Today Bruce Schneier was at University of Toronto, and he was the key note speaker of the IPSI symposium. I sneaked out of the rest of symposium because of the huge excitement of meeting him face too face and talking to him. I need to write down the main points NOW:
He started with a lot of examples of how IT systems produce and collect massive data, which can be used for control and business purposes, that ultimately violate privacy. (he called the situation data pollution). One of his main points was, people do not own their data anymore, and they do not have any control over keeping security and privacy of their data. (While in the past, privacy used to start with things you own, like your house, car, wallet, etc.) Specially, the price of storage is getting down and the marginal value of storing all the data justifies keeping all the transaction data for ever and selling it and ... .
A very interesting point he made was: both privacy and security are balances. For example, attacks are not zero, but they are at a level that the society is Ok with. Security is not vs of privacy, but actually, privacy is part of security. When we face identity-based security, then that affects privacy.
So following the discussion that privacy is part of security, he mentioned, privacy is what protects us from the people at power, and if there is any trade-off is between liberty vs control, not privacy vs security.
He reviewed the other approaches to the problem: like mutual disclosure. But mutual disclosure does not work, because when the parties are not at the same level of power, still the mutual disclosure does not solve the privacy violation issue. His argument was asking for the same information that a police officer asks us, does not prevent the privacy violation of our own personal data. Or if you go to a doctor and he asks please take you cloths off, you can't say, you take yours off first.
Finally, he mentioned two references for further reading:
1) The science of fear, as a good book to understand the psychology of security and privacy.
2) Say Every Thing: about the different perspective of new generation on privacy.
I had this great great chance to hunt him in the break. I was so shy, but managed to put myself together and told him very briefly in two sentences that based on his 5 steps of security trade-off analysis method, I'd like to develop a practical and qualitative method for making software security trade-offs in the early stages of the development, when we do not have much numbers and exact measures. He told me to read this book, which might help me to formalize the security decision analysis process:
"The New School of Information Security"
He even said if it did not help, I can e-mail him for further help. I am like walking on some far far away clouds now !!