Don't be part of the problem
In which our security columnist proposes a change of course
July 16, 2007 12:00 PM ETComputerworld - Lawrence Lessig is not my close personal friend. However, his recent decision to retire from the intellectual property legal fray and focus on doing some greater good struck a deep chord for me. In a recent post, Lessig said, "I have decided to shift my academic work, and soon, my activism, away from the issues that have consumed me for the last 10 years" -- legal restrictions on copyright, trademark and radio frequency spectrum -- "towards a new set of issues" addressing fundamental corruption.
Citing three motivators, Lessig said the final straw was a friend who tweaked him with the word "shill," implying that "of course [the friend] would expect I was in the pay of those whose interests I advanced. Why else would I advance them?" That perception pushed Lessig to conclude that he doesn't want "to be a part of that business" or to work for change within a framework that ensconces the motives of intellectual property businesses in public policy.
Rather than continuing to whine about the symptoms of broken policy or the corruption of professions, Lessig says he's heading off to tackle more fundamental sources of the problem. It's a nice idea. I hope he can make it work, because I've decided -- with help from friends near and far -- to make the same turn.
Lingering effects
Over the past year and some months, I've used this column to examine security and privacy issues facing mainstream IT operations. Technical trench work -- the "how" of security -- gets old quickly and is covered well elsewhere. Instead, I've tended toward the "why" expressed in policy from governance and regulations, conflicts created by disjointed requirements, and how they affect security and privacy methods as applied in the real world.
It's in this middle ground that exploration and deconstruction of security and privacy issues results in the most progress. Those underappreciated folk who get their hands dirty with the machinery of the Internet put a reality check on those who've become pompous blowhards spouting infeasible concepts (you know who you are), while the blowhards rightfully limit the extremes of technical elegance over purpose. Somewhere in the middle, there are learned geeks who know enough, care enough and, if we're lucky, can share with the professional community by writing and speaking.
A friend once wrote of the difference between geeks and writers, claiming that the former have a need to "go faster," while the latter want their words to linger as long as possible. That description has bothered me for a long time, making me wonder if the efforts of most information security work -- helping organizations to secret their information or protect data of or about private individuals -- are either too ephemeral to help any individual person or too insignificant to warrant guilt when helping unsavory businesses.
jon espenschied
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

