e surveillance and user privacy l.
Skip this Video
Loading SlideShow in 5 Seconds..
E-Surveillance and User Privacy PowerPoint Presentation
Download Presentation
E-Surveillance and User Privacy

Loading in 2 Seconds...

play fullscreen
1 / 25

E-Surveillance and User Privacy - PowerPoint PPT Presentation

  • Uploaded on

E-Surveillance and User Privacy. Yvonne Gladden Lauran Hollar Tim Kennedy Grant Wood. E-Surveillance. Surveillance – “The act of observing or the condition of being observed”.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'E-Surveillance and User Privacy' - howe

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
e surveillance and user privacy

E-Surveillance and User Privacy

Yvonne Gladden

Lauran Hollar

Tim Kennedy

Grant Wood

e surveillance
  • Surveillance – “The act of observing or the condition of being observed”.
  • Electronic Surveillance (US Government - FISA) – “the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire or radio communication …”

License Plate Monitoring

  • “The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed”

Google Street View

why is it important
Why is it Important?
  • Impacts virtually everyone
    • Internet
    • Cell Phones
    • Personal information
  • Law Enforcement
    • Evidence Collection
  • National Security
    • Drift Net Type Approach
    • Keyword Detection
legal background
Legal Background
  • e-Surveillance is not a new subject that the courts have had to deal with.
  • In 1928 the U.S. Supreme Court ruled on a case about it.
  • In 1934 this ruling was reviewed and changed.
legal background6
Legal Background
  • In 1967 the Supreme Court ruled that the government could not infringe upon a persons reasonable expectation of privacy.
  • In 1968 Congress codified the requirements to obtain court authority for interception of oral and wire communication
  • In 1986 this Act was amended to include electronic communication
e surveillance techniques
e-Surveillance Techniques
  • Spyware
  • Network Monitoring
  • Compromising Emanations (CE)
  • Biometrics (hand scanning, iris scanning)
  • Various Threat Levels
    • Identification Cookies (low)
    • Associated (3rd party) Cookies (low – med)
    • Application based (medium – high)
spyware infections
Spyware Infections

Key loggers send sensitive data (i.e. passwords) to spyware controller

Commercial habits, and search keywords

Sends host name, IP addresses, and computer processes

delivery of app based spyware
Delivery of App Based Spyware
  • Piggybacking on other software
  • Hidden in utility applications
  • Execution of ActiveX or Java Applets
network monitoring
Network Monitoring
  • Packet Sniffers
    • Hardware + Software
  • Narus Semantic Traffic Analyzer
    • State of the art monitoring software (“Ultimate Net Monitoring Tool”)
    • Linux based
    • Used by NSA in monitoring Internet traffic
    • Used by ISP’s to perform court-ordered monitoring
compromising emanations
Compromising Emanations
  • TEMPEST – codename referring to study of CE
  • Heavily researched in military applications
  • Examples:
    • computer monitors (optical, electromagnetic)
    • cpu (electromagnetic)
    • keyboard (accoustic)
compromising emanations14
Compromising Emanations
  • Soft Tempest
    • method for preventing eavesdropping on monitor emissions
    • works by using software to filter off some of the higher frequencies before they are sent to the monitor
  • Automated methods of recognizing a person based on a physiological or behavioral characteristic
use of biometrics
Use of Biometrics
  • Sec. 403(c) of the USA-PATRIOT Act specifically requires the federal government to "develop and certify a technology standard that can be used to verify the identity of persons" applying for or seeking entry into the United States on a U.S. visa "for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name."
  • Enhanced Border Security and Visa Entry Reform Act of 2002, Sec. 303(b)(1), requires that only "machine-readable, tamper-resistant visas and other travel and entry documents that use biometric identifiers" shall be issued to aliens by October 26, 2004. The Immigration and Naturalization Service (INS) and the State Department currently are evaluating biometrics for use in U.S. border control pursuant to EBSVERA.
uses of e surveillance summary
Uses of e-Surveillance Summary
  • National Security (Government)
    • Carnivore (now defunct)
  • Law Enforcement
    • Finding Dealers of Child Pornography
    • Finding Child Predators
  • Corporate Security
    • Employee Monitoring
  • Internet Advertising
    • Spyware
  • Malicious Uses
    • Identity Theft
    • Credit Card Fraud
techniques for privacy protection
Techniques for Privacy Protection
  • Firewalls
    • software or hardware based
  • Anti-spyware software
    • Ad-Aware, Spybot, PestPatrol
  • Encryption
  • Tighter Security at OS Level
    • FOOD
  • Changes to Network Protocols
  • System to prevent execution of malicious code on Windows/X86
  • Prior to execution, checks hash of binaries against signature of allowed binaries – if not allowed, execution denied
  • Prevents unauthorized indirect branching
  • Protects from buffer overflow attacks
  • Cost – 35% performance hit!
  • Weakness – Does not protect against scripted (interpreted) code attacks – Perl, VB, etc
discreet d core
  • New approach to user privacy
  • Goals
    • Allow users to take advantage of new services without worrying about their private information being misused
  • Structure
    • Three additional network layers (sub-layers of the Application Layer)
      • Identity Layer
      • Confidentiality Layer
      • Policy Control Layer
  • Balancing user privacy vs. the need for information
    • encryption – if it is too good then criminals can communicate with impunity
  • Balancing security and user friendliness
  • Volume of Information (Mass Surveillance)
  • Legal Issues
    • FISA
    • Patriot Act
moving forward
Moving Forward
  • Awareness
    • 70% of American computer users claim to have anti-spyware software on their computer, only 55% actually do
    • Only 22% have an enabled firewall, updated anti-virus software, and anti-spyware software installed on their computers
moving forward24
Moving Forward
  • Pass laws to make it tougher to collect personal information without consent, and to prohibit unfair deceptive practices using spyware
    • I-SPY ACT (passed three times by House, currently in Senate committee)
  • Privacy will be an ongoing issue
    • More capabilities lead to more security and ethical issues