United users should call security tune

The Jericho Forum seems set to revitalise computer security. It's time for more users to take control
Written by Leader , Contributor
To paraphrase Gandhi: whatever you think of computer security, it would be a good idea. The Jericho Forum, now just one year old, feels the same way. A collection of chief security officers from blue chip companies, Jericho came about because existing models were running out of steam. Its big idea is deperimeterisation: don't worry so much about preventing threats reaching you, just make sure they can't do any harm when they do.

Actually, that's not quite true. Jericho's really big idea is something more even more revolutionary than throwing away the firewall. The Forum has spent its first year of existence deciding what it wants: vendors were kept out. They'll be welcome inside once Jericho has produced its demands.

Users deciding what they want and asking for it is a sea change that's well overdue. Vendors should pay attention -- in general, their attempts to define the market have been cumbersome and unsuccessful. In some circumstances this has been because they've misread the market or misled themselves: Microsoft assured the trusted computing community in 2001 that Passport would be a great success because "the three things consumers want most from the Internet are privacy, security and single sign-in, a Passport feature". This Microsoft knew because analysts told it so. Three years and much marketing later, Passport is a dead duck.

It turns out that while users do indeed want privacy, security and federated identity -- one sign-on that works for all your services -- they are not prepared to invest the trust required for this in a company like Microsoft. With Passport having its own series of security failures, this mistrust was justified: it remains to be seen whether Windows Media Player's DRM security worries will also engender an aura of untrustworthy computing. We can only hope so.

To recover trust, the vendors must deliver. To deliver, they must listen to their users and find out what they want. If the users are united in that, then we'll see more and more power removed from the marketing departments of the major vendors and returned to the people who ultimately pay their wages -- their customers

Editorial standards