Chat with us, powered by LiveChat HLSS508 Civil liberties and Homeland Security Research Essay Questions | All Paper
+1(978)310-4246 credencewriters@gmail.com
  

Assignment InstructionsThis assignment is a take-home essay assignment of four questions for which you are expected to develop a 2-3 page essay per question that fully responds to the question being posed. Essay 1: CO-1: Differentiate between civil rights and civil liberties.Essay 2: CO-2: Assess the challenges of balancing civil liberties and security. Essay 3: CO-4: Analyze safeguards in place to protect civil rights and civil liberties.Essay 4: CO-5: Critique the homeland security enterprise’s capability to meet emergent future challenges while balancing civil liberties. Scoring Rubric: A copy of the complete scoring rubric for this assignment is provided in the Writing Resources module within the course lessons. The following is a synopsis of that rubric. Area of EvaluationMaximum PointsFocus/Thesis20Content/Subject Knowledge20Critical Thinking Skills20Organization of Ideas/Format20Writing Conventions20Technical Requirements:Length: 2-3 pages each question, double spaced, 1″ margins, 12 pitch type in Times New Roman font left justified format.Sources: All sources for this assignment must come the assigned reading within the course. You are not limited to the pages assigned from each document, but are limited to those documents to defend and support your arguments/claims.Citations/References: You must use APA style for this assignment.
cybercrimes_v_civil_liberties.pdf

security_versus_freedom_on_the_internet.pdf

shaping_counterterrorism_policies.pdf

technology_choices_privacy_and_security.pdf

robertson_intelligence__terrorism_and_civil_liberties.pdf

Unformatted Attachment Preview

Cybercrimes v. cyberliberties
Strossen, Nadine
International Review of Law, Computers & Technology; Mar 2000; 14, 1; ProQuest
pg. 11
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
“Security versus
SAIS Review
Freedom
vol. XXX
” on
no.the
2 (Summer–Fall
Internet 2010)
51
“Security versus Freedom” on
the Internet: Cybersecurity and
Net Neutrality
1
Marvin Ammori & Keira Poellet
As we live in an increasingly networked world, cyber-threats have become much more
prevalent. The United States has promoted network neutrality and the virtues of an
uncensored Internet abroad. However, new laws are being proposed which allow Internet
Service Providers (ISPs) to arbitrarily block or discriminate against potentially dangerous
websites. This has resulted in a challenge to the freedoms and privacy highly valued by
Americans and could potentially harm America’s legitimacy as a leader of open Internet
across the globe. Under such an environment, what should be done to create effective and
responsible policies which can not only guarantee national security, but also preserve the
freedoms of internet users?
T
hrough the centuries, political theorists have weighed trade-offs between
security and freedom, often seeking to ensure both. Today, policymakers
are weighing this classic trade-off in the context of cutting-edge network
technologies like the global Internet. This article focuses on one example.
Policymakers seek both to secure networks from cyber-threats, including cyber/espionage, attack, and crime, and to ensure open access to information.
The State Department has stated that advancing Internet freedom around
the world is central to our foreign policy—subject to ensuring cybersecurity.
The United States’ domestic telecommunications regulator, the Federal
Communications Commission (FCC), has proposed “network neutrality”
or “open Internet” rules forbidding Internet Service Providers (ISPs), such
as AT&T, Comcast, and Verizon, from interfering with the online choices of
users. Under the rules, they can not block or discriminate against particular
online technologies and websites. But some technologies and websites are
security threats, so ISPs should be encouraged to help address those threats
by blocking or discriminating against them. So an open Internet exception
for cybersecurity has been proposed. But this exception should not swal-
Marvin Ammori is a legal scholar and advocate expert in cyberlaw, the First Amendment
and telecommunications policy. Ammori is a founding faculty member of University
of Nebraska-Lincoln’s Space & Telecom Law LLM program and spent the summer
of 2010 as a Visiting Scholar at Stanford Law School’s Center for Internet & Society.
Keira Poellet is a Law LLM Student at the University of Nebraska. She was formerly a
Deputy Staff Judge Advocate at the U.S. Air Force and adjunct instructor at EmbryRiddle Aeronautical University.
© 2010 by The Johns Hopkins University Press
51
52
SAIS Review Summer–Fall 2010
low the rule: some ISPs have claimed a right to block competing, legitimate
technologies in the name of ensuring users’ “security.”
Neither the FCC nor the White House has provided the necessary
details to mediate this potential conflict between Internet freedom and
cybersecurity. The FCC has proposed a cybersecurity exception to its network neutrality rule,2 and President Obama states he will ensure that his
cybersecurity policies will not conflict with the FCC’s network neutrality
rule,3 but neither proposes details or even a framework for determining
those details.
This article aims to fill that gap. It argues that the key challenge arises
from the presence of dynamic, rapidly changing threats coupled with a lack
of trust among key stakeholders. In light of this dynamic yet distrustful
environment, this article proposes a resolution—one which is common to
constitutional law—of emphasizing not rigid substantive rules but inclusive
institutional processes, organized with checks and balances, for flexibly
adapting rules to dynamic technological developments.
This article is organized in three parts. First, it lays out this nation’s
policies for cybersecurity and for Internet freedom. Next, it discusses the tension between the two policies and proposes a framework for thinking about
resolving that tension. Finally, the paper looks at current and proposed law
and proposes some modifications to mediate this tension.
United States Policy Favors Both an Open
Internet and a Secure Internet
The current administration has announced that both cybersecurity and
network neutrality are key national goals.
Ensuring Cybersecurity
Cybersecurity is a presidential-level policy goal. In January 2008, President
George W. Bush issued a still-classified national security and homeland security directive to launch the nation’s Comprehensive National Cybersecurity
Initiative (CNCI).4 The following year the administration issued the Cyberspace Policy Review summarizing a 60-day review of cybersecurity policy.
The Review set out initial near-term and mid-term action items for securing
cyberspace. Central to the plans was anchoring leadership for cybersecurity
within the White House, particularly by appointing a coordinator for cyber
issues who would answer to both the National Economic Council and the
National Security Council. The military secures its own networks under the
leadership of the recently-launched United States Cyber Command, whose
commander is dual-hatted as the head of the National Security Agency. The
Department of Homeland Security has the lead on securing federal government networks.5 Finally, private companies secure their own networks. But
insecurities in one network can affect another; for example, military and
government services often share the same public-Internet infrastructure as
private companies, and rely on private web services that may be attacked
or compromised. Further, cyber attacks routed through insecure private
networks can attack military networks, and vice versa. As a result, these dif-
“Security versus Freedom” on the Internet
53
ferent authorities have to work together to assure each other’s security.
Cybersecurity threats are real and constant. Today’s most serious
threats do not come from the proverbial bored lone hacker in high school
but from sophisticated organized crime syndicates and, perhaps, nation
states. For example, when Google recently made headlines by announcing
its servers had been subject to
corporate espionage, appar- Today’s most serious threats do
ently directed from Chinese
sources, nobody suspected not come from the proverbial
teenage hackers were behind bored lone hacker in high school
the attack.
Cybersecurity threats but from sophisticated organized
can be classed into three crime syndicates and, perhaps,
broad categories: (1) espionage (accessing government, nation states.
financial, or corporate information); (2) attacks (denial of service attacks, sabotage of electrical grids, air
traffic controls, or military command communications); and (3) other crimes
(identity theft, fraud, and other crimes). Attempted espionage is a persistent
threat; military, governmental, and corporate records are constantly subject
to intrusion.6 On the other hand, “attacks” involve attempts not just to access and steal valuable information, but also to damage or interfere with
computer systems. For example, denial-of-service attacks are common, and
aim to deny someone’s ability to use a server, computer, or other network
resources. Distributed denial-of-service (DDOS) attacks generally involve
thousands of computers, which generally overload a network resource like
a server with requests for information. As a result of the requests, legitimate
users are unable to access the company’s site. To analogize to the phone
network, a DDOS would resemble hundreds of people calling a company
just to tie up the lines and keep legitimate callers from getting through to
place orders or seek help. With DDOS, rather than convincing hundreds or
thousands of people to go to the same website, actors use a virus or worm
to infect thousands of computers, and then later give those compromised
computers orders to request information at the same time from the same
target site. Such a network of infected, controlled computers is often called
a “botnet.” Distributing spam often works the same way; however, the botnet computers have orders to send unwanted emails instead of bombarding
servers with requests.
As a result of malware like viruses and worms, the weapons of bad
actors are often our own computers, with a substantial number of compromised computers residing in the United States.7 Criminals sometimes
deploy DDOS attacks for extortion, as companies subject to such attacks
have been willing to pay to stop the attack. 8 Other times, cyber attacks
are deployed for military objectives. In 2008, the Russian government and
closely affiliated criminal networks were allegedly responsible for cyber attacks on Georgian government sites in the days leading up to Russia’s land
assault on Georgia.9
SAIS Review Summer–Fall 2010
While cybersecurity may be improved through simple distributed
measures, such as convincing network users to chose passwords properly
(and not to share them) and dissuading software companies from “shipping
[products] now, patching [security] later,”10 ISPs can also independently add
a layer of cybersecurity protection. Simply put, technically, ISPs can monitor
traffic patterns across a wide number of connected computers, something
that individual users cannot do (unless those users are sophisticated enough
to create or join virtual networks for cybersecurity, as few are).11 By monitoring those traffic patterns, an ISP can determine if many individual users are
requesting information from the same servers, and thus engaged in an apparent DDOS. Or, an ISP can determine if certain computers are constantly
sending emails, and therefore part of a spamming botnet. Understanding
which computers are involved in attacks or spamming, the ISP can then
disconnect those computers from the network or can monitor all the data
sent from the computers and block the apparently attacking or spamming
data. ISPs are often hesitant to take these actions because there will be false
negatives, where people are wrongly identified as part of a botnet, which
could result in liability or, simply, angry customers.12
As a matter of policy, some have argued that ISPs should play an important role in cybersecurity for several reasons. First, ISPs can help address
the technical aspect of some attacks.13 ISPs can identify spamming computers and botnets, because of access to traffic data, and address them. Second,
ISP involvement can be cost-efficient. Compared to individuals and smaller
web companies, ISPs would have economies of scale for cybersecurity, in
terms of hiring staff and investing in technologies. It would likely be less
expensive in terms of time and resources, at least in some circumstances,
to address a known problem through ISP network filtering, rather than by
requiring all individual users to take the time to upgrade their antiviral
software or download a particular patch. Third, ISPs can more easily identify
threats that users would not identify. A user may not even know his or her
computer is part of an active botnet because botnets are often designed to
operate “silently” in the background of an infected computer. Meanwhile,
ISPs monitor traffic patterns, so they can identify computers silently sending spam or DDOS requests. Fourth, and somewhat related, ISPs sometimes
have better security incentives than users. If, thanks to a worm or virus, a
user’s computer accidentally joins a compromised computer army for DDOS
or spam, that user has little incentive to stop the DDOS or spam affecting
other people’s computers. This represents a misalignment of incentives, wellknown to economists as a “negative externality.” The user does not bear the
costs imposed by others when his or her computer spams or attacks other
computers. In contrast to the user, the ISP may sometimes have a greater
incentive to address the infection, if only to conserve network bandwidth
otherwise going to spam and false requests on its own network.
Nonetheless, the economics literature points to many reasons why
ISPs often underinvest in security. The ISPs, like other private actors, follow
their own economic incentives to secure their own networks. In keeping with
the reality of negative externalities, ISPs have little incentive to block spam
54
“Security versus Freedom” on the Internet
55
going to other networks because outgoing spam is, by definition, someone
else’s problem.14 In addition, consumers may complain over false positives,
for example, when their computers are quarantined from the network or a
favorite application is blocked because the ISP wrongly determines a security
problem.15 As a result of ISPs underinvesting in security, some have proposed
to impose requirements on ISPs, such as liability for outgoing attacks from
computers on the ISP’s networks.16
Ensuring the Open Internet
President Obama, the Democratic congressional leadership, and members
of the FCC have all repeatedly voiced their support for network neutrality.17
While campaigning for the Presidency, Obama promised he would “take a
backseat to no one” in his support for network neutrality.18 In early 2009,
Congress tied stimulus funds for broadband networks to the imposition of
network neutrality conditions on the receiving ISPs.19 Later, in September
of 2009, Obama’s FCC Chairman, Julius Genachowski, proposed a network
neutrality rule and continues to accept public comment on all aspects of
the rule, including the security exception.20
The motivation for a non-discrimination principle is to ensure a level
playing field among speakers (e.g., news sources, bloggers, Twitter users)
and innovators on the Internet. For this reason, a proposed rule forbidding
ISPs from discriminating among different websites and applications is central to the FCC’s
proposed network neutrality If an ISP (like AT&T) could discriminate
framework. If an against FoxNews.com and in favor of a
ISP (like AT&T)
could discrimi- competitor, like CNN.com, or against Skype
nate against Fox- and in favor of Google Voice, then that ISP
News.com and in
would be choosing the online winners and
favor of a competitor, like CNN. losers in speech and innovation—a choice
com, or against better left to individual consumers.
Skype and in favor of Google
Voice, then that ISP would be choosing the online winners and losers in
speech and innovation—a choice better left to individual consumers. By
influencing speech and the marketplace decisions of users in this way, ISPs
would impede robust speech and slow down economic innovation.21
Beyond domestic policy, Secretary of State Clinton has announced
that ensuring an open Internet is now a major foreign policy objective.22
In making the announcement, Secretary Clinton criticized governments
around the world for censoring social networks and blogs. In addition,
censorship impedes American companies’ ability to compete fairly in international trade, something the censorship of Google results highlights.23
Crafting a foreign policy to address censorship is more complicated than it
seems. Nations may require ISPs to censor, may encourage such censorship,
56
SAIS Review Summer–Fall 2010
and, at any rate, grant ISPs considerable discretion in determining what
to censor and what not to censor. As a result, some characterize Chinese
censorship as being “outsourced” to ISPs determining what specifically to
block.24 From the perspective of democratic debate, it matters little whether
censorship comes from governments or from ISPs with close relationships
to governments. As a result, the U.S. must favor global network neutrality.
According to the Secretary’s top advisor on using technologies to further
our diplomatic efforts, in favoring global network neutrality, the United
States would lose credibility if it allowed its own ISPs domestically to interfere with users’ choices.25 So domestic network neutrality advances our
foreign policy goals.
In response to the present administration’s claims, the largest ISPs
make two relevant arguments. First, ISPs argue that network congestion
during times of peak congestion is most appropriately addressed through
internal network management, rather than by “overinvesting” in increased
capacity to meet those rare peak moments. Network neutrality advocates
concede that congestion-management is acceptable, but only so long as
ISPs manage congestion in an application-neutral way. That is, for network
neutrality advocates, ISPs cannot target and discriminate against certain
applications.26 For example, an application-neutral policy might take the
following form: if a user consumes disproportionate bandwidth, his or her
overall capacity could be limited, but the user chooses which applications
to use with that capacity.
Second, ISPs argue that even if application-neutral management makes
sense for congestion management, it makes no sense for security. The point
of effective security is to discriminate against some content (such as spam)
and applications (such as worms and DDOS attacks). Network neutrality
advocates generally agree here; their interest is to ensure that users are able
to access legal, consumer-requested services on a level playing-field.
Yet, for several reasons, ISPs cannot be completely trusted to target
Internet traffic based upon a security justification. A recent doctorate dissertation, on the role of ISPs in mitigating botnet activity, explains:
ISPs might be tempted to use [a system to monitor and block traffic] as an
opportunity to classify user traffic for their own revenue-generating applications (i.e., targeted advertisement). . . . In extreme cases, they might use their
newly acquired powers to disconnect users or traffic that they do not wish
to carry, e.g., by labeling it malicious or risky. (This concern touches on a
current debate regarding the network neutrality principle.)27
A real world example of ISPs’ incentives to mischaracterize anticompetitive
behavior as network management is the famous example of Comcast, in
2007, when it admitted to interfering with legitimate peer-to-peer transfers,
including those used by competitors, but claiming that its application-s …
Purchase answer to see full
attachment