Miscellaneous Thoughts from IT Security Entrepreneurs Forum
I have been working on a couple of different projects lately that have me tied up and I have not been blogging lately. But as usual, whenever I go to trade shows or industry events, invariably something sparks my interest. I was at the IT Security Entrepreneurs Forum last week and one of the panels really got my attention. The concept proposed to the audience:
Do you believe Security & Privacy on the Internet are diametrically opposed?
Seriously. This is not a loaded question. At the forum, one of the panelists, a respected member of the US Intelligence Community stated that we cannot have Internet Security and Privacy. It’s one or the other, and privacy groups’ demands do not allow policing of Internet activity. They are diametrically opposed. This person then gave the analogy that Privacy on the Internet was just like putting cops (His word, not mine) on the street, and allowing them to watch crime occur, but not draw their guns and not make arrests.
I believe that there are ways, perhaps dozens of ways, to provide both. There are many ways to create a trust relationship without a specific identity, or even create a proxy relationship to create this trust relationship. I think it was the American Express Blue card, circa 1999 or so, that offered anonymous Internet payments. It is the concept that is important here, not the individual company offering, so don’t send me nasty email for my lack of fact checking on this point. The payment proxy concept I felt had great promise for providing a platform for anonymous purchases on the Internet. There would not be an exchange with the merchant of the credit card number or other related information, they would only receive payment. Sure, in the case of purchasing goods requires that the name and address information be passed, but for services and the purchase of virtual goods, there may not even be that. But this is privacy and security all at once.
If I run a blog and I want to make anonymous posts, or communicate electronically under a pseudonym a la the fake Steve Jobs , I can do so by digitally signing the blog posts, allowing me to make public comments that could be verified as authentic without revealing my identity. I could correspond through email by posting a public key and email address in an accessible location and allow for correspondence to me that was both confidential and secure while providing me a degree of privacy. There are lots of examples of creating intermediary trust relationships that will work depending upon the goal.
We can have privacy and security on the Internet. At the same time. Arguments to the contrary are FUD motivated by money. Or politics. Whatever. My privacy being at odds with someone else's desires is the real issue.
Comments
You can follow this conversation by subscribing to the comment feed for this post.