What we can learn from controversial government security practices

August 14, 20194 minute read

Select article text below to share directly to Twitter!

Dismiss

Government security is pretty serious business. And that’s really how it should be when it comes to protecting an entire nation from relentless terrors at home and abroad. However, things get a bit less cut and dried when the discussion turns to the digital realm. In the current climate, the topics of internet blacklisting and the line between protective tactics and harmful censorship remain contentions.

What’s internet blacklisting? It’s a bit like the parental restrictions you place on your Netflix account: You put those in place to protect your kids from content you deem unfit. Internet blacklisting is simply a government doing the same thing for its country’s citizens. But who’s to say what internet content is fit for adults who could otherwise make that decision for themselves? Therein lies the conflict between IT security and censorship.

Is there such a thing as too much security?

Blacklisting can seem like a good idea on its face, but its use has also opened the door to ethical debates. Forbes recently described the realities of this kind of government security and the greater implications it can have. The article uses as an example the case of New Zealand’s government blacklisting graphic video and sensitive details related to the Christchurch mosque shootings.

Despite the unquestionable horror of the attacks, citizens are divided on whether the blocking of such material is appropriate. Many have based their stances on the need for increased awareness around violence and hatred, immediate security concerns, respect for the victims, and fear of spreading what could become extremist propaganda.

There’s no doubt that some web content belongs on a blacklist—nobody should have access to dangerous sites that enable terrorist activity or facilitate the trafficking of drugs, weapons, and humans. But where do we draw the line? This is a tough question that should be distilled down into a few more approachable ones:

  • How can we ensure that bad actors don’t get unwarranted publicity?
  • How can we keep society appropriately informed?
  • How can we make sure that the government isn’t hiding its own corruption?

These questions are certainly worth considering, and while they don’t yield easy answers, they can inspire some insightful discussions if they are applied to your own IT environments.

What blacklisting arguments can teach us

Have you ever considered how government security issues like blacklisting could apply to your own organization? If you’ve ever had users visit dangerous or inappropriate websites and spread malware or cause a disruptive workplace scandal, you probably already have a pretty good understanding of why blacklisting is taking off.

You may be thinking, “But wait! Content filtering and blacklisting are two very different things.” In one practice, the government removes access to information it deems unsuitable for its citizens, and in the other, users are blocked from known malicious or inappropriate content—or even benign, time-wasting sites like social media.

Look closely, however, and you may find that they really aren’t that different. Both are instances of governing bodies attempting to protect their assets by limiting access. With that in mind, how can you keep your device security measures from crossing the line into oppression?

Step 1: Consider your motives

As an IT decision maker, your sensibilities are among the most critical checks and balances in this case. Every security decision you make should not only be run through the usual gauntlet of budget and integration considerations, but also a healthy degree of introspection.

“Why?” is the first question you should ask before you deploy any security measure. If you find that the answer boils down to anything outside your core mission values, you might be in danger of inhibiting the creative and productive freedom of your users.

Step 2: Seek outside perspective

The above advice is a great way to think about your IT security decisions during implementation, but what if your internal compass has gradually drifted off course? What you need is a team of people to provide outside perspectives on difficult security decisions.

Ideally, this team would be mostly comprised of folks with relatively little technical aptitude. The reasoning behind this is that your viewpoint as an IT professional is likely focused on the technology first. You need to balance this with viewpoints that center on how humans will actually interact with technology rather than how tech should work or what it can do for us. A panel sourced from all departments and levels of the company could grant some valuable insight into what access employees need to stay safe, productive, creative, and happy.

The emergence of internet blacklisting as a government security measure presents an opportunity to examine our own security practices and improve. To that end, strive to insulate your environment from short-sighted and potentially detrimental security decisions while still seeking to encourage and preserve a healthy workplace culture.

  • Recommended for you
  • Recommended for You