| Having to Trust someone is a discomforting and weak business proposition. Better is if the other side can proof their trustworthiness.
Here audit by design needs to be build in so end2end trust assurance is provided as an always-on service.
In short, "trust is good, control is better" (Stalin)
luk On 11 Oct 2014, at 04:39,
">
wrote:
On 11 October, 2014 7:21am Johannes Ernst wrote:
If, on the other hand, they hired, say, the EFF, to go through their
security / privacy architecture and implementation with a fine comb twice a year ...
This is not something the EFF does today nor would it if approached, but do folks
think this is something the EFF should do? Seems like being an auditor is a much
different business than being an advocacy organisation with a tech capacity.
I only meant to say that many people -- myself included -- would *** trust *** a statement
by the EFF about some organisation's (particularly government's) security and/or
privacy practices, while this would not be true about many other org's that
typically audit....
[emphasis in last sentence added by me]
I can't help but note the strange use of the word "trust". You're talking about trusting an organisation do do something it cannot actually do. That's kind of academic isn't it?
We were asked to consider if audit is something the EFF perhaps should do. But what happens to the "trustworthiness" of a body like the EFF if it was to be convinced to start doing something that it has never done before? I should say I am no fan of the audit industry. I am not at all convinced that existing commercial privacy audits and trust marks are any good either.
There's another topical case where "trust" has been exposed. We're supposed to trust Open Source software right? Yet the terrible Heartbleed bug in the Open SSL library resulted from a coding error (really, a high school level programming blunder) which went through the Open SSL Foundation peer review process unnoticed. AFAIK nobody has worked out exactly what happened but it is entirely possible that no meaningful code review was done at all before the affected code was released.
The term "trust" is almost useless to characterise what we need and what think we're getting from a software development process.
We really need to stop over-using "trust". As the old Italian proverb goes, it's nice to trust but it's better not to. Let's get precise. What we need is accountability, verifiability, liability and so on.
More by me:
http://lockstep.com.au/blog/2011/01/10/reading-peter-steiners-dog
http://lockstep.com.au/blog/2014/04/14/heartache
Cheers,
Steve.
Stephen Wilson
Lockstep
http://lockstep.com.au
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy. Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.
|