December 21, 2018
Freedom and Security – Can we have both?
I’ve mentioned freedom before back in 2016 in the context of Remembrance Day. ( https://www.uoguelph.ca/ccs/infosec/identitysocialmedia [1] ). I want to revisit it here, but in a bit starker context; the antithesis between security and freedom.
Freedom is not absolute, and security is not absolute. No one can yell “FIRE!!!” unjustifiably in a crowded hall, and no one is without risk of harm to security – in person or online. There is and always will be a trade-off between security and freedom. We want to feel secure around our homes, our transportation, our places of work. We want to feel secure browsing the web, using social media, shopping on-line. We want to be free to follow our interests, to read what we want, to speak our mind. To feel free as well as secure, we need a balance between controls which enhance security, and liberties which enhance freedom. As a civil society, we need to be conscious of that balance, and how free and secure we are in perception and reality. That’s a big topic to tackle in a small blog post, but here’s how we balance freedom and security as it relates to Information Security at the University of Guelph.
How we have freedom at UofG
We have a culture of academic freedom, freedom of inquiry, and freedom of expression.(*) These freedoms are reflected in the Acceptable Use Policy (see AUP [2] - it governs everything you do using IT. Go ahead and read it now if you haven’t; I’ll be here when you get back.)
- The UofG community is authorized to use IT resources to further any part of the UofG missions
- You may use UofG IT resources for limited personal use
- Your privacy is respected in your use of UofG IT resources
- IT support can only access your personal information with the permission of the appropriate Vice-President (or yours)
- In Information Security we monitor for anomalous events, not persons or personal activities
How we can feel secure online while at UofG
- The UofG has good networking defenses in place, with various layers of defense
- We monitor all our networks and systems for vulnerabilities and fix them
- We aggressively deal with unwanted email such as spam, and phishing attempts - on an average day, 96.4% or more of all email is discarded by our filters as known spam
- We have an active Security Operation Centre which monitors billions of events for anomalies to investigate and acts as the security interface between all these complex technologies
- We have local and central IT staff to help keep your workstations safe and secure, including more than 1750 workstations in the central Managed Desktop service.
These are not perfect, but we are conscious of the balance between privacy and freedom on the one hand, and security on the other. Going forward, better security is often achieved through increased surveillance, or stricter and more frequent checks. As a community, we need to be vigilant to ensure that security controls do not unduly limit the freedoms we have, and that the freedoms we want don’t unduly sacrifice the security we need.
(*) See https://www.uoguelph.ca/freedom-of-expression/ [3]
Written by: Gerrit Bos (Information Security Officer)