Editorial: August 2003
Modernizing Authentication — What It Takes to Transform Secure Access
Recently, a large consulting firm invited me and my colleague, Marcia Stepanek, to meet the chief of its IT security practice. When we arrived in the lobby of the firm's Times Square office tower, we signed in at the security desk. We identified ourselves and whom we were visiting (the guard had been informed of the appointment), and produced our photo I.D.s. Then we were asked to step back so she could take pictures of each of us. "Why?" I asked. "You've got our names on your list, and our faces and I.D.s. What more do you need?" The guard persisted. "It's the rules," she said.
I'm all for security. In helping edit this magazine, I've spent lots of time researching both the threats and the benefits of security. Still, I wondered: Would my photo become part of a permanent database? The recent sci-fi flick Minority Report, in which the police could instantly determine everyone's whereabouts with surveillance cameras and retina scans, came to mind.
It even occurred to me to refuse, on the basis that I'm a red-blooded American endowed with certain inalienable rights, and not a criminal to be photographedespecially when I'm expected and I've already produced a photo I.D. But I didn't. And that's the part that scares me the most. Would I refuse if my company decided to use a biometric system requiring me to let security monitors capture and store an image of my iris? Could I be fired for refusing?
Computer technology is a wonderful thing. It's transformed our personal and business lives over the past 50 years. But technology can also be usedhas been usedto invade our privacy, by governments and businesses alike. And sadly, like weapons technology, very rarely has anyone had the courage not to use it.
This issue of CIO Insight, dedicated to IT security, looks at both the threat to information networks, including the Internet, and the data they contain. We also take a look at some of the technology and management issues involved in protecting us against that threat. It's useful to remember that, just as businesses must understand both the benefits of increased security and the costs, so must our free society.