Remember back when the Internet was open? Back when the only ones with firewalls were government, banks and the paranoid? Back when you didn’t get looked at strange when you said “We don’t filter what our users can do on the Internet, at all”? I am a staunch access advocate. Yes, we do block incoming traffics: One must in order to protect users from uninitiated attacks. But we do not- and hopefully as long as I live- will not prevent our network users from accessing anything on the Internet. It’s not about academic freedom, it’s about freedom of information.

I’ve been involved in information security on campus for a long time, spearheading various initiatives, pushing for changes when necessary, doing incident response, campus liasion to REN-ISAC, CERT, etc. and was appointed Information Security Officer (ISO) earlier this year. Since then, I’ve been privvy to information from other ISOs, and today was told point blank “you’re a new ISO, you’ll change your ways soon” with regard to my views on information freedom. Of course, I bristled.

My role and responsibility as ISO is to protect information assets, not to restrict access to the Internet. The information security on campus doesn’t increase because a campus blocks Skype, or disallows the use of other webmail services available. Information security is not enhanced by banning instant messaging programs, or filtering content capriciously. Are we China? Do we feel so Holy that we prevent grown adults from obtaining information and communicating freely?

Are these applications vectors for security incidents? Sure are. So is you browser, and your e-mail program – Even moreso perhaps, yet I don’t see a surge in banning those. To go off the deep-end, let’s just ban the Internet. Who needs it anyhow?

I’m sure I’ve riled and offended a lot of my colleagues. But maybe, just maybe, they’ll introspect and figure out why they’re participating in this censorship. Maybe they’ll see through their own lines of “we shouldn’t be helping fund private businesses” (hiya, ever go to Google?) and “it can be used to commit copyright violations” (hiya, so can your web-browser) and “it may have a security hole” (hiya, so may your operating system).

Controlling what information we expose is our job. Controlling who can access OUR information is our job. Assessing threats and risks to that information is our job. Not banning Facebook because it makes college administration people nervous. Not banning MySpace because you heard that cyberpredators use it. Nope, sorry, that’s someone else’s job – that’s someone else’s information. We’ve got enough to do controlling our own.

I’ll end with some of my favorite quotes on the topic:

“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin

“The Internet treats censorship as a defect and routes around it.” – John Gilmore

“Censorship is telling a man he can’t have a steak just because a baby can’t chew it.” – Mark Twain

1 Comment

Other Links to this Post

1. M@Blog - Microsoft Got Me Drunk, And Other Ruminations — April 11, 2007 @ 8:26 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment