1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of...
-
Upload
prince-biles -
Category
Documents
-
view
212 -
download
0
Transcript of 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of...
![Page 1: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/1.jpg)
1
Is there privacy in the cloud?
The Snowden Effect
KP ChowDept of Computer ScienceUniversity of Hong Kong
July 2013
![Page 2: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/2.jpg)
Something you should know• Cloud computing has significant
implications for the privacy of personal information
• A user’s privacy and confidentiality risks vary significantly with the terms of service and privacy policy established by the cloud provider
• Law could oblige a cloud provider to examine user records for evidence of criminal activities
CISC 2
![Page 3: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/3.jpg)
Something you should know
• The legal status of some types of information may change when stored in the cloud
• The location of the information in the cloud may affect the privacy and confidentiality protections of the information
• Information in the cloud may have more than 1 legal location at the same time, with different legal consequence
CISC 3
![Page 4: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/4.jpg)
Something I didn’t know until June 2013, how about you?
• FISA and FISC• The PRISM• The MTI• …
CISC 4
“I don’t want to live in a society that does these sort of things… I do not want to live in a world where everything I do and say is recorded.” by Snowden (The Guardian, June 2013)
I learnt it from Snowden
![Page 5: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/5.jpg)
Who is Snowden?• American former CIA employee
• A former contractor for the NSA
• Leaked details of NSA mass surveillance programs to the
press• 2004: US Army Special Forces
• 2007: CIA computer technician, stationed with diplomatic
cover in Geneva, Switzerland, responsible for maintaining
computer network security
• 2009: left CIA and joined a private contractor inside an NSA
facility on a US military base in Japan
• 2013 (< 3 months): consultant with Booz Allen Hamilton as
a system administrator inside the NSA at the Kunia Regional
SIGINT Operations Center in Hawaii
![Page 6: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/6.jpg)
Disclosures Stories 5 June - a top secret order of Foreign Intelligence Surveillance Court (FISC)
Ordered a business division to provide metadata for all telephone calls “wholly within the United States, including local telephone calls” and all calls “between the United States and abroad.”
6 June – PRISM (begin from 2007)
A clandestine electronic surveillance program that allegedly allows the NSA to access e-mail, web searches, and other Internet traffic in real-time.
9 June – Boundless Informant
A system "details and even maps by country the voluminous amount of information [the NSA] collects from computer and telephone networks."
15 June - Government Communications Headquarters (GCHQ)
A British intelligence agency, worked jointly with the NSA to eavesdrop on a meeting of industrialized nations in London in 2009.
21 June -- GCHQ has secretly gained access to the network of cables and has started to process vast streams (The MTI Project)
![Page 7: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/7.jpg)
Major Programs/Events
• FISC (Foreign Intelligence Surveillance Court)
• PRISM Program and Boundless Informant• China and Hong Kong Hacking• GCHQ (Government Communication
Headquarters) & British eavesdropping• MTI (Master The Internet)
CISC 7
![Page 8: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/8.jpg)
8
FISC
CISC
![Page 9: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/9.jpg)
FISC
• Foreign Intelligence Surveillance Court (FISC) ordered a business division of Verizon Communications to provide “on an ongoing daily basis” metadata for all telephone calls “wholly within the United States, including local telephone calls” and all calls made “between the United States and abroad”
• NO CONTENT
CISC 9
![Page 10: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/10.jpg)
CISC 10
What are the metadata?• Caller and receiver• Caller and receiver current location• Length of call• …
![Page 11: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/11.jpg)
11
How the data was used?
CISC
Boundless Informant
![Page 12: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/12.jpg)
Boundless Informant• The NSA's powerful tool for cataloguing global
surveillance data – including figures on US collection
CISC 12
The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance). Note the '2007' date in the image relates to the document from which the interactive map derives its top secret classification, not to the map itself.
![Page 13: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/13.jpg)
Boundless Informant• Recording and analysing where its intelligence
comes from• Use advanced data mining techniques: details and
maps by country the voluminous amount of information it collects from computer and telephone networks
• Focus on counting and categorizing the records of communications, known as metadata, rather than the content of an email or instant message
• The agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013 13
![Page 14: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/14.jpg)
14
The Prism
CISC
Besides Verizon Communication, who else?
![Page 15: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/15.jpg)
The PRISM Program
The seal ofSpecial Source Operations, the NSA term for alliances with trusted U.S. companies.
The program is called
PRISM, after the prisms
used to split light, which
is used to carry
information on fiber-optic
cables.
This note indicates that the
program is the number one
source of raw intelligence used for NSA analytic
reports.
NSA slides explain the PRISM data-collection programhttp://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
![Page 16: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/16.jpg)
Monitoring a target's communication
NSA slides explain the PRISM data-collection programhttp://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
![Page 17: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/17.jpg)
Providers and data
NSA slides explain the PRISM data-collection programhttp://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
Why the companies willing to participate?
![Page 18: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/18.jpg)
Companies Participation
• Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA), the U.S. intelligence community can gain access to the servers of nine Internet companies for a wide range of digital data. (Washington Post 6 Jun 2013)
CISC 18
![Page 19: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/19.jpg)
Participating providers
NSA slides explain the PRISM data-collection programhttp://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
![Page 20: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/20.jpg)
The PRISM
• Data collected– Search history– Contents of emails– File transfers– Live chats
• NOT METADATA anymore, it includes contents
CISC 20
![Page 21: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/21.jpg)
Where is the law?
• Allows NSA to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders
• In the past, NSA needed individual authorization, and confirmation that all parties were outside USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA
CISC 21
![Page 22: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/22.jpg)
What the PRISM found
• The number of obtained communications increased in 2012 by 248% for Skype
• 131% increase in requests for Facebook data
• 63% increase in requests for Google data• Plan to add Dropbox as a PRISM provider
CISC 22
![Page 23: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/23.jpg)
If you are using the cloud and you don’t know where the data is,
CISC 23
It is very likely that NSA is watching you.
![Page 24: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/24.jpg)
If you are using the cloud and the data is moving around the world,
CISC 24
According to FISA, it is likely that NSA is gaining access to the servers that store the data.
![Page 25: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/25.jpg)
25
MTIMastering the Internet
CISC
The web is for everyone and so is surveillance.(The Guardian, 21 Jun 2013)
![Page 26: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/26.jpg)
MTI• Under GCHQ (Government
Communications Headquarters)• Mastering the Internet, started in 2007• Capture and analyse a large quantity of
international traffic consisting of– emails, texts, phone calls, internet searches,
chat, photographs, blogposts, videos and many uses of Google
• Collecting signals from up to 200 fiber-optic cables at the physical points of entry into the country, each with 10 gigabits per second, approx. 21.6 petabytes in a day
CISC 26
![Page 27: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/27.jpg)
Internet Buffer• Internet traffics into and out of UK are intercepted
and collected, then filtered to get rid of uninteresting content
• The filtered traffics are then stored: 3 days for content and 30 days for metadata
• Some degree of co-operation from companies operating either the cables or the stations which they came into the country: referred to as the “special source” provider
CISC 27
![Page 28: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/28.jpg)
Project Tempora• Core programme in MTI• The evolution of a secret programme to capture
vast amounts of web and phone data
CISC 28
![Page 29: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/29.jpg)
The “Real” Big Data
• MTI produces larger amounts of metadata collection than the NSA
• NSA analysts effectively exploit GCHQ metadata for intelligence production, target development/discovery purposes
• With Tempora's "buffering capability", and Britain's access to the cables that carry internet traffic in and out of the country, GCHQ has been able to collect and store a huge amount of information
• Every area of ops can get real benefit from this capability, especially for target discovery and target development
CISC 29
![Page 30: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/30.jpg)
Where is the law?
• The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.
• A clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad
CISC 30
![Page 31: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/31.jpg)
TINT
• By March 2010, analysts from the NSA had been allowed some preliminary access to the project MTI
• Refer to as "joint GCHQ/NSA research initiative“• TINT: "uniquely allows retrospective analysis for
attribution" – a storage system of sorts, which allowed analysts to capture traffic on the internet and then review it
CISC 31
![Page 32: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/32.jpg)
If you are using the cloud and the data in located in Europe
CISC 32
It is likely that the data will travel through the fiber in UK, and got buffered by GCHQ.
![Page 33: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/33.jpg)
Conclusion
• Data privacy protection: laws exist to protect data in a particular country
• Unfortunately, laws cannot protect data resided in another country where the intelligent agencies do not observed, or laws exist allow unlimited access of data that are potential dangerous in the oversea
CISC 33
![Page 34: 1 Is there privacy in the cloud? The Snowden Effect KP Chow Dept of Computer Science University of Hong Kong July 2013.](https://reader035.fdocuments.in/reader035/viewer/2022070306/55170c61550346f5558b534d/html5/thumbnails/34.jpg)
34
Thank You