Download Better Security and Privacy for Home Broadband

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Web of trust wikipedia , lookup

Malware wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Robbins v. Lower Merion School District wikipedia , lookup

Trusted Computing wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Unix security wikipedia , lookup

Computer security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Information privacy law wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Medical privacy wikipedia , lookup

Do Not Track legislation wikipedia , lookup

Privacy International wikipedia , lookup

Transcript 
“Better Security and Privacy for
Home Broadband”
Peter P. Swire
Moritz College of Law
The Ohio State University
Morrison & Foerster LLP
Privacy 2002 Conference
September 26, 2002
Overview
Home broadband benefits and risks
 Existing proposals for the security risks
 Internet privacy as a useful analogy
 A proposal to speed protection of security
and privacy in home broadband

I. Home Broadband

Benefits of home broadband
–
–
–
–
–
56 K dial-up not good enough
Slows growth of e-commerce and the economy
Educational and many other desirable aps
Consensus policy goal to encourage home
broadband
Similarly, encourage small business broadband
Risks of Home Broadband

“Always on”
–
–

Static or near-static IP addresses help attackers
Attackers scan for weak defenses, and can get
in before the user signs off
Broadband
–
–
Broadband itself makes many attacks easier -bigger pipe to the home computer
Broadband means that user can do applications
and not notice the “overhead” of spyware or
non-approved uses
“Wipeout” -- Risks to the
Individual User
Many users have no firewall or virus
detection
 Risk of virus -- lose data or wrecked
hardware
 Risk of no firewall -- attacker takes control
of the home computer
 HARD to install today -- often not part of
standard installation

“Zombie” -- Risks to Critical
Infrastructure

Zombie sites controlled by the attacker
–
–

Used to launch distributed denial of service
attacks in winter, 2000
Can be used to disguise source of all cyberattacks (attack coming from John Smith’s
home)
Now installing millions of broadband users,
each a potential zombie site
II. Proposed Solutions

Draft Cybersecurity Report, 9/02
–
–
–
Correctly identifies the risk to critical
infrastructure
Recommendation that home broadband users
“should consider installing firewall software.”
Recommendation that it is important to update
this software regularly
Solution -- User Education
FTC Commission Swindle initiative on
home computer security
 Yes, an essential part of the solution

–
–

How to move users up the learning curve?
Car users learn they have to get an oil change -government doesn’t require them every 3,000
miles
Publicity, education are essential
Solution -- Legislation?
I don’t think so.
 Do we know how to write one rule for the
diversity of home computer systems?

–
–
–
DSL and Cable
Different sorts of home, small business users
Very hard to write the rules
Legislation (continued)
Should solutions be hardware or software?
 What about the liability for ISPs or software
vendors?
 Would take a long time to work out these
complex issues, even if legislation were a
desirable outcome
 Conclusion -- do not support legislation, at
least until we have tried other routes

III. Internet Privacy as an
Analogy
Similar structure -- how make progress on a
social concern (privacy, security) while
encouraging use of the technology (the
Web, broadband)
 Similar complexity and fear of legislation

–
–
So many kinds of web sites, did not even know
what a good privacy policy would look like
Now, so many kinds of broadband -- we don’t
know the one best approach
Internet Privacy Comparison

Role of Bully Pulpit
–
–

Involvement of Dept. of Commerce Secretary
Daley in making the case for better Internet
privacy -- praise for industry leaders
Involvement of FTC, including Chairman
Pitofsky
The role of public reporting
–
–
1998, survey shows 15% have privacy policies
2000, survey shows 88% have privacy policies
Internet Privacy Comparison

Why we got progress on Internet Privacy
–
–
–
Public reporting -- pressure not to be a laggard
Leadership by the Administration -- privacy
policy was the right thing to do
Credible, often unstated threat, that would have
more intrusive government action if industry
did not act responsibly
IV. Sketch of a Proposal

Recognize home broadband risks:
–
–
–

Security of home computer (“wipeouts”)
Security of critical infrastructure (“zombies”)
Risk to privacy of home users when attackers
get through
Administration leadership on the issue
–
–
Praise for industry leaders
Message to industry -- patriotic duty to respond
to these important threats
Proposal (continued)

How to create information and surveys
about installation of protection
–
–
–

Reporting by ISPs?
Reporting by major software vendors?
Other ways to learn the baseline of having
protection and progress over time?
The Federal government should lead by
example, be a place to try out solutions
Conclusion
Known, significant cybersecurity and
privacy problem of unprotected home
broadband
 How to get on a path to improvement
 Vital now as millions of broadband users come on-line
 Without legislation, we can create
momentum for much better protection

Related documents
Universal Service Wireless Broadband Opportunities and Challenges
Universal Service Wireless Broadband Opportunities and Challenges
Powerpoint
Powerpoint
Document
Document
Congress Votes to Allow Broadband Providers
Congress Votes to Allow Broadband Providers
Hillary Clinton`s Broadband Strategy
Hillary Clinton`s Broadband Strategy
Pemiscot Memorial Health Systems
Pemiscot Memorial Health Systems
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Mobile Broadband Performance
Mobile Broadband Performance
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Slide 1
Slide 1