Defining Security: The Difference Between Safety & ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

RetiredUser,
User Rank: Ninja
6/30/2017 | 12:51:40 PM

The Popularity of Privacy Over Security

I credit this confusion some folks have (not just outside the industry but inside, too) between the definitions of these two words to the very successful campaigns of groups like the Free Software Foundation and Electronic Frontier Foundation. Encouraging encryption, the use of tools like PGP/GnuPG and leveraging the legal genius of folks like Eben Moglen (Software Freedom Law Center) successfully framed a dialog about "privacy" that slowly became part of the popular consciousness, eventually inseparable from our conversation about "security" because the tools to secure both often were the same, or overlapped. I like these folks, so I'm not saying what they do isn't important but it still contributed to this confusion, IMHO.

Stories about folks like Aaron Swartz (R.I.P.), Ed Snowden and Julian Assange also then became more about the "privacy" discussion than "security" when, in many cases, it really should have started with a discussion about security. I'm not taking a stance against privacy, or making a comment for or against these folks or organizations like Anonymous. Rather, I'm pointing to the evolution of how we as consumers of word meaning and media stories got here. I also see a lot of credit going to the tech legal eagles who have fought hard to blur lines to secure rights to "privacy" for the individual but also (not intentionally, I'm sure) threatening "security" in the process by 1) causing this confusion in meaning and 2) putting "privacy" as a proposed "right" before the rights of all consumers to have access to "security" in the products they use, the transactions they make, the information they obtain.

I think this is not just about defining each word clearly when defining your project or selling a solution, but it is also about making sure the frenzy behind "privacy" doesn't put your "security" project at risk, a situation I'm sure many an Enterprise Desktop, Mobile and Email security team has run into.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Cybersecurity Technology - March 24 Dark Reading Virtual Event

Black Hat Spring Trainings 2022 - February 28 - March 3 - Learn More

SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV

More Informa Tech Live Events

White Papers

Zero Trust and the Power of Isolation for Threat Prevention

Zero Trust in Real Life

Protecting Your Mainframe Against Relentless Ransomware

2021 Ransomware Threat Report

Secure Cross-Entity Collaboration

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

How Enterprises Are Assessing Cybersecurity Risk in Today's Environment

The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-0351
PUBLISHED: 2022-01-25

Access of Memory Location Before Start of Buffer in Conda vim prior to 8.2.

CVE-2021-39031
PUBLISHED: 2022-01-25

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM ...

CVE-2021-46087
PUBLISHED: 2022-01-25

In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.

CVE-2021-34865
PUBLISHED: 2022-01-25

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issu...

CVE-2021-34866
PUBLISHED: 2022-01-25

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of e...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]