Page 450 - Using MIS
P. 450

Security Guide







            a Look throuGh nSa’S PrISM





            As stated in Q1, security is a trade-off. You can get   VoIP, stored data, videoconferencing, login activity, social
            better security, but you have to give up some freedom. The   networking activity, and something called “special requests”
            more secure you want to be, the more freedom you have to   at service providers. Google, Microsoft, Yahoo!, and Facebook
            give up. It’s a simple relationship to understand, but hard to   categorically denied providing access to the U.S. government
            recognize in your life.                              except for a relatively small number of specific requests. 15
               Take car insurance as an example. It gives you the se-  The public doesn’t know how many people have been
            curity of knowing you’ll be protected against financial hard-  affected by PRISM, but a 2014 transparency report put out by
            ship if you’re in an accident. But the trade-off is that you   the Office of the Director of Intelligence indicated that 89,138
            have to give up the freedom to spend your insurance pre-  “targets” were spied on during 2013. The only problem is that
            miums on something else. You get security, but it costs you.  a “target” could refer to individuals, groups, companies, for-
               An organizational security policy requiring users to use   eign powers, or even a facility. It’s likely the actual number of
            strong passwords works the same way. The organization gets   people affected could be several orders of magnitude larger. 16
            the security of knowing its passwords will be hard to crack if
            stolen, thus protecting its information systems. However, us-  The Privacy Versus Security Trade-off
            ers lose the freedom of choosing any password they like. The   Privacy  advocates  were  outraged at  the  existence  of PRISM
            organization may also experience other losses in the form of   and called for congressional investigations. They claimed that
            reduced employee productivity or lower morale.       their privacy, or freedom from being observed by other people,
               It’s important to understand the trade-off between   was being destroyed in the name of security, or state of be-
              security and freedom because you’ll hear people talk about   ing free from danger. The Internet companies involved faced
            getting more of one without talking about
            losing the other. A prominent example of
            this is the recent revelation of the National
            Security Agency’s (NSA) PRISM program.

            NSA’s PRISM
            On June 6, 2013, Edward Snowden leaked
            top-secret PowerPoint slides  detailing the
            NSA’s secret global surveillance program
            codenamed  PRISM. The PRISM program
            started in 2007 and was designed to access
            data from nine service providers: Google,
            Microsoft,  Yahoo!,  Facebook,  PalTalk,
            YouTube, Skype, AOL, and Apple. 14
               PRISM, according to the leaked slides,
            was designed to access email, videos, pho-
            tos, video and voice chat, file transfers,

            14 Timothy Lee, “Here’s Everything We Know About PRISM to Date,” The Washington Post, June 12, 2013, accessed June 27, 2014,
            www.washingtonpost.com/blogs/wonkblog/wp/2013/06/12/heres-everything-we-know-about-prism-to-date/.
            15 Ibid.
            16
             Kim Zetter, “U.S. Says It Spied on 89,000 Targets Last Year, but the Number Is Deceptive,” Wired, June 27, 2014, www.wired.com/
            2014/06/90000-foreigners-targeted-for-spying/.
        418
   445   446   447   448   449   450   451   452   453   454   455