Educause Security Discussion mailing list archives
Re: TOR and the Digital Freedom Conversation
From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Wed, 11 Dec 2013 09:25:28 -0600
+1 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel L. Rosenblatt Sent: Wednesday, December 11, 2013 8:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] TOR and the Digital Freedom Conversation I would argue that your Case 2 example is no longer valid in many cases - citing the lady who lost her ticket and was tracked using video footage of her buying the ticket sold at that time - I know it's not exactly the same (she did use a credit card, but that was used to verify her identity after then found her - it was $50 million that they handed her) http://www.dailymail.co.uk/news/article-2518174/Canadian-woman-Kathryn-Jones -wins-50m-lost-lottery-ticket.html <https://urldefense.proofpoint.com/v1/url?u=http://www.dailymail.co.uk/news/ article-2518174/Canadian-woman-Kathryn-Jones-wins-50m-lost-lottery-ticket.ht ml&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSG ui%2BBSZ5A%3D%0A&m=SxFWJnBkqUHL1m%2FU5VWMAEUl1OhbvHfUHCj8YqjkxJc%3D%0A&s=c18 84055648bac73e4a54f5fd3b3aa04d0ec062220463eace125e337e48569e1> It is becoming increasingly difficult to "go off the grid" or ever hide from the grid. My 2 cents Joel Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel <https://urldefense.proofpoint.com/v1/url?u=http://www.columbia.edu/~joel&k= yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSGui%2B BSZ5A%3D%0A&m=SxFWJnBkqUHL1m%2FU5VWMAEUl1OhbvHfUHCj8YqjkxJc%3D%0A&s=150bfe27 d89b459c9d4c48978f484601e9b49581d59ad2f188112c1aea010dba> Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get <https://urldefense.proofpoint.com/v1/url?u=http://pgp.mit.edu:11371/pks/loo kup?op%3Dget%26search%3D0x90BD740BCC7326C3&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D% 0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSGui%2BBSZ5A%3D%0A&m=SxFWJnBkqUHL1m%2F U5VWMAEUl1OhbvHfUHCj8YqjkxJc%3D%0A&s=7c3d0e77180a732351cae57259886da8573609a a175bed27f0ac2d816bee4aca> &search=0x90BD740BCC7326C3 On Wed, Dec 11, 2013 at 9:27 AM, Tim Doty <tdoty () mst edu> wrote: On 12/10/2013 06:22 PM, Jones, Mark B wrote: There is a difference between 'Privacy' and 'Secrecy' You are correct that there is a difference, but they are not exclusive. While the use of authentication and no anonymity may be an approach to protecting published online information from those without access, it does nothing to preserve privacy in the face of authorized but unwanted access. Nor does it address the loss of privacy from complete tracking -- in fact, a true lack of anonymity would destroy privacy. Case 1: I want to store information in the cloud, but I want to retain confidentiality of the data. This is a case where strong authentication/no anonymity would be a viable approach, but there is no reason to deny anonymity in a general sense. That is, strong authentication can be used to establish an access control to a data set without requiring that a person's identity be publicly disclosed. Case 2: I desire to have some privacy in my actions. Some degree of anonymity is *required* to accomplish this. For example, if I buy some books on medieval mysticism it used to be that a simple cash transaction kept it essentially private. There are some caveats (if the seller knows my personally then they will know I bought them, but for a random person off the street it would be essentially anonymous). It is trivial to demonstrate a connection between privacy and anonymity. Those promoting a police state are naturally against anonymity. Those promoting privacy understand the utility of strong encryption and anonymity. Tim Doty Tor seems like it may lean toward the latter. I have found that the following site has a useful perspective on privacy issues: http://www.privacilla.org <https://urldefense.proofpoint.com/v1/url?u=http://www.privacilla.org&k=yYSs Eqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSGui%2BBSZ5 A%3D%0A&m=SxFWJnBkqUHL1m%2FU5VWMAEUl1OhbvHfUHCj8YqjkxJc%3D%0A&s=f45d0183f3a4 fd2a7f98ee1975ee054786ce89475049e8e030e421d3643601a0> Here are some key quotes: "Importantly, privacy is a personal, subjective condition. One person cannot decide for another what his or her sense of privacy should be." "While privacy is held up as one of our highest values, people also constantly share information about themselves by allowing others to see their faces, learn their names, learn what they own, and learn what they think. In fact, it is a desirable lack of privacy that allows people to interact with one another socially and in business. This does not mean that people should lose control over the information they want to keep private. It means that generalizations about privacy are almost always wrong." http://www.privacilla.org/fundamentals/whatisprivacy.html <https://urldefense.proofpoint.com/v1/url?u=http://www.privacilla.org/fundam entals/whatisprivacy.html&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10 tgtglyNVFw2kmizyPIIFTSGui%2BBSZ5A%3D%0A&m=SxFWJnBkqUHL1m%2FU5VWMAEUl1OhbvHfU HCj8YqjkxJc%3D%0A&s=c0e598e8ec0e92b543a92649d2fda850a19fe26f9fbe234e4df166c4 63268120> Also 'Privacy' is not the same as 'anonymity'. It is my opinion that strong authentication and the lack of anonymity are the keys to improved privacy online. Only with strong authentication can consumers and services be held accountable for behavior online. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeffrey Sabin Sent: Tuesday, December 10, 2013 2:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] TOR and the Digital Freedom Conversation All, Given the wider US technology community discussions on online privacy and monitoring - this seems to be very topical. In case anyone was not aware, this story is taking place at Iowa State University with Tor being a relevant part of the discussion: http://www.insidehighered.com/news/2013/12/10/digital-freedom-groups-road-re <https://urldefense.proofpoint.com/v1/url?u=http://www.insidehighered.com/ne ws/2013/12/10/digital-freedom-groups-road-re&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3 D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSGui%2BBSZ5A%3D%0A&m=SxFWJnBkqUHL1m% 2FU5VWMAEUl1OhbvHfUHCj8YqjkxJc%3D%0A&s=c7b10da946e54658991b0726bfdb2e7e3df45 788d287172ac20aa64d1ed30263> cognition-sparks-legal-debate-iowa-state-u <https://urldefense.proofpoint.com/v1/url?u=http://www.insidehighered.com/ne <https://urldefense.proofpoint.com/v1/url?u=http://www.insidehighered.com/ne %0bws/2013/12/10/digital-freedom-groups-road-recognition-sparks-legal-debate -io%0bwa-state-u&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10tgtglyNVF w2kmiz%0byPIIFTSGui%2BBSZ5A%3D%0A&m=hnGoebKdLtnE2yvxLiQ0OlhXMu%2FRMEVn0qZFzy M2pgE%3D%25%0b0A&s=5dcb52d50601a7d4ddc3b0479ff3aa4491e442f9a0d830ba2ff5db38a e6c9762> ws/2013/12/10/digital-freedom-groups-road-recognition-sparks-legal-debate-io wa-state-u&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10tgtglyNVFw2kmiz yPIIFTSGui%2BBSZ5A%3D%0A&m=hnGoebKdLtnE2yvxLiQ0OlhXMu%2FRMEVn0qZFzyM2pgE%3D% 0A&s=5dcb52d50601a7d4ddc3b0479ff3aa4491e442f9a0d830ba2ff5db38ae6c9762> and https://www.eff.org/deeplinks/2013/12/open-letter-urging-universities-encour <https://urldefense.proofpoint.com/v1/url?u=https://www.eff.org/deeplinks/20 13/12/open-letter-urging-universities-encour&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3 D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSGui%2BBSZ5A%3D%0A&m=SxFWJnBkqUHL1m% 2FU5VWMAEUl1OhbvHfUHCj8YqjkxJc%3D%0A&s=7cecd57948e1143d31faa08099e5573ed316e 4e29ec57f3b7d31e4b279c3dd3d> age-conversation-about-online-privacy <https://urldefense.proofpoint.com/v1/url?u=https://www.eff.org/deeplinks/20 13/12/open-letter-urging-universities-encourage-conversation-about-online-pr ivacy&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIF TSGui%2BBSZ5A%3D%0A&m=hnGoebKdLtnE2yvxLiQ0OlhXMu%2FRMEVn0qZFzyM2pgE%3D%0A&s= 75b3522379697ac135dd77ae55292b93024c9c4ab21538dc9f8faf9b4a1fd56e> Realizing that this isn't necessarily new, but given this recent story, I am curious to know what others are doing or observing as it relates to Tor and it's discussion at your particular institution. Many thanks, Jeff Jeffrey D. Sabin DIRECTOR, COMMUNICATIONS AND NETWORK SERVICES oit Dial Center 2507 University Avenue Des Moines, Iowa 50311-4505 Tel 515.271.2935 Fax 515.271.1938 1.800.44.DRAKE x2935 E-mail jeff.sabin () drake edu
Attachment:
smime.p7s
Description:
Current thread:
- TOR and the Digital Freedom Conversation Jeffrey Sabin (Dec 10)
- Re: TOR and the Digital Freedom Conversation Jones, Mark B (Dec 10)
- Re: TOR and the Digital Freedom Conversation Tim Doty (Dec 11)
- Re: TOR and the Digital Freedom Conversation Joel L. Rosenblatt (Dec 11)
- Re: TOR and the Digital Freedom Conversation Jones, Mark B (Dec 11)
- Re: TOR and the Digital Freedom Conversation Shalla, Kevin (Dec 11)
- Re: TOR and the Digital Freedom Conversation Tracy Beth Mitrano (Dec 11)
- Re: TOR and the Digital Freedom Conversation Joel L. Rosenblatt (Dec 11)
- Re: TOR and the Digital Freedom Conversation Tim Doty (Dec 11)
- Re: TOR and the Digital Freedom Conversation Isabelle Grey (Dec 11)
- Re: TOR and the Digital Freedom Conversation Joel L. Rosenblatt (Dec 11)
- Re: TOR and the Digital Freedom Conversation Jones, Mark B (Dec 10)
- Re: TOR and the Digital Freedom Conversation Tim Doty (Dec 11)
- Re: TOR and the Digital Freedom Conversation Joel L. Rosenblatt (Dec 11)
- Re: TOR and the Digital Freedom Conversation Jones, Mark B (Dec 11)
- Re: TOR and the Digital Freedom Conversation Jones, Mark B (Dec 11)
- Re: TOR and the Digital Freedom Conversation Shalla, Kevin (Dec 11)