[discuss] Who is responsible for security

Roland Perry roland at internetpolicyagency.com
Tue Jan 14 22:17:03 UTC 2014


In message <28F9431A-35A5-41CE-96E7-5DD979A5AD6A at virtualized.org>, at 
11:02:19 on Tue, 14 Jan 2014, David Conrad <drc at virtualized.org> writes
>Roland,
>
>On Jan 14, 2014, at 1:26 AM, Roland Perry 
><roland at internetpolicyagency.com> wrote:
>>>> Everyone is responsible for their own security on the Internet. 
>>>>Relying on third parties to be responsible for your security on the 
>>>>Internet
>>>> is what facilitates activities such as those disclosed by Edward Snowden.
>>> So, each one of us is responsible for whatever piece of the Internet 
>>>we are responsible for.
>> That's a world-view which worked when the Internet was an exclusive 
>>plaything of geeks and academics.
>
>Well, no. It is how the Internet actually works

It doesn't, because of the 2 billion users, fewer than 1.990 billion are 
actually doing this.

>and thereby provides the venue for innovation that everyone enjoys.

The innovators are found from within less than 0.010 billion of the 
users.

>I've noticed that some folks tend to forget that the freedom to 
>interconnect private networks has implications and drives certain 
>responsibilities.

They don't forget, they have simply never known, nor expected, that this 
is their role.

>> Today's Billion+ Internet users see themselves as customers of a 
>>trillion-dollar platform, not as partners in a grand experiment.
>
>Simply put, if you believe this, then your expectations of privacy and 
>security are limited to what the third parties you have put your trust 
>in allow.

You and I are undoubtedly within the 0.010 billion who have higher 
expectations, but the time when we were in the majority passed a very 
long time ago.

>The Internet is not and cannot be TV or radio on steroids.

But that's all that 1.990 billion of the 2 billion users expect of it.

>It is an interconnection of privately owned and operated networks each 
>with their own rules, norms, and accepted behaviors.

The only difference most users perceive is what the cost per month is.

>The fact that you expect some third party to protect you is "relying on 
>the kindness of strangers". As we have seen, not all strangers (nor 
>even 'friends') are kind.

But in every other walk of life people are happy with this.

>> Working out who gets the job of doing this, is what Internet 
>>Governance is all about
>
>Personally, I believe it is the job of the "geeks and academics" you 
>deprecate

I don't deprecate them as much as acknowledge that their boat as the 
majority of Internet users sailed about 20 years ago.

>to minimize the height of the hill you believe is too high for some to 
>climb, but that's probably just me.

And do you think motor car suppliers should provide the facilities to 
train all drivers be able to perform the 10,000 mile service? In fact 
it's getting worse year on year as motor car engineering (just like 
Internet engineering) becomes ever more complex and relies upon ever 
more specialised knowledge and complex tools to maintain.
-- 
Roland Perry



More information about the discuss mailing list