[discuss] Who is responsible for security

David Conrad drc at virtualized.org
Tue Jan 14 19:02:19 UTC 2014


On Jan 14, 2014, at 1:26 AM, Roland Perry <roland at internetpolicyagency.com> wrote:
>>> Everyone is responsible for their own security on the Internet.  Relying on third parties to be responsible for your security on the Internet
>>> is what facilitates activities such as those disclosed by Edward Snowden.
>> So, each one of us is responsible for whatever piece of the Internet we are responsible for.
> That's a world-view which worked when the Internet was an exclusive plaything of geeks and academics.

Well, no. It is how the Internet actually works and thereby provides the venue for innovation that everyone enjoys. I've noticed that some folks tend to forget that the freedom to interconnect private networks has implications and drives certain responsibilities.

> Today's Billion+ Internet users see themselves as customers of a trillion-dollar platform, not as partners in a grand experiment.

Simply put, if you believe this, then your expectations of privacy and security are limited to what the third parties you have put your trust in allow. To some level that is fine since in the end, you have to trust someone, however you should then not be surprised to find that those third parties have misused that trust to further their own aims, be they commercial or in the interest of some country's "national security".

> Even most small and medium sized enterprises, let alone individuals, expect (and some would say deserve) to have security "thrust upon them" because they weren't "born with it", and "achieving" it themselves is too much of a hill to climb.

This is a pre-Internet world view. The Internet is not and cannot be TV or radio on steroids. It is an interconnection of privately owned and operated networks each with their own rules, norms, and accepted behaviors. The fact that you expect some third party to protect you is "relying on the kindness of strangers". As we have seen, not all strangers (nor even 'friends') are kind. 

> Working out who gets the job of doing this, is what Internet Governance is all about 

Personally, I believe it is the job of the "geeks and academics" you deprecate to minimize the height of the hill you believe is too high for some to climb, but that's probably just me.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://1net-mail.1net.org/pipermail/discuss/attachments/20140114/1c2040d7/signature.asc>

More information about the discuss mailing list