Welcome to “stupid customers,” the saga of IT vendors ongoing attempts to blame the victim. This week, we honor Jim Balsillie, chairman and CEO of Research In Motion, who commented earlier this month on the intrinsic insecurity of Internet traffic—and why its not his companys fault that people dont understand it.
Balsillie was asked about an attack discovered by @Stake that enabled researchers to read wireless messages intended for a user of the Internet Edition of RIMs popular BlackBerry device. He huffed and he puffed and he blew the question down, saying, “Internet traffic isnt supposed to be secure. … Its kind of like a company making beer and cola and someone saying that theres alcohol in the companys drinks, when the children are drinking cola.”
Well, no, its really not like that, and IT executives need to understand why thats a deeply flawed analogy.
First comes the matter of labeling. Alcoholic beverages are labeled and sold in a manner that leaves no doubt as to what youre getting, with full disclosure of the harm that it can do: birth defects, impairment of driving ability and long-term health problems.
Even my Nokia phone displays the warning “Voice privacy not active” for the duration of my call unless link security is in effect. Thats far more forceful than RIMs approach of warning by omission, with RIM executives saying that security was never promised or that the Mobitex specification makes it all clear.
Second comes the matter of expectation. Beer ads dont show Boy Scouts drinking the product—but we see the RIM advertisements in in-flight magazines and elsewhere, and they dont show people relying on their BlackBerry units for updates on their local coffee shops waiting times. The RIM ads all suggest that these devices will warn you of crucial business developments, such as changes to a proposed contract or other urgent matters. Dont such important purposes call for secure message platforms?
Alcohol labels and advertising rules arent voluntary. Would IT vendors like to have legislators do the same for them?
Report your pink elephant sightings to email@example.com.