1 / 35

The Year Trust Died: Cyber security in the post-Snowden era – a scoping exercise Ian M. Kenway

This scoping exercise explores the impact of Edward Snowden's revelations on cyber security, including NSA/GCHQ programs, official responses, global fallout, and new initiatives. It discusses the implications for privacy and trust, and explores the possibility of a new digital Magna Carta.

johnsa
Télécharger la présentation

The Year Trust Died: Cyber security in the post-Snowden era – a scoping exercise Ian M. Kenway

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Year Trust Died: Cyber security in the post-Snowden era – a scoping exercise Ian M. Kenway Informatics Research Group Seminar COMSC Cardiff University 24 March 2014

  2. Schema • Introduction • Edward Snowden – saint or sinner or neither? • NSA/GCHQ programmes • Official Responses • Global Fallout • Lavabit – a cautionary tale • A Perfect Storm • New Initiatives (Bitcloud, MaidSafe, Blackphone) • The Lives of Others • A New Magna Carta? • UNESCO and WSIS • Conclusions • Q&A/Discussion Slide2 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  3. Slide3 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  4. Edward Snowden – bare metal history (I) born June 21, 1983 an American computer specialist former employee of the Central Intelligence Agency (CIA) and former contractor for the National Security Agency (NSA) came to international attention when he disclosed thousands of classified documents to several media outlets on May 20, 2013, Snowden flew from Hawaii to Hong Kong, where he later met with journalists Glenn Greenwald and Laura Poitras and shared numerous documents. on June 21 the U.S. Justice Department charged Snowden with espionage and his passport was revoked by the State Department the next day Snowden flew from Hong Kong and landed at Moscow's Sheremetyevo International Airport on June 23, reportedly for a one-night layover en route to Ecuador remained stranded in the airport transit zone until August 1, when the Russian government granted him a one-year temporary asylum Slide4 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  5. Edward Snowden – bare metal history (II) leaked documents revealed operational details of global surveillance programs run by the NSA and the other Five Eyes governments of the United Kingdom, Australia, Canada, and New Zealand, with the cooperation of a number of businesses and European governments awarded the biennial German "whistleblower prize" in August 2013 presented with the Sam Adams Award by a group of four American former intelligence officers and whistleblowers in October 2013 voted Guardian ‘Person of the Year’ 2013 and named Time's Person of the Year runner-up 2013, behind Pope Francis gave Channel 4’s ‘Alternative Christmas Message’ 2013 elected Rector of Glasgow University March 2014 Slide5 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  6. Bibliography No Place to Hide: Edward Snowden, the NSA and the Surveillance State Glenn Greenwald The Snowden Files: The Inside Story of the World's Most Wanted Man Luke Harding The Snowden Operation: Inside the West's Greatest Intelligence Disaster Edward Lucas Slide6 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  7. The Snowden Files: The Guardian’s Overview “The Snowden files reveal a number of mass-surveillance programs undertaken by the NSA and GCHQ. The agencies are able to access information stored by major US technology companies, often without individual warrants, as well as mass-intercepting data from the fibre-optic cables which make up the backbone of global phone and internet networks. The agencies have also worked to undermine the security standards upon which the internet, commerce and banking rely.” “The revelations have raised concerns about growing domestic surveillance, the scale of global monitoring, trustworthiness of the technology sector, whether the agencies can keep their information secure, and the quality of the laws and oversight keeping the agencies in check. The agency is also required to abide by the European Convention on Human Rights.” Slide7 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  8. The NSA Programmes PRISM “Prism is a top-secret $20m-a-year NSA surveillance program, offering the agency access to information on its targets from the servers of some of the USA’s biggest technology companies: Google, Apple, Microsoft, Facebook, AOL, PalTalk and Yahoo. The UK’s spy agency GCHQ has access to Prism data” “NSA documents suggest the agency can use Prism to access information “directly from the servers” of US companies – a claim they strongly deny. Other documents showed the NSA had paid out millions of dollars to “Prism providers”, and showed Microsoft had helped the NSA circumvent its users’ encryption.” The Guardian Slide8 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  9. The NSA Programmes TEMPORA “The UK’s GCHQ spy agency is operating a mass-interception network based on tapping fibre-optic cables, and using it to create a vast “internet buffer”, named Tempora – a kind of Sky+ for huge amounts of data flowing in and out of the UK. The content of communications picked up by the system are stored for three days, while metadata – sender, recipient, time, and more – is stored for up to thirty days. Metadata is effectively the "envelope" of a communication: who it's from, when it was sent and from where, and who it's to, and where - but not the actual contents of the communication.” “The system, part of GCHQ’s stated goal to "Master the Internet", is enabled using a little-known clause of a law passed in 2000 for individual warranted surveillance, known as RIPA. The telecoms companies involved in the surveillance program were later named as BT, Verizon Business, Vodafone Cable, Global Crossing, Level 3 Viatel and Interoute.” The Guardian Slide9 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  10. The NSA Programmes PHONE COLLECTION “The very first story from the NSA files showed the agency was continuing a controversial program to collect the phone records (“metadata”) of millions of Americans – a scheme begun under President Bush. The scheme was widely believed to have been scrapped years before.” “The program, which was re-authorised in July [2013], allows the agency to store who Americans contact, when, and for how long. The agency is not, however, allowed to store the contents of calls. The Obama administration later released hundreds of pages of confidential documents about the program, showing aspects of the surveillance had at one stage been judged unconstitutional by secret oversight courts.” The Guardian Slide10 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  11. The NSA Programmes UPSTREAM “Upstream” refers to a number of bulk-intercept programs carried out by the NSA, codenamed FAIRVIEW, STORMBREW, OAKSTAR and BLARNEY. Like similar GCHQ programs, upstream collection involves intercepting huge fibre-optic communications cables, both crossing the USA and at landing stations of undersea cables. The collection, which relies on compensated relationships with US telecoms companies, allows the NSA access to huge troves of phone and internet data, where at least one end of the communication is outside of the country. Later disclosures revealed the NSA keeps all the metadata it obtains through Upstream and Prism in a database system called MARINA for 12 months. The Guardian Slide11 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  12. The NSA Programmes CRACKING CRYPTOGRAPHY “The NSA and GCHQ have been undertaking systematic effort to undermine encryption, the technology which underpins the safety and security of the internet, including email accounts, commerce, banking and official records.” “The NSA has a $250m-a-year program working overtly and covertly with industry to weaken security software, hardware equipment, and the global standards on security, leading experts to warn such actions leave all internet users more vulnerable.” “Both agencies’ codenames for their ultra-secret programs are named after their countries' respective civil war battles: BULLRUN for the NSA, and EDGEHILL for GCHQ.” The Guardian Slide12 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  13. The NSA and Surveillance. Simples! [Click above for link to website & video!] Slide13 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  14. Official Responses in USA and UK • Barack Obama • “Given the fact of an open investigation, I’m not going to dwell on Mr Snowden’s actions or motivations.” • “I will say that our nation’s defence depends in part on the fidelity of those entrusted with our nation’s secrets. • “If any individual who objects to government policy can take it in their own hands to publicly disclose classified information, then we will never be able to keep our people safe, or conduct foreign policy.” Slide14 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  15. Official Responses in USA and UK David Cameron • “I think the public reaction as I judge it has not been one of 'shock horror!' but one of 'intelligence agencies carry out intelligence work: good‘” Slide15 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  16. Official Responses in USA and UK General Keith Alexander (Head of NSA) • “[Edward Snowden] betrayed the trust and confidence we had in him. This was an individual with top secret clearance whose duty it was to administer these networks. He betrayed that confidence and stole some of our secrets," Slide16 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  17. Official Responses in USA and UK Sir Iain Lobban (Head of GCHQ) • "We do not spend our time listening to the telephone calls or reading the e-mails of the majority, of the vast majority. That would not be proportionate, it would not be legal. We do not do it…If you are a terrorist, a serious criminal, a proliferator, a foreign intelligence target or if your activities pose a genuine threat to the national or economic security of the UK, there is a possibility that your communications will be monitored, as in we will seek to read, we will seek to listen to you…If you are not, and if you are not in contact with one of those people, then you won't be. We are not entitled to.” Slide17 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  18. Official Responses in USA and UK Dame Eliza Manningham-Buller (Former Head of MI5) • "I do understand that there are people who think he has done a public service and who applaud him but I can't really be one of them because what neither the Guardian nor really anyone, including me, can judge is what damage he has done to counter-terrorism…It was impossible for anyone other than the security services to know what terror plots had "gone dark" as a result of the information being made public or which might not now be investigated, not now be thwarted…My concern is the damage which I don't think anybody outside of the intelligence community can really detect or judge…I don't think those who have published can possibly work out what those consequences are because they don't have access to the information." Slide18 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  19. Snowden: Global Fall Out – Diplomatic/Political/Corporate • The US spies 'tapped Angela Merkel's mobile phone for ten years' (The Independent) • NSA tracked 60 million Spanish phone calls in a single month (ITProPortal) • Germany's Merkel sends intelligence delegation to US (BBC) • India plans to restrict email use after NSA leaks (BBC) • NSA hid spy equipment at embassies, consulates (ZDNet) • Schmidt: NSA spying on Google "not OK" (ZDNet) • New data storage demands may put companies off Brazil (ZDNet) • Over 170 Australian sites hit by Anonymous Indonesia in retaliation for NSA spying (ITProPortal) Slide19 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  20. Snowden: Global Fall Out – Diplomatic/Political/Corporate • NSA director set to lose powers over US cyber warfare and defence (ITProPortal) • NSA and GCHQ mass surveillance is violation of European law, report finds (The Guardian) • GCHQ head defends cyber espionage operations (ITPro) • Germany brings anti-spying bill to the UN, meets with US intelligence (ZDNet) • Information commissioner voices fears over scale of NSA surveillance (The Guardian) • Brazil debates internet law in wake of NSA scandal (BBC) • President of Estonia pushes for common systems across Europe (ZDNet) • Google, Nokia, Ericsson, Samsung clueless on NSA's phone stalking (ZDNet) • Abbott refuses to address claims of Australian spying on Indonesian President (ZDNet) Slide20 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  21. Snowden: Global Fall Out – Diplomatic/Political/Corporate • Security expert: NSA "broke" the Internet (ITProPortal) • Yahoo bolsters encryption after NSA data center link tapping (ZDNet) • NSA spy program ignored rules designed to protect privacy (ZDNET) • Norway logged 33 million phone calls for NSA (ITProPortal) • U.S. Senators: 'No evidence' that NSA metadata collection is useful (ZDNet) • Icann chief: shift away from US 'is the way forward' (The Guardian) • NSA spies on its own 'Five-Eyes' spy partners (ZDNet) • Tim Berners-Lee: UK and US must do more to protect internet users' privacy (The Guardian) • NSA 'collected details of online sexual activity' of Islamist radicals (The Guardian) • Microsoft to encrypt network traffic amid NSA datacenter link tapping claims (ZDNet) Slide21 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  22. Snowden: Global Fall Out – Diplomatic/Political/Corporate • Microsoft labels US government "persistent threat" amid anti-spying overhaul (ITProPortal) • AT&T: We don't have to disclose any NSA co-operation, not even to shareholders (ZDNet) • Snowden document reveals extent of NSA/Canadian collaboration (ZDNet) • NSA review panel recommends sweeping changes to surveillance tactics (ITProPortal) • Judge: NSA phone metadata surveillance likely unconstitutional (ZDNet) • IBM sued for cooperating with NSA for spy program (ZDNet) • NSA leaks mean Germans no longer trust their own government's online services (ZDNet) • GCHQ and NSA targeted charities, Germans, Israeli PM and EU chief (The Guardian) • RSA denies taking $10m from NSA to default backdoored algorithm (ZDNet) • ACLU sues US government over NSA spying (BBC) • Zuckerberg claims US government ‘really blew it’ on data collection programs (ITProPortal) Slide22 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  23. Snowden: Global Fall Out – Diplomatic/Political/Corporate • European Parliament Report Criticises UK for Mass Internet Surveillance (ISPreview) • The NSA's impact on US datacenter hosting (ZDNet) • RSA speakers and sponsors drop out over NSA allegations (ITPro) • NSA bulk surveillance has 'no discernible impact' on the prevention of terrorism (Wired) • Blackphone creates NSA-proof smartphone for post-Snowden era (ITProPortal) • Obama presents NSA reforms with plan to end government storage of call data (The Guardian) • US telecoms giants express unease about proposed NSA metadata reforms (The Guardian) • NSA scandal: New accusations leave Vodafone "shocked and surprised" by 200m texts intercepted by UK spooks (ITProPortal) • Google's Eric Schmidt denies knowledge of NSA data tapping of firm (The Guardian) Slide23 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  24. Snowden: Global Fall Out – Diplomatic/Political/Corporate • RSA Conference walkouts set up rival event following NSA row (ZDNet) • Estonian IT security chief: "I don't want to use American encryption anymore" (ITProPortal) • UK must justify GCHQ's spying activities to European Court of Human Rights (Wired) • Merkel rebukes US, UK over surveillance (ZDNet) • NSA used LinkedIn to steal secrets from Belgian cryptographic expert (ITProPortal) • Tim Berners-Lee: we need to re-decentralise the web (Wired) • EU calls for dilution of US control over internet (The Telegraph) • Data protection: Angela Merkel proposes Europe network (BBC) • NSA-dodging undersea cable to connect Brazil and EU (Wired) • GCHQ shocked by "intimate bodyparts" while spying on millions of webcams (ITProPortal) • Privacy advocates block NSA from destroying phone call records (ZDNet) • An online Magna Carta: Berners-Lee calls for bill of rights for web (The Guardian) Slide24 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  25. Snowden: Global Fall Out – Diplomatic/Political/Corporate • NSA: Our zero days put you at risk, but we do what we like with them (ZDNet) • Mark Zuckerberg 'confused and frustrated' by US spying (BBC) • US government to surrender control of Internet (ZDNet) • Australia endorses US withdrawal from internet control (ZDNet) • IBM denies assisting NSA in customer spying (ZDNet) • US set to give up control over Internet addresses in 2015 (ITProPortal) • Obama meets tech giants to discuss concerns over NSA surveillance (BBC) Slide25 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  26. Lavabit – a cautionary tale [Click above for link to website!] Slide26 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  27. A Perfect Storm Edward Snowden’s disclosures took place against the backcloth of a growing concern about the role of national governments, international corporations, telcos and other third parties in the development of the internet and mobile telephony since the mid-noughties. Such concerns include: privacy issues relating to social media the use of personal data for ad placements governmental pressures on search engines and ISPs to take on a censorship role re adult pornography, radical politics, illegal file-sharing etc. net neutrality issues data and metadata retention rise of sophisticated hacking techniques and zero-day exploits against vulnerable systems and devices phone hacking by journalists tax avoidance regimes and lack of accountability of international corporations Slide27 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  28. Bitcloud [Click above for link to website!] Slide28 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  29. MaidSafe [Click above for link to website & video!] Slide29 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  30. Blackphone [Click above for link to website & video!] Slide30 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  31. The Lives of Others A panoptical surveillance society? Why this all matters! Slide31 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  32. A New Magna Carta? “It's time for us to make a big communal decision. In front of us are two roads - which way are we going to go? “Are we going to continue on the road and just allow the governments to do more and more and more control - more and more surveillance? “Or are we going to set up a bunch of values? Are we going to set up something like a Magna Carta for the world wide web and say, actually, now it's so important, so much part of our lives, that it becomes on a level with human rights?” (Sir Tim Berners-Lee, 12 March 2014) Slide32 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  33. UNESCO and WSIS [Click above for link to website!] Slide33 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  34. A Conclusion (of Sorts!) Security and trust in cyberspace is as much about political will and maturity as it is about technical prowess or vigilance. “Information security can’t be divorced from the issue of public trust. And public trust is ultimately not in the gift of politicians, technocrats or policy makers – however gifted or driven – but can only be realised in genuinely participative forms of polis – where critical questions are encouraged rather than suppressed.” * * (Ian Kenway, Royal Society, 15 March 2004) Slide34 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

  35. Q & A Discussion Slide35 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise

More Related