Bruce Schneier (Counterpane Internet Security) says security is primarily social. The techno solutions don’t work if the social environment doesn’t support them. Much of the stuff being done in Homeland Security isn’t worth the cost; cost isn’t considered.

Robert Liscouski from Dept of Homeland Security says that they do consider cost.

Bruce: Wrong economic model. It’s not the cost of loss. Take Iraq. It cost us $200B to invade and occupy Iraq. Doing it was good, but was that the best use of the money? Did we get our $200B’s worth?

David Johnson of NY Law School, explains the Accountable Net proposal that came out of a meeting at the Aspen Institute. It would let you know that you’re dealing with an authenticated person and enable trust networks while staying decentralized. Here’s Esther’s description from her NY Times column on the topic:

The idea is simple: People on the Internet should be accountable to one another, and they are free to decide whom to interact with. The goal is not a free-for-all, anarchic Net, but one where good behavior is fostered effectively — and locally…

The basic rule is transparency: You need to know whom you are dealing with, or be able to take proper measures to protect yourself. The accountable Net is a complex system of interacting parts, where users answer not just to some central authority, but to the people and organizations whom they affect.

John Palfrey puts it this way:

We think the internet will become more orderly over time, but we do not agree that the internet needs, or will easily yield to, more centralized authority — private or public. To the contrary, we believe a new kind of online social order will emerge as the result of new technologies that enable a more powerful form of decentralized decision-making. These technologies will give private actors greater control over their digital connections. They will enable both end users and access providers to establish connections based on trust, rather than connecting by default to every other network node and trying to filter out harmful messages after the connection has been made. Because of these new developments, participants on the internet will be more accountable to one another than they have been in the past.

…As long as ISPs, enterprises, and individuals use systems that require those who interact with them to authenticate themselves and/or provide acceptable reputational credentials — using a contextually-appropriate mode of authentication — then everyone can decide when to trust someone (some source of bits) and when to filter someone else out of their online world

[Allowing users to do this themselves is far preferable to letting governments or ISPs do it, of course. But in establishing my web of trust, am I simultaneously turning the rest of the Net into a web of distrust? How much will we give up in cuttting ourselves off from that? I don’t know the answer to this question, but John’s use of the phrase “their online world” instead of “our online world” is worrisome to me. On the other hand, this proposal — which I don’t understand well — is coming from people I trust completely and who do understand it. So, I have no trust in my knee-jerk reaction. I definitely want to learn more about this.]

Categories: Uncategorized dw