Information wants to be free. Information also wants to be expensive. Information wants to be free because it has become so cheap to distribute, copy, and recombine — too cheap to meter. It wants to be expensive because it can be immeasurably valuable to the recipient. That tension will not go away. It leads to endless wrenching debate about price, copyright, ‘intellectual property’, the moral rightness of casual distribution, because each round of new devices makes the tension worse, not better.A review of the recent Wikileaks media frenzy proves this to be true. Attempting to hide information eventually becomes a futile effort. Each person who has access to the data adds an exponential risk of the information becoming 'free'. But the moment that information does become free, it becomes expensive.
Think of how Mastercard, Visa, PayPal and dozens of other websites that have been the targets of denial of service attacks due to them trying to follow legal and organizational policies in dealing with Wikileaks are now forced to spend a great deal of time and money defending those attacks. Think of how the US Government is spending its time, especially the State Department, trying to smooth over the hurt feelings of other countries and governments. Think of how much money the US military will be spending to more strictly control the access and ability to download confidential information in its computer systems.
This is a lesson that should not be lost on those of us who work on projects. Its often us, who in the shadow of such events as Wikileaks exposures, are called upon to 'fix' problems which are essentially errors with humans intervening in a process and not the failure of any system. Yet, our companies and governments will spend countless amounts of money in 'security theater' just to make themselves feel 'safe' again. Don't believe me? Try to fly in the US sometime in the last decade and you'll see what we put ourselves through in order to feel 'safe.'
It is a much better idea to help keep our organizations out of situations like this than it is to implement poor 'defenses' after the fact. As people who work on projects, that isn't usually within our realm of influence, but for those of us who participate in enterprise analysis, it is part of our mandate to ensure we provide proper and right advice to those in authority.