In security, we always say "The insider threat is responsible for 70% of all loss bearing security incidents" yet we rarely talk about effective ways to do anything about it. The reasons why are many:
- Keeping the bad guys out is heroic, making sure the good guys don't do bad things is invasive
- The external bad guys are faceless and evil - the internal bad guys are our co-workers
- Most of what internal people do is good, by monitoring them to see if they are doing bad things we give up liberty and privacy in the name of security - Ben Franklin wouldn't like that
- Information security groups believe they don't have the charter to monitor employees without human resources and chief legal counsel involvement and approval - a lot of paperwork is involved.
So, because of the above we have employees putting Social Security Number databases on laptops and taking them home, we have child pornography being found on corporate servers, we see backdoor trojans on many, many laptops that lead to customer databases flying out the door and we see supposedly confidential financial information and intellectual property being accidentally or intentionally leaked by internal users.
That's starting to change - lots of growth in spending on Content Monitoring and Filtering, mostly in detection mode until early adopters start figuring out what works well enough to do actual blocking. It's changing because identity theft has been a large enough problem to nudge the gain of adding this type of security has overcome the pain.
This scenario is a direct analogy to all the angst about the domestic surveillance that has been going on in the US since the terrorist attacks of 2001. The terrorists lived among us, in the melting pot world of the US they looked just like us. In fact, think of them as backdoor Trojans - they looked like something we were used to but they came in with a hidden mission, communicated out to a controller, and then when triggered they killed 3,000 people.
I wonder if any of those 3,000 people have Benjamin Franklin's quote on their gravestones? That quote has been much misused:
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety"
Interestingly, at the most symbolic border point for immigration into the US, the Statue of Liberty, Ben's quotation exists slightly modified:
"They that can give up essential liberty to obtain a little safety deserve neither liberty nor safety"
Ah, therein lies the rub: is an essential liberty being given up, and is the safety temporary?
Back in May of 2005 I went through the major issues in "What Goes Around, Comes Around" but it looks like Typepad only archives back to August 2005, so I've repeated it here. The essential liberty being given up the way the current administration has been going about this is the warrant process - that should not be subverted. That is a big deal - there are plenty of government lawyers who could be papering the relevant courts with warrants without slowing down the surveillance.
However, many decades ago the US as a society decided law enforcement needed the ability to monitor communications and calling patterns in the name of preventing and investigating crime (Disclosure: back in the 1980's I worked for the US Secret Service and participated in legal wiretaps and audio and visual surveillance operations against suspected counterfeiters). As a US citizen I live in a society that many years ago decided to allow government surveillance of those inside our borders - a society that, yes, driven by real or perceived threats periodically swings beyond the mechanisms we have proscribed to control that surveillance. You can argue whether that is a good thing or not but acting outraged or surprised about domestic surveillance is pure silliness.
Enterprises have learned that in the new world you can not only focus on keeping the external bad guys out, and that you can't just focus on keeping the honest people honest - dishonest people work among us and we have to detect what they are doing to hurt our business and stop them. The US learned the same thing in 2001. Don't get me wrong - it is important to fight the inevitable abuses as politicians try to push things too far. But just because the images of the towers burning and planes crashing may have faded after five years does not mean that those who mean us harm have gone back to Roberts Rules of Order.
It would be nice if all wars were fought politely by external parties who wore uniforms and held up flags identifying themselves as enemies and maybe even had bands play their national anthems. Ben Franklin's words on never trading liberty for safety are noble, but remember - to the British, Ben Franklin and the American Revolutionaries were terrorists who didn't play fair, they didn't obey the rules of war, they hid behind trees and killed the British from all kinds of internal places. The British tried to use old tactics against a new threat and we know how that worked out.