Ricci Street < Port 80 < Shoreline || search | sitemap | help gazette | theater | bistro

|

Security other pages copyright | privacy | taxation resource pages copyright | privacy | security | taxation this page the problem | issues | policies | force analysis

myths about online security

Myth #1: "I'm not on a network, so my PC is safe."

Myth #2: "I just use dial-up connections, so my PC is safe."

Myth #3: "I use an anti-virus app, so my PC is safe."

Myth #4: "I use a firewall, so my PC is safe."

Why are these myths? What's the reality? Fred Langa will tell you.

The Problem

Maximum security is always a prison.

What's the problem underneath the problem? What needs to change for the problem to get solved?

This is a very hot topic because people are scared. The Gibson Research Corporation has an interesting project called Shields Up.

What do we mean by security? "Your information is secure." What does that mean? What does it really mean? What do people want it to mean? Why is it even a problem? What are they comparing "secure" to?

Do the old security laws / standards / expectations still apply?

In the Agricultural Age (prehistory to 1800), wealth came from my having possessions (gold, land) that you didn't have.

In the Industrial Age (since 1800), power came from my having possessions (the atoms holding information) that you didn't have. In both ages, I wanted to know that my possessions were safe. I wanted to be sure that you couldn't get it. It had to be MINE, MINE, MINE.

Since atoms can be in only one place at a time, this made some sense. It was a zero-sum game. There were only so many scarce resources to go around. If I had it, you didn't have it.

However, bits can be in more than one place at a time. Soon they'll be everywhere all the time. Then we no longer have a zero-sum game. I'll have to create artificial scarcities and you'll probably just ignore me ("route around the damage" in Internet terms).

How secure should data be?

The problem | How can we make online information secure enough to encourage development of the Internet?

America's Flimsy Fortress
by Bruce Schneier
Wired,  March 2004

All the money spent on security since 9/11 has done little to make us safer.

Every day, some 82,000 foreign visitors set foot in the US with a visa, and since early this year, most of them have been fingerprinted and photographed in the name of security. But despite the money spent, the inconveniences suffered, and the international ill will caused, these new measures, like most instituted in the wake of September 11, are mostly ineffectual. ...

Security always involves compromises. As a society we can have as much protection as we want, as long as we're willing to sacrifice the money, time, convenience, and liberties to get it. Unfortunately, most of the government's measures are bad trade-offs: They require significant sacrifices without providing much additional safety in return. And there's far too much "security theater" - ways of making people feel safer without actually improving anything.

Definitions

security | privacy

Tip | Security and privacy are separate topics for research purposes. Even though you'll run into a lot of info about the one when you research the other, don't search for them together.

cryptography, the study of encryption
digital certificate
digital signatures
PKI - public key infrastructure
SSL - secure sockets layer

This German PKI page has a terrific this list of links to information about all of the above terms.

Digital Certificates: What Are They, and What Are They Doing in My Browser?
by Judith Boettcher
Syllabus, August 1, 2002

CREN Test CA Demonstration

DRM - Digital Rights Management

Established facts

What does everyone agree on?

The Issues

Map out the current landscape of this problem.

Who are the players?

organizations

US Commerce Department's press release about its new, looser regulations on the export of cryptography

VeriSign

laws and regulations

Electronic Signature Legislation -- comprehensive overview U.S. and International

the regulations themselves

personalities

conferences

web sites

technologies / tools

nannyware

What are the prominent issue statements?

Any issue as broad as security is made up of sub-issues and underlying issues and larger issues.

For example, the security issue includes the underlying issue of encryption and the broader issue of national security. When national security gets extended to domestic security and law-enforcement, then the security issue blends into the privacy issue.

Help us untangle this complex situation by clearly stating the three or four prominent issues in debatable terms. 

issue statement #1

issue statement #2

issue statement #3

What are the prominent positions?

Excerpt, summarize, and link to the partisan advocacy positions on security taken by the players.

the EFF, EPIC, and ACLU analysis of the constitutional defects still embodied in the new rules

The Policies

Examples of publicly posted security policies

Cryptome - information on cryptography policy and politics

Citations for articles about security policies

Force Analysis

How is security affected by the driving and restraining forces of the Internet?

driving forces

small, fast, cheap
visual: multimedia
networked: big pipes
embedded: almost invisible
universal: everyone has them; internationalization
ubiquitous: always on, everywhere
intelligent
easy to use
trusted
standardized

restraining forces