Skip to main content

Security and Privacy - WCIT2006

Posted by johnreynolds on May 4, 2006 at 12:30 PM PDT

One of the three focuses of Austin's WCIT2006 is Privacy & Security, and quite by coincidence I spent Thursday volunteering with the Conference Security Team.

I snapped this picture on the way into the Austin Convention Center this morning: The row of police motorcycles stretching down 4th Street was quite impressive... and it is indicative of the heightened sense of security at events in the US since 9/11.

All of the volunteers for this year's event had to undergo background checks by the FBI... No exceptions. That's a really harsh requirement when you are so reliant on volunteers to conduct business... it was impossible to accept any of the many last minute offers to help.

Privacy and Security are inextricably linked. You cannot have true security unless you know who you are dealing with, and that makes it impossible for anyone to be truly anonymous.

My sense is that we in the US are alone in our stubborn insistence on anonymity. In Malaysia all citizens have been required to carry identification papers since the nation's independence, and as technology improves they have constantly upgraded these ID cards. I was told that the Malaysian smart-ID card has been adopted by nations across the globe.

Our US forms of ID are getting better, but we still fight the establishment of a National ID card. Instead, we complicate the task of identity documents by mandating that each State upgrade their own driver's licenses (the Real ID act). To me, this seems like a lot of smoke and mirrors to preserve a fictional concept instead of meeting our real ID needs.

Security at the conference is pretty tight (we have many dignitaries attending), but it is still dependent on a lot of people standing around and looking at badges. I believe there were plans at one time to set up RFID readers for the badges, but it was impractical for some reason... so we rely on people.

I must say that the reliance on people to check badges was a boon for me: I love to watch people, and standing at the escalator in my "official" staff T-shirt (black, of course) gave me a legitimate excuse to stare at individuals as they walked by. I did not get to hear any of the great keynote sessions, but I did get to have conversations with several interesting attendees.

Of course, this points out why people should not do the task that I was performing. I was diligent in my efforts to check badges, but I was also easily distracted by interesting people (and as my wife knows... I am guilty of looking at pretty women). Perhaps one of the biggest distractions was the incredibly cute bomb-sniffing dog that was working the floor. Wherever the dog went, a crowd gathered... all focused on the dog (including members of our police department).

Even when I was truly focused on the badges, I was relying on color coding... if the color was right I let it pass. I could not check the biometric information on the badges (the picture) to verify that the badge really belonged to the person who was wearing it, and truth be told someone could have easily used a colored piece of paper to deceive me.

Obviously for real security at our conference we would need something like the technology in the Tom Cruise movie "Minority Report" (retinal scanners are pervasive, and identify you wherever you go). We would have to sacrifice privacy for security: Is the price of real security worth the benefit?

Maybe security is worth the loss of privacy, maybe it isn't... and that is one of the topics that the World Congress of IT is discussing in Austin this week.

(cross-posted at The Thoughtful Programmer)

Related Topics >>