The Year Trust Died: Cyber security in the post-Snowden era a scoping exercise Ian M. Kenway Informatics Research Group Seminar COMSC Cardiff University 24 March 2014 Slide 1 Schema 1. 2. 3. 4. 5. 6.
7. 8. 9. 10. 11. 12. 13. Introduction Edward Snowden saint or sinner or neither? NSA/GCHQ programmes Official Responses Global Fallout Lavabit a cautionary tale A Perfect Storm New Initiatives (Bitcloud, MaidSafe, Blackphone) The Lives of Others A New Magna Carta?
UNESCO and WSIS Conclusions Q&A/Discussion The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 2 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 3 Edward Snowden bare metal history (I) born June 21, 1983
an American computer specialist former employee of the Central Intelligence Agency (CIA) and former contractor for the National Security Agency (NSA) came to international attention when he disclosed thousands of classified documents to several media outlets on May 20, 2013, Snowden flew from Hawaii to Hong Kong, where he later met with journalists Glenn Greenwald and Laura Poitras and shared numerous documents. on June 21 the U.S. Justice Department charged Snowden with espionage and his passport was revoked by the State Department the next day Snowden flew from Hong Kong and landed at Moscow's Sheremetyevo International Airport on June 23, reportedly for a one-night layover en route to Ecuador remained stranded in the airport transit zone until August 1, when the Russian government granted him a one-year temporary asylum
The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 4 Edward Snowden bare metal history (II) leaked documents revealed operational details of global surveillance programs run by the NSA and the other Five Eyes governments of the United Kingdom, Australia, Canada, and New Zealand, with the cooperation of a number of businesses and European governments awarded the biennial German "whistleblower prize" in August 2013 presented with the Sam Adams Award by a group of four American former intelligence officers and whistleblowers in October 2013 voted Guardian Person of the Year 2013 and named Time's Person of the Year runner-up 2013, behind Pope Francis
gave Channel 4s Alternative Christmas Message 2013 elected Rector of Glasgow University March 2014 The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 5 Bibliography No Place to Hide: Edward Snowden, the NSA and the Surveillance State Glenn Greenwald The Snowden Files: The Inside Story of the World's Most Wanted Man Luke Harding The Snowden Operation: Inside the West's Greatest Intelligence Disaster Edward Lucas The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise
Slide 6 The Snowden Files: The Guardians Overview The Snowden files reveal a number of mass-surveillance programs undertaken by the NSA and GCHQ. The agencies are able to access information stored by major US technology companies, often without individual warrants, as well as mass-intercepting data from the fibre-optic cables which make up the backbone of global phone and internet networks. The agencies have also worked to undermine the security standards upon which the internet, commerce and banking rely. The revelations have raised concerns about growing domestic surveillance, the scale of global monitoring, trustworthiness of the technology sector, whether the agencies can keep their information secure, and the quality of the laws and oversight keeping the agencies in check. The agency is also required to abide by the European Convention on Human Rights.
The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 7 The NSA Programmes PRISM Prism is a top-secret $20m-a-year NSA surveillance program, offering the agency access to information on its targets from the servers of some of the USAs biggest technology companies: Google, Apple, Microsoft, Facebook, AOL, PalTalk and Yahoo. The UKs spy agency GCHQ has access to Prism data
NSA documents suggest the agency can use Prism to access information directly from the servers of US companies a claim they strongly deny. Other documents showed the NSA had paid out millions of dollars to Prism providers, and showed Microsoft had helped the NSA circumvent its users encryption. The Guardian The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 8 The NSA Programmes TEMPORA The UKs GCHQ spy agency is operating a mass-interception network based on tapping fibre-optic cables, and using it to create a vast internet buffer, named Tempora a kind of Sky+ for huge amounts of data flowing in and out of the UK. The content of communications picked up by the system are stored for three days, while metadata
sender, recipient, time, and more is stored for up to thirty days. Metadata is effectively the "envelope" of a communication: who it's from, when it was sent and from where, and who it's to, and where - but not the actual contents of the communication. The system, part of GCHQs stated goal to "Master the Internet", is enabled using a little-known clause of a law passed in 2000 for individual warranted surveillance, known as RIPA. The telecoms companies involved in the surveillance program were later named as BT, Verizon Business, Vodafone Cable, Global Crossing, Level 3 Viatel and Interoute. The Guardian The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 9 The NSA Programmes PHONE COLLECTION
The very first story from the NSA files showed the agency was continuing a controversial program to collect the phone records (metadata) of millions of Americans a scheme begun under President Bush. The scheme was widely believed to have been scrapped years before. The program, which was re-authorised in July , allows the agency to store who Americans contact, when, and for how long. The agency is not, however, allowed to store the contents of calls. The Obama administration later released hundreds of pages of confidential documents about the program, showing aspects of the surveillance had at one stage been judged unconstitutional by secret oversight courts. The Guardian The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise
Slide 10 The NSA Programmes UPSTREAM Upstream refers to a number of bulk-intercept programs carried out by the NSA, codenamed FAIRVIEW, STORMBREW, OAKSTAR and BLARNEY. Like similar GCHQ programs, upstream collection involves intercepting huge fibre-optic communications cables, both crossing the USA and at landing stations of undersea cables. The collection, which relies on compensated relationships with US telecoms companies, allows the NSA access to huge troves of phone and internet data, where
at least one end of the communication is outside of the country. Later disclosures revealed the NSA keeps all the metadata it obtains through Upstream and Prism in a database system called MARINA for 12 months. The Guardian The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 11 The NSA Programmes CRACKING CRYPTOGRAPHY The NSA and GCHQ have been undertaking systematic effort to undermine encryption, the technology which underpins the safety and security of the internet, including email accounts, commerce, banking and official records.
The NSA has a $250m-a-year program working overtly and covertly with industry to weaken security software, hardware equipment, and the global standards on security, leading experts to warn such actions leave all internet users more vulnerable. Both agencies codenames for their ultra-secret programs are named after their countries' respective civil war battles: BULLRUN for the NSA, and EDGEHILL for GCHQ. The Guardian The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 12 The NSA and Surveillance. Simples! [Click above for link to website & video!]
The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 13 Official Responses in USA and UK Barack Obama Given the fact of an open investigation, Im not going to dwell on Mr Snowdens actions or motivations. I will say that our nations defence depends in part on the fidelity of those entrusted with our nations secrets. If any individual who objects to government policy can take it in their own hands to publicly disclose classified information, then we will never be able to keep our people safe, or conduct foreign policy.
The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 14 Official Responses in USA and UK David Cameron I think the public reaction as I judge it has not been one of 'shock horror!' but one of 'intelligence agencies carry out intelligence work: good The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 15
Official Responses in USA and UK General Keith Alexander (Head of NSA) [Edward Snowden] betrayed the trust and confidence we had in him. This was an individual with top secret clearance whose duty it was to administer these networks. He betrayed that confidence and stole some of our secrets," The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 16 Official Responses in USA and UK Sir Iain Lobban (Head of GCHQ) "We do not spend our time listening to the telephone calls or reading the e-mails
of the majority, of the vast majority. That would not be proportionate, it would not be legal. We do not do itIf you are a terrorist, a serious criminal, a proliferator, a foreign intelligence target or if your activities pose a genuine threat to the national or economic security of the UK, there is a possibility that your communications will be monitored, as in we will seek to read, we will seek to listen to youIf you are not, and if you are not in contact with one of those people, then you won't be. We are not entitled to. The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 17 Official Responses in USA and UK Dame Eliza Manningham-Buller (Former Head of MI5) "I do understand that there are people who think he has done a public service and who applaud him but I can't really be one of them because what neither the Guardian
nor really anyone, including me, can judge is what damage he has done to counterterrorismIt was impossible for anyone other than the security services to know what terror plots had "gone dark" as a result of the information being made public or which might not now be investigated, not now be thwartedMy concern is the damage which I don't think anybody outside of the intelligence community can really detect or judgeI don't think those who have published can possibly work out what those consequences are because they don't have access to the information." The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 18 Snowden: Global Fall Out Diplomatic/Political/Corporate The US spies 'tapped Angela Merkel's mobile phone for ten years' (The Independent) NSA tracked 60 million Spanish phone calls in a single month (ITProPortal) Germany's Merkel sends intelligence delegation to US (BBC) India plans to restrict email use after NSA leaks (BBC)
NSA hid spy equipment at embassies, consulates (ZDNet) Schmidt: NSA spying on Google "not OK" (ZDNet) New data storage demands may put companies off Brazil (ZDNet) Over 170 Australian sites hit by Anonymous Indonesia in retaliation for NSA spying (ITProPortal) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 19 Snowden: Global Fall Out Diplomatic/Political/Corporate NSA director set to lose powers over US cyber warfare and defence (ITProPortal) NSA and GCHQ mass surveillance is violation of European law, report finds (The Guardian) GCHQ head defends cyber espionage operations (ITPro) Germany brings anti-spying bill to the UN, meets with US intelligence (ZDNet) Information commissioner voices fears over scale of NSA surveillance (The Guardian)
Brazil debates internet law in wake of NSA scandal (BBC) President of Estonia pushes for common systems across Europe (ZDNet) Google, Nokia, Ericsson, Samsung clueless on NSA's phone stalking (ZDNet) Abbott refuses to address claims of Australian spying on Indonesian President (ZDNet) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 20 Snowden: Global Fall Out Diplomatic/Political/Corporate Security expert: NSA "broke" the Internet (ITProPortal) Yahoo bolsters encryption after NSA data center link tapping (ZDNet) NSA spy program ignored rules designed to protect privacy (ZDNET) Norway logged 33 million phone calls for NSA (ITProPortal) U.S. Senators: 'No evidence' that NSA metadata collection is useful (ZDNet)
Icann chief: shift away from US 'is the way forward' (The Guardian) NSA spies on its own 'Five-Eyes' spy partners (ZDNet) Tim Berners-Lee: UK and US must do more to protect internet users' privacy (The Guardian) NSA 'collected details of online sexual activity' of Islamist radicals (The Guardian) Microsoft to encrypt network traffic amid NSA datacenter link tapping claims (ZDNet) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 21 Snowden: Global Fall Out Diplomatic/Political/Corporate Microsoft labels US government "persistent threat" amid anti-spying overhaul (ITProPortal) AT&T: We don't have to disclose any NSA co-operation, not even to shareholders (ZDNet) Snowden document reveals extent of NSA/Canadian collaboration (ZDNet) NSA review panel recommends sweeping changes to surveillance tactics (ITProPortal)
Judge: NSA phone metadata surveillance likely unconstitutional (ZDNet) IBM sued for cooperating with NSA for spy program (ZDNet) NSA leaks mean Germans no longer trust their own government's online services (ZDNet) GCHQ and NSA targeted charities, Germans, Israeli PM and EU chief (The Guardian) RSA denies taking $10m from NSA to default backdoored algorithm (ZDNet) ACLU sues US government over NSA spying (BBC) Zuckerberg claims US government really blew it on data collection programs (ITProPortal) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 22 Snowden: Global Fall Out Diplomatic/Political/Corporate European Parliament Report Criticises UK for Mass Internet Surveillance (ISPreview) The NSA's impact on US datacenter hosting (ZDNet)
RSA speakers and sponsors drop out over NSA allegations (ITPro) NSA bulk surveillance has 'no discernible impact' on the prevention of terrorism (Wired) Blackphone creates NSA-proof smartphone for post-Snowden era (ITProPortal) Obama presents NSA reforms with plan to end government storage of call data (The Guardian) US telecoms giants express unease about proposed NSA metadata reforms (The Guardian) NSA scandal: New accusations leave Vodafone "shocked and surprised" by 200m texts intercepted by UK spooks (ITProPortal) Google's Eric Schmidt denies knowledge of NSA data tapping of firm (The Guardian) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 23
Snowden: Global Fall Out Diplomatic/Political/Corporate RSA Conference walkouts set up rival event following NSA row (ZDNet) Estonian IT security chief: "I don't want to use American encryption anymore" (ITProPortal) UK must justify GCHQ's spying activities to European Court of Human Rights (Wired) Merkel rebukes US, UK over surveillance (ZDNet) NSA used LinkedIn to steal secrets from Belgian cryptographic expert (ITProPortal) Tim Berners-Lee: we need to re-decentralise the web (Wired) EU calls for dilution of US control over internet (The Telegraph) Data protection: Angela Merkel proposes Europe network (BBC) NSA-dodging undersea cable to connect Brazil and EU (Wired) GCHQ shocked by "intimate bodyparts" while spying on millions of webcams (ITProPortal) Privacy advocates block NSA from destroying phone call records (ZDNet) An online Magna Carta: Berners-Lee calls for bill of rights for web (The Guardian) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise
Slide 24 Snowden: Global Fall Out Diplomatic/Political/Corporate NSA: Our zero days put you at risk, but we do what we like with them (ZDNet) Mark Zuckerberg 'confused and frustrated' by US spying (BBC) US government to surrender control of Internet (ZDNet) Australia endorses US withdrawal from internet control (ZDNet) IBM denies assisting NSA in customer spying (ZDNet) US set to give up control over Internet addresses in 2015 (ITProPortal) Obama meets tech giants to discuss concerns over NSA surveillance (BBC) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide
25 Lavabit a cautionary tale [Click above for link to website!] The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 26 A Perfect Storm Edward Snowdens disclosures took place against the backcloth of a growing concern about the role of national governments, international corporations, telcos and other third parties in the development of the internet and mobile telephony since the mid-noughties. Such concerns include:
privacy issues relating to social media the use of personal data for ad placements governmental pressures on search engines and ISPs to take on a censorship role re adult pornography, radical politics, illegal file-sharing etc. net neutrality issues data and metadata retention rise of sophisticated hacking techniques and zero-day exploits against vulnerable systems and devices
phone hacking by journalists tax avoidance regimes and lack of accountability of international corporations The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 27 Bitcloud [Click above for link to website!]
The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 28 MaidSafe [Click above for link to website & video!] The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 29 Blackphone
[Click above for link to website & video!] The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 30 The Lives of Others A panoptical surveillance society? Why this all matters! The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 31
A New Magna Carta? It's time for us to make a big communal decision. In front of us are two roads - which way are we going to go? Are we going to continue on the road and just allow the governments to do more and more and more control - more and more surveillance? Or are we going to set up a bunch of values? Are we going to set up something like a Magna Carta for the world wide web and say, actually, now it's so important, so much part of our lives, that it becomes on a level with human rights? (Sir Tim Berners-Lee, 12 March 2014)
The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 32 UNESCO and WSIS [Click above for link to website!] The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 33 A Conclusion (of Sorts!)
Security and trust in cyberspace is as much about political will and maturity as it is about technical prowess or vigilance. Information security cant be divorced from the issue of public trust. And public trust is ultimately not in the gift of politicians, technocrats or policy makers however gifted or driven but can only be realised in genuinely participative forms of polis where critical questions are encouraged rather than suppressed. * * (Ian Kenway, Royal Society, 15 March 2004) The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide
34 Q&A Discussion The Year Trust Died: Cyber security in the post-Snowden era - a scoping exercise Slide 35
This jurisdictional maze was first describe by Hawthorne in 1966, and restated in the report of the Royal Commission on the future of Health in Canada, the Romanow Report. As a result of the latter, new mechanisms have emerged to...
For the printing, go buy cardstock in the color you want your background to be. I downloaded AVERY software and used it to create the name tag. You can pull information from your google forms Excel sheet to load automatically...
Understanding the Failure of Well-intentioned Change Implementation has often resulted in two forms of non-change: false clarity without change and painful unclarity without change false clarity occurs when people think that they have changed but have only assimilated the superficial...
Long-term goal Contribute to understanding of the evolutionary, environmental and community forces that shape microbial communities. Objective of this application Improve or develop bioanalytical methods that will allow more rapid and effective studies of the proteome and the metabolome of...
Collectively these data suggest that there are differences in expression levels of SFRP1 and LC3 in keratoconus tissue compared to normal tissue. Low expressivity of SFRP-1 appeared to correspond with low expressivity of LC3 while medium-high expressivity of SFRP-1 corresponded...
Failure Modes Effect Analysis ... identify areas of our process that most impact our customers Helps us identify how our process is most likely to fail Points to process failures that are most difficult to detect Application Examples * Manufacturing:...
New York City. New York State . Federal . New York City covers more than a third of CUNY community colleges' operating budget. New York City has primary responsibility for the community colleges' capital budget, and the City Council provides...
Ready to download the document? Go ahead and hit continue!