Watch whom you trust
In an interview with the Guardian, open source software guru Richard Stallman speaks out his skepticism about Cloud Computing. He argues that “one reason you should not use Web applications to do your computing is that you lose control”. I have written about this topic in earlier blog posts, covering discussions about informational self-determination and user identity management.
In fact, there is always a trade-off between security and other benefits that you might gain from using Internet-centric applications and Internet-centric computing infrastructure. Richard Stallman is absolutely right if he warns about the dangers that come with storing your private data on Web servers that are under the control of people who you do not trust.
The question is: are you willing to give up the benefits (online collaboration, low prices, low communication costs, etc.) in favor of improved security and privacy? How should one deal with these (at least somewhat) contradictory objectives?
A new Internet threat model
Perhaps the Dolev-Yao threat model is outdated in our brave new Internet world. Maybe the attacker is not an outsider any more, but an insider. This would implicate that you cannot have total security, but rather probabilistic security: to which degree do you trust your ITC provider and how do you value your personal information?
For corporations a lot more questions arise, such as regulatory hurdles and internal IT policies (see my blog post). What do you think? What is the role of cryptography and network security in all this? Please leave a comment.
