Practice What You Preach

It's time to move the security pulpit from the workplace to your living room

By Simson Garfinkel

September 01, 2004 — CSO — Do you spend time and money developing your organization's disaster recovery plan, while failing to back up your home PC?

Do you invest in guards and security cameras for the office, and then leave confidential papers on your desk while you step out for a sandwich?

Do you set up your desktop's antivirus system to automatically download new virus definition files every day, while allowing your home PC's antivirus system to expire because you didn't want to pay $50 when the trial version ran out?

The most conscientious security professionals that I know practice what they preach. They have shredders in their kitchens for those incessant credit card offers. They alarm their homes. They turn on wired equivalent privacy (WEP) encryption on their home wireless networks. And they password-protect the photographs on their personal website. You have to live it, they say. Otherwise, you aren't worth your salt.

Likewise some CSOs are genuinely concerned about their own security and privacy. They know that an extremely effective way to target an organization is by targeting the homes or personal lives of its directors. In this case, surveillance can be done without breaking the law.

Consider the 1988 U.S. Supreme Court case of California v. Greenwood, in which the court ruled that Americans have no right to the privacy of their trash. Billy Greenwood was a man whom the local police suspected of dealing drugs, but they didn't have any proof. So the police acquired Greenwood's trash from the collectors who picked it up from the curb, and then went through the bags with a fine-tooth comb looking for evidence. They found it. The evidence was used to obtain a search warrant for Greenwood's home. Drugs were found in the home, and Greenwood was arrested and eventually convicted on felony drug charges. Greenwood appealed, arguing that the original, warrantless searches of his trash had been unconstitutional search and seizure.

The court disagreed. "It is common knowledge that plastic garbage bags left along a public street are readily accessible to animals, children, scavengers, snoops and other members of the public," wrote Justice Byron White, delivering the opinion of the court. "Moreover, respondents placed their refuse at the curb for the express purpose of conveying it to a third party, the trash collector, who might himself have sorted through it or permitted others, such as the police, to do so. The police cannot reasonably be expected to avert their eyes from evidence of criminal activity that could have been observed by any member of the public."