May 08, 2008
Mobile Musings
Late in the day at the Berlin deep dive, we let participants choose a topic that they would like to discuss. The group chose Mobile Security, which is a fascinating, but at times confounding, subject. Here’s what happened:
At first, the group struggled mightily with the topic. As often happens, many of the participants bemoaned the current state of mobile security. There were comments about how terrorists use mobile phones to set off bombs and coordinate movements. There was some fear around sending sensitive information over the airwaves (despite the fact that sending information wirelessly is no more or less secure than sending it over wires.) And there were many that talked of how easy it is to steal mobile phones and the information on them.
It went on like this for a while until Marshall Behling, director of business development and strategy at Verisign, a GIO partner, put an end to that talk by simply saying: “Every new technology has the inherent ability to be used for good or evil.” Well said. Now let’s get on with it.
What came next was a far more thoughtful, progressive conversation that yielded some interesting ideas about we can use mobile technology to our collective advantage. First, we started thinking about the uniqueness of mobile devices. What is it about them that we could leverage for better security: they are pervasive (nearly everyone’s got one, some people have two); they’re personal (we carry them in our pockets, and this is a hugely important characteristic); they are increasingly powerful and functional (phone, camera, email, video, web); and they will soon have blazing fast connections to the Internet (WiFi, WiMax, 4G).
With this arsenal at our disposal, we began to discuss the potential all kinds of security applications. For example, you could issue localized security alerts that could be sent to all the mobiles in a given area. If there were a terrorist threat, a warning and a short set of instructions could be sent out, potentially saving lives. On the flip side, concerned citizens could send security alerts to law enforcement, even snap photos or stream audio and video of an event in progress. Some of this is already being done, though it’s not as organized or sophisticated as it needs to be.
Time constraints prevented us from doing much more than scratch the surface on this front, but you get the idea. When you combine a powerful, networked technology with the notion of personal responsibility (see last entry) you get some pretty compelling possibilities. We’re looking forward to exploring these ideas in our upcoming dives in Tokyo and Taipei, where the technology is highly advanced. Check back next week for a look at the results of the Tokyo dive.
May 8, 2008 by GIO Editor in Security and Society | Permalink | Comments (1) | TrackBack (0)
April 29, 2008
Personal Responsibility
During the Berlin deep dive, an idea surfaced that we hadn’t seen since the Media and Content focus area of 2007. It’s the idea that individuals should be able to control their personal information, the data that companies buy and sell thousands of times over in an effort to market to us more effectively.
Depending on the purpose, this data might include mailing address, email address, telephone numbers, age, sex, income level, employer, purchasing history, credit card number, social security number, bank accounts, etc. In other words, it’s pretty personal stuff…and valuable. When we discussed ownership of this data in the Media and Content deep dives, it was in the context of allowing individuals to better control what content and advertising they receive. One male participant lamented the fact that he frequently received discounts for feminine hygiene products.
But in Berlin, the discussion revolved around improving security by giving individuals more control of what information is released, to whom, and for how long. This, several participants reasoned, would reduce the risk of having that information stored ad infinitum on hard drives around the world. Because, as one diver put it, “electrons are very patient. Once it’s out there, it’s out there.”
Many agreed that in the Information Age, we have all gotten extraordinarily adept at putting our information out there. But we’ve no idea how to get it back. Or how to ensure its accuracy. Several participants suggested some kind of data retrieval service, through which you could reclaim information that was once yours to give. Perhaps the most compelling idea, however, was the suggestion that any time you enter your personal information into a database, you could assign an expiration date to it, ensuring that at a prescribed future date, that information would be destroyed.
These are all great ideas, but at some point the conversation became more about civil rights and less about security. By that I mean, does anyone think that giving the billions of individuals on the planet control over their personal information will make us collectively more secure? In fact, you could make a pretty compelling argument to the opposite effect; that individuals have proven themselves to be poor stewards of their own information, and that the continued popularity of phishing scams is exhibit A.
Of course, this doesn’t mean that we should all throw our hands up and resolve ourselves to corporate ownership of all personal data. But it does mean that we need to be thoughtful about how we approach big issues like this. We have already discussed the strategy of pushing more of the responsibility for security to the edges of the network, i.e., individuals. But can we all really be trusted with that kind of responsibility? Isn't that why we outsourced security to government in the first place? Because, as one participant so eloquently put it, "the problem is humans." Therefore, if security is the end, is personal ownership of data the proper means? And if not, what is?
Once again, the GIO has succeeded in raising more questions than it answers.
April 29, 2008 by GIO Editor in Security and Society | Permalink | Comments (1) | TrackBack (0)
April 16, 2008
It’s the Network, Stupid
There is a natural tendency for people, when looking for security solutions, to appeal to some higher authority. In many cultures, we’re accustomed to abdicating the bulk of the responsibility for our collective security to a number of organizations, such as the government, the military (often one in the same), local police forces, our parents, even corporate policy.
Continue reading "It’s the Network, Stupid"
April 16, 2008 by GIO Editor in Security and Society | Permalink | Comments (4) | TrackBack (0)
