Security

False economy of trust

Leave a comment

The Guardian has a short report on emerging factors influencing Internet fraud:

In some cases gangs offer to finance undergraduates’ studies and plant them as sleepers within target businesses, according to a report on cybercrime which draws on intelligence from the FBI and British and European hi-tech crime units.

This has been known for some time, actually. Years ago I remember reading reports about post-graduate computer science students in countries with struggling economies who were lured into organized crime. The article says the popularity of sites like MySpace is “fueling” scams and crime, but that kind of description plays down the opportunity presented by weak trust model implementations. You might therefore say the rise in popularity of the sites like MySpace are based on an intentionally weak authentication process that is more “fun” and “easy” for potential users. In other words, you should not blame the popularity of a campsite for the fact that bears break into people’s cars and eat all their food.

The report warns: “There is a false economy of trust. People don’t present personal information to strangers on the street, but building profiles online means that internet criminals can instantly access a mine of details – names and interests, pets and life stories.”

No, the problem is not in building profiles online (hundreds of millions of profiles were online before MySpace ever existed) but pushing users to default-expose themselves for the benefit of the software/hosting company without giving any clue to the users of the associated risks. It’s like creating a shop where people will rush to get the hot new look for themselves, until they start to realize that they actually have no clothes and are presenting all kinds of personal information to strangers…is the popularity of the look to blame, or the company that sold invisible clothing?

I often hear that MySpace is yet another proof of how something can be made from nothing (as in the Stone Soup story), but I would not yet rule out the opposite (as in the Emperor’s New Clothes story), at least in terms of the economics of information security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.