Interesting insight. Risk is about knowing the difference between can and should, as well as the fact that our values drive our understanding of risk, and perhaps vice versa, meaning our understanding of risk may determine our values. Employing this understanding mainstream into our daily routines and work life is the biggest challenge. Do you have any such recommendations for someone like me in the field of cybersecurity. How do look at this risk at this fine and deeper sense and help somebody understand this?
Sure, so with cybersecurity two of the biggest can-versus-should issues, in my view, are the balance of controls versus usability (PGP is good encryption, but its usability held it back, and the solutions that were more widely adopted had a better balance), as well as controls versus user surveillance (values come into this one, too, in a big way!). We do have the current capability to surveil almost everything users do, and maybe that’s appropriate (a should) in a high-security work environment.
But what if it’s a creative work environment like a TV writers room, where people are hired to brainstorm and sort through ideas (some of which are non-PC) and discard most of them on the path to what ultimately makes it onto the air? Probably the writers won’t be as creative or feel as free to try something new if they’re over-surveilled, so we can but maybe shouldn’t.
How about B2C users in their own personal homes and lives? We could surveil a lot, but if we want to live in a free society where residents also want to stay and build their lives, I argue we should track only the basics and only with informed user consent (not some tiny words in the EULA, more like a prominent banner).
Interesting insight. Risk is about knowing the difference between can and should, as well as the fact that our values drive our understanding of risk, and perhaps vice versa, meaning our understanding of risk may determine our values. Employing this understanding mainstream into our daily routines and work life is the biggest challenge. Do you have any such recommendations for someone like me in the field of cybersecurity. How do look at this risk at this fine and deeper sense and help somebody understand this?
Sure, so with cybersecurity two of the biggest can-versus-should issues, in my view, are the balance of controls versus usability (PGP is good encryption, but its usability held it back, and the solutions that were more widely adopted had a better balance), as well as controls versus user surveillance (values come into this one, too, in a big way!). We do have the current capability to surveil almost everything users do, and maybe that’s appropriate (a should) in a high-security work environment.
But what if it’s a creative work environment like a TV writers room, where people are hired to brainstorm and sort through ideas (some of which are non-PC) and discard most of them on the path to what ultimately makes it onto the air? Probably the writers won’t be as creative or feel as free to try something new if they’re over-surveilled, so we can but maybe shouldn’t.
How about B2C users in their own personal homes and lives? We could surveil a lot, but if we want to live in a free society where residents also want to stay and build their lives, I argue we should track only the basics and only with informed user consent (not some tiny words in the EULA, more like a prominent banner).
Wow Steph, really enjoyed that. Look forward to more podcasts.
Thanks, Bob!