Personal security in the information society
This article will address one of the most serious problems of the new information society. The article will be interesting to those who like to philosophize on the topics of the future and who were interested in philosophy at the university.
Since its inception, computer systems have been very complex and expensive systems. At the beginning of their history, specialists in white coats worked with computers. Not many accessed directly to the big car. Only the gurus of computers had access to them, they received formulas and tasks, and then translated them into a language that only they and computers could understand.
Years later, as many futurists predicted, the world made a huge leap in information technology, thanks to the emergence of transistors, microchips, the development of combinatorics, algebra, physics.
')
Now computers have penetrated into all areas of human activity. There were computers the size of a coin, became portable, learned to work autonomously. Many people no longer imagine life without a computer - they walk through online stores, visit the best museums in the world, work and make acquaintances.
Today, even a novice user will not be surprised with such phrases as: “the virus deleted the file”, “write the number into the phone”, “five minutes ago I sent a letter, but it has not yet arrived”. He knows what spam is, a banner ad, that antivirus needs to be used, and he constantly forgets passwords.
With universal computerization, access to information via the Internet has been greatly simplified. Along with the problems of copyright, child pornography, such concepts came to us as: viral video, information war, virtual reality, technologies of “zombieing” users, suggestion of someone else's point of view. All these concepts have a destructive effect on a person’s personality. Especially if this person is young enough.
The Internet was created as a complex technical system. In a matter of years, spread throughout the world and captured the minds of many people. Computers began to manage subway cars, airplanes, refrigerators began to order food on the Internet. The load on the human mind has increased several times, although many believe that with the increasing load on the human psyche, the mental load has greatly decreased with general information [1]. Every day there are new programs, sites, complex technical devices. And man has to constantly face them.
At the international level, the control of global networks, the introduction of censorship, and personal security have long been discussed. Agreements on international cooperation are made, arrests of international computer criminals are made.
We have heard many times about the tragedy, when the complicated machinery was out of action due to the omnipresent "human factor". But it is worth considering whether a person is to blame for all these tragedies? Maybe this information system failed. It is information systems in general, not any separate ACS.
As already mentioned, at the beginning of its existence, only true technical specialists worked with computers, who knew all their features and drawbacks. But as soon as computers began to enter ordinary homes, programs appeared that were aimed at ordinary users. The production appeared specialized ACS. But who was engaged and engaged in their development - technical specialists (programmers, specialists in testing and certain technical areas). Therefore, the software allegedly user-oriented for it is actually not intended, or rather it does not suit him [2].
Everyone knows that the architecture of modern computers is not very suitable for ordinary users - they need a multimedia center for games, visiting pages on the Internet, listening to music and watching movies, doing home bookkeeping and even a small list of tasks. But in fact they advertise computers for scientific calculations — multi-core processors, gigabytes of memory, video cards for scientific calculations [3].
Many problems of personal security in the modern information society are solved by technical methods, by the same technical experts. For example, spam is an absolutely non-technical problem - the technician just successfully copes with its transmission. Spam arose naturally in the development of the economy and advertising technologies [5]. In the Russian segment of the Internet, spam reaches 80% [6] of all mail traffic - apparently the problem has not been solved for more than ten years by technical specialists. Or the same notorious “blockers” of the Internet, which are designed to limit children from certain content. You can still recall the recent proceedings with the channel 2x2.
All these devices, technologies, problems - this is the information space in which modern people live. The personality of a person is constantly checked "for strength" and not many can fight with these aggressive influences.
What to do in this situation? What measures should be taken? What do ordinary users need to know?
At this stage, the entire audience is divided into two camps: humanitarian and technical specialists. But almost no one notices the third part of the camp - humanities scholars who are familiar with the technical aspects of information technology and vice versa. The scarcity of the latter is indicated by the almost complete absence of publications on the Internet.
Some are trying to develop ethical principles based on the already well-known professional codes, such as the Hippocratic Oath [1]. Here is what comes out of it:
Information security officers should help people to share knowledge in the field of information technology and information protection. This knowledge should be donated to anyone who expresses a desire to learn.
In their activities, information security officers should avoid causing harm to the protected object (collateral damage) unless the preventable damage obviously exceeds the harm caused.
In their activities, information security officers should avoid causing any harm to the non-impartial, even if this would prevent damage to the protected object.
Information security officers should not transmit information about a vulnerability to anyone that allows this vulnerability to be used (with the exception of the owner or developer of the vulnerable system — only to fix the vulnerability).
The employees of the IB should not transmit any malicious or dual-use programs to anyone if there is a fear that they will be used to harm.
Obtained in any way access to someone else's system or information about someone else's system, information security officers should use only to protect, prevent harm and increase security. For no other purposes (including innocuous) such access or information cannot be used. With the disappearance of the need for such access should be closed, and information - destroyed.
Information security officers must keep confidential information that became known to them in connection with the provision of protection services, constituting someone’s commercial secret, privacy, professional secrecy, and other confidential information, regardless of whether there is an explicit agreement or confidentiality obligation.
Others attribute magical properties to information [7] and believe that these are purely technical problems and they are also solved by technical methods in conjunction with the introduction of strict rules for technical specialists. Everywhere there are extracts from various international documents:
Resolution 428 of the Consultative Assembly of the Council of Europe (Section C), which formulated two rules:
In the event of a conflict between the right to freedom of information and respect for privacy, priority is given to the latter;
The private life of public figures must be protected, as well as the private life of other citizens, except in cases when it may affect socially significant events.
And almost everyone identifies common actions aimed, in their opinion, at ensuring personal security:
Do not you think that there is a lack of security professionals, security of the person? It seems that the whole world has become interested in solving technical problems and philosophical research in the field of information security. And information in modern society has long taken a leading position. But as it turns out, the existing specialists are trained to protect information, and no one in the entire information space provides personal security other than government services, laws controlling the media, etc. Our universities do not train specialists in personal security and the safe use of media market products. Few people think at the mention of information or computer security, that this is just an environment for communication of people, that people are more important.
Such specialists should be taught the basics of protecting information, but focus them on the protection of the individual. Specialists in this field will be able to work in all areas of information technology: develop and maintain electronic media, train users in safe behavior in the information environment, computer literacy, including computer security. They will be able to hold conferences, than to popularize and expand the approach to personal security, than to increase the computer literacy of each person individually.
Of course, one should not take the spoken words literally. All security experts are needed as long as there are issues of national security, privacy protection, correspondence secrets ... But you need to think about creating a completely new profession focused on the problems of personal security, where sometimes the security of information and computers goes into the background.
1. www.nkj.ru/interview/4624 - Interview with S. V. Savelyev.
2. “Alan Cooper about the interface. Fundamentals of interaction design ”A. Cooper, R. Neumann, D. Cronin. - Per. from English - SPb .: Symbol-Plus 2009.
3. en.wikipedia.org/wiki/IBM_PC
4. ru.wikipedia.org/wiki/CUDA
5. bajki.narod.ru/ethics.html
6. net.compulenta.ru/48871
7. www.rffi.ru/default.asp?doc_id=5220
Introduction
Since its inception, computer systems have been very complex and expensive systems. At the beginning of their history, specialists in white coats worked with computers. Not many accessed directly to the big car. Only the gurus of computers had access to them, they received formulas and tasks, and then translated them into a language that only they and computers could understand.
Years later, as many futurists predicted, the world made a huge leap in information technology, thanks to the emergence of transistors, microchips, the development of combinatorics, algebra, physics.
')
Now computers have penetrated into all areas of human activity. There were computers the size of a coin, became portable, learned to work autonomously. Many people no longer imagine life without a computer - they walk through online stores, visit the best museums in the world, work and make acquaintances.
Today, even a novice user will not be surprised with such phrases as: “the virus deleted the file”, “write the number into the phone”, “five minutes ago I sent a letter, but it has not yet arrived”. He knows what spam is, a banner ad, that antivirus needs to be used, and he constantly forgets passwords.
Existing problems
With universal computerization, access to information via the Internet has been greatly simplified. Along with the problems of copyright, child pornography, such concepts came to us as: viral video, information war, virtual reality, technologies of “zombieing” users, suggestion of someone else's point of view. All these concepts have a destructive effect on a person’s personality. Especially if this person is young enough.
The Internet was created as a complex technical system. In a matter of years, spread throughout the world and captured the minds of many people. Computers began to manage subway cars, airplanes, refrigerators began to order food on the Internet. The load on the human mind has increased several times, although many believe that with the increasing load on the human psyche, the mental load has greatly decreased with general information [1]. Every day there are new programs, sites, complex technical devices. And man has to constantly face them.
At the international level, the control of global networks, the introduction of censorship, and personal security have long been discussed. Agreements on international cooperation are made, arrests of international computer criminals are made.
We have heard many times about the tragedy, when the complicated machinery was out of action due to the omnipresent "human factor". But it is worth considering whether a person is to blame for all these tragedies? Maybe this information system failed. It is information systems in general, not any separate ACS.
As already mentioned, at the beginning of its existence, only true technical specialists worked with computers, who knew all their features and drawbacks. But as soon as computers began to enter ordinary homes, programs appeared that were aimed at ordinary users. The production appeared specialized ACS. But who was engaged and engaged in their development - technical specialists (programmers, specialists in testing and certain technical areas). Therefore, the software allegedly user-oriented for it is actually not intended, or rather it does not suit him [2].
Everyone knows that the architecture of modern computers is not very suitable for ordinary users - they need a multimedia center for games, visiting pages on the Internet, listening to music and watching movies, doing home bookkeeping and even a small list of tasks. But in fact they advertise computers for scientific calculations — multi-core processors, gigabytes of memory, video cards for scientific calculations [3].
Many problems of personal security in the modern information society are solved by technical methods, by the same technical experts. For example, spam is an absolutely non-technical problem - the technician just successfully copes with its transmission. Spam arose naturally in the development of the economy and advertising technologies [5]. In the Russian segment of the Internet, spam reaches 80% [6] of all mail traffic - apparently the problem has not been solved for more than ten years by technical specialists. Or the same notorious “blockers” of the Internet, which are designed to limit children from certain content. You can still recall the recent proceedings with the channel 2x2.
All these devices, technologies, problems - this is the information space in which modern people live. The personality of a person is constantly checked "for strength" and not many can fight with these aggressive influences.
What to do in this situation? What measures should be taken? What do ordinary users need to know?
Vision of problems of the modern world
At this stage, the entire audience is divided into two camps: humanitarian and technical specialists. But almost no one notices the third part of the camp - humanities scholars who are familiar with the technical aspects of information technology and vice versa. The scarcity of the latter is indicated by the almost complete absence of publications on the Internet.
Some are trying to develop ethical principles based on the already well-known professional codes, such as the Hippocratic Oath [1]. Here is what comes out of it:
Five ethical principles of information security (information security)
1. Education willing
Information security officers should help people to share knowledge in the field of information technology and information protection. This knowledge should be donated to anyone who expresses a desire to learn.
2. Avoiding harm
In their activities, information security officers should avoid causing harm to the protected object (collateral damage) unless the preventable damage obviously exceeds the harm caused.
In their activities, information security officers should avoid causing any harm to the non-impartial, even if this would prevent damage to the protected object.
3. Non-proliferation of the dangerous
Information security officers should not transmit information about a vulnerability to anyone that allows this vulnerability to be used (with the exception of the owner or developer of the vulnerable system — only to fix the vulnerability).
The employees of the IB should not transmit any malicious or dual-use programs to anyone if there is a fear that they will be used to harm.
4. Fair use
Obtained in any way access to someone else's system or information about someone else's system, information security officers should use only to protect, prevent harm and increase security. For no other purposes (including innocuous) such access or information cannot be used. With the disappearance of the need for such access should be closed, and information - destroyed.
5. Keeping a secret
Information security officers must keep confidential information that became known to them in connection with the provision of protection services, constituting someone’s commercial secret, privacy, professional secrecy, and other confidential information, regardless of whether there is an explicit agreement or confidentiality obligation.
Others attribute magical properties to information [7] and believe that these are purely technical problems and they are also solved by technical methods in conjunction with the introduction of strict rules for technical specialists. Everywhere there are extracts from various international documents:
Resolution 428 of the Consultative Assembly of the Council of Europe (Section C), which formulated two rules:
In the event of a conflict between the right to freedom of information and respect for privacy, priority is given to the latter;
The private life of public figures must be protected, as well as the private life of other citizens, except in cases when it may affect socially significant events.
And almost everyone identifies common actions aimed, in their opinion, at ensuring personal security:
- It is necessary to agree on a general view on the problems of the impact of information on individual and mass consciousness, on the political-ideological sphere and on the human psyche, to agree on a coordinated understanding of the concepts used.
- It is necessary to begin the preparation of international agreements on the control of production and the introduction of information technology into computer networks and systems that can actually or potentially be used for terrorist and criminal purposes.
- It is necessary to begin negotiations on the international legal protection of network information resources, including personal data, intellectual property, as well as copyrights to materials distributed on the Internet and other public networks.
- It is necessary at the international level to consider the possibilities of controlling and limiting the distribution of obscene and socially moral information, unfair advertising, fraudulent transactions and other materials that have a negative impact on people's physical, mental and social health.
Alternative approaches
Do not you think that there is a lack of security professionals, security of the person? It seems that the whole world has become interested in solving technical problems and philosophical research in the field of information security. And information in modern society has long taken a leading position. But as it turns out, the existing specialists are trained to protect information, and no one in the entire information space provides personal security other than government services, laws controlling the media, etc. Our universities do not train specialists in personal security and the safe use of media market products. Few people think at the mention of information or computer security, that this is just an environment for communication of people, that people are more important.
Such specialists should be taught the basics of protecting information, but focus them on the protection of the individual. Specialists in this field will be able to work in all areas of information technology: develop and maintain electronic media, train users in safe behavior in the information environment, computer literacy, including computer security. They will be able to hold conferences, than to popularize and expand the approach to personal security, than to increase the computer literacy of each person individually.
findings
Of course, one should not take the spoken words literally. All security experts are needed as long as there are issues of national security, privacy protection, correspondence secrets ... But you need to think about creating a completely new profession focused on the problems of personal security, where sometimes the security of information and computers goes into the background.
useful links
1. www.nkj.ru/interview/4624 - Interview with S. V. Savelyev.
2. “Alan Cooper about the interface. Fundamentals of interaction design ”A. Cooper, R. Neumann, D. Cronin. - Per. from English - SPb .: Symbol-Plus 2009.
3. en.wikipedia.org/wiki/IBM_PC
4. ru.wikipedia.org/wiki/CUDA
5. bajki.narod.ru/ethics.html
6. net.compulenta.ru/48871
7. www.rffi.ru/default.asp?doc_id=5220
Source: https://habr.com/ru/post/109243/
All Articles