How should corporations think about Web security?

Professor of Law and Computer Science

Jonathan Zittrain is a Professor of Law at Harvard Law School, Professor of Computer Science at the Harvard School of Engineering and Applied Sciences, Vice Dean for Library and Information Resources for the Harvard Law School Library, and Co-Founder of the Berkman Center for Internet & Society. Previously, he was the Chair in Internet Governance and Regulation at Oxford University and a principal of the Oxford Internet Institute.  He was also a visiting professor at the New York University School of Law and Stanford Law School.

Zittrain’s research interests include battles for control of digital property and content, cryptography, electronic privacy, the roles of intermediaries within Internet architecture, and the useful and unobtrusive deployment of technology in education.

He is also the author of The Future of the Internet and How to Stop Itas well as co-editor of the books, Access Denied (MIT Press, 2008), Access Controlled (MIT Press, 2010), and Access Contested (MIT Press, 2011).

  • Transcript

TRANSCRIPT

Question: How should corporations think about Web security?

Jonathan Zittrain: The top level security issue is how to function in an open and chaotic environment. The more secrets your business holds, the more you stand to lose, if a laptop goes missing, if your website gets hacked. And there are some secrets that really do need to stay secrets, like your customers' credit card numbers. And it's amazing to me the number of companies that still don't encrypt them when they store them. So when the hacker gets in, they've got the keys to the kingdom. California passed a law a few years ago, SP-1386 that says, if you have had a vulnerability, a breach of some kind, and exposed customer data to unknown third parties, of a sensitive nature, you have to tell the customer. As you might guess, firms don't like this law. There's been a slew of firms telling customers, "Gee, we screwed up," and yet they still don’t encrypt very often. It's very puzzling to me. But to me, aside from the stuff that absolutely has to stay scrambled, it'd be worthwhile to say, "How much of our business plan depends on secrecy and on control, rather than on generativity? On people coming up with neat ideas?" And corporations are starting to get wise to this. Dove is running a competition for people to film their own soap ads, and the winner gets to have the soap ad on TV. So in crude and fitful ways, they're suddenly acting less oracularly. You can even see it in the arts, where writers of television shows no longer speak only through their show, but they have a pod cast and commentary and behind the scenes stuff, because the bandwidth is there to do it. I'm sure there are a number of artists who think, "Too bad. Better that you should speak, J. D. Salinger, only through your books." Whereas others say, "Hey, it's a craft. I'm happy, actually, if people are eager to see what's on the cutting room floor, fine. I'll share it."

 

Recorded on: 3/8/08


×