[discuss] Who is responsible for security

Tue Jan 14 22:04:22 UTC 2014

In message <52D59446.5070002 at gmail.com>, at 08:47:18 on Wed, 15 Jan 
2014, Brian E Carpenter <brian.e.carpenter at gmail.com> writes
>>> Today's Billion+ Internet users see themselves as customers of a trillion-dollar platform, not as partners in a grand experiment.
>>
>> Simply put, if you believe this, then your expectations of privacy and security are limited to what the third parties you have put your trust
>>in allow.
>
>Yes. I trust the companies that design locks not to sell the keys to
>third parties, I trust my locksmith to install the lock correctly
>on my door, but it's my job to ensure that my house has a stout
>lock and that I remember to lock it. If I am a shopkeeper, the same
>applies to my shop.

It's a very strained analogy, because there's much more to making your 
Internet connection secure than fitting "locks".

As a shopkeeper you also need to thinking about people driving a JCB 
through the shop window and stealing things that way. As well as the 
crooks planting an employee on your staff and then stealing things to 
order.

>There is certainly a responsibility on vendors and service providers,
>but that does not relieve the responsibility of individuals and
>small businesses. Patrik was only stating facts.

It's not a fact that individual users (business or domestic) need to be 
able to devise their own locks, which are the only defence between them 
and the outside world.

Think of it more like renting some space in a serviced office building 
where you require the landlord to provide the reception and security 
staff, who between them will repel the vast majority of threats. And 
those which their professional knowledge and experience fail to repel, 
are either insurable, or an uninsurable cost of doing business.
-- 
Roland Perry