Date post: | 26-Mar-2015 |
Category: |
Documents |
Upload: | bryan-myers |
View: | 213 times |
Download: | 0 times |
Copyright,2012
1
Security, for SocietyA View from the End of the World
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor in Computer Science, ANU, CanberraVisiting Professor in Cyberspace Law & Policy, UNSW, Sydney
http://www.rogerclarke.com/EC/SforS-120625 {.html, .ppt}
Copenhagen – 25 June 2012
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
The Danish Council for Greater IT-Security
Danish Society of Engineers (IDA)Subgroup on IT (IDA-IT)
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.In Association with CBIT, Roskilde University
Copyright,2012
2
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
http://www.odt.org/southupmaps.htm
Copyright,2012
3
Security, for SocietyA View from the End of the World
Aims
• Provide an Australian Perspective on some current themes in Data and IT Security
• Consider some broader aspects of Security
• Note tensions within and between Perspectives
• Present a security analysis of Danish Society
Copyright,2012
4
The Notion of Security
Security is used in at least two senses:• a Condition in which harm does not
arise, despite the occurrence of threatening events
• a Set of Safeguards whose purpose is to achieve that Condition
Copyright,2012
5
The Scope of Security
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2012
6
The Conventional IT Security ModelThreats impinge on Vulnerabilities, resulting in
Harm
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Copyright,2012
7
The Organisational Scope of Security
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2012
8
Important IT Security Considerations• Data Security
Environmental, second-party and third-party threats to content, both in remote storage and in transit
• Authentication and AuthorisationHow to provide clients with convenient access to data and processes in the cloud, while denying access to imposters?
• Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity
• Susceptibility to DDOSMultiple, separate servers; but choke-points will exist
Copyright,2012
9
Maladjustment• Malcontent
Spam, Email-Attachments, Downloads• Malware
Malcontent in the form of softwareUses a Vector, to deliver a Payload,
which is Invoked, and results in Harm • Malbehaviour
Flaming, Incitement, Social EngineeringHacking / Cracking / Break-InDefacing, Accessing, Changing,
DestroyingDenial of Service
Copyright,2012
10
Basic Architecture forIT Security Safeguards
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
ExternalSecurity
InternalSecurity
PerimeterSecurity
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
Copyright,2012
11
Key IT Security Safeguard Categories
External Security• Content Transmission
Security ('Confidentiality')e.g. SSL/TLS
• Authentication of Sender, Recipient, Contente.g. Dig Sigs, SSL/TLS, Tunnelling, VPNs
• 'White Hat Hacking'• Network-Based
Intrusion Detection (ID)• ...
Perimeter SecurityInspection and Filtering• Traffic, i.e. 'Firewalls'• Malcontent, Malware
Internal Security• Access Control• Vulnerability Inspection• Intrusion (Threat) Detection• Safeguard Testing• Backup, Recovery,
'Business Continuity Assurance',incl. 'warm-site', 'hot-site'
Copyright,2012
12
Recent Australian IT Security Experience
• Seen as a Contingency not Business-As-Usual
• Strong tendency to suppress bad news• Investment and ongoing expense hard to
justify• Like all IT, subject to Outsourcing and
hence mostly ‘out of sight, out of mind’ and ‘we have people to do that kind of thing for us’
Copyright,2012
13
Recent Australian IT Security Experience
• Seen as a Contingency not Business-As-Usual• Strong tendency to suppress bad news• Investment and ongoing expense hard to
justify• Like all IT, subject to Outsourcing and hence
mostly ‘out of sight, out of mind’ and ‘we have people to do that kind of thing for us’
• Sporadic explosions of fervour, unsustained
Copyright,2012
14
Recent Australian IT Security Experience
• Seen as a Contingency not Business-As-Usual• Strong tendency to suppress bad news• Investment and ongoing expense hard to justify• Like all IT, subject to Outsourcing and hence
mostly ‘out of sight, out of mind’ and ‘we have people to do that kind of thing for us’
• Sporadic explosions of fervour, unsustained• Security companies have promised much, but
have never flourish as they were expected to
Copyright,2012
15
Organisational Perspective on Security1. Operational Qualities
• Fit – to users' needs, and customisability
• Reliability – continuity of operation
• Availability hosts/server/db readiness/reachability
• Accessibility network readiness
• Usability response-time, and consistency
• Robustness frequency of un/planned unavailability
• Resilience speed of resumption after outages
• Recoverability service readiness after resumption
• Integrity – sustained correctness of the service, and the data
• Maintainability – fit, reliability, integrity after bug-fixes & mods
http://www.rogerclarke.com/II/CCBR.html incl. enhancements to Avizienis et al. (2004)
Copyright,2012
16
Further Issues – Cloud Computing Perspective
2. Contingent Risks• Major Service Interruptions• Service Survival – supplier collapse or withdrawal
Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers
• Data Survival – data backup/mirroring/synch, accessibility
• Data Acessibility – blockage by opponents or a foreign power
• Compatibility – software, versions, protocols, data formats
• FlexibilityCustomisationForward-Compatibility to migrate to new levelsBackward-Compatibility to protect legacy systemsLateral Compatibility to enable dual-sourcing and escape
Copyright,2012
17
Further Issues – Cloud Computing Perspective
3. Commercial Disbenefits and Risks• Acquisition
• Lack of information• Non-Negotiability of Terms and SLA
• Ongoing• Loss of Corporate Expertise
re apps, IT services, costs to deliver• Inherent Lock-In Effect
from high switching costs, formats, protocols• High-volume Data Transfers
from large datasets, replication/synchronisation• Service Levels to the Organisation's
Customers
Copyright,2012
18
Further Issues – Cloud Computing Perspective
4. Compliance Disbenefits and Risks• General Statutory & Common Law Obligations
• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,
due diligence, business continuity, risk management• Security Treaty Obligations
• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental
• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)
Copyright,2012
19
Attacks
By Whom? Why?Principals
OpportunistsHacktivistsVigilantesOrganised CrimeCorporationsNation-States
AgentsMercenariesPrivate Military Corporations
Politics• Protest against Action• Retaliation / Revenge• Espionage
Economics• Financial Gain• Financial Harm
Social/Cultural Factors• Challenge• Dispute• Celebration
Copyright,2012
20
Recent Australian Experience• Sporadic Emphasis on
but Limited Understanding of:• Risk Assessment• Risk Management• Governance
• Ambivalence about Cloud Computing
• Data Leakage• Supplier Reliability
• Service Provision• Data Availability
• Jurisdictional Location of Data
Copyright,2012
21
A Broader Scope for Security
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
CompetitionCollaboration, esp. re IT Infrastructure
Copyright,2012
22
A Yet Broader Scope for Security
IT Infrastructure for Economic Development‘Critical IT Infrastructure’
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2012
23
Recent Australian Experience• Malware Detection and Eradication
• Corporate Devices• Consumer Devices
• Botnets• Zombie Detection and
Eradication
Copyright,2012
24
Recent Australian Experience• Malware Detection and Eradication
• Corporate Devices• Consumer Devices
• Botnets• Zombie Detection and
Eradication• Internet-Connected SCADA
Copyright,2012
25
Recent Australian Experience• Malware Detection and Eradication
• Corporate Devices• Consumer Devices
• Botnets• Zombie Detection and Eradication
• Internet-Connected SCADA• Moral Minority Desires re Censorship• IP -Dependent Corporation Desires• Nation-State Desires – ITU vs. TCP/IP
Copyright,2012
26
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
http://idealab.talkingpointsmemo.com/2012/06/un-proposals-to-regulate-internet-are-troubling-leaked-documents-reveal.php
http://www.internetgovernance.org/2012/06/21/threat-analysis-of-the-wcit-4-cybersecurity/
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2012
27
Tensions• Between Organisational Objectives
• Certain Costs vs. Contingent Costs• Financial Cost vs. Non-
Quantifiables• Business-as-usual vs. Invisibles
Copyright,2012
28
Tensions• Between Organisational Objectives
• Certain Costs vs. Contingent Costs• Financial Cost vs. Non-Quantifiables• Business-as-usual vs. Invisibles
• Between Alternative Scopes• A bot doesn’t harm the host, so
there’sno incentive to fix it (an ‘externality’)
• Copyright material on P2P networks• Organisational, Sectoral, National
and Supra-National Agency Interests
Copyright,2012
29
A Mostly-Forgotten Scope for Security
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2012
30
Current Australian Issues inConsumer and Citizen Security
• Data BreachesNotificationCivil and Criminal Liability
• ePaymentsMobile / SmartphonesVisa PayWave, MCard PayPass
• Social MediaIts Anti-Social Business Model Unconscionable Terms of ServiceActual Abuse of Consumer DataThe Coming Google-Acxiom Merger
• Smart Meters• The Internet of Things
Copyright,2012
31
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
The Many Scopes of Security
Copyright,2012
32
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
What about ‘Humanity’? ‘The Biosphere’?
Copyright,2012
33
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
And where is ‘National Security’?
Copyright,2012
34
Is this ‘National Security’?
The protection of a nation from attack or other danger by holding adequate armed forces and guarding state secrets
Encompasses economic security, monetary security, energy security, environmental security, military security, political security and security of energy and natural resources
http://definitions.uslegal.com/n/national-security/
Copyright,2012
35
Or is this ‘National Security’?
• Public SafetyMayhem in marketplaces, bombs in aircraftMajor Events, e.g. Olympics, Euro 2012
• Prominent Person SafetyBush and Blair; Rushdie and Kurt WestergaardGx, APEC, CHOGM, ...
• Critical Infrastructure SecurityBombs in ports, ships, railways, energy, ...Anthrax in the water supply, ...
Copyright,2012
36
Social Control MeasuresJustified by ‘National Security’
Data Consolidation
Identity• Consolidation• Nymity Denial• Identity
Management
Surveillance• Physical• Communications• Data• Location and
Tracking• Content Experience
and Behaviour• Body Experience
and Behaviour
Copyright,2012
37
Why is ‘National Security’Exempt from Key Evaluation
Principles?
• Justification• Relevance• Effectivenes
s• Proportionality• Transparency• Accountability
Copyright,2012
38
Elements of Social Control Architecture
• A National ID Scheme• Imposed Singular Identities for all
purposes• Imposed Singular eIdentities and
'Portals'• Biometric Id and/or Authentication
• Physical Location and TrackingCheckpoints, Video Surveillance, ANPR
• Network-Traffic SurveillancePublic-Private Partnerships
Copyright,2012
39
Denmark’s Central Person Register (CPR)
and Civil Registration System (CRS)• Is obligatory and universal• Includes birthdate, gender in the ID No.• Consolidates all basic personal data
and makes it widely available• across all government agencies• across increasingly large segments
of the private sector• Is proposed for expansion, in terms of:
• users• uses• data-items
http://www.cpr.dk Id=4327 27/09/2001
Copyright,2012
40
The Elements of a National Identity Scheme
1. A Database2. A Unique Signifier for
Every Individual1. A 'Unique Identifier'2. A Biometric Entifier
3. An (Id)entification Token (such as an ID Card)
4. Quality Assurance Mechanisms1. Mechanisms for (Id)entity Authentication2. Mechanisms for (Id)entification
5. Widespread Use1. Widespread Data Flows Containing the Identifier2. Widepread Use of the (Id)entifier3. Widespread Use of the Database
6. Obligations1. Obligations Imposed on Every Individual2. Obligations Imposed on Many Organisations
7. Sanctions for Non-Compliance
http://rogerclarke.com/DV/NatIDSchemeElms.html
Copyright,2012
41
E-BOKS / e-Posthuset
• Is integrated with, or at least dependent on,the CPR/CRS and Personal Identification No.
• Is designed as the primary channel for all government communications to citizens
• Is imposed on all government employees• Offers itself as a repository for id
documents
Copyright,2012
42
Digital Signatures / NemID• Is designed to force all activities into a single
identity per person, consolidating all personas, and thereby creating a honeypot for agencies, for corporations and for intruders
• Enables the service provider to commit masquerade
• Imposes trojan client-software that has access to all resources on the consumer/citizen’s devices
Copyright,2012
43
Digital Signatures / NemID• Is designed to force all activities into a single identity
per person, consolidating all personas, and thereby creating a honeypot for agencies, for corporations and for intruders
• Enables the service provider to commit masquerade• Imposes trojan client-software that has access to all
resources on the consumer/citizen’s devices
• NemID = Nemesis In Danish• Nemesis: 'divine retribution against those
who succumb to arrogance before the gods'
Copyright,2012
44
Abuse of Social Control Architecture
• By an Unelected Government• an invader• military putsch
• By an Elected Government• that acts outside the law • that arranges the law as it wishes• that reflects temporary public
hysteria
Copyright,2012
45
A New Digital Security Model
• In a highly-interconnected world,Perimeter Security / The Walled Fortressdoesn't work any more
• The new Core Principle:
When-not-if unauthorised access happens,
make sure that the data is valueless to anyone other than the user-
organisation
Copyright,2012
46
A New Digital Security ModelSome Implementation Techniques
• Obscure the content and identities(Only the user-organisation has the decryption-key)
• Use pseudo-identifiers not identifiers(Only the user-organisation has the cross-index)
• Split the content into 'small enough' morsels(Only the user-organisation has the whole picture)
• Authenticate attributes rather than identities
NITTA (2011) 'New Digital Security Models' National IT and Telecom Agency, Copenhagen, February 2011, http://digitaliser.dk/resource/896495
Copyright,2012
47
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
http://en.itst.dk/
Copyright,2012
48
Denmark is a World Leader
• GDP per capita (7th)• Export Value per capita (9th)• Corruption Index (2nd)• Highly flexible labour market• High Minimum Wage (1st)• No-Fee Tertiary Education• Human Development Index
(16th)• Happiness Index (1st)
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
Copyright,2012
49
Security Analysis of Danish Society – 1
• 75% of GDP and Export is Industrial Productincl. Consumer Products, Lego, Hifi, Wind Turbines, Greentech, ..., also Architecture
• Labour cost is very high• Agility is critical to sustained success• Stability, creativity and adaptability of the
workforce are critical, to ensure agility
• Social control, surveillance and a climate of suspicion are incompatible with Agility
Copyright,2012
50
Security Analysis of Danish Society – 2
• World’s largest public sector (30% of workforce)
• World’s highest taxes• World’s most privacy-intrusive government• Recent substantial centralisation of a
previously highly distributed public sector• LOTS to lose (see previous slide)
• So there is scope for nervousness and discontent
Copyright,2012
51
Security Analysis of Danish Society – 3
• The population is highly homogeneous (90% Danish)
• People like it like that• The Muslim population has reached 3%• This has resulted in anti-immigration sentiment
and very tough immigration laws• That encourages reprisals by activist Muslims
• So there is scope for repressive measures
Copyright,2012
52
Security Analysis of Danish Society – 4
• The pre-conditions for despotism arelargely fulfilled already – CPR/CRS, NemID, ...
• So there is scope for rapid introduction of repressive measures
• That would create a vicious spiral of discontent, more repressive measures, more active expressions of discontent, etc.
Copyright,2012
53
Security, for SocietyA View from the End of the World
Recapitulation
• Security, even when limited to data and IT,can be approached with varying scope
• There are tensions within each perspective,and tensions between perspectives
• As a society, we’re not doing it very well• Most countries have let national security
extremists flout basic security principles• Denmark is in a precarious position
Copyright,2012
54
Security, for SocietyA View from the End of the World
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor in Computer Science, ANU, CanberraVisiting Professor in Cyberspace Law & Policy, UNSW, Sydney
http://www.rogerclarke.com/EC/SforS-120625 {.html, .ppt}
Copenhagen – 25 June 2012
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
The Danish Council for Greater IT-Security
Danish Society of Engineers (IDA)Subgroup on IT (IDA-IT)
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.In Association with CBIT, Roskilde University
Copyright,2012
55
Copyright,2012
56
Why Privacy is Important• Philosophically – for 'human dignity' and integrity,
and individual autonomy and self-determination• Psychologically – in public spaces as well as private• Sociologically – people need to be free to behave,
and to associate with others, subject to broad social mores, but without the continual threat of being observed
• Economically – innovators are 'deviant' from the norms of the time. The chilling effect of surveillance stifles innovation. People in countries with high labour-costs need to be free to innovate
• Politically – freedom to think, argue, and act underpins democracy. Surveillance chills behaviour and speech, and undermines democracy
Copyright,2012
57
Counterveillance Tenets• Terrorism is not new, and not unusual• The 'power to weight ratio' of a single strike has
increased (because fewer terrorists can deliver a bigger payload), but this has only limited implications for public policy
• Reactionary Extremism must not be accepted at face value
• National security and law enforcement interests mustnot be granted carte blanche to do whatever they wish
• Secrecy is not a necessary pre-condition of security• It is illegitimate to treat what are really 'public safety'
issues as though they were 'national security' matters• Counter-Terrorism is not dependent on everyone
being limited to a single State-managed identity
Copyright,2012
58
Counterveillance Principles1. Independent Evaluation of Technology2. A Moratorium on Technology
Deployments3. Open Information Flows4. Justification for Proposed Measures5. Consultation and Participation6. Evaluation7. Design Principles
1. Proportionality2. Independent Controls3. Nymity and Multiple Identity
8. Rollback
Copyright,2012
59
Design PreceptsEvery human entity has lots to hide
It's in society's interests to enable people to hide information,in order to support freedoms to express, invent, innovate
Every human entity has multiple identities, and needs them
Identity management has to encompass nymity, accepting anonymity, and facilitating pseudonymity
Pseudonymity balances social, economic and political freedoms, on the one hand, and accountability, on the other
We need credible 'strong pseudonymity', that is proof against breaches by powerful governments and corporations
Copyright,2012
60
NamesCodes
Roles
Identifier + Data-Items
Identity andAttributes
RealWorld
AbstractWorld
Identity and Identifier
Copyright,2012
61
NamesCodes
Roles
Identifier + Data-Items
Identity andAttributes
RealWorld
AbstractWorld
Identity and Identifier
ModelWorld
Domain or SubjectWorld
Copyright,2012
62
Entity andAttributes
RealWorld
AbstractWorld
Identifier + Data-Items
Identity andAttributes
The Entity/ies underlying an Identity
Copyright,2012
63
Entity andAttributes
RealWorld
AbstractWorld
Entifier + Data-Items
Identifier + Data-Items
Identity andAttributes
Entity and Entifier
Copyright,2012
64
Entity andAttributes
RealWorld
AbstractWorld
Record:
Entifier + Data-Items
Record:
Identifier + Data-Items
Identity andAttributes
Record:
Nym + Data-Items
Identity andAttributes
m
n
m
n
1
1 1
n n n
Nymity
Copyright,2012
65
Identity Authentication and Authorisation
Its Application to Access Control
Pre-Authenticationof Evidence of
Identity or Attribute
Permissions Storeor Access
Control List
Authenticationusing the Issued
Authenticator
AuthorisationAccessControl
Registerof
Authenticators
Copyright,2012
66
Uses of Biometrics
1. For (Id)entificationA process to find 1-among-many, in order toanswer the question 'Who is it?'
2. For (Id)entity AuthenticationA process to test 1-to-1, in order to help answer the question 'Is this the person who you think it is?'
3. For Attribute Authentication w/- (Id)entity
A process to help answer the question'Does this person (whoever they are) have the attribute they purport to have?'
Copyright,2012
67
The Huge Quality Problemswith Biometric Applications
Dimensions of Quality
• Reference-Measure• Association• Test-Measure• Comparison• Result-Computation
Other Aspects of Quality
• Vulnerabilities• Quality Measures• Counter-Measures• Spiralling
Complexity
Copyright,2012
68
7. Digital Signatures and ...
A string of characters that the Sender adds to a messageThe Theory: Only the entity that has access to the relevant Private Key can have possibly sent the message
... Public Key Infrastructure (PKI)
A substantial set of equipment, software, procedures andorganisations necessary to generate and protect key-pairs,generate signatures, publish public keys and revocations,pre-authenticate signors, authenticate signatures, assure quality, insure participants, prosecute the guilty
Copyright,2012
69
What a Digital Signature Actually Means
A Digital Signature attests only that:
the message was signed by a devicethat had access to the private key
that matches the public key
Copyright,2012
70
18 Myths relating to (Id)Entity
1 - An identity exists in an organisation's database2 - You only have one identity 3 - Each identity is used by only one person4 - A biometric is a human identifier5 - Organisations create and manage identities6 - Identity Management Products actually work7 - It's generally necessary to authenticate identity ...
Copyright,2012
71
9 Only cheats/crims/terrorists have something to
hide10 Cheats etc. can be deterred, prevented and
caught, without creating a society worse than one that contains cheats etc.
11 Nyms are for cheats
12 Privacy-Enhancing Technologies (PETs) don't pay13 Data silos are bad14 Identity silos are bad15 Biometric schemes actually work16 Biometric schemes combat terrorism17 Imposed biometric schemes will work18 An id scheme is just another business systemClarke R. (2008) '(Id)Entities (Mis)Management: The Mythologies
underlying the Business Failures' Invited Keynote at 'Managing Identity in New Zealand', Wellington NZ, 29-30 April 2008, at http://www.rogerclarke.com/EC/IdMngt-0804.html
Copyright,2012
72
The Paradox of Security
• Security measures threaten security
Copyright,2012
73
Another MythYou can’t have privacy if you want
security• Yes, if course privacy protections are used by
people for anti-social and criminal ends• But the privacy advocacy argument is not
extremist like the national security agenda• Privacy protections are about:
• Justification, not Blithe Assumptions• Proportionality, not simplistic notions like
‘Zero-Tolerance’ and ‘we need to do anything that might help us wage the war on terrorism’
Copyright,2012
74
Basic Requirements of aSmartCard (Id)entity Authenticator (1 of
2)
• Restrict identified transaction trails to circumstances in which they are justified (because of the impossibility of alternatives)
• Sustain anonymity except where it is demonstrably inadequate• Make far greater use of pseudonymity, using protected indexes• Make far greater use of attribute authentication• Implement and authenticate role-ids rather than person-ids• Use (id)entity authentication only where it is essential• Sustain multiple specific-purpose ids, avoid multi-purpose ids• Ensure secure separation between applications
Copyright,2012
75
Basic Requirements of aSmartCard (Id)entity Authenticator (2 of
2)• Ownership of each card by the individual, not the State• Design of chip-based ID schemes transparent and certified• Issue and configuration of cards undertaken by multiple
organisations, including competing private sector corporations, within contexts set by standards bodies, in consultation with government and (critically) public interest representatives
• No central storage of private keys• No central storage of biometrics• Two-way device authentication, i.e. every personal chip must
verify the authenticity of devices that seek to transact with it, and must not merely respond to challenges by devices
Copyright,2012
76
'Natural' Extensions
• Biometrics
• Location and Tracking• Physical Space• Network Space
Copyright,2012
77
Concepts of Location and Tracking
• Location – knowing the whereabouts of something, in relation to known reference points
Physical Space, Network Space, Intellectual Space, ...
Precision, Accuracy, Reliability, Timeliness, ...
• Tracking – knowing the sequence of locations of something over a period of time
• Real-Time-Tracking• Retrospective Tracking
• Predictive Tracking
Copyright,2012
78
Terrorists, Organised Crime, Illegal Immigrants
Benefits Are Illusory• Mere assertions of benefits, no explanation:
‘it’s obvious’, ‘it’s intuitive’, ‘of course it will work’,all of which are partners to simplistic notions like ‘Zero-Tolerance’ and ‘we need to do anything that might help us wage the war on terrorism’
• Lack of detail on systems design• Continual drift in features
• Analyses undermine the assertions• Proponents avoid discussing the analyses
Copyright,2012
79
Miscreants (Benefits Recipients, Fine-Avoiders, ...)
Benefits May Arise, But Are Seriously Exaggerated
• Lack of detail on systems design• Continual drift in features• Double-counting of benefits from the
ID Scheme and the many existing programs
• Analyses undermine the assertions• Proponents avoid discussing the analyses
Copyright,2012
80
Conclusion
• PETs can address some PITs, but a nightmare-free Australia Card is not feasible
• Any intellectual, and any regulator, who accommodates a national identification scheme, is selling-out liberty, and derogating their duties as human beings
• We must not be cowed by either of the twin terrors of Islamic Fundamentalism and National Security Fundamentalism