The grim realities of securing the IT future
Professor Lynn Batten would like it to be known that she is neither paranoid nor a pessimist, just a realist in a world where the reality can be frighteningly grim – the field of IT security.
“What we have to accept is that while there are a lot of positives that come with all the technological advances we are seeing at the moment, there are also a lot of down-sides,” says Professor Batten, Director of Deakin’s Information Security Group and the only Australian academic invited to a recent global IT Security Conference, IBM’s Deep Dive - held in Tokyo.
“We have issues like malicious software to deal with, there are people out there working on that all the time and they are getting smarter and smarter.
“Privacy was another big issue we discussed in Tokyo, the trade off between the privacy of the individual as opposed to the arguments of governments that in order to provide security for the country, they need to have more control.
“The Japanese are already very philosophical about this, they say the government photographs us at birth, they fingerprint us, they know who we are.
“At a similar conference in Berlin just before ours in Tokyo, a Russian delegate had noted that in his country, they had already completely lost their privacy and he and his fellow Russians already knew from bitter experience that it didn’t enhance their security.
“It was a lovely statement … that the argument that the government has to take away some of your privacy in order to improve security is false. That is something I believe too; however, governments like control and historically, the research shows that every time a government has a chance to enhance its control of the populace, whether by technology or other means, it takes it.
“The mobile phone is the perfect example. It was intended to allow people to communicate more freely but governments now have access to all the data. They can track people down using mobile phones.
“In some instances, it can be justified, and it’s okay when you live in a country like Australia, a democracy, but if there is a change and you suddenly find yourself in a dictatorship like some of the countries in Africa, then it becomes a very dangerous thing.”
Professor Batten said another major issue discussed in Tokyo was accountability – who should takes responsibility for the negative outcomes when new technologies are introduced.
“There was a situation recently where a bank tried to put the onus on the customers who used the Internet to do their banking if something went wrong,” she said.
“So there’s the matter of who should be accountable for educating the consumers about the potential problems new technologies like Internet banking bring.
“Should it be the banks? Should it be the government? In deciding who, a problem with security is that a lot of businesses see it as a cost and they aren’t prepared to invest in it, particularly if they can off-load the responsibility to the consumer.
“It’s the same as when television was introduced; who should take responsibility for the overweight society produced by sitting in front of the television?” Professor Batten said the undergraduate courses in IT security, including the new one at Deakin, would help deal with a lot of these issues. But even these, too, had their dark side.
“Our course at Deakin is one of just a few in Australia, but around the world there are now hundreds of them,” she said.
“We are teaching people how to develop better security systems, but at the same time we are teaching them how to break them.
“That is part of what I do in my research, using cryptographic protocols, I have to be able to find the weaknesses in a system so they can be fixed.
“However, when you teach people how to find weaknesses, you are also teaching them how to break the systems.
“So there will be a percentage of students who will go off and become criminals and I think we just have to live with that.
“On the good side, and I really am an optimist by nature, not a pessimist, the majority of the graduates will try to protect us from the minority.
“Because I brought up a lot of these issues in Tokyo, I think a lot of people at the conference thought I was the most paranoid person there.
“But I work in this area, I do the research, and I can see what is happening.
“Anyway, just because you’re paranoid, doesn’t mean they’re not after you!”