slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Overview PowerPoint Presentation


296 Vues Download Presentation
Télécharger la présentation


- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. “Better Security and Privacy for Home Broadband”Peter P. SwireMoritz College of LawThe Ohio State UniversityMorrison & Foerster LLPPrivacy 2002 ConferenceSeptember 26, 2002

  2. Overview • Home broadband benefits and risks • Existing proposals for the security risks • Internet privacy as a useful analogy • A proposal to speed protection of security and privacy in home broadband

  3. I. Home Broadband • Benefits of home broadband • 56 K dial-up not good enough • Slows growth of e-commerce and the economy • Educational and many other desirable aps • Consensus policy goal to encourage home broadband • Similarly, encourage small business broadband

  4. Risks of Home Broadband • “Always on” • Static or near-static IP addresses help attackers • Attackers scan for weak defenses, and can get in before the user signs off • Broadband • Broadband itself makes many attacks easier -- bigger pipe to the home computer • Broadband means that user can do applications and not notice the “overhead” of spyware or non-approved uses

  5. “Wipeout” -- Risks to the Individual User • Many users have no firewall or virus detection • Risk of virus -- lose data or wrecked hardware • Risk of no firewall -- attacker takes control of the home computer • HARD to install today -- often not part of standard installation

  6. “Zombie” -- Risks to Critical Infrastructure • Zombie sites controlled by the attacker • Used to launch distributed denial of service attacks in winter, 2000 • Can be used to disguise source of all cyber-attacks (attack coming from John Smith’s home) • Now installing millions of broadband users, each a potential zombie site

  7. II. Proposed Solutions • Draft Cybersecurity Report, 9/02 • Correctly identifies the risk to critical infrastructure • Recommendation that home broadband users “should consider installing firewall software.” • Recommendation that it is important to update this software regularly

  8. Solution -- User Education • FTC Commission Swindle initiative on home computer security • Yes, an essential part of the solution • How to move users up the learning curve? • Car users learn they have to get an oil change -- government doesn’t require them every 3,000 miles • Publicity, education are essential

  9. Solution -- Legislation? • I don’t think so. • Do we know how to write one rule for the diversity of home computer systems? • DSL and Cable • Different sorts of home, small business users • Very hard to write the rules

  10. Legislation (continued) • Should solutions be hardware or software? • What about the liability for ISPs or software vendors? • Would take a long time to work out these complex issues, even if legislation were a desirable outcome • Conclusion -- do not support legislation, at least until we have tried other routes

  11. III. Internet Privacy as an Analogy • Similar structure -- how make progress on a social concern (privacy, security) while encouraging use of the technology (the Web, broadband) • Similar complexity and fear of legislation • So many kinds of web sites, did not even know what a good privacy policy would look like • Now, so many kinds of broadband -- we don’t know the one best approach

  12. Internet Privacy Comparison • Role of Bully Pulpit • Involvement of Dept. of Commerce Secretary Daley in making the case for better Internet privacy -- praise for industry leaders • Involvement of FTC, including Chairman Pitofsky • The role of public reporting • 1998, survey shows 15% have privacy policies • 2000, survey shows 88% have privacy policies

  13. Internet Privacy Comparison • Why we got progress on Internet Privacy • Public reporting -- pressure not to be a laggard • Leadership by the Administration -- privacy policy was the right thing to do • Credible, often unstated threat, that would have more intrusive government action if industry did not act responsibly

  14. IV. Sketch of a Proposal • Recognize home broadband risks: • Security of home computer (“wipeouts”) • Security of critical infrastructure (“zombies”) • Risk to privacy of home users when attackers get through • Administration leadership on the issue • Praise for industry leaders • Message to industry -- patriotic duty to respond to these important threats

  15. Proposal (continued) • How to create information and surveys about installation of protection • Reporting by ISPs? • Reporting by major software vendors? • Other ways to learn the baseline of having protection and progress over time? • The Federal government should lead by example, be a place to try out solutions

  16. Conclusion • Known, significant cybersecurity and privacy problem of unprotected home broadband • How to get on a path to improvement • Vital now as millions of broadband users -come on-line • Without legislation, we can create momentum for much better protection