CHHS Cybersecurity Symposium: Privacy Presentation
By CHHS Research Assistant Marissa Johnson
The Center for Health and Homeland Security partnered with the University of Maryland’s School of Law and the Universities at Shady Grove to host a Cybersecurity Symposium on February 5th. The event included seven speakers that informed the attendees on privacy issues, assessing risk, emerging law and policy trends and more.
Nancy Libin, partner attorney at Jenner & Block, spoke on civil liberties and privacy. This topic was particularly interesting because the Obama Administration recently met with social media leaders to discuss the government monitoring online communications. In these meetings they discussed the government’s interest in accessing online communications and the privacy concerns that could result. Libin explored what privacy concerns arise from government monitoring of private online activity, touched on the importance of encryption, and discussed the possible risks associated with “hacking back.”
First, Libin examined whether the government monitoring online traffic can be considered a “search.” Such monitoring would give the government access to radicalist activity but it also exposes a lot of innocent communications. The fourth amendment requires a warrant for a search of private materials to be conducted; although, courts have interpreted the amendment to allow broad searches without a warrant if for a general public purpose. However, in respect to online activity, sixth circuit courts have held that the government needs a warrant to access private email. Currently there are no specific laws on government searches of social media activity but it is extremely important that citizen’s constitutional and privacy rights are not obstructed.
Libin then discussed encryption; starting with a description of what it is and more specifically it’s importance to users online privacy. Encryption is a method of scrambling and descrambling data using a code. What keeps the data private is that only the origin and destination devices have the code to descramble the data. Therefore, other devices would not be able to read the information because the data would appear scrambled and unintelligible. Encryption is extremely important in relation to privacy because it is how all of the personal data we send online is protected.
The third topic Libin discussed was the new method some companies are adopting called “hacking back.” Hacking back is a defensive measure companies and other online entities can use to counteract hackers. According to website Techopedia, hacking back is “the process of identifying attacks on a system and, if possible, identifying the origin of the attacks.” This practice is used in hopes to deter hackers but also to locate the hacker if an attack is carried out. Some go beyond identifying the culprit and even attempt to break into the hackers system. But the hacking back method includes dangerous risks. First, hacking back is illegal because it is a form of hacking, a criminal offense. Second, it is extremely hard to determine who actually carried out a hack. Third, hacking back a hacker could make the victim’s system more vulnerable to a revenge attack. Assuming that you were able to pinpoint the person that conducted the hack and successfully hack them back, it is highly likely the initial attacker will attempt to access your system again. Although hacking back seems like a strong defense mechanism at first glance, when you assess the potential outcomes the risks seem to outweigh the benefits.
Overall, Nancy Libin’s presentation was very informative and relevant to issues the cyber community is currently facing. It is important to educate ourselves on these topics because they will only become more prominent as technology advances.