1.

There are those who opine that for increased security online one has to be
prepared to relinquish some of his/her privacy.
Do you agree with this statement? Is it possible to have both security and privacy
online without users feeling that their right to privacy is being violated? Support
your position with concrete examples.

Security implies the relative guarantee of protection of citizens, and their data, the data
being in the hands of third parties. A part of security however, for the users, requires that
information they deem private be not divulged to anyone, at the same time security
requires monitoring of events and activities in order to predetermine how to improve
security, as well as how to track sources of potential criminal activity. In light of the need
to maintain security, the security enforcer needs to be provided with some minimum
information, e.g. there will be no need for a bank to worry about privacy and security of
client data if the clients were anonymous. Banks’ security and privacy policies are meant
to protect client data that they hold. An example of a bank that does this is JP Morgan,
http://www.jpmorgan.com/pages/privacy.

Where there is absolute privacy, security is not a necessity. Lack of security lack of
privacy. The use of such trans-national tools like the internet requires that the security of
a whole group of people be more important than the privacy of any one single person.
“Security … constitutes those reasonable and prudent policies, processes, steps and tools that are
used to maintain confidentiality and privacy. It involves all methods, processes, and technology
used to ensure the confidentiality and safety of the once private information that has been
entrusted to a third party by the customer.” What Is The Difference Between Security and
Privacy? Rebecca
HHeroldhttp://www.informationshield.com/papers/Privacy%20and%20Security%20-
%20Herold.pdf

When we claim the need for privacy, we need to be aware of what we are keeping private
and the implications on security. By maintaining privacy who are we securing and who
are we putting at risk. As in the discussion “…banks are truly held responsible for
verifying the identity of anyone opening a bank account, then this problem will be
reduced to acceptable levels (will never be eliminated). Will there be a "cost" to this?
Absolutely. Banks will need to spend more to verify their customer's identity. Customers
may have a waiting period when opening a bank account, and in-person verification may
be a requirement”. Schneier on Security,:
http://www.schneier.com/blog/archives/2009/06/the_hidden_cost.html. The process of
identification and verification require some shedding of the privacy. In this case it is
absolutely necessary in order to maintain integrity and security. Even if this information
is available through a third party, there still is some necessary shedding of privacy.

Security can be intrusive on privacy; irregardless of whether it is internet security or

general security e.g. a police officer receiving a search warrant is one example of the
intrusive nature of security on other rights. It is necessary that policies and regulations
exist in the constitution to allow such activities, necessary for security and with due
reason to be carried out. One should note that “you must implement security to ensure
privacy. You must use security to obtain privacy. Security is a process…privacy is a
consequence. Security is action…privacy is a result of successful action. Security is a
condition…privacy is the prognosis. Security is the strategy…privacy is the outcome. Privacy is a
state of existence…security is the constitution supporting the existence. Security is a tactical
strategy, …privacy is a contextual strategic objective. Security is the sealed envelope…privacy is
the successful delivery of the message inside the envelope.” What Is The Difference Between
Security and Privacy? Rebecca Herold. It is also necessary that users become aware of
how to take responsibility for that information they would rather not give obligingly
using available security and privacy tools e.g. stealthier, close-n-forget etc,
http://www.makeuseof.com/tag/best-firefox-addons-for-enhancing-security-and-privacy/

Those tasked with security should follow due process and procedure in securing the
information they hold.. Trust between the user and the security authority in order to
ensure user’s right to privacy should be established and maintained. The user need not
make the security of their private information wholly a responsibility, but to ensure that
there is accountability for any breach, in the form data protection directives and
regulations, with clearly stated means of ensuring recompense. An example is when
Google stores and distributes collected data, which ensures that people still maintain
some privacy as well as security, Google Help
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762.

Bibliography

1. Privacy and Security, http://www.jpmorgan.com/pages/privacy\

2. What Is The Difference Between Security and Privacy? Rebecca
HHeroldhttp://www.informationshield.com/papers/Privacy%20and%20Security%
20-%20Herold.pdf, July 2002
3. Schneier on Security,: The “Hidden Cost” of Privacy, Bruce Schneier, 15 June
2009, http://www.schneier.com/blog/archives/2009/06/the_hidden_cost.html
4. http://www.makeuseof.com/tag/best-firefox-addons-for-enhancing-security-and-
privacy/
5. Google Help
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762.

4. The internet is not a 'commons', but a network of networks that are mostly
privately owned. A lot could also be achieved by greater co-operation between
governments and the private sector. But in the end more of the burden for
ensuring that ordinary people’s computer systems are not co-opted by criminals
or cyber-warriors will end up with the private sector—especially the internet service
providers that run the network.
Do you agree with this statement? Give reasons for your argument for or against.
Support your position with concrete examples.
Internet service providers are the gateway to internet resources for most ordinary people
for business and entertainment. They share the same platform as other more
knowledgeable users as well as cyber criminals. As the provider of a service to their
clients, ISPs have a social and moral responsibility to ensure that their clients traverse the
internet in a way that is safe and also protective of the infrastructure that the service
provider owns.

Governments are generally tasked with the security of citizens , formulating laws and
regulations as well as falling back on law enforcement agents to track and apprehend
perpetrators of crime. All other stakeholders play their part and the law normally takes
recourse through law enforcement agencies and the courts. While “… it makes sense to
think of the ISP as a morally neutral channel”, Ipcentral, ISP Responsibility for
Customer Copying, January 2007, and leave the government to take the necessary
measures to prevent crime, the speed at which the internet changes is much faster than the
swift action of activities on the internet. ISPs should ensure that business is not disrupted
and provide customer satisfaction through value-added services such as secure access.
The traditional law mechanisms and the internet do not “… mesh well. The former easily
overwhelms the latter”. Ipcentral, ISP Responsibility for Customer Copying, January
2007

ISPs possess the technical expertise to identify and handle harmful activity. As the central
connection point, a breach or compromise of a client’s host machine may render ISPs
unable to provide services. The ISP can “see” potential malicious activity and should
therefore take action. The ISPs and the private sector, who provide the majority of
internet services, stand to lose a great deal from compromised hosts.

Once perpetrators know they can be identified and swift action taken against them, the
levels of crime will be reduced. Waiting for the slow arm of legal regulations through
governments may take ages and criminals have always found ways of ‘technically’
getting away with crime. The major advantage of ISPs is their technical expertise internet
as well as their swift action and the ability to implement regulations quickly without
entering into long and tedious bureaucracy.

ISPs are analogous to having a road with no warning or regulatory signs, no proper
bridges and traffic lights and vehicles that are not road worthy. Passengers only need to
get to a destination, but are not responsible for the condition of the vehicles. ISPs should
therefore ensure online safety. Ignoring abuse within their networks would be similar to
harbouring criminals. ISPs need to be proactive in the fight against cyber criminals as
“…research suggests that regulations designed to force ISPs to take action to curtail
compromised systems would dramatically impact cyber criminals' botnets. Turkey's
national Internet service provider, Turk Telecom, recently blocked its users from sending
mail through any but its own servers. As a result, nearly four million IP addresses
showing signs of infection could no longer send spam, says David Rand, another member
of the research team and chief technology officer of antivirus firm Trend Micro.
Regulations that would prod other Internet service providers to take similar action could
help clean up major networks”. How ISPs could combat botnets, Robert Lamos, May
2010, MIT Technology review, http://www.technologyreview.com/computing/25245/?a=f

ISPs have power through providing acceptable use policies which act as a deterrent, they
can easily identify incoming and outgoing bad traffic through their networks, and they
can take action, e.g. shutting down connections in a way that does not require the slow
traditional law enforcement mechanisms, based on their acceptable use acceptable use
policies.”

As Paul Dinsmore notes in ISP Security & Responsibility, April 2002, “with a great
degree of certainty that no Internet market is renowned for its customer loyalty. Security
issues will simply be seen as poor performance and lead to customers voting with their
feet”. Security will decide if ISPs stay in business as ordinary users require security but
most often, cannot be bothered to implement it themselves. This is currently the situation
with online banking where banks make the most effort in ensuring secure transactions
online, as well as educating users on safety online.

Bibliography
1. Ipcentral, ISP Responsibility for Customer Copying, January 2007
http://weblog.ipcentral.info/archives/2007/01/isp_responsibil.html
2. How ISPs could combat botnets, Robert Lamos, May 2010, MIT Technology review,
http://www.technologyreview.com/computing/25245/?a=f
3. ISP Security & Responsibility, Paul Dinsmore April 2002, ISP Review
http://www.ispreview.co.uk/articles/firewall/01.shtml