Privacy? Security? Freedom? A quick glossaryPublished • 19 Nov 2013
Privacy? Security? Anonymity? Safety? many people use these terms almost interchangeably when they talk about ‘the online world’ — and this plays an enabling role in creating things like Cyber Task Forces. This use of language is slightly funny: most people do not use these terms interchangeably in everyday life.
There are some important distinctions and concepts which really need to make it out of InfoSec geekdom and into the public domain, if we are to have a hope of keeping tabs on how our lives are going/being run/probably by others not us/the leakiness of our information online.
So without further ado, here is a start on this project. The glossary that follows is intended as a starting point for differentiating ideas.
- Security (n)
- Protection from or resistance to harm. Security implies that there is an asset which is vulnerable, valuable, or both — e.g. a thing, person, group, place, or organisation. Security provides protection for assets by introducing controls which separate them from threat. *Security theatre* — creates the perception of security, without concern for (and possibly undermining) the asset's resistance to or protection from harm.
- Privacy (n)
- The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. a state in which one is not observed or disturbed by other people; or, the state of being free from public attention. Privacy is the ability to keep some things to one's self, regardless of the impact to society that these actions may have. For example, when I use the bathroom I close and lock the door. I am not doing anything criminal; rather, I just want to keep the activity to myself, and outside of prying eyes. There are some intersections between privacy and security, such as notions of appropriate use and protecting information.
- Anonymity (n)
- The condition of not being identified by name, being of unknown name. When you seek to be anonymous, you *want* the impact of your actions to be felt; you want people to hear what you have to say, see what you do — but you do not want people to know it is you who acts.
- Safe(-ty) (n)
- Protected from or unlikely to cause danger, risk, or injury. Also, a four letter word.
- Authentication (n)
- Proves or shows (something) to be true, genuine, or valid within a given framework.
- Authorisation (n)
- The action of giving official permission for or approval to (an undertaking or agent).
- Surveillance (n)
- Close observation, especially of a suspected spy or criminal. Requires accountability.
- Accountability (n)
- Evokes thoughts of checks, sums, and balances, and is tradable/transferable at the price of some equivalence. Requires transparency of accounting. May or may not be enforced by surveillance, or the perception thereof.
- Responsibility (n)
- A personal commitment that lies beyond one's self, not solicited by he or she beholden to it (although not necessarily unsolicited either).
- Best practice security
- (1) As it generally applies. Obsolete. Bureaucrats using have had time to expound and cogitate, and while they did so, the world moved on. Worth noting that they probably used IE6 while doing this.
- (2) Infinitely better than the general alternative, which is none.
- A word that sounds cool. Meaning unclear.