The End of the
(Ab)User-Friendly Era:
Comments on Peter Neumann’s “Computer Security and Human Values”
Sanford Sherizen
3. The End of the (AB)User Friendly Era
Can Neumann’s excellent agenda to resolve the major gaps be accomplished? Does the evolution of computer security inevitably mean the end of the user friendly era, where there will have to be security and audit hidden behind all screens, keyboards, and modems? Will it be mandatory for computer vendors and user organizations to have to meet certain standards of security? Just as cars today are required to have windshields with safety glass, so it is quite possible that a number of forces (law, insurance, public opinion, etc.) will force computer systems and equipment to come protected with the counterpart of safety glass.
Those are not technical but political decisions and they are only partially raised in the paper. While Neumann certainly presents appropriate objectives, particularly in presenting the gaps and in ways to narrow them, more information needs to be added to his model on the politics of data security, i.e., how decisions on how the resolution of computer crime issues will be established.
Yes, there is need for promulgation of ethics, exertion of peer pressures, and enforcement of the laws, as mentioned in the paper. But social change occurs from more than that. Luckily, histories are available on how other social conflicts were resolved. We can learn important lessons on how information protection can best be provided while continuing to meet our important human values. Several examples can be mentioned briefly.
On the western (non-electric) frontier of the U.S., disagreements on property rights led to almost continuous battles between Native Americans, farmers, cattle ranchers, sheep herders, and the propertyless. To a large degree, these battles were decided by the invention of barbed wire. Ownership was quite literally set by the wire, which defined the property lines. They who had the wire had the rights. Livestock or crops could be kept in and trespassers or the unwanted could be kept out.
For some, the current battle over electronic information property rights is a search for the electronic equivalent of barbed wire. Ownership of intellectual property, only in part a battle to control that “stuff” called cyberspace, is becoming an almost continuous set of encounters. The participants differ from the western frontier days but the stakes are as high for the future of this nation. In this new frontier battle, the lines are not going to be drawn in the same fashion. How they will be drawn, the equivalent of the “electronic barbed wire,” has to be carefully considered.
Another historical change shows how certain individual behaviors become changed by societal restructuring. This is shown with the history of pilots in the early days of aviation. They fit our contemporary definitions of hackers. These barnstormers were wild, didn’t respect property, and were constantly challenging authority. When they crashed their system, it really went down. They were a unique breed of individuals, who tested the limits of the world of aviation, sometimes literally by walking on the wings and performing amazing and often dangerous stunts. They were necessary for the early stages of aviation because they tested the limits of the technology.
What finally led to the end of the barnstorming pilots was that the business interests of airlines got precedence over the aviation interests. More directly, business people and moneyed interests wanted schedules, guaranteed delivery of products and people, contractual relationships with shippers, and other accouterments of an industry. The government supported much of this since it wanted guaranteed mail delivery. Stunt pilots and daredevils were viewed as threats to the industry-making wishes and needs of the airline industry builders. After the industry reached a certain level of development, these “pilot hackers” could have quite literally killed the industry. Those who could not stop challenging the limits to flight faced few choices: they could become test pilots for aircraft companies, they could try to fit within a military force, or they could become circus performers. The airlines industry won, the pilot became “civilized,” and (at least in the movies), we all fly off safely and on schedule.
This is not meant to equate “hacker pilots” and computer hackers. Rather, it is raised to show how certain deviant behaviors get resolved, often without changing the behavior but by creating an institutionalized patterning, accepting certain activities and sidetracking other behaviors. There will be a process that will challenge the computer crime problem. It will not necessarily be the same as with airline pilots but it will be a process whereby at least a temporary resolution will be reached.
Certainly, we will have a long wait for the end of computer crime/ hacker attacks. As with other crime problems, at least two points are clear. Societies and organizations have a capability to absorb or get used to what previously was considered as obnoxious (such as unions, long hair, MTV). Secondly, society gets the crime that it deserves, i.e., crime reflects the values of the society and how those values get played out in terms of public policy and policing priorities.
4. The End of Information Security?
I end my review of the paper with some comments about the field of information security. There are indications that information security is undergoing some significant retrenchment at this time. There are cutbacks on protection information that will affect what security can or will be put in place in the future. That leads to certain essential operational questions.
Who is going to manage information security? Some of the indicators of this retrenchment in information security are growing cutbacks, resulting in some excellent managers losing their jobs, essential staff increases being denied, and, at the same time, increases in the span of security responsibilities. Managers who continue to lack management support are growing in their disenchantment. Some are even questioning whether information security is a dead end job.
Who is going to develop information security products? The information security marketplace is also facing problems. Serious competitive pressures exist and some companies are not surviving. There are shrinking opportunities in certain leading industries, such as banking, where sales of these products often flourished. The government and private sectors don’t seem to be coordinating their interests and, for certain key activities such as encryption, actually are in active disagreement.
Who is going to follow the guidelines of this conference? Many important reports have been written and and insightful conferences have been held before. Yet, information protection is in competition with many other risk problems that require attention. There is plenty of information overload and security is a hard sell. Is anything going to happen as a result of this conference?
These are the tough questions that will make or break the important findings provided in this paper. In essence, without solving the issue of making information security a strategic issue in business and in government, the battle over information will continue.
As can be understood from my comments throughout this discussion, I feel that Peter Neumann’s paper has done what it should. It started me thinking about some critical issues and it made me want to find out even more. It raised important questions and even established some answers. It brought together sources from a number of different fields. For all of that, I thank Peter and hope that he continues to contribute to computer security with human values.
Data Security Systems, Inc.
Sherizen [85], Sanford, Federal Computers and Telecommunications Security and Reliability Considerations and Computer Crime Legislative Options, Contractor Report for the US Congress, Office of Technology Assessment (OTA), 1985.
Sherizen [87], Sanford, The Computerization of Crime, Abacus, 5 (1) (1987)
Sherizen [90], Sanford, “Criminological Concepts and Research Findings Relevant for Improving Computer Crime Control,” Computers & Security, 9 (1990) 215 – 222.
Zuboff, Shoshanah, In the Age of the Smart Machine: The Future of Work and Power, Basic Books, 1988.
Go to: Responsibility and Blame in Computer Security – Denning
Home > Research Resources > Computing Security > The End of the (AB)User-Friendly Era: Comments on Peter Neumann’s “Computer Security and Human Values”
HOME | IN
THE NEWS | RESEARCH
RESOURCES
TEACHING RESOURCES | STUDENT
RESOURCES | LINKS
The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street | New Haven, CT 06515
Director: (203) 392-6790 | e-mail: webmaster@computerethics.org
© 2000 – 2007 – Research Center on Computing & Society