1 / 29

Security in Cyberspace

Torbjörn Lundqvist. Security in Cyberspace. Overview. Written on the body: Biometrics and Identity, Irma van Der Ploeg In what way does biometrics contain information about ourselves that previous token-based systems don't

oke
Télécharger la présentation

Security in Cyberspace

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Torbjörn Lundqvist Security in Cyberspace

  2. Overview • Written on the body: Biometrics and Identity, Irma van Der Ploeg • In what way does biometrics contain information about ourselves that previous token-based systems don't • Terrorism or Civil Disobedience: Toward a Hacktivist Ethic, Mark Manion & Abby Goodrum • How does one go about distinguishing computer terrorism from civil disobediance, and in what way does one define the ethics of hacking and civil disobediance?

  3. Privacy and Security • Security: • Ambiguous, Safety vs. security distinction, being free from danger, hard to assure • Computer security vs. data security, protection from worms, hackers vs. data loss • Privacy: • Often used synonymously with “anonymity” • Psychological Privacy/ Informational privacy • Control vs. Restricted Access theory • Impossible without security

  4. Security • As an ethical issue: is true security achievable? If so: is it desirable? Conflict: • Pros • anonymity and privacy can be ensured (on a personal level, information-restriction becomes easier) • Identity can be established more easily (seems to conflict with the latter) • Cons • Anonymity and privacy can lead to unlawful behavior (due to the ease of restricting information) • “Easy identification” makes it harder to hide from others (again, conflict with the latter)

  5. Biometrics • In what way does biometrics contain information about ourselves that common token-based systems don't? • How can this information be used to ”ensure our security” by ”invading our privacy”?

  6. Biometrics • Van der Ploeg: In 1996 I-scan software implemented in the Department of Public Affairs in Illinois • All welfare clients were called to an interview, and made to submit a retinal scan • Failure to comply meant disqualification from social service benefits and other sanctions • Reason: The need to ensure against social welfare fraud

  7. Biometrics • Biometrics: stipulated as “The Collection of physical features using a sensory device to record digital representations of physical features unique to the individual” • Retinal scan • Fingerprints • Voice patterns • Movements/Body odor

  8. Biometrics • The method consists of using digital representations as templates to which a match is made upon identification, if the template matches the sample the subject is known, if not, the subject is unknown Match, Known T1 TX Sample Template: Stored indefinetly Sample Mismatch, Unknown

  9. Biometrics • Older systems of identification, ID-cards etc. are ”token-based”, biometrics are not • ”Biometrics are turning the human body into the universal id of the future” ABC News Jan 15, 1998 • Possible buyers: military forces, governments, private corporations • Development of genetic API in 1998 • BioAPI Consortium – IBM, Microsoft, Novell, Compaq • Specifications for a global standard to allow easy implementation of biometrics into computer software begins

  10. Biometrics • Of course: Biometrics is concerned with maintainence of security through identity check • Question: what is identity? Can identity be established in relation to the human body • Van der Ploeg • Biometrics requires a theory of identity that takes the body and the embodied nature of subjectivity into full account • there is a need to investigate what kind of body the biometric body is

  11. Biometrics • van Kraligen (Biometrician) – Distinction of identity and verification of identity • Biometrics is regarded as the later • Schrectman (Philosopher), Philosophical distinction between • Identity • Sameness of body (where identity is to self knowledge what sameness of body is to re-identification) • Necessary and sufficient conditions why p1 is p1 at both T1 and T2?

  12. Biometrics • ... is able to detect both sameness and difference of ”token”, (token-based systems can't) • ... can re identify the body, but of course, not the ”essence” or ”beliefs and values” of the individual • ... may seem to be able to be better at establishing psychological identity, but due to the above, cannot be any more effective than token-based systems

  13. Biometrics • Since the body is very much a part of personal identity, and ”identity” can be regared as more profound than ”sameness of body” • it may be easy to identify the body using biometrics, however, it is highly difficult to characterize a psychological individual over time, • Parfit (Reasons & Persons): Personality does not persist over time • P.: Personality changes over time, token identity does not, and we can not be certain that psychological identity changes over time • P.: Wether or not psychological identity persists over time is therefore not relevant • P.:What matters – psychological connectedness (of memory and character) between p1 and p2 over time • From this perspective. Biometrics is not any better in characterizing the psychological identity of the individual

  14. Biometrics • van der Ploeg: • identity can be viewed from a third person perspective (sameness of person) • Identity can be viewed from a first person perspective (self knowledge) • The distinction between can lead to an assumption that biometrics is only concerned with ”sameness of person”, but, the person is a ”performance piece”

  15. Biometrics • Van der Ploeg: • Personality is something that is constantly being reshaped by (among other things) information technology • With information technology, it becomes possible to fragment personal identity • Suddenly bodies are irrelevant to identity, identification may be near impossible without the use of the body as identification

  16. Biometrics • The problem is of course that biometrics removes the boundaries between nature and culture, • Split second identification makes it possible to map identity patterns over individuals that may not exist, • Van der Ploeg: biometrics investigations prompts cultural determinism. One is judged but rather by ones cultural background and previous exploits

  17. Hacktivism • Terrorism or Civil Disobedience: Toward a Hacktivist Ethic, Mark Manion & Abby Goodrum • How does one go about distinguishing computer terrorism from civil disobediance, and in what way does one define the ethics of hacking and civil disobediance?

  18. Hacktivism • Terrorism vs. civil disobedience • “One mans terrorist is another mans freedom fighter” - William Laqueur, 1977 • Violence breeds more violence, Non-violence does not, (Ghandi, “Satyagraha”) • Violent struggle vs. civil disobedience • Peaceful breaking of unjust laws (direct action) • Non-violent protest: Boycotts, sanctions, “sabotage” (s. f. Plowshares-movement), “information-war” • Non-violent protest takes moral high-ground, in that it confronts power without resorting to violence • Protesters take responsibility of their actions, (imprisonment, etc.)

  19. Hacktivism • Hacktivism • “The (sometimes) clandestine use of computer hacking to help advance political causes” - Manion and Goodrum • Hacking • “The practice of exploiting or gaining unauthorized access to computer systems through clever tactics and detailed knowledge” - Wikipedia

  20. Hacktivism • Hackers attack commercial websites – Feb. 8, 2000 • 18 page statement, claiming responsibility is released (MSNBC) • Alleged reason: Growing commodification and capitalization of the Internet • No one is arrested, no one is charged

  21. Hacktivism • Valentines day, 2000, plowshares movement restricts access to Faslane naval base, Scotland • Faslane is the base of UK Trident-class submarines • Reason: These submarines are armed with nuclear weapons • Plowshares movement claims responsibility due to ethical concerns • 185 arrested

  22. Hacktivism • 1998, Eugene Kashpureff usurps traffic from interNIC – Manion & Goodrum • Action taken non-anonymously • Ethically motivated, protest of domain-name policy • Jailed as result • “Under a government which imprisons any unjustly, the true place for a just man is also a prison” - David Henry Thoreau, 1849

  23. Hacktivism • Hacktivism, civil disobedience? • Has been used to protest • Anti-democratic crackdowns in china • Indonesian occupation of west-timor • Human rights abusers • Targets • Governments & national security • Private industry and intellectual property • Human rights abusers

  24. Hacktivism • Core principles – Manion & Goodrum • No damage done to persons or property • Non-violent • Not for personal Profit • Ethically motivated • Willingness to accept personal responsibility for ones actions

  25. Hacktivism • Hacktivism, cyber-terrorism? • RAND Corp. John Arquilla and David Ronfeldt • “Netwar” - The study of network based conflict and crime, Networks and Netwars, 2001 • “... terrorist and social activist organizations will be most effective if they develop networking capabilities ... attuned to the information age.” • “If governmental powers can understand how modern-day netwar organizations are formed, they may be better able to target and dismantle those terrorist ... groups ...” • “Act of violence for the purpose of intimidating or coercing a government or civilian population” - US Law

  26. Hacktivism • Internet provides forums for the organization of Electronic Civil Disobedience (ECD) – Manion & Goodrum • What CONSTITUTES Hacktivism (or ECD) • Running FloodNet? • Hacking CNN.com? • The point is not destruction of information, rather disruption of the flow of information • New type of non-violent protest? • If so: why is hacking judged harsher than traditional non-violent protests?

  27. Hacktivism • “Legitimate Hacking”? • First objective of invasion: control information • S.f. The Phone book (don't trust the media) • Information Warfare (Op. Desert Storm) • Propaganda (WW2) • When is it okey to breach security? • Whenever it does not concern us? • Whenever it concerns multinational cooperations? • Whenever it concerns other governments? • Whenever there is a need for it? • Who decides? • Whenever it happens in our favor? • Whenever “we” condone it?

  28. Hacktivism • Often, Hackers take stance against warfare and even information war • Against the LoU “Declaring war in anyone is a most deplorable act” (2600, CDC, ) - Hackernews 12/28/98 • Why label the hacktivist as a terrorist? • Labeling the hacktivist as a threat to security furthers legitimization of erasure of individual privacy

  29. Hacktivism • Is hacking democratic activity? (Levy 1984) • Freedom of information • Computer access • Mistrust Authority – Promote decentralization • Do these principles conflict with the tenants of democracy? • Foucault – Failure to confirm authority leads to uproar (Foucault 1987) • For whom does hacking really compromise security?

More Related