Security that is Simply On

Nov 20, 2012 5:16am


The following is a guest blog from Tracy Bartley, Director of Communications at Gryphn Corporation.

I recently attended the "Teaching Generation Digital" panel at the Family Online Safety Institute’s annual conference with Karen Cator of the U.S. Department of Education, Bret Perikins of Comcast, Jane Tallim of the Media Awareness Network Canada and Connie Yowell of the MacArthur Foundation.

The coverage of personal security issues for children in Internet learning inspired the question, what kind of security do we need and how much?

We are aware we are being watched, scrutinized by corporations, peers, teachers, marketers, governments, employers, significant others or even strangers from across the globe. Yet we struggle to articulate the threats to our personal privacy; either seeming so nebulous or so numerous that we become overwhelmed and often trust in our relative anonymity to protect us.

Others choose a more totalitarian approach: One commentator at the FOSI conference directed attention to Ed Tech's recommendations for Internet security: don't provide any information about yourself to people you don't know, even your name can compromise you. Don't email anyone you don't know, don't post any pictures online.  These blanket injunctions rob the participant of the rewards as well as the risks.

Functional, workable security and security practices must grow in tandem with behavior; existing to mitigate the risks associated with behaviors that are fundamentally rewarding. Security exists to serve and enable education, modernization, progress… these are the dictators for how security should behave.

The scandal involving former CIA Director Ret. Gen. David Petraeus has unveiled the vulnerability of communications, from an unsent e-mail that was suspect, to family communications between parties further and further from the initial incident that should not have been publically vetted.

When the investigator or the perpetrator, regardless of their intention, crosses the border from inconsequential to personal data, the knowledge gained in search cannot be retracted. This border lacks clear delineation. Which email should the investigator have read?

Without set boundaries, managed by legal means or by disabling functional access to certain information, how can we clearly define which email marked the investigator's trespass and which he should be commended for opening?

Protection and separation of personal and public data in transit, in storage and at rest should not require extensive education and behavioral modification.

These protections need to be simply ON. Internet searches in school should be automatically set to use https; default school e-mail accounts should use an encrypted and private service. Cell phones should come standard with an encrypted text messaging service that enables control of the recipient’s ability to save and forward messages. Facebook’s default security settings should be set to the highest exclusivity.

One commentator at the event noted that we are elevating rhetoric of fear to our children. Fear dissuades positive behavior while implying an unknown and unmanaged threat. We have security that works in service of our behavior, being therefore neither unknown nor unmanaged. There is nothing wrong with posting a photo on Facebook and feeling that rush of 79 of your friends liking what you posted.

Understanding what to post is a matter of education, security settings on Facebook that limit who can see the post is a matter of education and development and using an encrypted texting app that disables saving and forwarding to control what others post on Facebook about you is a matter of education and a download.

Tracy works as Director of Communications at Gryphn Corporation, promoting safe, secure and responsible digital behavior, particularly on mobile. Currently she is working with a free encrypted text-messaging app called ArmorText.