hollar Tim Kennedy Grant Wood

  2. E-Surveillance • Surveillance – “The act of observing or the condition of being observed”. • Electronic Surveillance (US Government - FISA) – “the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire or radio communication …” License Plate Monitoring

  3. Privacy • “The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed” Google Street View

  4. Why is it Important? • Impacts virtually everyone • Internet • Cell Phones • Personal information • Law Enforcement • Evidence Collection • National Security • Drift Net Type Approach • Keyword Detection

  5. Legal Background • e-Surveillance is not a new subject that the courts have had to deal with. • In 1928 the U.S. Supreme Court ruled on a case about it. • In 1934 this ruling was reviewed and changed.

  6. Legal Background • In 1967 the Supreme Court ruled that the government could not infringe upon a persons reasonable expectation of privacy. • In 1968 Congress codified the requirements to obtain court authority for interception of oral and wire communication • In 1986 this Act was amended to include electronic communication

  7. e-Surveillance Techniques • Spyware • Network Monitoring • Compromising Emanations (CE) • Biometrics (hand scanning, iris scanning)

  8. Spyware • Various Threat Levels • Identification Cookies (low) • Associated (3rd party) Cookies (low – med) • Application based (medium – high)

  9. Spyware Infections Key loggers send sensitive data (i.e. passwords) to spyware controller Commercial habits, and search keywords Sends host name, IP addresses, and computer processes

  10. Associated Cookies

  11. Delivery of App Based Spyware • Piggybacking on other software • Hidden in utility applications • Execution of ActiveX or Java Applets

  12. Network Monitoring • Packet Sniffers • Hardware + Software • Narus Semantic Traffic Analyzer • State of the art monitoring software (“Ultimate Net Monitoring Tool”) • Linux based • Used by NSA in monitoring Internet traffic • Used by ISP’s to perform court-ordered monitoring

  13. Compromising Emanations • TEMPEST – codename referring to study of CE • Heavily researched in military applications • Examples: • computer monitors (optical, electromagnetic) • cpu (electromagnetic) • keyboard (accoustic)

  14. Compromising Emanations • Soft Tempest • method for preventing eavesdropping on monitor emissions • works by using software to filter off some of the higher frequencies before they are sent to the monitor

  15. Soft Tempest Example Before After

  16. Biometrics • Automated methods of recognizing a person based on a physiological or behavioral characteristic

  17. Use of Biometrics • Sec. 403(c) of the USA-PATRIOT Act specifically requires the federal government to "develop and certify a technology standard that can be used to verify the identity of persons" applying for or seeking entry into the United States on a U.S. visa "for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name." • Enhanced Border Security and Visa Entry Reform Act of 2002, Sec. 303(b)(1), requires that only "machine-readable, tamper-resistant visas and other travel and entry documents that use biometric identifiers" shall be issued to aliens by October 26, 2004. The Immigration and Naturalization Service (INS) and the State Department currently are evaluating biometrics for use in U.S. border control pursuant to EBSVERA.

  18. Uses of e-Surveillance Summary • National Security (Government) • ECHELON • Carnivore (now defunct) • Law Enforcement • Finding Dealers of Child Pornography • Finding Child Predators • Corporate Security • Employee Monitoring • Internet Advertising • Spyware • Malicious Uses • Identity Theft • Credit Card Fraud

  19. Techniques for Privacy Protection • Firewalls • software or hardware based • Anti-spyware software • Ad-Aware, Spybot, PestPatrol • Encryption • Tighter Security at OS Level • FOOD • Changes to Network Protocols • DISCREET

  20. FOOD • System to prevent execution of malicious code on Windows/X86 • Prior to execution, checks hash of binaries against signature of allowed binaries – if not allowed, execution denied • Prevents unauthorized indirect branching • Protects from buffer overflow attacks • Cost – 35% performance hit! • Weakness – Does not protect against scripted (interpreted) code attacks – Perl, VB, etc

  21. DISCREET (D-Core) • New approach to user privacy • Goals • Allow users to take advantage of new services without worrying about their private information being misused • Structure • Three additional network layers (sub-layers of the Application Layer) • Identity Layer • Confidentiality Layer • Policy Control Layer

  22. Challenges • Balancing user privacy vs. the need for information • encryption – if it is too good then criminals can communicate with impunity • Balancing security and user friendliness • Volume of Information (Mass Surveillance) • Legal Issues • FISA • Patriot Act

  23. Moving Forward • Awareness • 70% of American computer users claim to have anti-spyware software on their computer, only 55% actually do • Only 22% have an enabled firewall, updated anti-virus software, and anti-spyware software installed on their computers

  24. Moving Forward • Pass laws to make it tougher to collect personal information without consent, and to prohibit unfair deceptive practices using spyware • I-SPY ACT (passed three times by House, currently in Senate committee)

  25. Conclusion • Privacy will be an ongoing issue • More capabilities lead to more security and ethical issues

More Related