Forwarded from: Elyn Wollensky <elynat_private> http://www.eweek.com/article/0,3658,s=706&a=24507,00.asp By Peter Coffee March 25, 2002 Welcome to "stupid customers," the saga of IT vendors' ongoing attempts to blame the victim. This week, we honor Jim Balsillie, chairman and CEO of Research In Motion, who commented earlier this month on the intrinsic insecurity of Internet traffic—and why it's not his company's fault that people don't understand it. Balsillie was asked about an attack discovered by @Stake that enabled researchers to read wireless messages intended for a user of the Internet Edition of RIM's popular BlackBerry device. He huffed and he puffed and he blew the question down, saying, "Internet traffic isn't supposed to be secure. ... It's kind of like a company making beer and cola and someone saying that there's alcohol in the company's drinks, when the children are drinking cola." Well, no, it's really not like that, and IT executives need to understand why that's a deeply flawed analogy. First comes the matter of labeling. Alcoholic beverages are labeled and sold in a manner that leaves no doubt as to what you're getting, with full disclosure of the harm that it can do: birth defects, impairment of driving ability and long-term health problems. Even my Nokia phone displays the warning "Voice privacy not active" for the duration of my call unless link security is in effect. That's far more forceful than RIM's approach of warning by omission, with RIM executives saying that security was never promised or that the Mobitex specification makes it all clear. Second comes the matter of expectation. Beer ads don't show Boy Scouts drinking the product - but we see the RIM advertisements in in-flight magazines and elsewhere, and they don't show people relying on their BlackBerry units for updates on their local coffee shop's waiting times. The RIM ads all suggest that these devices will warn you of crucial business developments, such as changes to a proposed contract or other urgent matters. Don't such important purposes call for secure message platforms? Alcohol labels and advertising rules aren't voluntary. Would IT vendors like to have legislators do the same for them? Report your pink elephant sightings to peter_coffeeat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 28 2002 - 01:52:14 PST