Security & privacy
Security: downstream (keep users from accessing things)
Privacy: upstream (keep systems from finding out about users)
authentication: know who the users are
cryptography: protect content from being changed
digital rights management: bill people
know what should be online (changed 9/11)
marketing vs. privacy
applets, cookies, sniffers, worms, registration
library circulation records, web browsing records, email ...
data mining: medicine, counter-terrorism, fraud detection, ...
Asymmetric cryptography
Traditional cryptography: same key for encoding and decoding
In 1976 public learned that you could use different keys in each
direction. This enables
digital signatures: publish decoding key
receiving secret mail: publish encoding key
Cryptography also provides for message integrity, digital cash,
non-repudiation, and other desirable properties.
Traditional associated with Rivest, Shamir, Adelman, and with
Diffie & Hellman; now known to have been invented earlier by
the UK intelligence services.
Irreversible functions
Hash functions: keep someone from changing a file,
detect duplicates, provide for random indexing.
It is possible to get truly non-reversible hash functions:
you can't find another file with the same hash value.
Non-reversible hashes (and asymmetric cryptography)
may be slower than traditional methods.
Digital time-stamping
Can you be sure when a message was sent?
Could route message through a trusted organization,
which applies a date stamp; but what if organization can
be corrupted?
Stornetta & Haber: encrypt together a sequence of
messages, so that unless the whole sequence is fake no
individual element can be a fake. Then, once a week,
publish one hash value in the New York Times.
Watermarking
Invisible watermarks
MIT Patchwork project
Authentication
Passwords which are used repeatedly are vulnerable.
SecurId fobs: generate random number, paired generator back at
computer checks match.
S/Key: produce a list of pass phrases, used one at a time.
SecurID has won in real world.
Digital rights management
Still lots of argument. Somehow, publishers want a system
where a given user will be restricted in exactly what they can do
with an object: view or print, download or not, copy to CD or not,
and so on. Can this be encoded in the object and then enforced
in the computer?
Historically, the equipment makers want simple & easy copying,
the publishers want the most detailed possible control.
Microsoft has lined up with the publishers in the current dispute.
Past failures: notch filter in DAT
Very complex: eg record companies want you to be able to buy
a record and then give it away.
What should be online?
This came up after 9/11. Power plants, trash dumps, various public
facilities might be of interest to terrorists. How much should be
described online?
Much material that had been declassified was reclassified after 9/11.
Fear of "cyberterrorism" - attacks on public utilities and/or economy by
disrupting computer networks.
No one will discuss this, but there is a history of hackers breaking into
bank computer systems and demanding money to go away.
International issues
US Government has restricted the export of cryptographic
technology; many pieces of software come in US and non-US
versions. Other countries have different rules: eg France
prohibits non-governmental use of cryptography (although this is
not enforced).
In practice the whole system is breaking down: excellent
cryptography is available from Finland, Switzerland, Israel and
Australia (non-NATO countries). US allows export to NATO and
the Netherlands, which is in NATO, allow free export of crypto.
Much suspicion of US government role in cipher technology (eg
the Clipper chip for key sequestration, or DES details).
Privacy threats
Marketing. Identify people who might buy something and
send them ads. Typically perceived as a nuisance.
Law enforcement. Search for culprits or possible culprits; big
boost here after 9/11. Not yet clear how important this is.
Constant rumors about "echelon" and "magic lantern".
Pricing. Identify people who might buy something but should
be charged more, eg airlines distinguishing business and
leisure travelers. Medical insurance raises bigger issues.
Public records: Megan's law type issues, snooping on your
neighbors. Public cameras, etc.
Users in libraries
Traditionally, book borrowing records confidential (after
disputes in McCarthy era).
Video tape rentals confidential (after Robert Bork hearings)
But: Ken Starr went after Kramerbooks records of Monica
Lewinsky purchases.
Should libraries track users? Should they aggressively keep
the portals they use from doing so?
Is the "alexa" portal (previous viewers of your page went to
the following pages next) an invasion of privacy or a service?
Mechanisms
Cookies: supposedly site-specific information
Registration forms: asking people their names and/or data
Applets (Java or Active-X): can do almost anything
Viruses: could gather information as well as make trouble.
Sniffers: can listen to Internet packets, or even be installed on
your machine by viruses.
Defenses: ssh not telnet, etc.
Data mining
Mailing lists can be worth a lot: few cents and up per name. Price
depends on age, quality, how selected, etc.
Online email lists worth a lot less but much cheaper to use.
Last summer every bank and retailer mailed a privacy policy to
every cardholder: in general it said we can sell your information.
Some data mining is consumer friendly, e.g fraud detection on
credit and phone credit cards.
Europeans have stronger protection than US.
Conclusions
There is less privacy than there used to be. Is this good or
bad? What's going to happen next?
Surveillance cameras linked to central sites.
GPS sensors in all kinds of equipment, or at least the tracking
of cellphones.
Cellphone vulnerability continues; wiretap laws may change.
Not likely to be a big money-maker for libraries, but whether
they can hold to existing privacy standard in face of pressure
from law enforcement and parents is not clear.