July 29, 2004

Big Brother Awards

Naming and shaming was at its finest last night as the Big Brother awards were presented to Britain's worst by Privacy International. The winners included British Gas, the US VISIT fingerprinting programme, and the British Minister for Children, see the articles below for details.

It's hard to measure conclusive success for these awards, as no doubt the winners will pretend to shrug their shoulders and carry on their evil works. But it seems to give some pause for thought: I bumped into a couple of people there who were potential winners, and even though not directly addressed by this year's lists, there was an almost masochistic sense of wanting to see and experience that which was beyond the pale. So I'd conclude that there is a significant knock-on effect - companies know of and are scared of the awards.

It occurrs to me that there is room for an award or two in our field. Maybe not FC, which is too small and fragmented as a discipline ... but certainly in the application of cryptography itself.

Negative awards could include

  • Worst security implementation - worst product that was being passed off as a crypto solution.
  • Most egregious failure of security responsibility - what organisation was not using crypto when it should be.
  • Biggest public-sector impediment to security - what rule or act this year caused the most crypto insecurity.
  • Biggest FUD vendor - the company that did the most to scare people into using product.

Positive awards also should be given. I'd suggest:

  • Best open source or free product - the one that did the most to wisely and successfully deploy good crypto.
  • Lifetime achievement award - for the hacker or implementor who did the most to advocate and push good stuff out there, in spite of the odds.
  • Most accessible academic contribution - for the one paper that we could read and should read.

I'm sure there are lots of other ideas. What we need is a credible but independent crypto / infosec body to mount and deal such an award. Any takers?

Here's a couple of articles on the awards, FTR:

Posted by iang at July 29, 2004 10:29 AM | TrackBack

I think it would be great if a crypto or information security group could get together and agree on some positive awards. I would find negative award entertaining, and (I'm guessing) they would be easier to agree upon; however, the positive awards would point the way for the rest of us.

Posted by: Will at July 29, 2004 11:06 AM