Don't be part of the problem

Computerworld - Lawrence Lessig is not my close personal friend. However, his recent decision to retire from the intellectual property legal fray and focus on doing some greater good struck a deep chord for me. In a recent post, Lessig said, "I have decided to shift my academic work, and soon, my activism, away from the issues that have consumed me for the last 10 years" -- legal restrictions on copyright, trademark and radio frequency spectrum -- "towards a new set of issues" addressing fundamental corruption.

Citing three motivators, Lessig said the final straw was a friend who tweaked him with the word "shill," implying that "of course [the friend] would expect I was in the pay of those whose interests I advanced. Why else would I advance them?" That perception pushed Lessig to conclude that he doesn't want "to be a part of that business" or to work for change within a framework that ensconces the motives of intellectual property businesses in public policy.

Rather than continuing to whine about the symptoms of broken policy or the corruption of professions, Lessig says he's heading off to tackle more fundamental sources of the problem. It's a nice idea. I hope he can make it work, because I've decided -- with help from friends near and far -- to make the same turn.

Lingering effects

Over the past year and some months, I've used this column to examine security and privacy issues facing mainstream IT operations. Technical trench work -- the "how" of security -- gets old quickly and is covered well elsewhere. Instead, I've tended toward the "why" expressed in policy from governance and regulations, conflicts created by disjointed requirements, and how they affect security and privacy methods as applied in the real world.

It's in this middle ground that exploration and deconstruction of security and privacy issues results in the most progress. Those underappreciated folk who get their hands dirty with the machinery of the Internet put a reality check on those who've become pompous blowhards spouting infeasible concepts (you know who you are), while the blowhards rightfully limit the extremes of technical elegance over purpose. Somewhere in the middle, there are learned geeks who know enough, care enough and, if we're lucky, can share with the professional community by writing and speaking.

A friend once wrote of the difference between geeks and writers, claiming that the former have a need to "go faster," while the latter want their words to linger as long as possible. That description has bothered me for a long time, making me wonder if the efforts of most information security work -- helping organizations to secret their information or protect data of or about private individuals -- are either too ephemeral to help any individual person or too insignificant to warrant guilt when helping unsavory businesses.