Question

In: Computer Science

1. Strong arguments can be given as to why encryption tools are needed to safeguard communications...

1. Strong arguments can be given as to why encryption tools are needed to safeguard communications in cyberspace, yet these tools can be used by terrorists and criminals to protect their communications in cyberspace. (a) In the wake of September 11, can a case be made for not allowing ordinary users to employ strong encryption tools in Internet communications? (b) Can we still claim to live in a free society if plans for government interception of email communications, as provided for in the Homeland Security Act (http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/terrorism/hsa2002.pdf), are be implemented?

Solutions

Expert Solution

A)

The encryption used today was not developed by intelligence agencies or militaries but by university students and corporations. Even militaries, however, use this encryption because encryption they would develop themselves just is not good enough. And it is clear from a survey of jihadist publications that all encryption techniques are known to terrorists.

Software must be written to perform encryption. This, too, is out in the world. The source-code for virtually all encryption is available to anyone who can write software. Indeed, paradoxically, the most trusted encryption software is also the software whose source-code is public, allowing anybody to read it and find flaws before the NSA or GCHQ can. That is why PGP appears so prominently among non-state actors seeking to communicate securely. They can read the code and verify for themselves whether an intelligence agency has inserted a backdoor.

The FBI has called for laws mandating encryption backdoors, but these laws would be mostly futile. They do not apply to software or phones created in other countries, for example. They do not apply to jihadist programmers who create their own apps based on open-source software. This is why many in the intelligence community, such as former head of the NSA Michael Hayden, oppose backdoors.

So what are the options? Security agencies will need to outsmart the software. In end-to-end encryption, it is no longer viable to crack the encryption in the middle. Intelligence agencies must instead hack the software on the ends. 0day exploits will likely be the most common way the NSA will eavesdrop on communications in the future – by hacking the “ends” of end-to-end communication with an 0day.

Security services will also have to exploit poor opsec by terrorists. From the perspective of security services the most worrying software is not one with the best encryption but one that allows fewer user mistakes. The opsec feature of self-destructing messages, for example, is probably one of the most frustrating features for intelligence services.

In other words, instead of a team of code breakers, the future will see more and more teams of people dedicated to breaking into software and outwitting users. The NSA’s vast compute power will not be dedicated to complex encryption algorithms but to the rather simple task of guessing that a terrorist’s password is “Password1234.”

Thus, while encryption is itself nearly perfect, the world is not about to enter an era of terrorists communicating with impunity. While end-to-end encryption means security agencies have little hope of cracking the middle, they will still have easy ways to attack the ends, either by hacking the software or outwitting the user.

B)

YES, we can still claim to live in a free society if plans for government interception of email communications, as provided for in the Homeland Security Act .

After the terrorist attacks in New York City, Pennsylvania, and Washington, DC, on September 11, 2001, the United States Congress enacted the Patriot Act in 2001 and the Homeland Security Act in 2002. The passage of these two acts, followed by the implementation of the HIPAA privacy rule on April 14, 2003, led to confusion for caregivers and HIM professionals as to how to respond to requests for protected health information (PHI) that use the phrase "homeland security" from public health departments, law enforcement agencies, federal agencies, and others.

Homeland Security Act

The primary mission of the Homeland Security Act is to prevent terrorist attacks within the United States, reduce the vulnerability of the United States to terrorism, and minimize damage and assist in recovery for terrorist attacks that occur in the United States.The Homeland Security Act provides the secretary of Homeland Security with the authority to direct and control investigations that require access to information needed to investigate and prevent terrorism.3 This authority can be interpreted to include requests for PHI of any type without the express authorization of the patient or legal guardian. It further states that PHI is protected from unauthorized disclosure and is to be handled and used only for the performance of official duties. Therefore, redisclosure would be restricted to those who need to know the information to perform their jobs, which is compatible with the HIPAA privacy rule.

The Homeland Security Act also established the US Department of Homeland Security. The Department of Homeland Security includes many other organizations, such as the Federal Emergency Management Agency, US Coast Guard, US Secret Service, and Transportation Security Administration.

The Department of Homeland Security boasts the first statutorily required privacy office within a federal agency. Mary Ellen Callahan was appointed the chief privacy officer and chief FOIA officer in March 2009. The privacy office is primarily responsible for evaluating privacy's effect on the department's programs, systems, and initiatives. It is further required to mitigate any anticipated effect on privacy.

The privacy office's objectives include:

  • Evaluating the department's legislative and regulatory proposals that involve the collection, use, and disclosure of personally identifiable information
  • Centralizing and providing program oversight and implementing all FOIA and Privacy Act operations
  • Operating a privacy incident response program that addresses incidents involving personally identifiable information
  • Responding to, investigating, and addressing complaints of privacy violations
  • Providing training, education, and outreach that build the foundation for privacy practices across the department and create transparency.
  • Balancing the Right to Privacy with Protecting the Public

    Although the public and the healthcare community are concerned about public health authorities having access to a patient's medical record, in most cases the health information used in syndromic systems is deidentified when transmitted to an outside source. The collection of health data is intended to collect clusters of cases, not individual cases.

    Whether a fine line or an abyss exists between respecting the privacy of individual health information and protecting the public from bioterrorism depends on perspective. In contrasting the Homeland Security Act, Patriot Act, and FOIA with the intent of HIPAA's privacy and security rules, the challenges to public health departments become evident. One fundamental challenge for many healthcare organizations is deciding whether the gap between personal privacy and national security is small or large and how it can be bridged.

    Several initiatives show promise for surveillance on the national level while remaining considerate of individual privacy. Public health officials have historically leveraged surveillance systems to identify outbreaks and monitor disease activity among communities. The challenges associated with implementing broader surveillance systems include inadequate infrastructure, data integration barriers due to lack of standards, deficient understanding of public health informatics, and funding.

    Some resistance to a national syndromic surveillance system could arise from groups already heavily invested in developing alternate solutions. Many states and counties already have committed significant time and resources to developing surveillance systems that serve citizens within their boundaries. This independent activity has generated many impressive public health surveillance systems, albeit in a somewhat federated fashion. However, these federated surveillance systems often cannot share data because of a lack of standards. The resulting data-sharing roadblocks are found at all levels of technology and consist of incompatible hardware, software versions that do not talk to each other, and inconsistent data definitions, to name a few.

    Data quality presents another challenge in implementing public health surveillance. In many instances in healthcare facilities, a nonclinician may enter the admitting diagnosis before the patient is assessed by a licensed independent practitioner, and the clinical relevance of the data may be questionable. Data inaccuracy in syndromic surveillance systems becomes an obstacle to wholesale adoption of such systems if user comfort levels with the quality of the data are not satisfactory.

    Public health information systems can deliver valuable information for national security efforts without compromising patient privacy. Although the nation's capacity to respond to bioterrorism may depend on further development of surveillance systems, there are many diverse efforts trying to balance individual privacy with protection of the public health. Syndromic surveillance systems likely will evolve as obstacles are overcome, standards are created, and the public accepts and supports the cost of adopting such a system.

i hope it helps..

If you have any doubts please comment and please don't dislike.

PLEASE GIVE ME A LIKE. ITS VERY IMPORTANT FOR ME


Related Solutions

(Elgamal encryption): given elgamal encryption ciphersystem: a)show how can we create a new legal encryption from...
(Elgamal encryption): given elgamal encryption ciphersystem: a)show how can we create a new legal encryption from two different encryptions that we don't know their decryptions b)how can an adversary take advantage of the scheme at a) (what's written above), in order to attack a preknown encrypted text? elaborate
1. Discuss whether the following are strong arguments. If you consider them weak, explain why. We...
1. Discuss whether the following are strong arguments. If you consider them weak, explain why. We need to protect American jobs. Therefore, we need stricter laws to keep illegal aliens from crossing the United States–Mexico border. We shouldn’t be making such a big deal about football players and concussions. After all, look at all the people, especially kids, who get concussions falling off their bicycles and no one is arguing that we should ban bicycles! People need to pass a...
why is the World Bank not usefull anymore ? provide STRONG arguments with economic evidence
why is the World Bank not usefull anymore ? provide STRONG arguments with economic evidence
Describe the tools and techniques required for planning communications and explain why each is important for...
Describe the tools and techniques required for planning communications and explain why each is important for effective communication management
What are the economic and political arguments for regional economic integration? Given these arguments, why don't...
What are the economic and political arguments for regional economic integration? Given these arguments, why don't we see more substantial examples of integration in the world economy? What effect is creation of a single market and a single currency within the EU likely to have on competition within the EU? Why?
What are the economic and political arguments for regional economic integration? Given these arguments, why don’t...
What are the economic and political arguments for regional economic integration? Given these arguments, why don’t we see more substantial examples of integration in the world economy?
1. Why is system biology needed? 2. What types of tools, approaches,methodologies and technologies are used...
1. Why is system biology needed? 2. What types of tools, approaches,methodologies and technologies are used in system biology ? Please answer both questions
Can someone explain in terms of physics why or why not a strong magnet can damage...
Can someone explain in terms of physics why or why not a strong magnet can damage a laptop screen.
What arguments can be given that the historical cost framework should be abandoned?
What arguments can be given that the historical cost framework should be abandoned?
To keep either weak or strong sustainability, we can do something. Given the two cases, 1)...
To keep either weak or strong sustainability, we can do something. Given the two cases, 1) a carbon tax imposed on primary production (supply side, firms) and 2) a carbon tax imposed on end-users (demand side, consumers), What kind of benefits that we can expect from each case? For instance, what would be the behavioral changes in producers and consumers? Which one is more cost-efficient?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT