Please forgive this unusual post, which asks an unusual question – for Naked Security, at least – but which makes a pair of pertinent security points nevertheless.
Here we go.
Have you seen this parrot?
If so, do you live in the Carlingford region of Sydney (roughly the inner west-north-west of the metro area)?
The parrot is a female Alexandrine parrot called Icari, and she belongs to Matt, a psittacophile technology guru at one of Sophos’s business partners.
Sadly, he’s misplaced her.
More accurately, Icari took fright, escaped from the house, and – despite having limited takeoff ability – took wing in a untimely gust of wind, trying to escape from an onslaught of Indian mynah birds. In short, she got away against all odds.
(Icari was, as you’ve probably guessed, named after the Greek chap who flew too close to the sun, Ikaros. When she was old enough for her gender to be determined, her name was adapted.)
If you’ve seen, found or rescued this parrot, Matt would love to hear from you. A reward is offered for Icari’s safe return.
OK. If you’re not a parrot lover, or you don’t live in or near Carlingford, please read on.
There are two security lessons in this story.
Firstly, you need to concern yourself with egress security – keeping the good stuff in – as much as with ingress security – keeping the bad stuff out.
A tiny ventilation crack in an open window and an unlikely combination of external circumstances saw Icari escape and get lost.
Your data faces similar threats. A well-meaning insider emailing the wrong person, or a cybercrook with a tiny footprint inside your network, can lead to an embarrassing or even a dangerous data spillage to outsiders.
Secondly, you need to be location share-aware.
We can’t use technology to locate Icari, even though she’s badly equipped to fend for herself without it. (Small parrots are difficult to microchip because they don’t have much muscle into which an RFID chip can safely be injected; in any case, RFID chips don’t have an energy source and so can’t send out beacons allowing them to be located remotely.)
Ironically, though, many humans – despite being ideally equipped to survive in an urban environment of their own devising – seem to be unwilling not to be found at will.
The popularity of location-aware services such as Foursquare show just how keen many of us are to disburse veritable logfiles of our movement.
Most democratic countries would find it pretty hard to pass and enforce laws requiring all residents to wear tracking tags at all times.
For convicted criminals who would otherwise be incarcerated, wearing a tracking tag might be a reasonable compromise in return for early release. But as a condition of residence for everybody? Tourists tagged at their port of entry and tracked relentlessly?
We wouldn’t tolerate it. But many of us do tolerate giving away masses of personal tracking data quite voluntarily – often to organisations who operate outside our own jurisdiction, and whose expressly-stated purpose is to commercialise that information.
So take something positive from Matt’s Alexandrian disaster.
Don’t accidentally let valuable data escape when you don’t intend it to; and don’t intentionally give valuable data away when you simply don’t need to.