Wednesday, February 14, 2007

Good Intentions, Wrong Conclusions: Bill Gates' security vision at RSA is cloudy at best

Said Gates: “Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information.” DailyTech

Well, that sounds good, but what does it really mean? Will lack of security prevent a new generation of connected experiences being created? No. We have seen several generations of insecure connected experiences created. Their lack of security has not doomed them. Yes, security issues have meant slower and more shallow adoption than might otherwise have been achieved. And security problems have in general made the experience less enjoyable than it should have been (not to mention a royal pain in the pocket book in specific cases where the lack of security was exploited by particularly bad or careless actors). But success is relative and often based on expectations.

Mr. Gates would certainly be unwise to make higher levels of security the only measure of success. But I think that Mr. Gates is quite capable of being unwise. After all, this is the man who said spam would be a thing of the past--by this time last year. Sadly, the place where the Gates vision falls short is in its expectations of people. I say sadly because I think Mr. Gates is basically a very decent chap, one who has consistently under-estimated the decency deficit out here in the real world, while over-estimating technology's ability to make up for it.

Consider what else he said: “The answer for the industry lies in our ability to design systems and processes that give people and organizations a high degree of confidence that the technology they use will protect their identity, their privacy and their information.”

No Mr. gates, that is not where the answer lies. The answer lies in the overall standard of human behavior. Until that improves, connected experiences that enable people to have anywhere access to communications, content and information will suffer at the hands of bad people. Folk may not suffer to the extent that they give up on those experiences. But they won't be able to enjoy them as much as they should and a large chunk of resources will likely be consumed trying to maintain a barely tolerable level of enjoyment. Technology is not the answer to bad behavior.

No comments: