« I don’t agree with what you say, but I’ll fight to death to preserve your right to say it. » Voltaire
Today, all who want to let hear their voice, along with all the democrats are hit deep in their hart.
Freedom of speach is a fundamental human’s right, a total and full freedom.
What’s the relation with information security ?
Telling things that shouldn’t be said because it endangers our objectives is one thing. If it puts people in danger, other than we, it’s another story.
However, telling – writing and drawing – things to fight ‘…isms’ (fundamentalism, despotism, totalitarianism, etc.) and the dictatorship whatever their source, cause, reason and objective is a natural right. Confidentiality is here out of scope.
Muzzling the freedom of speech, hushing up what should be said – imposing an inappropriate unavailability – is even dangerous, if not worse, than telling what shouldn’t be said.
Doctoring information to achieve one’s goals while misleading the others is a major sin against integrity (I was nearly writing ‘the sacrosanct integrity’ because I consider this factor is frequently ignored or pushed behind while it’s the most essential).
How could a medical doctor be able to cure you adequately if the information he/she disposes (blood group, historic of diseases, allergies) are false, incorrect or incomplete?
How could it happen?
How could Charlie Hebdo criminals obtain the information allowing them to know where and when their targets would be gathered?
I need to come back on the three last posts… where I probably didn’t emphasis enough on what the ‘pirates’ can do with the trashcan of our computer.
Charb was a clear target of Al Quaida Yemen for months…
Targeting and listening his email accounts, his internet accounts and his phone calls wasn’t too difficult for one who absolutely wants to get it. I’ll need ‘intelligence’
- Searching, gathering and crossing date without context
- Compare and combine data
- Extract what can have enough value and put all together until they obtain something concrete they can verify and use.
Again, if there was no reckless disclosure of this information, the only possibility left was intelligence. It’s an art in which cyber pirates, paparazzi and criminals are very good at.
(I’m far of being exhaustive here…)
How to treat risk?
Prevention isn’t easy, as it requires being ‘inside the mind’ of criminals. But we have to regret that usage of the knowledge of criminal’s behaviour – the field of profilers and specialists in criminology – isn’t applied in the information and the cyber-security fields.
Reaction is difficult because Internet and the cyberspace weren’t built with elementary defence principles in mind. I’ll come back on this…
As a result, sadly, it’s only when the virtual criminal enters the field of ‘real world’ and kills human beings or fighting against democracy that public force can eventually act.
Correction only applies to chasing and arresting the criminals. The evil is already done and it’s impossible to go backwards.
These three axes of risk treatment are blocked because we don’t have the adequate resources.
Should we give up part of our privacy and comfort?
One of the actions is to install cameras and listening devices everywhere on computer systems and communication networks.
Should we keep tracks, dangerous for our privacy, to allow detecting the criminals stopping them after or better before their crime?
What information and disinformation can we afford while tracking the criminals? What balance between the surprise and openly presenting the risks for the tracked criminals?
The issue is relevant when we see the television followed and reported in real time what was (supposed) known on the criminals and the actions the police was preparing.
What can we do?
A good information management including the valuation of information is the only starting point.
The delegates of the public forces who were present at the television showed – in full right – full discretions on their capabilities and techniques ready to be used. A good example of The Need to Know principle…
What are your questions and fears with regards to information as a result of the recent events? Can I provide an answer?
See you soon, in security with your information
Charlie (Jean-Luc)
Google+