Privacy & Security - http://Home.nyc

Privacy & Security

last modified December 19, 2009 by tomlowenhaupt

Ask people about security and privacy and you'll learn that they want to maximize both. But there is a point where these desires conflict: with absolute privacy, security is diminished and absolute security presumes the elimination of privacy. Here we seek a resolution to this Scylla & Charybdis through equitable privacy and security policies to guide the operation of the .nyc TLD.
----------------------------------------------------------------------------------------------------------------------------------------------------------

(Commons photo courtesy of Mikey G. Ottawa.)

 "Privacy is dead, get over it!"
                       Scott McNealy

From an article in Realtime Community quoting Carnegie- Mellon's Latanya Sweeney:

"My answer is that the privacy problems that I've seen are probably best solved by the person who first created the technology. What we really have to do is train engineers and computer scientists to design and build technologies in the right kind of way from the beginning. Normally, engineers and computers scientists get ideas for technologies on their own and engage in a kind of circular thinking and develop a prototype of their solution and then do some kind of testing. But we are saying we will give them tools that help them see who are the stakeholders and do a risk assessment, and then see what barriers will come up and deal with the riskiest problems and work to solve them in the technology design. I think if we are successful in producing a new breed of engineers and computer scientists, society will really benefit. The whole technology-dialectics thing is really aiming at how you should go about teaching engineers and computer scientists to think about user acceptance and social adoption [and also that they] have to think about barriers to technology [from the beginning]. So the best scenario is that this kind of training takes hold and as new technologies emerge they are less likely to be constantly clashing with accept-or-reject options. "
Of Recent Note
Afilias Announces New Policy To Make .INFO Even Safer For Internet Users

~~~

New policy leads industry in the effective deterrence of abuses like phishing and spam

DUBLIN, IRELAND – 7 October 2008 – Afilias, a global provider of registry services, today announced a new registration policy that makes the nature of domain name abuses clear for registrants and registrars, and furthers the power of the registry to take quick and appropriate action regarding .INFO domains used for abusive behavior. This policy will go into effect on 6 November 2008.

"This policy is the result of over a year of dedicated work by Afilias to understand and curtail the abusive use of domain names, and to design effective deterrents," said Ram Mohan, Executive Vice President and Chief Technology Officer of Afilias. ".INFO's tremendous overall popularity has attracted criminals online, as do many other domains, so we are taking further firm action to protect users by improving detection and enforcement actions."

Under the policy, abusive use has been more clearly defined and includes, but is not limited to: phishing, e-mail spam and other types of spam, the willful distribution of malware, the use of botnets and fast-flux hosting, distribution of child pornography, illegal access to other computers or networks, and other illegal or fraudulent actions. Domains that are being abused will be reported to the sponsoring registrar, and Afilias has the option of removing them from the DNS and reporting the abuser to law enforcement. Afilias is committed to working closely with its registrars, legal authorities, security professionals, and others to rid the Internet of the scourge of domain abuse."

"This is a positive step forward demonstrating how registries can take positive actions to increase protection against security threats such as spam, phishing and malware," said Steven Crocker, Chair of ICANN's Security and Stability Advisory Committee. "We applaud Afilias' efforts to deter such abusive practices."

The full details of the .INFO Anti-Abuse Policy can be found at: http://www.info.info/info/abusive_use_policy.

Security

With the Internet in a state of flux, disorganization, and disrepair, one way the .nyc TLD might benefit a great city is through the creation of a more secure Internet. By a secure Internet we imagine one where trust prevails; where person and property are safe from theft and tampering.

The following steps are being evaluated for their value in providing security for those under the .nyc umbrella:

Registration Oversight - When we ask people if they like the comfort level within the .gov or .edu environment, everyone nods, yes absolutely. But the reality is that at $20 a name - a rate that would make .nyc names accessible - there's no way to perform a decent security check. How do we avoid the mess that the .com TLD has become? With Connecting.nyc Inc. conceived as a caretaker for this vital resource, we anticipate undertaking our educational efforts in close relationship with the city government and other civic institutions. We're seeking to create a "web of trust" and piggyback on existing databases of voter registrations, business licenses, tax rolls, student registrations, member lists and other means to make this possible. And we're looking for other ways to make the .nyc TLD a more secure and trustworthy webspace.
Education - The promise that technology alone will provide for our security is hollow for the foreseeable future. Today, Internet security requires an educated public. Providing this education is a key mission of Connecting.nyc Inc. Both online and off we will present New York with techniques they can follow to create beneficial online experiences. We will develop a security curriculum to address these concerns.

See the Of Recent Note sidebar for action taken by Afilias.

Privacy

In this era of the Open & Transparent, privacy is frequently seen as unimportant. People say to privacy advocates: “If you have nothing to hide, then what do you have to fear?” Others say: “If you aren’t doing anything wrong, then what do you have to hide?” If you're of this ilk it's suggested that you read Daniel J. Solove's analysis of the "The I've Got Nothing To Hide" fallacy. We'll summarize it here when time allows. But here's one quote that might send you there now "the problems are not just Orwellian, but Kafkaesque."

Privacy is the ability of an individual or group to keep their lives and personal affairs out of public view, or to control the flow of information about themselves. We seek the long term benefits of privacy and a proper balance with immediate security needs.

We will develop a privacy curriculum to address these concerns.
We will set aside privacy.nyc and similar names where New Yorkers can learn about the issue.
We will develop a privacy policy on the use of data acquired by accessing the registry.

Related Issues

Search - At a civic level, it's vital that we know why a search presents one site higher than another. For example, think of search within the governance realm: We can not have ourselves dependent on a opaque, behind the scenes, search supplier to set our priorities in issue and candidate listings. Same for creating a level business environment. But you might imagine that the big engines will find it difficult to operate under today's shadow of suspicion, and choose to open up. With suitable transparency they might be trustworthy for civic use with connecting.nyc's role relegated to one of testing and assurance.

Security/Privacy and TLDs

In these early days of planning for the .nyc TLD, we are thinking about ways a TLD might be used to improve civic life, about how .nyc might facilitate privacy and security. Might the DNS play a role in improving civic life in our small geographic entity? A while back, a DNS pioneer answered my question on this as follows:

"I think your challenge is a bit different from the technical.

What you really need to do is either:

   - go down the same old roads that were pioneered by .com, .biz, .cat, ...

   - try and come up with a totally new paradigm (assuming you haven't 
      painted yourself in a corner already with ICANN)

Its more about thinking of a structure that's innovative and breaks the mold, I think.  
I'd suggest you do a lot of thinking about that before you get to immersed and 
ossified in the old way of doing things. It's about thinking of what you could do by 
giving all of your constituents a unique digital identity and an organization for 
those identities.

Good luck!"

We're exploring these possibilities and our results will soon be revealed in a blog post and then detailed here. See "Privacy Is Dead" sidebar.

Security Links

Privacy Links

Wendy Seltzer - The Goldilocks Problem of Privacy in Public

1973 HEW Report on Privacy - Privacy concerns about "Automated Data Systems"-

Internet privacy from Wikipedia
Electronic Frontier Foundation page on privacy
Computer Professionals for Social Responsibility
Truste Web Privacy Seal
Electronic Privacy Information Center
"The I've Got Nothing To Hide" Fallacy - And Other Misunderstandings of Privacy, Daniel J. Solove, George Washington University Law School

Key .nyc Pages

View attachments

privacy.jpg 13.4 kB