Monday, 15 April 2013

Choosing security.

Quite often we see people in academic circles and some of what we would call security purists talking about an ideal world. At times we talk about idealized systems as a replacement for existing ones. A common example is online voting systems. For the most part people talk about a system that has been idealized. The problem is that voting is not ideal now.

When we are talking about idealized systems we have to remember that we are comparing these too real world systems that are already being used. When we hear the arguments about the imperfections in proposed designs we rarely seem to hear what we are comparing them against.

In comparing a system to an idealized maxim when no security flaws are allowed to exist near creating a model of the world that cannot exist. We live in a world of economic constraints. We live in a world of imperfections.

What matters is trust. What we need to achieve is superior security and a level of trust at least comparable to that which we have now. In opening solutions such as a voting process that runs online we enfranchise more people. On the existing paper-based systems we find flaws. What matters is not that a system is perfect but that it is as good as the status quo whilst opening more opportunities to enfranchise people.

Overall, security should be opening opportunities and allowing progress not impeding it. We need to remember that it is better to be more secure than we are now than it is to seek a perfected ideal that we will never reach and never achieve unless we accept some level of risk.

No comments: