1 / 19

“Electronic Surveillance, Security, and Privacy”

“Electronic Surveillance, Security, and Privacy”. Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002. Overview of the Talk. Overview of electronic surveillance, before and after September 11 Security vs. privacy Security and privacy.

adrienne-conway
Download Presentation

“Electronic Surveillance, Security, and Privacy”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Electronic Surveillance, Security, and Privacy” Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002

  2. Overview of the Talk • Overview of electronic surveillance, before and after September 11 • Security vs. privacy • Security and privacy

  3. Wiretaps and Surveillance • History of wiretaps • 2000 Administration proposal • 2001 USA Patriot Act

  4. Wiretap History • 1920s Olmstead • Wiretaps permitted by police without warrant where tap applied outside your home • 1960s Katz • Reasonable expectation of privacy, even in a phone booth • 1968 Title III • Strict rules for content, more than probable cause, as a last resort, reporting requirements

  5. History (cont.) • 1984 ECPA • Some protections for e-mail • Some protections for to/from information; pen registers (who you call); trap and trace (who calls you)

  6. 2000 Administration Proposal • How to update wiretap and surveillance for the Internet age • 15-agency White House working group • Legislation proposed June, 2000 • S. 3083 • Hearings and mark-up in House Judiciary, further toward privacy than our proposal

  7. 2000 Administration Proposal • Update telephone era language • Upgrade email and web protections to same as telephone calls • Identify new obstacles to law enforcement from the new technology • Sense of responsibility -- assure privacy, give law enforcement tools it needs

  8. 2001 USA Patriot Act • Introduced less than a week after September 11 • Key provisions often have a point, but maybe went too far • 4 year “sunset” for many surveillance provisions and what to do next

  9. Emergency orders • Before, “imminent threat” of serious harm to get wiretap before a court order • Now, for any ongoing computer attack, or else ability to trace back may be lost • For anything affecting “a national security interest” • Are these too broad?

  10. Roving taps • Old days, order for each phone • What if suspect buys a dozen disposable cell phones? Uses someone else’s computer? • But, how far can the order rove? Anyone in the public library? • Problem -- less of a suppression remedy for email and web use

  11. Nationwide trap and trace • Old days, serve order on ATT and it was effective nationwide • Today, e-mail may travel through a half-dozen providers, have needed that many court orders • New law -- one order effective nationwide • Query -- order from a judge in Idaho, served late at night, how do you challenge that?

  12. Computer trespasser exception • Previous law: • ISP can monitor its own system • ISP can give evidence of yesterday’s attack • ISP cannot invite law enforcement in to catch the burglars • Problem for: • DOD and many hack attacks • Small system owners who need help

  13. Computer trespasser proposal • Law enforcement can “surf behind” if: • Targets person who accesses a computer “without authorization” • System owner consents • Lawful investigation • Law enforcement reasonably believes that the information will be relevant • Interception does not acquire communications other than those transmitted to or from the trespasser

  14. Computer trespasser • Issues of concern: • Never a hearing in Congress on it • No time limit on each use • No reporting requirement • FBI can ask the ISP to invite it in, and then camp at ISP permanently • Limited suppression remedy if go outside permitted scope

  15. II. Security & Privacy After 9/11 • Less tolerance for hackers and other unauthorized use • Cyber-security and the need to protect critical infrastructures such as payments system, electricity grid, & telephone system • Greater tolerance for surveillance, which many people believe is justified by greater risks

  16. Security vs. Privacy • Security sometimes means greater surveillance, information gathering, & information sharing • USA Patriot increases surveillance powers • Computer trespasser exception • Moral suasion to report possible terrorists

  17. Security and Privacy • Good data handling practices become more important -- good security protects information against unauthorized use • Audit trails, accounting become more obviously desirable -- helps fight sloppy privacy practices • Part of system upgrade for security will be system upgrade for other requirements, such as privacy

  18. In Conclusion • USA Patriot has 4 year sunset of many of the surveillance provisions • Imagine an architecture that meets legitimate security needs and also respects privacy • Need accountability to ensure the new powers are used wisely • Our homework -- how to do that wisely

  19. Contact Information • Professor Peter P. Swire • phone: (301) 213-9587 • email: pswire@law.gwu.edu • web: www.osu.edu/units/law/swire.htm

More Related