privacy

The All-Knowingness and Gross-Secrecy Conundrum

THE ALL KNOWINGNESS AND GROSS SECRECY CONUNDRUM

          Rather than to make scapegoats of engineers, it might be wiser to lay before them a work programme… Elmer Ambrose Sperry, 1930

The development of narrative scripts (writing systems) for numbers and then language facilitated the archival preservation and broad dissemination of facts, fictions, accounts, and fantasy. However, narrative scripts were not nearly as proficient at preservation and dissemination of data as for information, likely inspiring and influencing development of computational scripts (mathematical systems).

The analog embodiment of these scripts accommodated physical and access control of data and information. Analog vested scripts together with analog networks comprised of oceans, seas, rivers, tributaries, and estuaries, brought potent benefits to mankind. Collaboration among family, friends, foe, colleagues, and importantly neighbors, increased in practice and value, as did commerce.

Digital scripts (binary systems) enable composition (production), preservation (storage), replication (virtual copies), and dissemination (distribution) of data and information. Importantly, they enable systems, devices, appliances, and applications to directly engage; machine-to-machine communication is a critical network centric process.

The Digital Ecosystem and Monoculture rely on digital scripts. The Digital Ecosystem is enabled by: Network Service Providers such as AT&T, Verizon, Charter and Comcast; Network Technology OEM such as Cisco, Juniper, and HP; Mobile Architecture Providers such as Microsoft, Apple and Samsung; Application Portals such as Facebook, Google, and Yahoo; and Cloud Facilitators such as Amazon and IBM. The Digital Monoculture enables interoperability among disparate data, applications, and devices.

The personal, commercial, and institutional benefits derived from global access to data and information, and Cloud facilitated on-demand digital resources, are apparent. The former aqueous networks have given way to a digital network of networks called the Internet. Like other game changing advances, digital script enabled technology found itself the chaperone of unintended consequences, the specter of all-knowingness.

In many regards, the Digital Ecosystem and Digital Monoculture are no more vulnerable than were the aqueous commercial networks, transports, and cargos of centuries past. Presently, sophisticated weaponized malware renders differentiation of noble from nefarious intent a daunting technical challenge. The broad disintegration of propriety and privacy has fomented unintended consequences, the specter of gross-secrecy.

All-knowingness is highly addictive. Its proponents crave access to data and information for which its owners hold reasonable expectations of privacy; they see their covert and clandestine actions as expressions of urgent benevolence and commercial expediency. Gross-secrecy is also highly addictive. Its proponents evidence totalitarian resistance to encroachment of both their contemporary and vintage stashes of secrets, believing personal risks always outweigh collective security interests.

Just as all-knowingness is antithetical to privacy, gross-secrecy is antithetical to collective security. Some would argue correctly that security would be enhanced were the barons of all-knowingness to impose this knowledge on everyone with regard to those in their sphere of influence (e.g. contact lists). Others would no doubt argue that vulnerability would be exacerbated as gross-secrets were mismanaged, misunderstood, and manipulated. To varying degrees, both conditions already prevail. Neither all-knowingness nor gross-secrecy alone can serve our highest security or moral interests.

It is important to recognize that neither point of view, all-knowingness or gross-secrecy, is necessarily diabolical, although such cogent consideration runs counter to our social and cultural conditioning, not to mention capitalistic instincts. It is crucial that we determine which resources can and cannot resolve this conundrum. Politics can never resolve this conundrum; politics only offers analytics but can’t run, pass, or catch. The solution must carry the essential genetic markers of the conundrum itself, technology.

Recently, a government coterie (by all accounts considered technology neophytes) missed a valuable opportunity when they marched into the valley of American technology giants with cease and desist vibrato, rather than specific lawful collective security objectives. Such specificity would have allowed the participants to memorialize specific technical goals and boundaries, to which the most creative community of technologist on the planet could innovate. Now positioned as combatants rather than citizen partners, both have launched media campaigns that bring resolution no closer.

Many rightfully question whether all meets the eye. The government might very well posses the assailant’s in-coming and out-going communications Meta data, iCloud backup, social media postings, radicalized training CV, and finance, relationship, and travel history. Could the Administrations petition, based on the All Writs Act of 1789, also seek to weaken limitations imposed by recent lawfully enacted legislation: 2015 Cyber Information Sharing Act (CISA), 2015 Modified US-EU Safe Harbor Privacy Framework, and the 2015 Revised Patriot Act? Do American technology companies fear being labeled as conscripted informants of the U.S. government by their global competitors more than they fear U.S. government demands as a harbinger of future demands by other governments?

The most recent outbreak of conundrumitis evidences a disastrous breach of best practices. Politics has cast itself in the role of technologist, issuing specific court sanctioned technical directions. Technologists left with but two courses of action chose the path of lawful resistance over technical submission, challenging the constitutionality of the Attorney Generals petition.

Self-inflicted wounds are now running neck-and-neck with those realized from attacks and assaults by perpetrators. How to get members of team-america to focus more on an effective game plan than on who is captain or who will get the loudest applause, is actually the most dangerous and challenging conundrum we face.

Only Technology can enable All-knowingness and Gross-secrecy to beneficially Coalesce

Undermining Jurisdiction of Choice, Privacy, and Oversight

UNDERMINING JURISDICTION OF CHOICE, PRIVACY, AND OVERSIGHT

 The Objectives of the few are clear; the Dangers to the many remain obfuscated

Part I of VI: Fear and Greed share a Common Convention – Acquisition

Catastrophic security breaches (subversion, surveillance, espionage, impersonation, and piracy) abound, impacting every network connected user class (portal, enterprise, small and medium business, and consumer). Yet, there are three things government and certain businesses don’t want anyone (e.g. constituents and clients) other than themselves to control jurisdiction of: choice (who), privacy (what), and oversight (consent).

The fact that choice, privacy, and oversight, share an overarching bond is not surprising. However, revelation of the allegiance between government and business that supplants this bond should be alarming. Government professes its principle interest to be national security. Business professes its principle interest to be compliance with the law.

For many, global communications networks represent a means to dispossess inefficiencies in knowledge and resource distribution. For a few, they represent a means of pervasive and covert surveillance. Recent disclosures indicate government has broadened its infiltration, while business continues to bolster profits. These fear and greed inspired missions require the few to resist the desires of the many to directly control choice, privacy, and oversight.

Part II of VI: Boundless Greed is a Patron of Bounded Fear – Collaboration

Whether covert government surveillance programs are constitutional and sufficiently proficient to discern nefarious intents is subject (bounded) to adjudication in accordance with democratically established conventions; if necessary, government actions may even be redirected. Understandably, business largely refrains from discussion of its evergreen (boundless) interests in access to client information used for commercial advantages. Both parties consider direct choice, privacy, and oversight to directly controvert their interests.

Neither government nor business is immune to the temptation to potentially know all. No matter the intensity of public protest and histrionics by business regarding government surveillance demands, their corporate behavior disavows the mutual identity of interests they allege with clients. Absent the restraint of direct choice, privacy, and oversight, all knowing has always given rise to attempts to realize more if not total control.

Part III of VI: Fear and Greed are supported by all Network Provider Classes – Facilitation

Service Providers, e.g. Internet Portals, often require users to authorize access to their personal information: email, voice mail, messages, text, tweets, searches, contacts, calendars, photos, and control of location, camera and video recorder functions. Device Providers, e.g. Smartphones and Tablets, and Mobile O/S Providers, are capable of covertly survieiling device resident user data, e.g. fingerprint and pass code files, no matter their protest to the contrary. Resource Providers, e.g. data centers, who store, and process multiple users information, enable broad one-stop attack opportunities. Communications Service Providers, e.g. Cable and Telecos, are meta data treasure troves for interlopers.

Part IV of VI: Fear and Greed Champion Inferior Security Technology – Equivocation

Service and Resource Providers have appointed themselves as trusted-third-parties, to protect client data from others while preserving access for themselves; such access is essentially unrelated to user security. However, access to such information is extremely valuable to Big Data and Analytics enterprises, both are new high margin network centric growth businesses. New Disintermediation services, e.g. transaction providers who require access to users personal credit card and banking information, are actually trusted-third-parties, who also evidence Big Data and Analytics enterprise potential.

Device (OEM) have limited influence regarding security. Mobile O/S Providers are actually the self-appointed trusted-third-parties, who determine with what apps and which service providers privately purchased devices may engage, and what royalty must be paid. This control is only marginally related to user security, but it is central to the gatekeeper strategy of a powerful Mobile Architecture Oligopoly.

It is alleged that Government, to include agencies charged to act as trusted-third-parties of Standards in the public’s interest, conspired to diminish the effectiveness of certain security technology and products. Further, well-known trusted-third-party Communications Service Providers substantially facilitate government’s Surveillance initiatives.

Part V of VI: How to Demystify Fear and Uncloak Greed – Disclosure and Education

While there are a number of impediments to direct control of choice (who), privacy (what), and oversight (consent), several are formidable. Resistance by government and business (inspired by fear and greed) are empowered by strategic denial and tactical silence. User indifference is sustained by lack of appreciation for potentially catastrophic but unintended consequences. Fear and greed can only be demystified and uncloaked by judicious disclosure and sober education. The fourth estate has failed unequivocally in this regard.

Part VI of VI: How to Thwart Fear and Throttle Greed – Technology and Determination

Network Centric tasks and sessions are currently supported by: a Digital Ecosystem e.g. all user classes, infrastructure, devices, apps, and data, and a Digital Monoculture comprised of integrated processes that preserve resource interoperability. Digital Jurisdiction e.g. direct control of choice, privacy, and oversight, requires a security technology breakthrough.

The rapidly advancing capabilities of friends and foe to surveil – where you’ve been and with whom, what you saw, what you said, what you did – and to impersonate you, has inspired ample determination across all user classes: portal, enterprise, small-medium business, and consumers. Insufficiently informed, resistance remains unfocused and easily rebuffed.

 Only User Controlled Jurisdiction can overcome Acquisition, Collaboration, Facilitation, and Equivocation

A Digital Tipping Point – Chose One and Lose the Other, or Inovate (Part 1 of 3)

PART 1 OF 3: A DIGITAL TIPPING POINT – CHOSE ONE AND LOSE THE OTHER, OR INNOVATE

The security requirements (cloaking) of next generation Virtualization are antithetical to the security requirements (covert visibility) of Surveillance

PRESERVING SURVEILLANCE AT THE EXPENSE OF NETWORK CENTRIC ADVANCES: The government has determined that various threats to national security require timely surveillance of certain digitally articulated data and information. It has granted to the National Security Agency (NSA) authority to capture, analyze, and retain specific digitally articulated metadata (“outside of the envelope”), and presumably under court monitored guidelines, the information (“inside the envelope”, e.g. email, voice mail, instant messages, and text) of certain individuals and entities. This is a challenging assignment for NSA, who many consider the most competent surveillance organization in the world.

The impact of certain threats that many (government, business, and public) face today, and the debilitating fears they can elicit, are not new in the human experience. However, the ability of so few, to bring unprecedented anguish and catastrophe (assault, espionage, interloping, piracy, and subversion) to bear on so many is new. The knowledge and efficiency with which the few operate today, derives substantially from the same proficient Digital Ecosystem that delivers so much benefit. Provided new substantially more capable security technology, it will deliver ultra-secure virtualization (on-demand access to digital resources, services, applications, strategic-bit-torrents, edge-of-network-cache, and single-use-intranets), leveling the global digital playing field.

Current Surveillance technology and operations are conflicted with Virtualization

SIMILAR CAPABILITY – DIFFERENT OBJECTIVES: National Security Agency (NSA) contract employee Edward Snowden’s disclosure of the federal governments Planning Tool for Resource Integration, Synchronization, and Management (“Prism” system), used to facilitate covert surveillance and collection of foreign intelligence information was an egregious breach of trust. In contrast, similar systems are being used by commercial service providers, unscrupulous competitors, foreign sovereigns and their multi-national companies, to covertly access the digitally articulated personal and proprietary information of global institutions, businesses, and consumers (“Mining” programs).

These revelations bring to light serious concerns regarding privacy as it relates to both national security practices, and protection of US citizens and businesses proprietary information. The notion that “going dark” (privacy) dangerously impairs national security repudiates advances in covert location, contact, confederate, and dossier technology.

The Digital Ecosystem can’t differentiate Nefarious from Principled Users or Usages

IRREFUTABLE TECHNICAL CONFLICT: User-controlled-cloaking, and covert-visibility are critical to virtualization and surveillance respectively. Both are strategically compatible in that they can provide personal, commercial, and national security benefits. However, the means by which each is presently enabled are irrefutably technically incompatible. Red and blue administrations, corporate, institutional, and thought leaders, along with millions who take privacy and security for granted, presume the only issues related to surveillance are who, what, when, and why.

The Elephant in the room is How to enable both Virtualization & Surveillance

IRREFUTABLE OPERATIONAL CONFLICT: Network centric application service “providers” such as Apple, Google, Microsoft, Yahoo, and Facebook, often act as trusted-third-parties (TTP) of their customer’s personal and proprietary (private) information, as often do communications service providers such as ATT, Verizon, Comcast, and Time Warner. The current national-security-operating-model allows the courts to legally compel such TTP to covertly (without the customer’s knowledge) produce their customer’s private information. Nevertheless, many providers’ business models rely on even more customer private information than that sought by the government. Their exploitation of client information (revealed in the fine print and authorized by insufficiently sophisticated customer’s) is for all intents and purposes “clandestine”.

The Customer’s Info is Mine to mine – I may provide/sell the Customer’s Info to Others

IRREFUTABLE LOSS OF CUSTOMER CONFIDENCE: Questions arising from operational conflicts abound: When better informed about the nature and extent of sharing and mining of their private information for national security or commercial purposes respectively, will customers snap with outrage from their current state of hopeful reliance, and what other choices will they have? Will the compromise of their customer’s private information, even in accordance with lawful national security initiatives, provide sufficient “cover” against customer backlash? What unintended consequences will the accumulation of increasingly large caches of proprietary business and personal information (enabled by third-party-controlled security) foment in the years to come? When these providers bring to market next generation virtualization capabilities, will they have sufficient customer credibility to again be called upon as trusted-third-parties?

Only Customer-Managed Security can interdict Covert/Clandestine access of Client Data

CONSENT DOESN’T CONNOTE RESOLUTION: Consent has no impact on resolving technical and operational conflicts, nor does it reflect likely customer privacy preferences. Nevertheless, the government believes national security interests out weigh the needs of institutions, businesses, and the public for privacy, which is fundamental to virtualization.

Confident of the beneficial impact of covert surveillance on national security objectives, legislators have provided NSA the funding, and the courts have confirmed its actionable authority under the 1978 Foreign Intelligence Surveillance Act (FISA), supported particularly in cryptography by the Invention Secrecy Act (ISA) of 1951. Nevertheless, the lawful consent of the Courts, and the silent consent of the People who retain limited expectations of privacy and limited awareness of likely collateral consequences, do not materially impact the conflict induced by surveillance technology and its operating model.

VIRTUALIZATION WILL FORCE CHOICE OR INNOVATION: The well-documented failures and limitations of current security technology (e.g. hybrid cryptography, forensics, and analytics) compel a fundamental new security technology breakthrough. It must be capable of securing the entire digital ecosystem (terrestrial and wireless network connected users, platforms, devices, apps, data, and content), while enabling ultra secure free-agent virtualization (the ability to choose from among many efficient and cost competitive remote providers from task-to-task and session-to-session, and on-demand single-use-intranets compatible with existing Internet infrastructure). The technology must also enable expeditious administration and collaborative oversight of surveillance.

Institutions, Business, and Consumers may not always agree to subordinate the powerful benefits & value of Virtualization in favor of the current Surveillance model