Whitelisting for Cyber Security: What It Means for Consumers

Author

Janet Lo

Organization

Public Interest Advocacy Centre (PIAC)

Published

2010

Summary

The Public Interest Advocacy Centre (PIAC) set out to examine the new technique of whitelisting and to provide examples of how whitelisting is being deployed in Canada by security companies. PIAC attempted to understand how widespread whitelisting is being used and how it could be deployed to protect consumers. To this end, PIAC conducted interviews with industry and government stakeholders.

In their study of whitelisting, PIAC found three types of whitelisting solutions. Application whitelisting only allows approved applications on the whitelist to be installed on the computer or network, usually to prevent malware from being installed on the computer or network. Email whitelisting defines a list of “safe” senders and recipients to prevent spam from reaching the targeted email address. Finally and less commonly used, whitelisting can be used to manage internet browsing and traffic.

Whitelisting is a pure form of internet control used to control and manage applications, email or internet traffic. Whitelisting could be used by governments or ISPs to completely control the internet network either for censorship or to restrict consumer internet freedoms. Deployment of whitelisting in this manner would compromise the historical values of the internet such as openness and network neutrality and stifle its generative qualities to the detriment of the public interest.

As whitelisting continues to develop in the enterprise space pure-play vendors and holistic security vendors will likely look to innovate for deployment in the consumer space. The successful adoption of whitelisting will depend on innovation that makes it easier for consumers to implement and administer whitelisting. Consumer education about cyber security will help consumers understand the benefits that whitelisting has to offer and how to properly use whitelisting in conjunction with other mechanisms such as blacklisting and firewalls. As well, greater government leadership in cyber security is needed to protect critical infrastructure and help consumers deal with online safety challenges.

This document is available in the following language(s):

Third-Party Information Liability Disclaimer

Some of the information on this Web page has been provided by external sources. The Government of Canada is not responsible for the accuracy, reliability or currency of the information supplied by external sources. Users wishing to rely upon this information should consult directly with the source of the information. Content provided by external sources is not subject to official languages, privacy and accessibility requirements.

English and French

• English (HTML document)
• English (PDF document)
• French (PDF document)

OCA Funded Research
This research received funding support through the Office of Consumer Affairs' Contributions Program.

Contact information

Source: Consumer Policy Research Database