Solutions › Security

Entries feed


Sunday, August 10 2014

Security is a multi-stakeholder issue

Security is the main problem of the digital age

When we integrate everything we create

  1. Interdependence if your security depends on security elsewhere
  2. Exponentially growing vulnerabilities as everything becomes easier to track and attack
  3. Built-in mechanisms to accumulate and exercise power on a large scale

The consequence is a rapidly decaying security while the benefits only grow logarithmic while the threats and security failures grows exponentially as described here.

This is unsustainable and calls for a radical departure from present security thinking. What we need is a Security Renaissance.

Surveillance is the problem, not the solution

Surveillance create interdependence and weaken the defense as every single entity is getting more, not less, exposed.

The problem here is that few- trying to solve security problems - are aware that the root cause of most and the growing security problems is identification itself. The flawed logics is that more digital identification (i,e. surveillance) improve security - it is WRONG and can never work as it create more interdependence and vulnerabilities, i.e. unmanageable risks.

Sustainable security is about verification WITHOUT identification

Understanding that identification is the problem does NOT lead to the understanding that anonymity (defined as non-accountability and unlinkability) is the solution to security. That is a false dichotomy - instead we need to think contextual security resolution or verifying security without identification.

Following this radical departure from present thinking follows normative target follows the natural questions of why, how and who etc. This is further elaborated.

For now - realize

a) That accountability does NOT require identification in the transaction. It it enough that some means for a judge to identify the responsible for an action violating right or agreements are established as part of the transaction.

b) Verifying legitimate security requirements of one stakeholder without undermining the security of other stakeholders is the key to security in a digital world. As this is preventing interdependence and avoiding making some entities vulnerable to secure the interests of other stakeholders.

What this is doing is as logical as reversing the Security Death Spiral above - moving upstream to and eliminating the source of security problems instead of creating more of what created the security problem.

Notice that even massive problems such as privacy concerns and Identity theft are practically eliminated. You cannot abuse data that you cannot refer to a physical person. And you cannot steal the identity of a person if the transaction do not try to identify the person nor accept claims of identification as valid security prof establishing any kind of responsibility on behalf of a citizen.