Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

To trade or not to trade

To trade or not to trade

  • Comments 3

This past weekend, I was watching Return of the King.  Even though I think that the first one is my favorite, it is my opinion that the third one is the best one.

Anyhow, I was struck by how the characters behave in selfish manners in the movies but it totally translates over to real life.  Consider the following two examples:

  1. Rohan is fresh off their victory at Helm's Deep.  There is talk of an alliance between Rohan and Gondor in order to stand up to Sauron's growing threat in the east.  This seems natural to Aragon in order for the world of Men to ally to fight against Sauron.  Theoden then asks out loud "Tell me, why should we ride to the aid of those who would not come to ours?"  In other words, Gondor didn't help out Rohan at Helm's Deep.  Why should Rohan assist Gondor?

    Aragorn looks at Theoden, deeply befuddled as if to say "How can you even suggest putting something like that over the greater good?  If you don't help Gondor the whole world is going down the drain!"

    image

  2. The second example is when Gandalf and Pippin reach Minas Tirith.  They approach Denethor, the Steward of Gondor and tell him to start fortifying his defenses against Sauron's army, and that they are there to help.

    Denethor looks at them and (to paraphrase) "With your left hand you come to aid me but with your right you come to supplant me."  It is a reference to the (accurate) accusation that Gandalf seeks to remove Denethor from the oversight of Gondor and return Aragon to the throne.  But it overlooks the greater issue; Denethor is more concerned about retaining power than he is about saving Gondor.
  3.  image

Sauron is a lot like all the spammers out there.  You know, evil, dark, foreboding and threatening to take over the world (well, at least make the Internet useless).  One of the ways that we in the security industry can overcome this is by aligning with each other and sharing data and intelligence.

There's a huge risk in sharing data.  If all of the big players got together and traded data, then at the end of the day we'd all have pretty close to the same antispam effectiveness.  What then becomes the differentiating factor?  I don't want to give up my data if that guy won't give up his.  Or, why should I release my data when mine is worth so much more than his?  I don't want to give up everything and give him an edge to make him equal to me.  Why should I have to put up with freeloaders who will disproportionately win from this?  And others will disproportionately lose?  And besides which, where are the Dwarves in all of this?  Why aren't they kicking in some data?

These, of course, are real concerns.  But on the other hand, I think a case can be made that it overlooks the bigger issue - our real enemies are not each other, but spammers are the target.  I think it is true that if everyone were to open up and share data, we could eventually all get about the same effectiveness against spammers, more or less.  There'd be gains here, sub-gains there, but they'd all be about the same.  There wouldn't be a big service differentiator.

But I think what does distinguish us is that even though we are giving up a lot of data, we are all on the same side of saving the world -- from the spammers.  There are far fouler things that crawl on the depths of the web than the good people coming to the aid of each other.

But on the other hand, maybe I'm just an unrealistic idealist.

Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post
  • Hm.

    I think there's one thing you're missing:

    Companies such as Microsoft and IBM have their primary business in other areas -- in particular, it's in their best interests to fix the spam problem and maintain trust and usability.

    Those sorts of companies are like Rohan and Gondor.  While they might have moments as Theoden did, they do understand, ultimately, that it makes sense to collaborate for the good of all, and then go back to ruling their respective kingdoms.

    But there are companies whose primary business is in fighting spam.  If all you know how to do is fight the forces of Sauron, what happens when Sauron is defeated for good, and the ring is returned to the fires whence it came?  What happens when you save the world?

    What happens is that you're out of business.

    In other words, a good portion of the antispam community thrives on the ubiquity of spam (and other malware), even as it develops ever better technology to fight it.  That portion has little incentive, apart from the good will it generates, to share what they know.

  • <i>"I don't want to give up my data if that guy won't give up his.  Or, why should I release my data when mine is worth so much more than his?"</i>

    This is called a Nash equilibrium.  You may enjoy reading <a href="http://www.amazon.com/New-School-Information-Security/dp/0321502787/ref=sr_1_1?ie=UTF8&s=books&qid=1247647324&sr=8-1">The New School of Information Security</a> which advocates sharing data.

  • LOTR spambusting FTW!

    Instead of one ring to rule them all it could be one rule to ring them in?

    LOL

Page 1 of 1 (3 items)