The Naked Society: Why Is Rebuilding Trust Critical?
London, UK - 3rd February 2010, 00:55 GMT
Dear ATCA Open & Philanthropia Friends
[Please note that the views presented by individual contributors are not necessarily representative of the views of ATCA, which is neutral. ATCA conducts collective Socratic dialogue on global opportunities and threats.]
Recent trans-national digital attacks and high profile cyber-espionage incidents have further shaken trust in the confidentiality of digital systems and the integrity of information used for decision making. With nation-state sponsored digital attacks on the rise and criminal syndicates entrenched, no digital network appears to be completely secure, much like the emperor's new clothes. We are entering a new age of forced information transparency. This is societal, corporate and government nakedness on an unprecedented scale with unintended consequences. The key question remains one of trust as it is the underlying basis for every transaction and exchange. When trust fails the consequence is loss of belief and a “user strike”. Are we ready for that?
The Emperor’s New Clothes
What are we to do when perpetual global conflict is already manifest in cyberspace? Almost a decade ago, ATCA held a summit on the "Question of Trust". Questions put to executives included:
. What are the motives that have made some governments, corporations and individuals lean towards aggressive practices to participate in cyber-espionage and outright cyber attack?
. What is the result of the breach-of-trust at a government, business or personal level in our interconnected world?
. What are the implications of that loss of trust and who are the citizens, employees, shareholders, customers and suppliers going to hold accountable for the damages as they unfold?
. What are the analogies of trust and security in the physical and digital worlds; what are the main vulnerabilities and how does one tackle them?
. How to build trustworthiness of the organisation as seen by all its stakeholders?
. What are the factors that damage trust contributing to the risk of failure in the transformation of an organisation into a fully digitised one?
Trust denotes a feeling of certainty or faith, that a person, entity or system will not fail. It is the assured peace of mind on the integrity of another and with information security issues increasingly assuming predominance in an ever more insecure and volatile world with a financial crisis, trust is the most important asset we can possibly possess or indeed lose.
Trust in the Digital World
Trust in the real and digital world are very similar: They sustain confidence. There is a key difference as well, which is that the parties involved in any online interaction have very little knowledge about each other and cannot depend on time honoured trust building measures such as physical proximity, face to face and eye contact, handshakes and assimilating body-language. Instead it is necessary to rely upon other trust building measures such as the use of devices or biometrics for authentication; referencing through trusted third parties; wrapping confidentiality around messages and performing integrity checks; defining the limits of risk exposure; and issuing safeguards against non-repudiation.
Security on the Internet
Recent events demonstrate that vulnerabilities of computing platforms continue to rise exponentially. Failing to take them seriously places huge risks. In fact, the Internet was not conceived to be a secure network. Distributed – yes. Secure – no. From its inception, applying the Internet to business and society at large was problematic from a security perspective. Nonetheless, the Internet has been embraced as a global information and communication backbone because of the expansive opportunities associated with this technology and a bull market fuelled by entrepreneurs, bankers and venture capitalists looking to cash in on the technology gravy train. Time is proving the inherent fallibility of the present Internet model and the risk associated with it.
Web of Trust
All the desktops, servers and data-centres connected via the Internet to each other in a peer-to-peer fashion are the world’s largest computing system and data bank. In peer-to-peer networks, trust and security are essential and have become very significant issues as this interconnectivity has become commonplace on a 24/7 basis. Most computers at work are now always on or on stand-by and always connected. Our homes are becoming digitised via ubiquitous computers that are always on and connected. Our bank records, our personal details, our family photographs and where we holiday is available to a clever hacker or an organisation that chooses to access our information via a social network. Have we wondered how many organisations and individuals hold our personal information and what use they are putting it to and with whom are they sharing it? What happens when memory sticks and compact discs with hundreds of thousands of names, addresses, children's names, bank account details go missing? Or, when we surrender our vital identity details to an organisation, such as our employer, and they pass it on to an entire chain of outsourced vetting? This is not a very low probability risk: it has already happened within rich world government agencies, banks and corporations in Europe and America, not to mention other countries. The web of trust is broken by the weakest link in any chain and establishing that trust includes reputation, vouching for others, credibility, references, credentials and validation.
There is a big issue of trust – confidentiality, integrity, authentication and non-repudiation - as our lives get intertwined via interconnected computing systems and we can't live without them. This issue of trust is manifest at two levels: confidentiality of vital data and integrity of the information provided. As digital networks proliferate and everybody is connected 24/7 to each other, the amount of damage that could be brought about through a breach of trust is likely to be several orders of magnitude greater than originally calculated by the corporate or individual user or even understood. Who is going to mitigate the risk and who is going to protect the online citizen in the big wide digital world where cyber conflict rages continuously? Which government and which regulatory body and over what jurisdiction? So in conclusion, the 21st Century is going to be ever reliant on the pillars of trust between people who are interlinked across remote distances by computing and communications and on the accuracy of information provided with total transparency.
Are the installed computing and communications platforms up to the job today? The answer is no. Could they be made trustworthy? Yes. But it may take a few catastrophes to force the vendors and user community to adopt trustworthy computing architectures and practices. We have already seen how difficult it is to deal with Somali pirates even though we know where they are and who they are. How much more difficult it must be to deal with invisible digital pirates and their sponsors on the virtual seas. Given the emperor's new clothes, ie, our nakedness and the multiplying number of voyeurs, a bold rethink of existing strategy needs to be undertaken!
On a positive note, this new age of transparency is characterised by activist stakeholders, the growing influence of global values and universal markets, the spread of communications technology, and a new customer ethic demanding openness, honesty and integrity from corporates, governments and world organisations.
We welcome your thoughts, observations and views. To reflect further on this subject and others, please respond within Twitter, Facebook and LinkedIn's ATCA Open and related discussion platform of HQR. Should you wish to connect directly with real time Twitter feeds, please click as appropriate:
. ATCA Open
. mi2g Intelligence Unit
. Open HQR
. DK Matai