There is no security by default
Security and safety by default are things that many people claim that technology should provide, some sort of baseline requirement for any digital product or electronic device. I profoundly believe that such a statement is naive and unrealistic. It is merely an excuse to avoid our own responsibilities. We have not been succesful when it comes to provide security and safety by default in anything, no matter how old and established is the practice or the objects we designed, so, how could we pretend to make something that is not even one hundred years old, secure or safe by default?
In the first place, nothing in life is safe or secure by default. Neither the natural products that have been consumed by the human kind since hundreds of thousandas of years ago, nor the arficial inventions that have around since the dawn of civilisation. Let us see some examples:
- You can be killed even by something as simple and harmess-looking as an edible nut, if you were alergic. And nuts have being consumed since hundreds of thousands of years ago. But, sometimes, someone turns alergic to nuts, that is, develops an alergic reaction, for whatever reason, to a nut that maybe he or she has been eating for years. And a meal ends up in the hospital. If not worse.
- The oldest known roads are dated between 2600 and 2200 BC. Roads are not safe, they are subject to landslides over time if not revised and well maintained, and a landslide can kill lots of people. Not to mention carriages and cars.
- Most of the locks are easily lockpickable by trained and well equipped operators. We assume, for mostsituations, that locks give us a good level of security if we want to avoid someone breaking into a precinct. Locks and keys have been available since the 6th century B. C.
Having in mind that we have failed on engineering and works safe and secure for millenia, it is quite naive to think that the tools we use to stay connected could be safe or secure by default. Electronics and computers were born less than one century ago, we are not even close to be as proficient in that area as we are when designing locks or building roads. We are not entitled to require security or safety by default, then, as we have always failed to achieve that level of maturity in every other matter. Even the existence of laws, jails and courts show us that every system created by the mankind is far from perfect.
And security begins with us, no matter if we agree or not.
We cannot avoid to close the door and lock it when we go away from home, therefore we cannot avoid the responsibility to set up a strong password or review the privacy settings of whatever online services we use. A theoretically perfect lock fails miserably if we open the door to the wrong person. We cannot avoid to check the identity of the person that is knocking our door; the same way, we are still accountable to not trust in everybody when dealing with electronic communications. We cannot forget to look left and right when we are to cross a road, because even with traffic lights giving us way, a driver can have lost the control of a car.
The same way, we have to protect ourselves when online, establishing our own practices because, even the most renowned online services, can have a security flaw that could expose us. We do not open the door of our house if we are naked (not normally), so we cannot send too private information over the standard e-mail services.
We must stay alert and informed, put security measures in our own behaviour. We have to look after our bowsing, there is no other way to stay safe.
Posted under: security