February 29, 2012; Source: Help Net Security
If you’ve ever bought something on the Internet or entered in other personal information, you have relied on a network of online security systems to keep your data in the hands of the intended recipient—and out of the hands of hackers and other ne’er-do-wells who might be interested in profiting from their ability to pick the lock on the doors to your data. A new nonprofit, the Trustworthy Internet Movement, or TIM, has just launched at the 2012 RSA Conference, the annual San Francisco-based gathering of those working in digital information security and cryptography fields, which is happening now.
According to its website, TIM’s mission is to “resolve major lingering security issues on the Internet…by ensuring security is built into the very fabric of private and public clouds.” The nonprofit, which is now recruiting members at the RSA Conference, seeks to bring the best minds in the field together in a nonprofit community in order to “resolve the problems of online security, privacy, and reliability once and for all,” as TIM founder Philippe Courtot puts it. Courtot, the chairman and CEO of information security firm Qualys, has said he will invest $500,000 in startup money to get TIM up and running.
Courtot’s motivations in such an investment might not be entirely charitable—one can imagine an idea generated by TIM members flowing into his for-profit business’ work—but as long as there is complete transparency as to the projects TIM members are working on, it’s not like the nonprofit’s work would instantly translate into some sort of first mover advantage for Courtot or other insiders. And other information security nonprofits, including the Information Systems Security Association, the Center for Internet Security, and the Cloud Security Alliance, among others, have already been navigating these waters.
But NPQ has often noted that transparency is essential to avoiding nonprofit malfeasance of all sorts, and nonprofit information security projects present an interesting set of challenges in that regard. How effective can such a project be if it doesn’t keep some of its work shielded from the public in order to thwart those who would seek to exploit or circumvent it? We would love to hear from members of the nonprofit information security community about how they have effectively advanced their work without losing the transparency that is so essential to the healthy functioning of nonprofits. –Mike Keefe-Feldman