Main Nav

It would appear that Larry Page and Mark Zuckerberg were right on a scale I didn't realize: people as a whole don't place any value on privacy, even in the information security realm. I've ordered items from Amazon and thus have an account there. But their information on me is not complete, lacking (for example) any connection with information security. Were I to download this book that would be an additional item in their database about me. The reason I'm posting isn't to claim that the price is excessive, that Amazon is evil, that the book should not have been made available in this fashion, or anything of the sort. What I'm trying to point out is that people are making decisions based on value judgements whether they realize this or not. There is a difference between something being public and it being correlated. What that difference amounts to is a personal evaluation in a particular context. And it doesn't have to be as distinct of a correlation as my case for it to have value. And I find it ironic that a posting to an information security list about the irony of giving up personal data in return for a 'free' book on data privacy falls flat for many people. (That doesn't mean those people are wrong, it means they fall into the group whose valuation of the data provided approaches zero category.) Tim Doty >
AttachmentSize
smime.p7s11.45 KB

Comments

I appreciate the lively debate and I hope that we are all learning something from this discussion. Following Vik and Timothy's line of thinking, how should we present this kind of opportunity? I gather that some have an issue with calling it free which is an acceptable critique but if not free, how should this be promoted to students, faculty, & staff? What wording would be acceptable? Thanks again, Derek
Message from valdis.kletnieks@vt.edu

On Mon, 30 Jan 2012 13:24:23 CST, "Tonkin, Derek K." said: > with calling it free which is an acceptable critique but if not free, how > should this be promoted to students, faculty, & staff? What wording would > d be acceptable? https://en.wikipedia.org/wiki/Gratis_versus_libre "Free speech" versus "free beer". Said book is "gratis" not "libre" (and I'm perfectly OK with Amazon releasing it "gratis" as long as we're clear that's what it is). Good a starting point as any, and the links point to most of the good resources.
Message from mclaugkl@ucmail.uc.edu

As I suggested before, unless they are in the Information Security field, the word "free" would seem to me to be appropriate. I suggest that in the Information Security field some words and topics carry special meaning. "secure", "unbreakable", "virus", "worm", etc. I imagine that other professions have similar words and topics which carry meaning for that profession. Physical security surveillance professionals likely have different concerns about being seen on cameras. People in the fashion industry likely have more concern about what clothes they buy than most folks. People in the medical field may have different questions and concerns when they see a doctor. ... and sometimes I do enjoy throwing gasoline on a fire, even if the arguments on both sides are valid. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On 2012-01-30 14:24 , "Tonkin, Derek K." wrote: >I appreciate the lively debate and I hope that we are all learning >something from this discussion. Following Vik and Timothy's line of >thinking, how should we present this kind of opportunity? I gather that >some have an issue with calling it free which is an acceptable critique >but if not free, how should this be promoted to students, faculty, & >staff? What wording would be acceptable? > >Thanks again, >Derek > >
Message from valdis.kletnieks@vt.edu

On Mon, 30 Jan 2012 20:20:39 GMT, "Solem, Vik P." said: > As I suggested before, unless they are in the Information Security field, > the word "free" would seem to me to be appropriate. Actually, it's not just infosec - anybody in the entire open source/Creative Commons field is (or should be) sensitive to the distinction between "gratis" and "libre".
Just one last bit of accelerant, it's the correlation that's valuable. Having a picture of my house, no big deal. Having that picture associated with a GPS coordinate, OK. Having an SSID for the router in my house, no big deal. Associating that with a GPS coordinate, OK. Having the external IP address of my home network associated with buying diamonds, no big deal. Associating that external IP address with the wireless SSID, OK. Put all that together, and you have a picture of a house and a good probability of finding diamonds there. No single piece of information is particularly valuable, but the correlated data can be very valuable. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On 2012-01-30 14:53 , "Mclaughlin, Kevin (mclaugkl)" wrote: >But Tim ... Google yourself and take a look at the results - any >information you give out for a "free" book at Amazon is already public >knowledge. I'm not saying we shouldn't care or be concerned but I would >say that as Information Security professionals we should focus on >protecting >the valuables in our house and not worry about each blade of grass in our >yard. > >- Kevin > > >Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, CRISC, PMP >Chief Information Security Officer (CISO) and Assistant Vice President >Administration and Finance >University of Cincinnati > >513-556-9177 >TEWG-Region 6 TLO > >The University of Cincinnati is one of America's top public research >institutions and the region's largest employer, with a student population >of >more than 41,000. > > > >
Message from pete@shadows.uottawa.ca

On Mon, Jan 30, 2012 at 08:41:35PM +0000, Solem, Vik P. wrote: > Put all that together, and you have a picture of a house and a good > probability of finding diamonds there. > > No single piece of information is particularly valuable, but the > correlated data can be very valuable. It's a mosaic... Each peice of glass is meaningless. The more you have the better the picture. -- Pete Hickey The University of Ottawa There are 10 kinds of people in the world: Ottawa, Ontario Canada Those who know binary, and those who don't.
On Mon, 2012-01-30 at 13:24 -0600, Tonkin, Derek K. wrote: > I appreciate the lively debate and I hope that we are all learning something from this discussion. Following Vik and Timothy's line of thinking, how should we present this kind of opportunity? I gather that some have an issue with calling it free which is an acceptable critique but if not free, how should this be promoted to students, faculty, & staff? What wording would be acceptable? That is a real problem for us being users of English. The word 'free' has such broad meaning (ranging from 'free of charge' to 'free as in beer'). Free can have connotations of 'cheap'. Free for some people implies something else is being taken (the principle of "there ain't no such thing as a free lunch"). Personally, I hope the term 'libre' gains currency, but I don't hold out much hope for that happening within society at large. But if it did, it would allow better clarification of such things. Tim Doty > Thanks again, > Derek > >
On Mon, 2012-01-30 at 14:53 -0500, Mclaughlin, Kevin (mclaugkl) wrote: > But Tim ... Google yourself and take a look at the results - any > information you give out for a "free" book at Amazon is already public > knowledge. I'm not saying we shouldn't care or be concerned but I would > say that as Information Security professionals we should focus on protecting > the valuables in our house and not worry about each blade of grass in our > yard. Maybe I didn't say it clearly enough, but I was in no way meaning to be taken as saying people were wrong. I realize that my final comment about irony could be construed that way despite specifically stating otherwise and perhaps I should've left it out. If we worried about every blade of grass in the yard we wouldn't be able to pull the weeds, I think that is pretty clear. I recommend realizing that there is an evaluation going on. Privacy is something that is rapidly disappearing and although many people are just fine with this at present I do not think that they will care for the situation after some point. Justice Sotomayor's recent comments about a need for change in the application of laws to privacy is, to me, an indicator that we are getting closer to that point rather than it being at some indeterminate place in the future. But, hey, that's my opinion, right? Tim Doty > >
On Mon, 2012-01-30 at 14:34 -0500, Valdis Kletnieks wrote: > "Free speech" versus "free beer". Said book is "gratis" not "libre" (and I'm perfectly > OK with Amazon releasing it "gratis" as long as we're clear that's what it is). > > Good a starting point as any, and the links point to most of the good resources. For a restricted audience, yes, but most folks around here would look at you funny if you said 'gratis'. I recently watched a popeye cartoon where he muttered something along the lines of "first time making love in color". That means something different now than it did when it was made. I think 'gratis' has fallen out of common usage, though perhaps it is more common in areas with a greater latin influence. Tim Doty
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.