Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

AusCERT 2014: Security in a world of surveillance

Hamish Barwick | May 16, 2014
Princeton University professor Edward Felten says users need to be kept safe online while the NSA continues its activities.


The leaks by whistleblower Edward Snowden about the United States National Security Agency (NSA)'s spying activities has highlighted that consumers need to take a more serious approach to online security, according to Princeton University's professor of computer science and public affairs, Edward Felten

Speaking at the AusCERT security conference on the Gold Coast, Felten told delegates the Snowden leaks have confirmed that the NSA and other agencies, including the Australian Signals Directorate (ASD), have been co-operating in order to build surveillance and data collection systems.

In December 2013, the ASD received a formal complaint from UK-based privacy group Privacy International, following allegations that the ASD offered to share information about Australian citizens with international counterparts.

According to documents leaked by Snowden, the ASD indicated that it could share medical, legal and religious information with agencies in the United States, Britain, Canada and New Zealand during a 2008 intelligence conference in England.

At the time, the ASD was called the Defence Signals Directorate (DSD). According to the leaked documents, DSD said that it could make this information available without some of the privacy restraints imposed by some other countries.

Felten acknowledged that there is a need to conduct surveillance against terrorist groups. However, he said data collection by agencies needs to be "targeted against those people who are meaning to attack us and not targeted broadly against a crowd".

"How can we ensure that the surveillance that does occur, has a focus so that it doesn't affect us all the time?," he asked.

Felten ran through some security strategies. The first was to talk about the methods that intelligence agencies use and try to improve those systems so they are more protective of civil liberties.

He cited a report sanctioned by United States president Barack Obama called Liberty and Security in a Changing World [PDF], published on 12 December 2013.

The report was undertaken following the NSA spying allegations.

"One of the recommendations of this report was that legislation should be enacted that terminates the storage of bulk telephony meta data by the [US] government and moves the storage of that information outside the government to a data custodian," he said.

The other approach from the report review committee, which was also endorsed by president Obama, was to leave the data in the hands of the US telco providers such as Verizon and AT&T.

The NSA and other intelligence agencies would need to file a request to get access to data which they wanted to analyse.

The next strategy was to "take the notion of trust seriously".

Felten said that one of the best examples of "unclear thinking" about trust comes from websites that use HTTPS encryption settings.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.