by Wes Kussmaul, author of “Quiet Enjoyment – Authenticity Works Where Information Security Technology Has Failed Us“
Fraud and predation pervade everyday online experience. Identities – and cash – are stolen in batches. As the information security industry assures us “we’re working on it,” people grow ever more wary of their Internet experience even as they come to depend upon it more and more.
Because the inevitable train wreck that is information security and privacy took place over decades, people have resigned themselves to a permanent state of fraud. It was inevitable because people keep their files, hold their meetings, and let their kids hang out in a crowded rest area alongside a busy highway. Though the term has gone out of fashion, the Information Highway continues to live up to its name.
The problem is not a broken Internet; that highway serves well as an outdoor public transport system. No, the problem is rather with the way we use the Internet. We do things on the outdoor highway that should be done inside.
As the fault is not with the highway, neither is it with us users of the highway. We do things outdoors for the simple reason that online buildings do not exist.
It’s time we got serious about building secure digital indoor spaces.
Buildings are about providing spaces where, among other things, we have confidence in the identities of the others who share the space with us. You share a room in a building with others in an entirely different manner from the way you would share a highway with them.
Buildings provide a measure of accountability, which in turn yields a measure of authenticity. And there’s the magic word: authenticity.
Mankind over the centuries has developed a superb set of methods and procedures for establishing authenticity. New digital “construction materials” combined with these old processes will deliver precisely what we’re looking for: privacy, security, reliability, authenticity.
The security that is provided as a byproduct of authenticity is superior to the stopgap measures currently dominating what web guru Bruce Schneier aptly calls the “security theatre” market, with its antivirus software, firewalls, and intrusion prevention systems.
Authenticity works where security technology has failed us.
When I have engaged in discussions both online and face-to-face about authenticity, people often assume that I’m talking about a character attribute or a desired value in human relationships. “People should be authentic with each other.” Well sure, but that’s not what this is about.
This Authenticity comes from knowing the accuracy of others’ claims of identity with measurable reliability, being able to hold the identified parties accountable for their actions while using that claim of identity, all while not knowing the identified person’s name, location, or any other item of information about them. Anonymous accountability. Accountable anonymity.
Almost everything we need to construct our online buildings is familiar to anyone who has ever seen an occupancy permit. The single exception is the set of construction materials. You can’t build a viable online building with familiar structural steel and concrete, or with existing digital materials9, unless you’re building a commando outpost in the jungle. The construction material needed for online buildings is PKI.
PKI done right will solve the world’s information security problems.
The problem that PKI tries to solve — integrating a spectacularly good tool into every part of our lives that is touched by information and communication — is much bigger than the world of technology. It involves authority, trust, governance, communication habits, commerce habits, architecture, construction, and property management.
The technologists, in this case the cryptographers, have done their job well. They have given us a wonderful building material. The rest of us now need to design, build, and manage the facilities to be built.
The solution to the world’s information security and privacy problems must be big, and it is. We are truly looking at a new inflection point, the Authenticity Inflection Point.
As the founder of Delphi Internet Services Corporation, which was acquired by Rupert Murdoch’s News America Corp., Wes Kussmaul has been involved with the online world and creating secure online spaces since 1981. Kussmaul is also author of “Quiet Enjoyment – Authenticity Works Where Information Security Technology Has Failed Us“.