Comments

Clive RobinsonDecember 4, 2019 8:38 AM

@ Bruce,

The problems of,

1, Credibility,
2, Influance,
3, Money,

Are hurdles that are very high in the ICTsec sector.

As many have noted ICTsec is mainly a "Bull5hit Market" where promises look big, but reality is woefully different (your posting on "The Story of Tiversa"[1] yesterday demonstrates this).

We have a long slow and arduous road ahead to even get a glimmer of credibility in "Walnut Corridor" and an even longer road to gain sufficcient influence to get even very small crumbs off of the "high table".

In fact many in the ICTsec market will see Tech Policy Activists as a significant threat to their businesses and thus will make considerable efforts to lobby against them both legaly and illegally.

I'm not saying that the journy should not be made, I think it should as it will help clean up the ICTsec marketplace, but people need to go in with their eyes wide open and realise it's in no way going to be an easy or rewarding path to take.

[1] https://www.schneier.com/blog/archives/2019/12/the_story_of_ti.html

seanDecember 4, 2019 10:02 AM

There's no public interest.

The only effective tech policy is to let individuals and corporations decide for themselves and bear cost of their own decisions. The enforcement should be private as well.

Why should a blue collar worker or offline farmer bear any burden of government policies that exist to protect interest of online-centric businesses?

"Public" tech activists promote policies that tax all to implement and enforce policies that benefit few.

CuriousDecember 5, 2019 6:08 AM

Presumably a greatly misunderstood idea might be 'privacy'.

Instead of 'privacy' having real meaning as it would pertain to people's most private moments or intent, I can't help having the impression that 'privacy' is instead thought about as either 'secrecy', or some kind of protectorship (if that is a word in English). 'Secrecy' might sound nice at first because the very word seem to be something that appeal to your sense of power, but if the power isn't given to you, or, isn't even entertaining the notion of empowering you, somebody else get to have that power, and then I find it problamatic whenever you don't get to own your own things anymore I would think.

Living in Europe myself, I can't help but think that the US legal(?) phrase "no expectation of privacy" is helping not only hollowing out the possible notions of what 'privacy' would mean for people that would want or do depend on it, but so to speak voiding the very consideration of 'privacy' in its entirety, as if, 'privacy' was not a matter of tangible rights for consideration (but instead being something to be deemed "expected", or not simply offhand), but that of 'policy' (read: something utterly arbitrary). Sort of a principled, anti-principle if you will. Thus 'policy' imo, itself becomes a dirty word in this context the way I framed it as understood as being pure politics, insofar as one thinks of it as being something subject to pragmatism, or politics, as opposed to scientific research and philosophy, and ideas of human rights even.

I myself never liked the word 'pragmatic'. I think I know what the word means, and I can see myself using it to say something without it having negative conotations to it, but I wouldn't trust others with being pragmatic, if any ideas or claims of 'necessity' isn't real, but faked, or elevated to some importance that isn't merited as something blatantly obvious.

Clive RobinsonDecember 5, 2019 9:23 AM

@ Curious,

Instead of 'privacy' having real meaning as it would pertain to people's most private moments or intent, I can't help having the impression that 'privacy' is instead thought about as either 'secrecy', or some kind of protectorship (if that is a word in English).

Privacy and secrecy have very similar meanings when you analyse them.

But whilst most people understand privacy "behind their closed front door" they don't think of it as secrecy or hiding etc etc. Often they ascribe different thoughts to the words, thus "good people have privacy" but "bad people hide or have secrecy".

Which prosecuters try and take advantage of. Thus in general talking about "information hiding" or "information secrecy" adds some kind of "ill intent" to the action whereas "information privacy" has "good intent" such as "keeping you bank details private".

Whilst agnostic actions of having privacy, secrecy and hiding should not be seen as good or bad, people subconsciously do ascribe good / evil based on the word usage only...

CuriousDecember 5, 2019 12:05 PM

@Clive Robinson

I am unfazed in considering (some) people as thinking about the word 'secrecy' as being somewhat naugty and selfish if you will, after all that is only to be expected or anticipated I would argue, if one say took up an interest in wondering what a particular neighbor was perhaps doing behind his/her closed curtains seen in their living room. One might for a moment be entertaining the notion of having a-need-to-know, but unless such a need was necessary, it would be wrong to even vaguely assume such.

So from what I wrote and in response to what you wrote after that, it seems pertinent of me here to simply state that, and for hammering my point home about what an idea of 'privacy' for individuals or people ought to be thought of, a given problem arise (given by me that is), or an understanding if you will; that having to rely on other people's interpretation of what is and isn't considered 'private' or otherwise pertaining to issues of 'privacy', as if such an understanding was found to have been delegated to people that find such terms either appropriate or inappropropriate in any given case, is just wrong (if you care about privacy for yourself and others). Outsourcing the meaning of 'privacy' to tech people, or politicians, or police/military is thus just wrong, regardless of policy being good, bad or benign. It is like, if asking if something like 'democracy' wasn't "people power", what the hell would 'democracy' otherwise be if not just that? Maybe a policitian could coyishly equate 'democracy' with 'security' as a conceptual metaphor, but with sitting protestors having being peppersprayed in the face with a big bottle, that shit wouldn't be believable (a reference to a UC Davis University event), or it shouldn't I would have to argue.

Thus, if ever tempted to think of anything 'privacy' as being a THING in the world that you believe that you youself and others have to relate to (as if ideas about privacy was simply self evident and given, in an instance of defeatism or idiocy even, even at age 20 I had no idea what 'philosophy' was), the appeal of such shouldn't be the mere notion of there being an appplied 'universality' to such idea(s) regarding 'privacy', when obviously any applied idea of 'universality' or similiar would be but a fancy word if said notions about universality also was hollowed out by limitations and exclusions, an obvious red flag, or red card, or flashing red light if you will. As if making a reference to 'a society' or 'society', but for a moment seemingly arguing about everybody being the same as one, while conveniently forgetting that there would likely be damning nuances to such a generalization which in turn would make the notion of a "one" into something entirely different, like there being a majority and a minority, or, just disparate interest groups for whatever sensible reasons.

AndersDecember 5, 2019 12:55 PM

I think this belongs here.

www.hackread.com/information-security-professional-degeneration/

Clive RobinsonDecember 5, 2019 4:44 PM

@ Anders,

I think this belongs here.

Yes it does, and it supports what some have known and others suspected for some time.

If you look back far enough on this blog --and others-- I used to say that "team leaders" needed to get themselves an MBA.

For two reasons,

1, To talk to the suits in their oen language fluently.

2, Get the respect the piecr of paper earns you from managment.

But the one thing all ICT people have to realise is that "managment see you as blue collar" no mater hoe bright, inteligent or perceptive you may be. Thus you are seen as not just not part of the club, but alien outsider[1].

Worse they have more respect for the kids in boiler suits down at your local "Quick Change" tire shop, because they might once have tried to change to the spare in their car and failed or found it difficult. On mass they have no interest in how the technology they profit by works, all that interests them is cost reduction and profit maximisation in the very short term. That is if you can not show a real return within a couple of quaters you are in effect stealing their bonuses in their viewpoint.

So yeh stress, anger, vitriol and thoughts of defenistration are what bubble up.

[1] Think of yourself as being seen as a "Mexican", to those who think walls are good to protect their 1% of the 1% position. That realy is how the C-Suite Suits view ICT workers, they won't even acknowledge that you have a proffession or behave proffessionaly.

MarkDecember 5, 2019 4:47 PM

The usual magical thinking from Bruce and the cyber security industry, most of which is rooted in political beliefs.

"...technology practitioners who focus on social justice..."

I stopped reading there and then, when I read "social justice", the Left's ideological baby.

The magical thinking is roughly this: Governments are over reaching, spying on us all. The way to solve this is to lobby to government, or place more government officials -- with ours views! -- in the government, in order to influence policy. This policy can then be pushed down to technology companies, through the monopoly of power that is the government.

The only problem? The government has two roles -- something Bruce gets right but fails to follow his own line of thought -- offence and defense, surveillance against its citizens, privacy of its citizens.

The argument that more government -- or better government -- is magically going to solve this problem is laughable. The two roles cannot be reconciled, and we know which one wins every time, Left or Right. It's the same in the US, Australia, the UK, NZ, and I assume Canada.

The only option is getting the government out of business of surveillance against its citizens, to reduce the size and power of the government. This removes the offensive capability of the government against its own citizens... or at least greatly limits it.

Only then can policy be used effectively to protect privacy rights. Granting the government more power over companies means the government can use that power for both roles (e.g., paying RSA to manipulate a random number generator).

Electron 007December 5, 2019 6:02 PM

@Clive Robinson

But the one thing all ICT people have to realise is that "managment see you as blue collar" no mater hoe bright, inteligent or perceptive you may be.

That is not an entirely unearned reputation. There is a certain "porn-surfing code monkey" culture with a low-IQ locker-room jock mentality among programmers and IT staff.

Very male-dominant, one would have to admit, but the Title IX junk, the harassment lawsuits, and the frivolous rape accusations, which started on colleges campus and took over the corporate work environment, only make matters worse.

Young male dominant, I should say. Googleplex and the like are concrete-basement man-caves with a pizza-and-beer party going on that fails to appeal to those of a certain age and common sense to get the job done they were hired to do and go home at the end of the day.

Older people, some of whom may be more experienced working with others in a team, have a lot of trouble coping with all the childishness, immaturity, haircuts and corporate sex games.

Many younger people had bad parents who lied to them, cheated on them, and stole from them, and were generally untrustworthy if well-behaved and polite in general day-to-day conversation. Consequently they are paranoid and untrusting as they grow older themselves, and there is little incentive toward moral behavior for them.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.