Just as a secret that more than one person knows is no secret, a network that has more than one access point is not secure. The problem isn't encryption, or anything tecnological, it's PEOPLE. We know this to be true - "social engineering" has been the source of many publicized data breaches, and I expect, many, many more UNpublicized ones.
Jon Stokes from ars.technica has an outstanding take on this, and just how twisted around people get when they think about data, privacy and security. From the article, "privacy and security are a zero-sum game." Think about that viewpoint for a minute, this person wants you to believe that the more private your data is, the LESS secure you are. That stupidity got published in the freaking New Yorker. I can only hope that the editorial staff was durnk. The article also discusses a specific "breach" in the even-limited systems that existed in the early 2000s, and how one criminal with access can pervert the system.
So back to the point. For massive databases to be useful to 'security' purposes, many people need to have access. Let's hypothesize that 0.1% of people (that's 1 in 1,000) would do something bad with this data. Doesn't sound too bad, right, only 1 in 1,000, not worried about that? I'm a trusting soul, but, please, I'd figure at least 20,000 access points. And hey, if 20 nefarious people have access to limited data, as in the linked article, it's a problem. Give them access to incredibly large amounts of data, and it's a disaster waiting to happen.
Knowledge is, and will always be, power, and concentrating knowledge in a designed-to-be-accessed-by-many system just scares the living snot out of me.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment