Brave new world: Asking hard questions about security, user rights, and trust

Answers to technical questions should be cut and dried. Right? Michael Kassner throws out some challenging questions to gauge the opinions of TechRepublic members about security in an increasingly complex Internet age.

The other night I had a long talk with a good friend of mine, who happens to be well-versed in the humanities. I suspect that's why he's prone to introspection, especially after a few drinks. It was my turn, though.

"I have this idea for an article. It's different from anything I've done and I'm a bit spooked by it."

"Those are the good kind, they build character. Tell me more," he said.

I avoided the issue for a bit. Finally, I fessed up. "Being a techy, I tend to view life in binary, no middle ground. Just ask my ex-wife. But, the older I get, the more I realize answers aren't always one or zero."

Feigning surprise, my friend asked, "You just figuring this out?"

I said, "Let me explain. I'm referring to--for lack of a better term--messy technical questions, the ones with vague parameters."

"Ah", he interrupted, "I'll bet your questions involve the great unknown, humans. Fantastic!"

On a roll, he mentioned that my inability to find a single solution should be expected: I have two viewpoints, "me" as an individual and then "me" as part of society or the "greater good." That's two possible answers and both could be considered correct.

"Well, I can live with that," I said.

"Not so fast. Don't you care about my opinion?" he asked. "Furthermore, you mentioned something about an article. You better care about the reader's opinion as well."

I didn't tell him that he had a good idea. But, he did. Who better to ask than you, members of TechRepublic? So, here is my plea. The following questions have been bouncing around my head long enough. What do you say?

Question: Should access to the Internet be a privilege, a right, or...

I fear we're at a watershed moment. Few argue the importance of the Internet, even in countries with less than adequate access. One only need look at current world events. They would not be possible without the Internet. Yet, terms like "Net Neutrality" and "Internet Kill Switch" are being batted about.

What is our relationship with the Internet? Is it like cable; maybe telephone? Or is it a democratic liberty and equalizer?

Second question: Should qualified organizations be allowed to remove malware from Internet-facing computers without the owner's permission or knowledge?

Millions of computers are:

  • Connected to the Internet.
  • Infected with malware unbeknownst to the owner.
  • Manipulated by bad guys to cause pain and suffering.

As you know, malware is flourishing. From that, we can assume existing solutions are a bust. If the solution suggested in the question works, it helps everyone. But, are individual rights being abused?

Third question: What guarantee do I have that a piece of open-source software has been adequately vetted by qualified and honest reviewers?

I follow with interest the discussions about open-source software and the logic of why it is more secure. My concern is for people like myself, who are, for instance, more comfortable reading Latin than source code. Do we just trust that the software has been reviewed satisfactorily?

Fourth question: Should a digital/electronic signature carry the same weight as a written signature?

I better take a stab at definitions here. Let's consider a written signature to be stylized script associated with a person. A digital/electronic signature is an electronic process that can be associated directly to one and only to one individual.

In most commerce and the legal parlors, a signature on a document is an indication that the associated person adopts the intentions recorded in the document. Is it safe to assume digital signatures are as fool-proof as written signatures?

Fifth question: How are we to be assured that electronic voting is trustworthy?

Experts, such as Dr. Roger Johnston are speaking out. There are security problems with current electronic-voting technology. That should be disconcerting to all of us. What proof, bona fide proof, do we have that our ballot selections are not tampered with?

Heavy stuff

The first draft has been done for a few days. I finally got up enough courage to meet my friend for coffee.

When he arrived, I handed him the draft and ever so quietly left to get his usual hot drink. I've learned it's better for my health not to disturb him when he is reading.

"Seen better," he snarled when I summoned up enough courage to return. "But, you stumbled onto something. I wrote a paper about it once. I consider all crime to be betrayal of trust."

Struggling to find something profound, I ended up with, "Huh?"

With a look of "why do I even try," he continued, "Read your questions again. In each one, trust is part of the solution. See it now?"

"Whoa, heavy stuff," I thought. Then, back in the real world.

"Why on earth did you get me a cappuccino?"

Final thoughts

My friend is right. Readers are important. This forum is blessed with the presence of a lot of savvy people. Are my concerns yours? If so, what can be done? How can we rely on such things as "trust" when facing these new technical challenges?

Update (02 Mar 2011): I suspected I might get some input. To say I'm pleasantly surprised is putting it mildly. I feel a real need to thank each of you for the time and the effort required to craft such thoughtful answers.

I mentioned this to a new-found poet friend of mine. She reaffirmed, "Yes, readers do matter."