The Best Cyber Security Tip yet? Don’t Have Secrets and to Hell with Intellectual Property

As anyone who’s undergone security clearance vetting knows, the main objective is ensuring that the candidate can’t be black mailed. That they don’t have some secret which can be used as leverage against them. This simple principle has broad implications, from intellectual property to piracy to a naughty browser history. Let’s examine privacy consent in positive and negative contexts.

When we talk about the right to privacy, what do we actually mean? Let’s not confuse contexts with legality and secrecy. It’s perfectly legal to purchase sex toys, but would you want your parents or your work colleagues knowing your adult toy purchasing preferences, or you porn browsing history? Most certainly not! That’s context. That’s what Incognito Mode is for.

The right to privacy is the right not have information about your activities be misused by leaking or doxxing. In short, the right to maintain context boundaries. This is the dark stuff, this is where the law must protect you. Negative freedom, freedom from having your information exfiltrated from differing contexts for the purpose of doing harm.

The European Union’s General Data Protection Regulation on the frontier here. Consent is key. Data can be a toxic asset, and we don’t want data about our browsing activities, purchasing habits or sexual preferences misused.

But data privacy rights isn’t just about negative freedom. It’s also about positive freedom; freedom towards. How reassuring is it to find that others have encountered the same problems we have and have already come up with a useful solution? This works on an individual level such as “which internet service provider gives me the best plan and customer service?” or “how do I solve problem X?”, to more general problems such as “how do I integrate this API with that service to solve challenge Y?”.

I work in technology consulting, and I’ve come to the conclusion that organisations aren’t all that unique. Organisations and businesses have common challenges, yet much like humans, they think they’re unique and their problems are special. Psychologists will say the same. Sorry snowflake, you’re not special, you’re just like everyone else!

The secret is differentiating common problems from special problems. How do we distinguish common problems from special problems? By sharing your problems with others, and by never thinking that the solutions you come up with are special and necessitate secrecy. Value lies in relationships and implementation details, not in intellectual property secrecy.

Have you ever successfully interviewed for a job by stating you have a cache of secret approaches to problems? Didn’t think so. You got the job by demonstrating you can work well with others and you have a good understanding of the knowledge domain you’re being hired for.

The devil is in the the details; in actually making something work. But the patterns, the tool set for approaching the problems are probably common knowledge in your industry.

So, to hell with secrecy! Actually implementing the solution requires the skill of the seasoned consultant. Re-inventing the wheel by keeping secret caches of code, of patterns, of diagrams, is both counter-productive and ineffective if not downright stupid.

It’s counter-productive because someone probably has already figured an approach to the problem you face, it’s stupid because your solution hasn’t been road-tested and it could also be risky because you’ve failed to take into account issues that the collective intellect has already come across and resolved.

So let’s put the fantasy of the lone genius in their garage who will come down from the mountain to regale us with their pearls of wisdom to rest for good. Most of the problems an individual or an organisation faces are faced by other individuals or organisations, so it’s safe to assume that the solutions to most of these problems can and have already been solved collectively. So when faced with a problem or challenge, start with the assumption that the problem has already been faced by others previously, and that a working solution has already been attempted. And if not, it’s a problem which merits collective troubleshooting, and the crowd will probably be better at figuring out a solution than some individual. And for god’s sake, share the solution, the pattern, the approach, with everyone. Actually implementing it to fix a specific problem will be a far greater challenge than coming up with that magical idea in the first place.

So share often, ask others, and don’t keep it a secret!