Privacy
& security in a wireless world
Wireless
Silicon Valley is a project of Joint Venture Silicon Valley. JVSC has
been promoting ICT infrastructure projects since the mid-90's when it
sponsored "Smart Valley" loosely based on Singapore's
Intelligent Island but without the intense government
involvement. This morning's program is cosponsored by the Santa Clara
University Markkula Center for Applied Ethics and the Center for
Science, Technology, and Society.
Several
towns in the Silicon Valley cloud now offer Internet access via a
wireless network installed by a commercial partner. Some are
ad-supported such as Google's in Mountain View or the one in Santa
Clara, where this workshop is being held. However, it
does not work inside the theater on the Santa Clara University
campus. Connection strength varies as you drive around town, but
registration is fairly simple, though a first time Internet user
would have problems because they demand an email address. What
if you want to get online to get one?
This
meeting brings speakers from law enforcement, library, corporate, and
the ACLU which has long been an advocate for stronger privacy
protection. It is timely because recent articles this past week have
pointed up the weakness of popular unlicensed networks
such as wi-fi hotspots. Commonly available software called packet
sniffers allows snoops to capture data flowing across such open
networks.
At
the opening I counted 65 in the audience (14 women) while Russell
Hancock, CEO JVSV mad some opening remarks including
"We
are frustrated that the technologies we have developed are still not
implemented here compared with other geographic areas." There is
a wireless task force comprised of CIOs from cities in the region.
They issued an RFP with help from Intel and the 'community
of vendors' replied. One will be recommended with a press release by
September 5.
Context:
when you build something new there are issues, and large ubiquitous
wireless systems include privacy and security concerns. In this
network operators will know when and where a connection is made. Some
of these systems are supported by advertisements,
and they want to know a lot about who is using the system.
Al
Hammond. a law professor and head of the Broadband Institute
moderated the session. He summarized why there is uneven access to
high speed access. He says that without BB, "cities will be left
behind." Cities that are reluctant to use taxes to provide this
network will allow commercial providers to have access to subscriber
data. <Well, cities and other regions are "left behind"
for other reasons besides not having a high speed infrastructure for
telecommunications.>
Wireless:
easier to tap into and there are greater risks to individual privacy:
and general security issues for companies and government. Different
policy options:
-free
and anonymous access. Leave it to the user
-Registered
access: know at all times who is using the system
-Active
court ordered surveillance: warrants and subpoenas used to restrain
govt. intervention.
Policy
question for the task force:
-How
should this project manage these issues?
How
much of the response. to protect privacy and sec should be for cities
or providers or the user?
Once
allocated, how should the protection of privacy and security be
accomplished?
An
agenda and some short position papers were handed out. These will be
on the project web site shortly, according to Seth Feary who leads
the task force.
Nicole
Ozer,
ACLU: [email protected] one of 3 lawyers tracking new tech for the
ACLU. Community members should not have to pay with their privacy to
use a free municipal system. Wireless SV did not include a question
about privacy and free speech but did say it would
count a lot in the final decision. <the head of the task force
said it was discussed already> All three finalists get a failing
grade. they track who you are, where you are, and what you are
looking at. All of it could be disposed to other parties. It's
as if you had free phones around town, but there would be ads and all
calls would be monitored. The California Constitution guarantees
privacy and it can't be bought sold or traded. These finalists say
that if you have money you can have some privacy.
It's up to WSV to have a fast, secure network that protects our
privacy.
Don't
track users from session to session. This creates a profile in a
database. All three have a failing grade for this. Our data should
not be commercialized.
Legal
demands: notice should be given, with court.
The
less info kept the better.
Sherman
Hall, former
IT guy now with the Atherton Police Department. The competing
pressures: privacy vs security. anonymity vs. tracking: He is
assigned to REACT (a law enforcement TF) and computer forensics.
Generally savvy and supporter of the status quo, as it exists
today. With complete anonymity there is no deterrent. Record
retention: 90 days. He explained the lag time in a credit card theft,
the red tape in a police dept. There will be more sniffing in this
open network. He said there is a barrier to getting
warrants because of limited resources. Ozer challenged him on this,
saying there were provisions for telephone warrants.
Graham
Barnes,
Covad NextWeb They are not bidders in the project. We are caught in
the middle. With the freedom comes an openness that includes some
tradeoffs the user may not understand. Last month was the first time
there are more broadband subscribers(200 Kb/sec or
greater) than dialup in the U.S. Two ways of producing revenue:
tracking aggregate data. he claims single user data is not valuable
to anyone. But he mentions targeted advertising, a la Google.
Lauren
Gelman, Stanford Internet Center. said there's another model to let
the market figure out who puts repeaters on the city phone poles. It
need not be a monopoly. She seemed to agree with much of what Ozer
said.
John
Tuomy,
Secure Content, Inc. Working with school boards on IT security
issues. The federal government is not funding ed tech any more. Most
superintendents feel like they can't handle any more complexities.
School officials are risk averse and they want to protect
their kids and data about families. There are more that 1000 schools
in many districts for this project. There are great benefits and
risks. Equal access to families will be useful to those who can't
or won't afford it.
SANS
institute said that last week was the greatest week for break-ins.
Most take place in school and university computer networks. Dangers
of porn and My Space. but the universal access will be valuable. This
service should not be tied to a credit card. That's
why prepaid cell phones are so important in the walled garden of
cellular services. Educators don't want a wide-open system; they want
to track 'evildoers.'
Jane
Light
San Jose Public Library. We have 10 years experience in providing
public access to the Internet. We have about 1.2 million sessions a
year on 600 computers. Some do not have access at home; some do. We
have fast access and researchers use it along with other
sources such as printed matter and site-licensed databases in the
library. More importantly is our many years of experience in
providing free and open access and ensuring that it is free to
people. Library users expect that their use won't be tracked.
Our records are kept confidential unless there is a court order, but
this is rare.
Many
libraries have added wireless service to their wired networks. This
JV program is a governmental action we are taking, so we have to give
much more thought to privacy issues. The standard enduser agreement
is completely inadequate for a municipally sponsored
project. It's too complicated. the public expects that the muni
access will protect their privacy. Wifi does not do much for those
who have no computer. It's a short term issue because of the
development of new generation cell phones.
Q&A
In
other muni systems these issues have not been addressed properly,
especially San Francisco dealing with Google and Earthlink.
Can
there be software to detect sniffers and other problem users? Google
is going to provide a virtual private network client in Mountain
View. this will allow users to encrypt their traffic. <But will
they, any more than parents use filters or V-chip on television
sets?>
Graham:
"when people think they are using the I anonymously and they are
not, that is the real challenge."
A
big problem is that several vendors want to take a credit card to use
the system. Of course this cuts out a lot of kids and people with
poor credit or no card. Library card should not be used as a
universal identifier. It's exempt from the public records
act. A credit card is not fair. We could use a student ID.
Gelman
said we might have a pre-paid card for a small amount of time. She
thinks this would 'address the digital divide issue" but this
seems ludicrous for what is billed as a free service at one tier. Why
should people have to buy something that's free?
How
do you audit compliance with the provisions in a service. Hall:
there's a civil incentive to conform to what they say they will do.
Ozer: the Calif article one section one, digital issues are handled.
The
session ended promptly at 10 a.m. In two hours there were a lot of
positions stated clearly but little heated debate. As the task force
negotiates with the finalists it is hard to understand how they can
convince the provider not to "monetize" the user's
information and adequately protect our privacy. Much of the public
seems willing to give up some privacy and civil rights in a perceived
exchange for coupons, free services, and to support the federal
government's war on terror. Think of it, the city of
San Jose controls the airport and the library. The intrusions and
safety measures we put up with at airports is getting worse and will
spread to other parts of our daily life while the oasis of the
library where the system is meant to serve and protect the
user is not appreciated enough for the values it helps preserve. -Steve Cisler
Recent Comments