Packet sniffing What is it? Why would an ISP be interested? Internet traffic. Illegal downloads so that they avoid litigation. Slowing down big users for the benefit of others on the network Who else is a stakeholder, what is their interest? RIAA, other users of the ISP Who else would use this technique? Why? Hackers, find passwords, financial details, logons the key issue with the monitoring of Internet traffic is analyzing connections rather than content I have nothing to hide so why should I care? the government easily could get it wrong what future purposes might crop up to justify putting it to use
A Gift of Fire Encryption and Interception of Communications Overview of the Controversies Intercepting Communications Cryptography and Its Uses Encryption Policy: Access to Software, Keys, and Plaintext Fundamental Issues
Overview of the Controversies • Communications Privacy Affected by: • Interception of communications, including: • Telephone, E-mail, and Web activity. • Restrictions on secure encryption. • Exportation of strong encryption was viewed as a threat to national security. • CALEA (Communications Assistance for Law Enforcement Act). • Communications technology must assist law enforcement, not hinder. • Global surveillance systems. • The constitutionality of domestic systems and the necessity of international systems are under question.
Intercepting Communications • Wiretapping • Telephone: • Pre-1934: used widely by government, businesses, and private sector. • 1934: the Federal Communications Act disallowed unauthorized wiretaps; many ignored the law. • 1968: the Omnibus Crime Control and Safe Streets Act restricted wiretapping by requiring a court order. Q: Can law enforcement intercept communications without a court order?
Intercepting Communications • Wiretapping • New Technologies: • 1986: Electronic Communications Privacy Act (ECPA) and its amendments restricted government interception of e-mail, cell-phones, etc.. • 2001: USA Patriot Act loosened restrictions on government wiretapping and communications interception. Q: Does the USA Patriot Act supersede ECPAs restrictions?
Intercepting Communications • Designing Communications Systems for Interception and Tracking • Obstacles to interception: • Incomplete pen-registers as a result of long distance service. • Packet-mode communications (e-mail, file transfers, Internet phones). • Solutions: • CALEA: Requires telecommunications equipment be designed to ensure interception by law enforcement (with court order). Q: Why did privacy advocates object to CALEA?
Intercepting Communications • Designing Communications Systems for Interception and Tracking (cont’d) • CALEA • Costs include modified hardware, software, andpossible overuse by authorities. • Wiretappable systems vulnerable to criminal hacking, industrial spies, etc.? • Competition weakened due to restricted changes and diversities? • Civil liberties threatened by nationwide standard for surveillance? • In 2007, legal battles still rage between FCC (issues regulations based on the law) and civil liberty and communications interests. • Makes some distinctions between who communicated with whom, and what was said in the communication. • Attempts to extend to search services etc, not just p2p communications. • See http://www.eff.org/Privacy/Surveillance/CALEA/ • EFF is a good source for 4001 topics • Is EFF a neutral site? Q: CALEA allows for the interception of PINs. Do you support this use?
Intercepting Communications • Carnivore • FBI’s system to intercept e-mail with a court order. • Pro: Law enforcement needs this tool to fight crime. • Con: All e-mail goes through FBI’s Carnivore system. • Has also been known as Omnivore and DCS1000 • Now replaced by commercial “sniffer” software. • Installed at ISPs. Q: Does Carnivore violate the 4th Amendment?
Intercepting Communications • NSA and Echelon • NSA (National Security Agency): • Collects and analyzes communications to find threats to national security. • Echelon: • Member nations intercept communications for each other. Q: Should the NSA be permitted to intercept all e-mail entering and leaving the U.S.?
Intercepting Communications • Much recent controversy on use of sniffers and Echelon on communications within the US under US Patriot Act – • Without court order
Password security • User change every 3 months policy vs issued password every 3 months policy. How does it relate? • Invasion of privacy task.
Apple What technology is being used to log location? Apple also triangulates your location from cell phone towers and logs that information in order to help get a faster GPS lock (or to find your location without GPS if you're getting bad GPS signal). Users don't get to decide whether their locations are tracked via cell towers or not—unlike GPS, there is no setting that lets users turn it off, there's no explicit consent every time it happens, and there's no way to block the logging. regular people cannot access that data—law enforcement must obtain a court order before they can get it for an investigation, and your jealous spouse can't get it from the wireless company at all. What the cellco has on you is now basically being mirrored in a file on your iPhone or iPad without any kind of encryption, and is also being copied to your computer. "It is bad for privacy this file exists, especially when it doesn't seem to be linked to any particular feature that provides any benefit," Miller said. "[T]here is no easy way to wipe the data from it." Response These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple. Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years. As Apple rushed to allay privacy concerns over its handling of location data, it also let slip that it was working on a "crowd-sourced traffic database". Now a patent application dating from 2009 has been made public which suggests Apple is thinking of this technology not merely as an add-on to iOS Maps, but as something which could feed into other areas such as calendars and alarms. The implicit suggestion is that if Apple can figure out how long it will take you to get from A to B, then it should be able to adjust your appointments to make sure you get there on time without having to go on a rampage. Until then, if everyone just stays out of the way, then no one will get hurt. http://www.engadget.com/2011/06/02/apple-wants-to-make-your-calendar-sensitive-to-location-and-traf/
Census • E-Census. Stakeholders? Advantages? Disadvantages? • The primary objective of the proposal is to create a Statistical Longitudinal Census Dataset (the SLCD) … In response to the privacy risks highlighted by the Australian Privacy Foundation and other concerned organisations and individuals, the ABS changed its proposal to only cover 5% of the population, instead of the entire population.
Articles on Google Wiretapping and Mobile Pinging Knowledge: Identify, DefineComprehension(Understanding): Describe,DistinguishApplication: Explain, Examine, Compare, ContrastAnalysis/Synthesis and Evaluation (critical thinking): Discuss, Analyze, Evaluate, To What Extent • 1. Identify the area of impact the scenario relates to • 2. Identify all ITGS terminology and phrases (IT and social/ethical) • 3. Describe one ITGS social/ethical concern in the article. • 4. Describe the relationship of the main stakeholders to the IT system. • 5. Explain the relationship between the IT system and the social/ethical issue identified in question 3. • 6. Discuss at least one problem that relates to the impacts of the social/ethical issue. • 7. Evaluate one solution that addresses the problem identified