Security is so easy to circumvent
http://www.trefor.net/2012/05/06/how-to-bypass-the-virgin-media-web-filt...
the above post shows just how easy security is to bypass, and its vital that policy makers find out more about the internet before they pass stupid laws about it... the UK is particularly bad at giving politicians the correct information to make informed decisions. The Digital Economy act is a complete farce.
Group audience:
Comments
Perimeter security is easy to
Perimeter security is easy to circumvent - agree.
But that is because perimeter security is design with access control in mind - instead of security as in contextual isolation, parameterization and one keyt-one purpose focussing on Empowerment & validation instead of surveillance & control for power & profit. The weaknesses are consequences of the paradigm.
So is it government's remit
So is it government's remit to totally prevent access to places they don't want us to go? ie take over our internet and protect us from ourselves? total domination? Or am I just being paranoid? If we take the example of the UK Digital Economy Act going through washup it becomes clear that governments are not fit to decide on internet matters IMHO. I am very happy to be proved wrong...
Dont see how you can get
Dont see how you can get there from what I wrote - citizen security and self-determination is the primary objective. Controlling citizens is a non-legitimate interest that democracy and free markets will combat.
Problem is that both strcutures are failling because Government fail to Empower citizens and instead focus on controlling citizens through a range of destructive means starting with eSignature, regulatory-dictate of surveillance preventing security and distorting markets so value creation is increasingly less functional.
We have legitimate security interests from point of view of society, but these has to and CAN be handled through non-invasive means. Democratic Government have NO desire nor legitimate interest in constant identification and surveillance.
Depends if you consider
Depends if you consider government to be democratic, and depends how informed your politicians are then doesn't it?
The lack competence is one
The lack competence is one thing - what is worse is lack of focus to the causality.
eSignature, for instance, is selfdestructive as it contain no element of security and always undermine data security and market processes. An eSignature has to be non-reputable, but it should NOT Identify unless the citizen fail to abide to the contract.
But tell me where in DAE, this has been pointed out to the political system?
No, instead you get ideocy such as web 2.0 without considering the implication of commercialising control of society processes.
Internet has been turned into am instrument of control instead of supporting better (and more secure) processes.
Eliminate the "truested parties" and distribute control to the edge as in peer-to-peeer and end-to-end. But to do this, we also need BETTER security in order to see the difference between commerical/government processes (where control should ALWAYS be with the citizens meaning no posiblity of serverside identification) and e.g. 2-way social processes where we cannot distuinhuish between criminals coordinating (society has a legitimate interest) and pure social interactions (government and any other get out).
I am not sure I share your
I am not sure I share your assessment of the situation about governments only approach is the desire of controlling citizens.
Having said that I agree with you we should try to leave as much as possible (in relation to the objective) to leave the control to the citizen.
>> But tell me where in DAE, this has been pointed out to the political system?
>> No, instead you get ideocy such as web 2.0 without considering the implication of commercialising control of society processes.
My guess is that a discussion space like this one is exactly to point out elements that could have been overlooked (as you have just done), as well as identifying approach addressing them.
I mentioned in another post mechanisms that could be used to empower the citizen (and mentioned the role of the commission to "incentivize" their implementation).
Would you mind elaborating your suggestion ("But to do this, we also need BETTER security in order to see the difference between commerical/government processes")?