Workshop on the Economics of Information Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks.

Posted on June 11, 2019 at 6:17 AM • 4 Comments


MarkJune 11, 2019 9:05 PM

The "Code of Conduct":

"Harassment can occur when there is no deliberate intention to offend. Be careful in the words that you choose. Harassment committed in a joking manner or disguised as a compliment still constitutes unacceptable behavior. Remember that sexist, racist, and other exclusionary jokes can be offensive to those around you."

Good to see the PC/SJW word police now enforcing their nonsense at conferences. Offense is taken, not given.

LarryJune 12, 2019 4:01 AM

Two thumbs up. I don't know when or if you will see my comment, but prepare to be clobbered by other people that leave comments here! I'm sure you & I are in the minority here.

Jesse ThompsonJune 12, 2019 4:29 PM

ZOMG @Me is harassing @Mark! Humour is no excuse! Ban them from the conference!


Back to topic though, I wonder what parallels exist between harassment and system intrusion. On the face of it the second seems easier to define, but I'd argue that both (ordinarily) represent nothing but signals acted upon by the target system. An offended person "takes" offense, a compromised system explicitly runs unauthorized code.

In systems security, we recognize the immorality of sending signals to obtain unauthorized access, it is at some level a matter of respect to agree not to trespass upon another's property, regardless how easy it may be to hop over that fence. But we also work to improve the robustness of systems to be able to automatically reject as many such signals as is feasible in order to weather the storms of the inescapable fact that out of seven billion other people, some of them aren't going to behave morally.

It's challenging to understand why the analogous interpersonal situation of "being prepared to be exposed to thoughts, ideas, words that one knows one might find offensive" is as frequently vilified as it is. Why shouldn't we be expected to bear the burden of some responsibility over what inbound signals we choose to allow to influence our behavior and responses?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.