Information wants to be free

Simon Ellis, Senior Cyber Security Consultant (simon@fortian.com.au) | Jul 18, 2019

Information wants to be free. It’s an old proverb from Stewart Brand that many people associate with the modern world and the ceaseless march to make value from data. What many people do not know is Stewart’s actual statement is “Information wants to be free. Information also wants to be expensive… That tension will not go away”.

The ‘information tension’ is readily apparent in banking. Consumer applications have been built to provide budgeting and savings insights, but getting at the data hasn’t been easy. There is no standardized approach, security and privacy concerns exist, and workarounds are aplenty – We are in the age of APIs, yet many applications still need to screen-scrape the data they want.

The Australian government recognises this tension and as a result has introduced the Consumer Data Right. The Consumer Data Right will give Australians greater control over their data, empowering them to choose to share their data with trusted recipients for the purposes that they have authorised.

This initiative will be used to encourage information exchange, competition and innovation, initially in banking, and later in energy and telecommunications.

Fortian is proud to support this legislative initiative as an independent security reviewer of the supporting technical standard, namely the Consumer Data Standard. This is undoubtably an important technical standard, which must carefully balance security and usability needs – After all “information wants to be free”, but not at any cost.

Fortian is but one voice, in an area where there is truly no single, right answer. We have been careful to present our views, but substantiate them with reference to our internal threat models, standards comparisons and simple know-how. Readers are encouraged to reflect their own security views against ours. For further information about Consumer Data Standard and its security implications, take a look at the report and the response from the Data Standards Body Technical Working Group.