IT Security & Parenting: Trust but Verify May 26, 2006Posted by TimTheFoolMan in Computers, Family, IT Security, Love, Parenting/Children, Security.
During the height of the Cold War, President Reagan formalized a policy for dealing with the former Soviet Union. In retrospect, I think his approach seems beneficial in both the realm of IT Security and in Parenting teenagers.
Farewell to Arms Race
In his farewell speech, Ronald Reagan said (among other things):
…as long as we make it clear that we will continue to act in a certain way as long as they continue to act in a helpful manner. If and when they don’t, at first pull your punches. If they persist, pull the plug. It’s still trust but verify. It’s still play, but cut the cards. It’s still watch closely. And don’t be afraid to see what you see.
This was at a point when the Soviets clearly had begun to turn a corner in their relationship with the US, and particularly during the visit that President Reagan alludes to in this speech, that relationship was evident in the changing attitudes of the average citizens of both countries.
This is IT?
In his controversial whitepaper “The Shrinking Security Perimeter,” Dan Geer suggests that “trust but verify” has taken on new meaning in the current IT landscape, because it represents a mindset that allows us to move from micromanaging access and permissions, to instead monitoring and logging critical activities, and communicating to all that we’re doing so.
For example, if I am concerned about the security of some electronic vote counting equipment (assuming that it’s all centrally located), I could alleviate many of the voters’ concerns about the handling of the process by putting up a few security cameras with the capability of recording the data through election day, and also putting the video online via the web. Even better if I allow an interested voting security group to do this for me, and effectively provide an independent video audit trail of the process.
If everyone involved knows that they’re being watched, and furthermore knows that tampering with the system that is monitoring them will lead to even tighter scrutiny, we might go a long way toward restoring some trust in the elections process. (To be sure, there are complexities of implementing a system like this, but I’ve co-opted an example that Geer gives in a podcast about this subject to illustrate the concept.)
A better example (from the same business) may be the VVPAT (Voter Verified Paper Audit Trail) that some states have mandated. This forces an election equipment provider to provide a mechanism for independently auditing the results of the elections, using paper and hand-counts instead of optically scanned or electronically counted ballots. The camera example may be more of a “don’t trust and scrutinize,” and the latter is more of the “trust but verify.” Either way, you are not prohibiting someone from doing something inappropriate, but you are making sure they know that if you do, someone will find out that you’ve done so.
This is a Parent?
In a similar vein, my youth minister years ago suggested the same approach to dealing with teenagers. He used the same phrase, “trust but verify.” What does this mean in the context of parenting teens? Does it mean to pull the stunt from “Hogan Knows Best” and put a GPS transmitter in your daughter’s car so you can track her every move?
I don’t think so. I see it this way. I am going to trust my sons when they tell me where they are, who they’re with, and what they’re doing. I’m also going to make sure that they know that I will, from time to time, talk to the parents of their friends, and will occasionally discuss where they’ve been, who they’ve been with, and what they’ve been doing.
This is important… please note the past tense in the previous sentence. I will rarely block their plans. Additionally, as they demonstrate trustworthiness, I will verify less and less often. If, at some point, that trust is broken… then my verification will tighten up dramatically, possibly with corresponding punishment if there’s an agreed-upon rule that they’ve clearly broken.
One Down, One to Go
At the time of this writing, my oldest is getting ready to finish High School, and prepare for college. My youngest is getting ready to find out what it’s like to be the only child. Both are heading into an uncertain future, but both of them have learned the “house rules,” and both have done a remarkable job of maintaining our trust.
Yes, from time to time, there have been mistakes. From time to time, there have been disappointments, and broken trust. From time to time, the reins have drawn in.
Ultimately though, we are now standing at the dock, waiting for the ship to arrive, and preparing to watch a young man set sail into an uncertain future. There’s no telling where he’ll go, what he’ll do, or how long he’ll take to get there. One thing is certain. I can now trust without verifying anymore.