Comments from Frankston, Reed, and Friends
Friday, May 09, 2003
DPR at 8:25 AM [url]:
Security doesn't create trust
Earlier in the week I was sitting a TTI Vanguard meeting listening to speakers talking about the key problems in sharing resources to improve collaboration. Over and over they mentioned the problem of creating trust as one of the top problems.
What bugged me was that their next sentence was inevitably: so we have to focus on building security into the network.
I don't buy it. The more security we put in the network in the form of firewalls and PKI and IPSEC, the more worried people get.
And then it hit me: that picture last year on the front page of most US newspapers showing the top folks in Bush's cabinet inspecting a water purification plant. Presumably they were drawing attention to yet another security risk, in order to get it fixed.
Did that action "create trust"? And then another thing hit me. There is a constant drumbeat about new things that will improve your security: improvements to WEP, new means of virus protection, etc. All useful, all perhaps necessary.
But the problem is - these "security mechanisms" don't create trust. Their very existence creates mistrust. No doubt I would be more secure in my home with razor wire across my front yard, a security gate, and machine-gun toting guards. I would be more secure if I had an AK-47 under my bed, and carried a concealed Beretta.
Do you feel more trusting when you visit a country where every corner has a machine-gun toting policeman? When your company inspects your briefcase coming and going?
But would that lead me to trust my fellow man more? Would it lead my fellow man to trust me more?
I think there may indeed be technological mechanisms that promote trust*. But don't try to tell me that security technology creates trust. It can't. At best it's neutral, and upon reflection, most times it increases mistrust and fear.
From now on, whenever a security technology guru tells me that computer security "creates trust" I'm going to demand evidence. I suggest you do so as well.
* Humans gain trust by interacting and "getting to know" people. Transparent technologies that make it easy to see what people and companies are up to (in a sense the opposite of firewalls) are what help me trust. I like Reagan's saying: "trust, but verify". It implies that trust requires means for openness, not firewalls and secretiveness.