PART 1 OF 3: A DIGITAL TIPPING POINT – CHOSE ONE AND LOSE THE OTHER, OR INNOVATE

The security requirements (cloaking) of next generation Virtualization are antithetical to the security requirements (covert visibility) of Surveillance

PRESERVING SURVEILLANCE AT THE EXPENSE OF NETWORK CENTRIC ADVANCES: The government has determined that various threats to national security require timely surveillance of certain digitally articulated data and information. It has granted to the National Security Agency (NSA) authority to capture, analyze, and retain specific digitally articulated metadata (“outside of the envelope”), and presumably under court monitored guidelines, the information (“inside the envelope”, e.g. email, voice mail, instant messages, and text) of certain individuals and entities. This is a challenging assignment for NSA, who many consider the most competent surveillance organization in the world.

The impact of certain threats that many (government, business, and public) face today, and the debilitating fears they can elicit, are not new in the human experience. However, the ability of so few, to bring unprecedented anguish and catastrophe (assault, espionage, interloping, piracy, and subversion) to bear on so many is new. The knowledge and efficiency with which the few operate today, derives substantially from the same proficient Digital Ecosystem that delivers so much benefit. Provided new substantially more capable security technology, it will deliver ultra-secure virtualization (on-demand access to digital resources, services, applications, strategic-bit-torrents, edge-of-network-cache, and single-use-intranets), leveling the global digital playing field.

Current Surveillance technology and operations are conflicted with Virtualization

SIMILAR CAPABILITY – DIFFERENT OBJECTIVES: National Security Agency (NSA) contract employee Edward Snowden’s disclosure of the federal governments Planning Tool for Resource Integration, Synchronization, and Management (“Prism” system), used to facilitate covert surveillance and collection of foreign intelligence information was an egregious breach of trust. In contrast, similar systems are being used by commercial service providers, unscrupulous competitors, foreign sovereigns and their multi-national companies, to covertly access the digitally articulated personal and proprietary information of global institutions, businesses, and consumers (“Mining” programs).

These revelations bring to light serious concerns regarding privacy as it relates to both national security practices, and protection of US citizens and businesses proprietary information. The notion that “going dark” (privacy) dangerously impairs national security repudiates advances in covert location, contact, confederate, and dossier technology.

The Digital Ecosystem can’t differentiate Nefarious from Principled Users or Usages

IRREFUTABLE TECHNICAL CONFLICT: User-controlled-cloaking, and covert-visibility are critical to virtualization and surveillance respectively. Both are strategically compatible in that they can provide personal, commercial, and national security benefits. However, the means by which each is presently enabled are irrefutably technically incompatible. Red and blue administrations, corporate, institutional, and thought leaders, along with millions who take privacy and security for granted, presume the only issues related to surveillance are who, what, when, and why.

The Elephant in the room is How to enable both Virtualization & Surveillance

IRREFUTABLE OPERATIONAL CONFLICT: Network centric application service “providers” such as Apple, Google, Microsoft, Yahoo, and Facebook, often act as trusted-third-parties (TTP) of their customer’s personal and proprietary (private) information, as often do communications service providers such as ATT, Verizon, Comcast, and Time Warner. The current national-security-operating-model allows the courts to legally compel such TTP to covertly (without the customer’s knowledge) produce their customer’s private information. Nevertheless, many providers’ business models rely on even more customer private information than that sought by the government. Their exploitation of client information (revealed in the fine print and authorized by insufficiently sophisticated customer’s) is for all intents and purposes “clandestine”.

The Customer’s Info is Mine to mine – I may provide/sell the Customer’s Info to Others

IRREFUTABLE LOSS OF CUSTOMER CONFIDENCE: Questions arising from operational conflicts abound: When better informed about the nature and extent of sharing and mining of their private information for national security or commercial purposes respectively, will customers snap with outrage from their current state of hopeful reliance, and what other choices will they have? Will the compromise of their customer’s private information, even in accordance with lawful national security initiatives, provide sufficient “cover” against customer backlash? What unintended consequences will the accumulation of increasingly large caches of proprietary business and personal information (enabled by third-party-controlled security) foment in the years to come? When these providers bring to market next generation virtualization capabilities, will they have sufficient customer credibility to again be called upon as trusted-third-parties?

Only Customer-Managed Security can interdict Covert/Clandestine access of Client Data

CONSENT DOESN’T CONNOTE RESOLUTION: Consent has no impact on resolving technical and operational conflicts, nor does it reflect likely customer privacy preferences. Nevertheless, the government believes national security interests out weigh the needs of institutions, businesses, and the public for privacy, which is fundamental to virtualization.

Confident of the beneficial impact of covert surveillance on national security objectives, legislators have provided NSA the funding, and the courts have confirmed its actionable authority under the 1978 Foreign Intelligence Surveillance Act (FISA), supported particularly in cryptography by the Invention Secrecy Act (ISA) of 1951. Nevertheless, the lawful consent of the Courts, and the silent consent of the People who retain limited expectations of privacy and limited awareness of likely collateral consequences, do not materially impact the conflict induced by surveillance technology and its operating model.

VIRTUALIZATION WILL FORCE CHOICE OR INNOVATION: The well-documented failures and limitations of current security technology (e.g. hybrid cryptography, forensics, and analytics) compel a fundamental new security technology breakthrough. It must be capable of securing the entire digital ecosystem (terrestrial and wireless network connected users, platforms, devices, apps, data, and content), while enabling ultra secure free-agent virtualization (the ability to choose from among many efficient and cost competitive remote providers from task-to-task and session-to-session, and on-demand single-use-intranets compatible with existing Internet infrastructure). The technology must also enable expeditious administration and collaborative oversight of surveillance.

Institutions, Business, and Consumers may not always agree to subordinate the powerful benefits & value of Virtualization in favor of the current Surveillance model