[liberationtech] FW: The security and ethics

Graham Webster gwebster at uw.edu
Wed Feb 9 19:50:38 PST 2011 

Thanks to both Jim Youll and Jacob Appelbaum for interesting thoughts on my proposed need for some certification or reputation regime that would help non-experts seek the right help. As perhaps should be expected, there are no easy answers.

Jim writes:

> Certification means they went to law school once and know the basics.
> A CS degree says someone went to computer school once and knows the basics.
> 
> even with continuing ed requirements, if it's life and death, then you assess
> the person, not the for-profit accreditation agency (in tech it is ALWAYS
> for-profit)
> 
> We don't need accreditation that will take years to set up and years of debate
> to define. We need openly-published, scrutinized, authoritative information,
> basically the Wikipedia of security techniques. Oh. I'm supposed to be thinking
> about these problems. Maybe that's a part of the answer.

My concern is still whether such open information or widely-available tools can be effectively used by those who don't understand where weaknesses would come from. On the parallel thread, folks are discussing the notion of a set of guidelines and rules of them. Others think this could lead to a false sense of security.

It seems in reality the best answer is something in between a non-expert (especially one with little money) carefully choosing and then enlisting expert help. If, as Jacob argues, the existing certification schemes are not much use, people will need to enlist help (whether human or from a Wikipedia-type repository) and use careful judgment.

It then seems to me that the message to users concerned about security is that they simply need to become active security practitioners for their own sake. As Jacob writes, "really, there is no substitute for having a clue." This unfortunately puts the more inquisitive nonprofit and scholarly folks back to square one. I still suspect some reputation system for references on the topic would be helpful, as many newbies to the computer security practice will be without fundamentals education in computer science.

Graham

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110209/70287b7c/attachment.html>

More information about the liberationtech mailing list