Question

1. Strong arguments can be given as to why encryption tools are needed to safeguard communications in cyberspace, yet these tools can be used by terrorists and criminals to protect their communications in cyberspace. (a) In the wake of September 11, can a case be made for not allowing ordinary users to employ strong encryption tools in Internet communications? (b) Can we still claim to live in a free society if plans for government interception of email communications, as provided for in the Homeland Security Act (http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/terrorism/hsa2002.pdf), are be implemented?

Answer 1

A)

The encryption used today was not developed by intelligence agencies or militaries but by university students and corporations. Even militaries, however, use this encryption because encryption they would develop themselves just is not good enough. And it is clear from a survey of jihadist publications that all encryption techniques are known to terrorists.

Software must be written to perform encryption. This, too, is out in the world. The source-code for virtually all encryption is available to anyone who can write software. Indeed, paradoxically, the most trusted encryption software is also the software whose source-code is public, allowing anybody to read it and find flaws before the NSA or GCHQ can. That is why PGP appears so prominently among non-state actors seeking to communicate securely. They can read the code and verify for themselves whether an intelligence agency has inserted a backdoor.

The FBI has called for laws mandating encryption backdoors, but these laws would be mostly futile. They do not apply to software or phones created in other countries, for example. They do not apply to jihadist programmers who create their own apps based on open-source software. This is why many in the intelligence community, such as former head of the NSA Michael Hayden, oppose backdoors.

So what are the options? Security agencies will need to outsmart the software. In end-to-end encryption, it is no longer viable to crack the encryption in the middle. Intelligence agencies must instead hack the software on the ends. 0day exploits will likely be the most common way the NSA will eavesdrop on communications in the future – by hacking the “ends” of end-to-end communication with an 0day.

Security services will also have to exploit poor opsec by terrorists. From the perspective of security services the most worrying software is not one with the best encryption but one that allows fewer user mistakes. The opsec feature of self-destructing messages, for example, is probably one of the most frustrating features for intelligence services.

In other words, instead of a team of code breakers, the future will see more and more teams of people dedicated to breaking into software and outwitting users. The NSA’s vast compute power will not be dedicated to complex encryption algorithms but to the rather simple task of guessing that a terrorist’s password is “Password1234.”

Thus, while encryption is itself nearly perfect, the world is not about to enter an era of terrorists communicating with impunity. While end-to-end encryption means security agencies have little hope of cracking the middle, they will still have easy ways to attack the ends, either by hacking the software or outwitting the user.

B)

YES, we can still claim to live in a free society if plans for government interception of email communications, as provided for in the Homeland Security Act .

After the terrorist attacks in New York City, Pennsylvania, and Washington, DC, on September 11, 2001, the United States Congress enacted the Patriot Act in 2001 and the Homeland Security Act in 2002. The passage of these two acts, followed by the implementation of the HIPAA privacy rule on April 14, 2003, led to confusion for caregivers and HIM professionals as to how to respond to requests for protected health information (PHI) that use the phrase "homeland security" from public health departments, law enforcement agencies, federal agencies, and others.

Homeland Security Act

The primary mission of the Homeland Security Act is to prevent terrorist attacks within the United States, reduce the vulnerability of the United States to terrorism, and minimize damage and assist in recovery for terrorist attacks that occur in the United States.The Homeland Security Act provides the secretary of Homeland Security with the authority to direct and control investigations that require access to information needed to investigate and prevent terrorism.³ This authority can be interpreted to include requests for PHI of any type without the express authorization of the patient or legal guardian. It further states that PHI is protected from unauthorized disclosure and is to be handled and used only for the performance of official duties. Therefore, redisclosure would be restricted to those who need to know the information to perform their jobs, which is compatible with the HIPAA privacy rule.

The Homeland Security Act also established the US Department of Homeland Security. The Department of Homeland Security includes many other organizations, such as the Federal Emergency Management Agency, US Coast Guard, US Secret Service, and Transportation Security Administration.

The Department of Homeland Security boasts the first statutorily required privacy office within a federal agency. Mary Ellen Callahan was appointed the chief privacy officer and chief FOIA officer in March 2009. The privacy office is primarily responsible for evaluating privacy's effect on the department's programs, systems, and initiatives. It is further required to mitigate any anticipated effect on privacy.

The privacy office's objectives include:

• Evaluating the department's legislative and regulatory proposals that involve the collection, use, and disclosure of personally identifiable information
• Centralizing and providing program oversight and implementing all FOIA and Privacy Act operations
• Operating a privacy incident response program that addresses incidents involving personally identifiable information
• Responding to, investigating, and addressing complaints of privacy violations
• Providing training, education, and outreach that build the foundation for privacy practices across the department and create transparency.

• Balancing the Right to Privacy with Protecting the Public

  Although the public and the healthcare community are concerned about public health authorities having access to a patient's medical record, in most cases the health information used in syndromic systems is deidentified when transmitted to an outside source. The collection of health data is intended to collect clusters of cases, not individual cases.

  Whether a fine line or an abyss exists between respecting the privacy of individual health information and protecting the public from bioterrorism depends on perspective. In contrasting the Homeland Security Act, Patriot Act, and FOIA with the intent of HIPAA's privacy and security rules, the challenges to public health departments become evident. One fundamental challenge for many healthcare organizations is deciding whether the gap between personal privacy and national security is small or large and how it can be bridged.

  Several initiatives show promise for surveillance on the national level while remaining considerate of individual privacy. Public health officials have historically leveraged surveillance systems to identify outbreaks and monitor disease activity among communities. The challenges associated with implementing broader surveillance systems include inadequate infrastructure, data integration barriers due to lack of standards, deficient understanding of public health informatics, and funding.

  Some resistance to a national syndromic surveillance system could arise from groups already heavily invested in developing alternate solutions. Many states and counties already have committed significant time and resources to developing surveillance systems that serve citizens within their boundaries. This independent activity has generated many impressive public health surveillance systems, albeit in a somewhat federated fashion. However, these federated surveillance systems often cannot share data because of a lack of standards. The resulting data-sharing roadblocks are found at all levels of technology and consist of incompatible hardware, software versions that do not talk to each other, and inconsistent data definitions, to name a few.

  Data quality presents another challenge in implementing public health surveillance. In many instances in healthcare facilities, a nonclinician may enter the admitting diagnosis before the patient is assessed by a licensed independent practitioner, and the clinical relevance of the data may be questionable. Data inaccuracy in syndromic surveillance systems becomes an obstacle to wholesale adoption of such systems if user comfort levels with the quality of the data are not satisfactory.

  Public health information systems can deliver valuable information for national security efforts without compromising patient privacy. Although the nation's capacity to respond to bioterrorism may depend on further development of surveillance systems, there are many diverse efforts trying to balance individual privacy with protection of the public health. Syndromic surveillance systems likely will evolve as obstacles are overcome, standards are created, and the public accepts and supports the cost of adopting such a system.

i hope it helps..

If you have any doubts please comment and please don't dislike.

PLEASE GIVE ME A LIKE. ITS VERY IMPORTANT FOR ME