Amazon.com Review
Suitable for the IP manager or developer seeking to improve Web privacy and security,
Developing Trust: Online Privacy and Security provides an intriguing, though at times somewhat theoretical, guide to the issues surrounding privacy today.
Interestingly, this book straddles an expert-eye, theoretical overview of what privacy is and a more practical view of how it is often undermined on the Internet today. Early sections cover basic terms and concepts of privacy at a fairly high level. Mixing in sometimes erudite commentary (and an occasional rant), the author's expert-level view does a good job of explaining what privacy is and the larger principles used to protect it. From anonymity to "verinymity" (where sites know who you are), Curtin makes a good case that anonymity is often eventually undermined on today's Web sites. A good section early in the book outlines how a potential attacker might attack a hypothetical Web site for security holes. (We never see the attack carried out, perhaps because it would be irresponsible to do so, but this material establishes Curtin's expertise for the reader.)
Though the early sections largely avoid specific standards and real Internet software, the book soon delves into the nuts and bolts of the Web, for example HTTP, HTML, URLs, and cookies, with an eye to privacy. For most readers, the most fascinating sections of this text will be the author's five case studies on real privacy problems with some of today's leading Web sites and vendors (including Netscape and DoubleClick). He shows how certain features--like cookies--can undermine privacy (or even the ability to "opt out" successfully). A follow-up chapter cements the argument that if Web sites collect "anonymous" browsing behavior, it is all too easy to connect users' real identities to their supposedly anonymous profiles later on, putting privacy in jeopardy. Finally, the author makes a good argument that protecting privacy is good business sense.
The book concludes with more practical advice on implementing good security practices, including an excellent discussion of firewalls, DMZs, including their limitations, and a checklist for beefing up security in your organization. The text closes with a final case study of a hypothetical Web site (which serves up content from third parties) that arguably "does it right" regarding privacy, based on the author's earlier discussion.
While the mix of theoretical and practical here will not suit everyone, there's little doubt that the author's in-depth understanding of the issues surrounding privacy today can help your organization do better with privacy and security. While this title will not help you configure Internet Information Server, for instance, it will help you plan high-level strategies for improved security, as well as show you why protecting user and organizational privacy makes good business sense. --Richard Dragan
About the Author
Matt Curtin is the founder of Interhack Corporation and is responsible for the leadership of Interhack's research, development, and consulting efforts. His present focus is to understand how complex systems interact "in the large," and how that affects security, privacy, and reliability. Findings of this work have been widely covered in major news media around the world. A frequent lecturer and author, Matt also tries to help developers understand how they can avoid the mistakes that undermine the trustworthiness of the systems on which we depend. Some of his recent audiences have included Columbus ITEC, Columbus INFOSEC Forum, Privacy 2002, Columbus and Dayton chapters of InfraGard, the Northeast Ohio chapter of ISACA, and the Wellington School, in addition to local, national, and trade media. He holds the National Security Agency's INFOSEC Assessment Methodology (IAM) certification and is a certified information systems security professional (CISSP).
