President Ronald Reagan said, “Trust, but verify.” I used to hold fast to that, but recently have learned that you cannot, nor should you, always verify.
Trust is a critical foundational element of life, government and information security.
Things would be different if trust was non-existant…
- Husbands and wives would always be paranoid.
- Negotiations between teachers and school boards would always go to impasse.
- You wouldn’t have any confidence in your antivirus or IDS system.
Right now, you’re probably saying that is the way things already are. To some extent you are right.
Distrust between two parties is as natural as entropy.
But, consider some of the ways that you do trust.
- You trust that the gas pump gives you what you pay for and that the meter is accurate.
- You trust that the government who puts the accreditation sticker on the gas pump has actually tested it.
- You trust that the person testing the gas pump knows how to accurately test it.
- You trust that the magnetic card reader for swiping your credit or debit card is not skimming that information.
Of course, there are many more examples.
- You trust Google to not share information about your searches, or the contents of your GMail account.
- You trust the security that your bank uses for your on-lne banking.
- You trust the validity of the certificates that are checked when accessing secure web sites.
Our society is built upon the expectation of trust. Sometimes people and organizations successfully show that they can be trusted. Othertimes, not.
Back to President Reagan…
There are times when I trust, but verify.
However, there are many more times when I trust, but either choose to not verify, or the risk is so low that it makes to sense to take the time to verify.
Carefully consider which times verification is important. It just might save the day for you sometime.
- Dan
