Why would I take the time to sit in front of a computer at night when I sit in front of one all day?
Why would you write a book?
Why would you bicycle across the country?
Clearly not for the money and fame.
You do it because you believe it’s important and it should be done.
That’s why this blog.
Because I think we need to look at things in a different way. We need to ask some hard questions. We may not get immediate answers, but at least the question will be asked and hopefully, just hopefully, there is someone out there that is interested enough to ask the question of someone else. New thoughts, new approaches, new people, and most of all, an open, and (probably at times) caustic discussion. Not mean, not hurtful, but probing and unbiased. People are emotionally invested in the topics of information security and privacy because of the years of effort we’ve put into them.
And on both sides! Those of us that dedicate ourselves to protecting have a counterpart who’s just as dedicated to “freeing” the information. This discussion is as much about technology as it is about ideology. Yes, ideology. For example…
Should you make security obvious or invisible?
Does anyone have a right to any data?
Is risk the only way, or even a good way, to assess security?
Are we winning?
Can we even tell if we’re winning?
Hopefully, this blog and my expressed opinion will spark some discussion on these very subjects. We’re losing the battle right now and we need to figure out why before our industry turns into the punch line of some really bad jokes. And as a side benefit, maybe we can convince some people to do the right thing and use their skills for goodness and niceness instead of badness and evil.
When we don’t ask the hard questions we don’t reach beyond our limits. When we don’t ask questions at all, we enable those that have less then honorable intentions to do what they want without any accountability. It’s about time we start being honest about our abilities, our solutions, and our future.