- Market surges, Gates predicts 9% unemployment
- Obama the first presidential hopeful to advertise in games
- Microsoft reveals critical holes in Active Directory
- BlackBerry Storm vs. the iPhone
- How will economy affect network equipment vendors?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
What is the right balance between security and privacy? This is a common starting point in many policy discussions, especially in government. It’s a trick question because it presets the conversation as a balancing act between two values as if they are antithetical – they are not. In practical terms, privacy is security. It is the first thing a security professional learns as part of the Confidentiality – Integrity – Availability “CIA” acronym. Privacy is the individual’s confidentiality control. If we’re going to start the conversation with a question that prejudices the playing field let’s use this one: “Do you love privacy or do you hate America?”
Part of the reason we get into trouble when having these discussions is because most people confuse trust with identity. In our immediate surroundings, identity is the only basis of trust. I trust those I know. But in a larger and interconnected world, I cannot know everyone I need to trust, so I have to use references. I ask my neighbors if they know a good plumber and use their trust as a proxy to extend my trust. Do I care if the plumber is John or Suzy? If they bank with CorpBank or if they are licensed to drive? Not really.
In an even broader context I use other proxies for trust. I check an eBay seller’s “feedback” rating, I read product reviews by consumers on Amazon. I read with interest the opinions of blogger “Jerome” on the price of oil because of his track record. Yet truly, I have no idea if Jerome is a he, or if the alias Jerome is “his” real name.
If I need more trust in a transaction I look for “attestation” by a trusted organization. The DMV has attested that I can drive. Fair Isaac has attested that I pay my bills with a confidence level above 750 out of 800. As a society we hope that both the DMV and FICO have a reliable process that leads to predictable results.
But it’s important to differentiate between the narrow aspect of identity they validate (attestation) and the identity itself. If the DMV says I can drive, what difference does it make if my last name is unpronounceable and Greek-sounding? As long as the fact that I am licensed to drive can be securely associated with my person then my name, address and all that other info is irrelevant. Worse, it is a liability because every time I pull out an ID that is “comprehensive” I reveal far more than necessary for a specific transaction.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment