Early this morning, as I was scrolling through Twitter, I came across a chain between a @mikko, a researcher at F-Secure, and the official ISO account. Here’s the chain:
It’s okay @mikko, I’m at a loss for words as well. On the one hand, while it is true that the ISO does not publish its standard for free, there are so many resources out there of organizations that bought the standard and are summarizing it for you. However, that means you only get a distilled version of the standard that may be applicable only to the organization that is summarizing the resource. So, pretty worthless in the end.
On the other hand, I can’t help but think of Aaron Swartz. Many of you probably remember Aaron Swartz, a brilliant programmer who came up with a wide variety of tools integral to the internet, including RSS, markdown, and others. Many of you probably also remember his tragic passing due to the pressures resulting from an indictment for wire fraud and breaking the Computer Fraud and Abuse Act.
But what may not be remembered was what led to those indictments and Swartz taking his own life. Swartz was caught sneaking into a utility closet at MIT, where he had plugged in a laptop to the MIT networks to download JSTOR articles on a systematic basis. And what is even less remembered was an ongoing protest against the growth of placing documents of importance to the public behind paywalls. The cypherpunk movement was at one of its peaks of visibility: information wants to be free and it was a public duty to free that information.
Swartz was a part of this broader movement that sought to remove as many barriers to information as possible. Part of his lasting legacy was his work with Lawrence Lessig, Hal Abelson, and Eric Edelson in developing the Creative Commons, an intellectual property regime that seeks to promote the movement of ideas into the commons, where it can be used to the benefit of the society. This was all wrapped up in the cypherpunk-created mantra that information wants to be free.
I go into Swartz here for a good reason: what was seen in the Twitter exchange between @mikko and the ISO was exactly the issues that Swartz and others were fighting against in the early 2000s. Information that could be used to benefit society are being placed behind a paywall, commoditized to the detriment of all.
Note that I am not talking about all ideas and information here: I am talking about the ideas and information that are integral to the commons. These are ideas and information that a society requires in order to protect itself and to continue evolving and protecting its citizens.
Therefore, the problem that I am calling attention to here is a standard that could be used by organizations to strengthen their information security architecture tenfold being locked down if you don’t have the money to pay for it. What this strikes me as is similar to a main fighting point for cypherpunks and Swartz and others: the locking of legal documents behind paywalls. How, they asked, could people know the law and their rights if they had no way to access the documents — arguably the most public of public documents — without paying a hefty fee. I ask the same thing: how can people ensure that their companies, organizations, and themselves are protected on the Internet if the information that can be used to provide such defense for themselves are locked behind paywalls?
I have a feeling that this is going to be the first post in many where I explore this idea more fully. As you can probably see, this is just a rough first start of this so it should develop over time.
HakstheHax 