[discuss] Who is responsible for security

Roland Perry roland at internetpolicyagency.com
Tue Jan 14 09:26:45 UTC 2014

In message <289D2950-535B-4C27-8612-44B190BB3E0B at frobbit.se>, at 
23:42:00 on Mon, 13 Jan 2014, Patrik Fältström <paf at frobbit.se> writes
>On 13 jan 2014, at 17:38, David Conrad <drc at virtualized.org> wrote:
>> Everyone is responsible for their own security on the Internet.  Relying on third parties to be responsible for your security on the Internet
>>is what facilitates activities such as those disclosed by Edward Snowden.
>To put it differently, whenever anyone connect something to whatever is part of the Internet, what is connected ends up being part of the
>Internet, not outside of the Internet and connected to it. And whoever connects that thing is still responsible for the functionality for it.
>So, each one of us is responsible for whatever piece of the Internet we are responsible for.

That's a world-view which worked when the Internet was an exclusive 
plaything of geeks and academics. But that genie escaped the bottle in 
around 1995.

Today's Billion+ Internet users see themselves as customers of a 
trillion-dollar platform, not as partners in a grand experiment.

Even most small and medium sized enterprises, let alone individuals, 
expect (and some would say deserve) to have security "thrust upon them" 
because they weren't "born with it", and "achieving" it themselves is 
too much of a hill to climb.

Working out who gets the job of doing this, is what Internet Governance 
is all about (ever since the point, around the Millenium, that 
governments acting as the representatives of those users noticed that 
there was something which they considered needed to be done).
Roland Perry

More information about the discuss mailing list