Main Nav

Posted by cthulhu_mst on January 30, 2012
It would appear that Larry Page and Mark Zuckerberg were right on a scale I didn't realize: people as a whole don't place any value on privacy, even in the information security realm. I've ordered items from Amazon and thus have an account there. But their information on me is not complete, lacking (for example) any connection with information security. Were I to download this book that would be an additional item in their database about me. The reason I'm posting isn't to claim that the price is excessive, that Amazon is evil, that the book should not have been made available in this fashion, or anything of the sort. What I'm trying to point out is that people are making decisions based on value judgements whether they realize this or not. There is a difference between something being public and it being correlated. What that difference amounts to is a personal evaluation in a particular context. And it doesn't have to be as distinct of a correlation as my case for it to have value. And I find it ironic that a posting to an information security list about the irony of giving up personal data in return for a 'free' book on data privacy falls flat for many people. (That doesn't mean those people are wrong, it means they fall into the group whose valuation of the data provided approaches zero category.) Tim Doty >
AttachmentSize
smime.p7s11.45 KB

Comments

I appreciate the lively debate and I hope that we are all learning something from this discussion. Following Vik and Timothy's line of thinking, how should we present this kind of opportunity? I gather that some have an issue with calling it free which is an acceptable critique but if not free, how should this be promoted to students, faculty, & staff? What wording would be acceptable? Thanks again, Derek
Posted by: dtonkin on January 30, 2012
Message from valdis.kletnieks@vt.edu

On Mon, 30 Jan 2012 13:24:23 CST, "Tonkin, Derek K." said: > with calling it free which is an acceptable critique but if not free, how > should this be promoted to students, faculty, & staff? What wording would > d be acceptable? https://en.wikipedia.org/wiki/Gratis_versus_libre "Free speech" versus "free beer". Said book is "gratis" not "libre" (and I'm perfectly OK with Amazon releasing it "gratis" as long as we're clear that's what it is). Good a starting point as any, and the links point to most of the good resources.
Posted by: listserv-anon on January 30, 2012
Message from mclaugkl@ucmail.uc.edu

Posted by: listserv-anon on January 30, 2012
As I suggested before, unless they are in the Information Security field, the word "free" would seem to me to be appropriate. I suggest that in the Information Security field some words and topics carry special meaning. "secure", "unbreakable", "virus", "worm", etc. I imagine that other professions have similar words and topics which carry meaning for that profession. Physical security surveillance professionals likely have different concerns about being seen on cameras. People in the fashion industry likely have more concern about what clothes they buy than most folks. People in the medical field may have different questions and concerns when they see a doctor. ... and sometimes I do enjoy throwing gasoline on a fire, even if the arguments on both sides are valid. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On 2012-01-30 14:24 , "Tonkin, Derek K." wrote: >I appreciate the lively debate and I hope that we are all learning >something from this discussion. Following Vik and Timothy's line of >thinking, how should we present this kind of opportunity? I gather that >some have an issue with calling it free which is an acceptable critique >but if not free, how should this be promoted to students, faculty, & >staff? What wording would be acceptable? > >Thanks again, >Derek > >
Posted by: viksolem on January 30, 2012
Message from valdis.kletnieks@vt.edu

On Mon, 30 Jan 2012 20:20:39 GMT, "Solem, Vik P." said: > As I suggested before, unless they are in the Information Security field, > the word "free" would seem to me to be appropriate. Actually, it's not just infosec - anybody in the entire open source/Creative Commons field is (or should be) sensitive to the distinction between "gratis" and "libre".
Posted by: listserv-anon on January 30, 2012
Just one last bit of accelerant, it's the correlation that's valuable. Having a picture of my house, no big deal. Having that picture associated with a GPS coordinate, OK. Having an SSID for the router in my house, no big deal. Associating that with a GPS coordinate, OK. Having the external IP address of my home network associated with buying diamonds, no big deal. Associating that external IP address with the wireless SSID, OK. Put all that together, and you have a picture of a house and a good probability of finding diamonds there. No single piece of information is particularly valuable, but the correlated data can be very valuable. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On 2012-01-30 14:53 , "Mclaughlin, Kevin (mclaugkl)" wrote: >But Tim ... Google yourself and take a look at the results - any >information you give out for a "free" book at Amazon is already public >knowledge. I'm not saying we shouldn't care or be concerned but I would >say that as Information Security professionals we should focus on >protecting >the valuables in our house and not worry about each blade of grass in our >yard. > >- Kevin > > >Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, CRISC, PMP >Chief Information Security Officer (CISO) and Assistant Vice President >Administration and Finance >University of Cincinnati > >513-556-9177 >TEWG-Region 6 TLO > >The University of Cincinnati is one of America's top public research >institutions and the region's largest employer, with a student population >of >more than 41,000. > > > >
Posted by: viksolem on January 30, 2012
Message from pete@shadows.uottawa.ca

On Mon, Jan 30, 2012 at 08:41:35PM +0000, Solem, Vik P. wrote: > Put all that together, and you have a picture of a house and a good > probability of finding diamonds there. > > No single piece of information is particularly valuable, but the > correlated data can be very valuable. It's a mosaic... Each peice of glass is meaningless. The more you have the better the picture. -- Pete Hickey The University of Ottawa There are 10 kinds of people in the world: Ottawa, Ontario Canada Those who know binary, and those who don't.
Posted by: listserv-anon on January 30, 2012
On Mon, 2012-01-30 at 13:24 -0600, Tonkin, Derek K. wrote: > I appreciate the lively debate and I hope that we are all learning something from this discussion. Following Vik and Timothy's line of thinking, how should we present this kind of opportunity? I gather that some have an issue with calling it free which is an acceptable critique but if not free, how should this be promoted to students, faculty, & staff? What wording would be acceptable? That is a real problem for us being users of English. The word 'free' has such broad meaning (ranging from 'free of charge' to 'free as in beer'). Free can have connotations of 'cheap'. Free for some people implies something else is being taken (the principle of "there ain't no such thing as a free lunch"). Personally, I hope the term 'libre' gains currency, but I don't hold out much hope for that happening within society at large. But if it did, it would allow better clarification of such things. Tim Doty > Thanks again, > Derek > >
Posted by: cthulhu_mst on January 30, 2012
On Mon, 2012-01-30 at 14:53 -0500, Mclaughlin, Kevin (mclaugkl) wrote: > But Tim ... Google yourself and take a look at the results - any > information you give out for a "free" book at Amazon is already public > knowledge. I'm not saying we shouldn't care or be concerned but I would > say that as Information Security professionals we should focus on protecting > the valuables in our house and not worry about each blade of grass in our > yard. Maybe I didn't say it clearly enough, but I was in no way meaning to be taken as saying people were wrong. I realize that my final comment about irony could be construed that way despite specifically stating otherwise and perhaps I should've left it out. If we worried about every blade of grass in the yard we wouldn't be able to pull the weeds, I think that is pretty clear. I recommend realizing that there is an evaluation going on. Privacy is something that is rapidly disappearing and although many people are just fine with this at present I do not think that they will care for the situation after some point. Justice Sotomayor's recent comments about a need for change in the application of laws to privacy is, to me, an indicator that we are getting closer to that point rather than it being at some indeterminate place in the future. But, hey, that's my opinion, right? Tim Doty > >
Posted by: cthulhu_mst on January 30, 2012
On Mon, 2012-01-30 at 14:34 -0500, Valdis Kletnieks wrote: > "Free speech" versus "free beer". Said book is "gratis" not "libre" (and I'm perfectly > OK with Amazon releasing it "gratis" as long as we're clear that's what it is). > > Good a starting point as any, and the links point to most of the good resources. For a restricted audience, yes, but most folks around here would look at you funny if you said 'gratis'. I recently watched a popeye cartoon where he muttered something along the lines of "first time making love in color". That means something different now than it did when it was made. I think 'gratis' has fallen out of common usage, though perhaps it is more common in areas with a greater latin influence. Tim Doty
Posted by: cthulhu_mst on January 30, 2012
Post a Comment

Research and Publications

Conferences and Events

Career Development

Focus Areas and Initiatives

Connect and Contribute

About EDUCAUSE

Close


Current Issue
May/June 2013
EDUCAUSE Review

Publications

Research

Close


Annual Conference
October 15–18, 2013
Register now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

See All Events

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Find or Post a Job

Leadership and Management Programs

EDUCAUSE Institute
Advanced Programs
Project Management

 

Fellowships and Awards

Fellowships
Awards Programs

Getting Involved

Mentoring
Volunteer
Speak at an Event

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

Advance Your Career

 

Close

Latest Topics

EDUCAUSE organizes its efforts around three IT Focus Areas

 

Enterprise and Infrastructure

Enterprise and
Infrastructure

Policy and Security

Policy and
Security

Teaching and Learning

Teaching and
Learning

 

Join These Programs If Your Focus Is

Close

From the Blogs
The Role of Campus Leadership in Ensuring IT Accessibility
by
Diana Oblinger

Find Others

Share Ideas

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

Create Your Profile

 

Close

2013 Strategic Priorities

  • Connected Learning
  • Enterprise IT
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.
 

Discover Membership