subversion

Undermining Jurisdiction of Choice, Privacy, and Oversight

UNDERMINING JURISDICTION OF CHOICE, PRIVACY, AND OVERSIGHT

 The Objectives of the few are clear; the Dangers to the many remain obfuscated

Part I of VI: Fear and Greed share a Common Convention – Acquisition

Catastrophic security breaches (subversion, surveillance, espionage, impersonation, and piracy) abound, impacting every network connected user class (portal, enterprise, small and medium business, and consumer). Yet, there are three things government and certain businesses don’t want anyone (e.g. constituents and clients) other than themselves to control jurisdiction of: choice (who), privacy (what), and oversight (consent).

The fact that choice, privacy, and oversight, share an overarching bond is not surprising. However, revelation of the allegiance between government and business that supplants this bond should be alarming. Government professes its principle interest to be national security. Business professes its principle interest to be compliance with the law.

For many, global communications networks represent a means to dispossess inefficiencies in knowledge and resource distribution. For a few, they represent a means of pervasive and covert surveillance. Recent disclosures indicate government has broadened its infiltration, while business continues to bolster profits. These fear and greed inspired missions require the few to resist the desires of the many to directly control choice, privacy, and oversight.

Part II of VI: Boundless Greed is a Patron of Bounded Fear – Collaboration

Whether covert government surveillance programs are constitutional and sufficiently proficient to discern nefarious intents is subject (bounded) to adjudication in accordance with democratically established conventions; if necessary, government actions may even be redirected. Understandably, business largely refrains from discussion of its evergreen (boundless) interests in access to client information used for commercial advantages. Both parties consider direct choice, privacy, and oversight to directly controvert their interests.

Neither government nor business is immune to the temptation to potentially know all. No matter the intensity of public protest and histrionics by business regarding government surveillance demands, their corporate behavior disavows the mutual identity of interests they allege with clients. Absent the restraint of direct choice, privacy, and oversight, all knowing has always given rise to attempts to realize more if not total control.

Part III of VI: Fear and Greed are supported by all Network Provider Classes – Facilitation

Service Providers, e.g. Internet Portals, often require users to authorize access to their personal information: email, voice mail, messages, text, tweets, searches, contacts, calendars, photos, and control of location, camera and video recorder functions. Device Providers, e.g. Smartphones and Tablets, and Mobile O/S Providers, are capable of covertly survieiling device resident user data, e.g. fingerprint and pass code files, no matter their protest to the contrary. Resource Providers, e.g. data centers, who store, and process multiple users information, enable broad one-stop attack opportunities. Communications Service Providers, e.g. Cable and Telecos, are meta data treasure troves for interlopers.

Part IV of VI: Fear and Greed Champion Inferior Security Technology – Equivocation

Service and Resource Providers have appointed themselves as trusted-third-parties, to protect client data from others while preserving access for themselves; such access is essentially unrelated to user security. However, access to such information is extremely valuable to Big Data and Analytics enterprises, both are new high margin network centric growth businesses. New Disintermediation services, e.g. transaction providers who require access to users personal credit card and banking information, are actually trusted-third-parties, who also evidence Big Data and Analytics enterprise potential.

Device (OEM) have limited influence regarding security. Mobile O/S Providers are actually the self-appointed trusted-third-parties, who determine with what apps and which service providers privately purchased devices may engage, and what royalty must be paid. This control is only marginally related to user security, but it is central to the gatekeeper strategy of a powerful Mobile Architecture Oligopoly.

It is alleged that Government, to include agencies charged to act as trusted-third-parties of Standards in the public’s interest, conspired to diminish the effectiveness of certain security technology and products. Further, well-known trusted-third-party Communications Service Providers substantially facilitate government’s Surveillance initiatives.

Part V of VI: How to Demystify Fear and Uncloak Greed – Disclosure and Education

While there are a number of impediments to direct control of choice (who), privacy (what), and oversight (consent), several are formidable. Resistance by government and business (inspired by fear and greed) are empowered by strategic denial and tactical silence. User indifference is sustained by lack of appreciation for potentially catastrophic but unintended consequences. Fear and greed can only be demystified and uncloaked by judicious disclosure and sober education. The fourth estate has failed unequivocally in this regard.

Part VI of VI: How to Thwart Fear and Throttle Greed – Technology and Determination

Network Centric tasks and sessions are currently supported by: a Digital Ecosystem e.g. all user classes, infrastructure, devices, apps, and data, and a Digital Monoculture comprised of integrated processes that preserve resource interoperability. Digital Jurisdiction e.g. direct control of choice, privacy, and oversight, requires a security technology breakthrough.

The rapidly advancing capabilities of friends and foe to surveil – where you’ve been and with whom, what you saw, what you said, what you did – and to impersonate you, has inspired ample determination across all user classes: portal, enterprise, small-medium business, and consumers. Insufficiently informed, resistance remains unfocused and easily rebuffed.

 Only User Controlled Jurisdiction can overcome Acquisition, Collaboration, Facilitation, and Equivocation

A Digital Tipping Point – Chose One and Lose the Other, or Inovate (Part 1 of 3)

PART 1 OF 3: A DIGITAL TIPPING POINT – CHOSE ONE AND LOSE THE OTHER, OR INNOVATE

The security requirements (cloaking) of next generation Virtualization are antithetical to the security requirements (covert visibility) of Surveillance

PRESERVING SURVEILLANCE AT THE EXPENSE OF NETWORK CENTRIC ADVANCES: The government has determined that various threats to national security require timely surveillance of certain digitally articulated data and information. It has granted to the National Security Agency (NSA) authority to capture, analyze, and retain specific digitally articulated metadata (“outside of the envelope”), and presumably under court monitored guidelines, the information (“inside the envelope”, e.g. email, voice mail, instant messages, and text) of certain individuals and entities. This is a challenging assignment for NSA, who many consider the most competent surveillance organization in the world.

The impact of certain threats that many (government, business, and public) face today, and the debilitating fears they can elicit, are not new in the human experience. However, the ability of so few, to bring unprecedented anguish and catastrophe (assault, espionage, interloping, piracy, and subversion) to bear on so many is new. The knowledge and efficiency with which the few operate today, derives substantially from the same proficient Digital Ecosystem that delivers so much benefit. Provided new substantially more capable security technology, it will deliver ultra-secure virtualization (on-demand access to digital resources, services, applications, strategic-bit-torrents, edge-of-network-cache, and single-use-intranets), leveling the global digital playing field.

Current Surveillance technology and operations are conflicted with Virtualization

SIMILAR CAPABILITY – DIFFERENT OBJECTIVES: National Security Agency (NSA) contract employee Edward Snowden’s disclosure of the federal governments Planning Tool for Resource Integration, Synchronization, and Management (“Prism” system), used to facilitate covert surveillance and collection of foreign intelligence information was an egregious breach of trust. In contrast, similar systems are being used by commercial service providers, unscrupulous competitors, foreign sovereigns and their multi-national companies, to covertly access the digitally articulated personal and proprietary information of global institutions, businesses, and consumers (“Mining” programs).

These revelations bring to light serious concerns regarding privacy as it relates to both national security practices, and protection of US citizens and businesses proprietary information. The notion that “going dark” (privacy) dangerously impairs national security repudiates advances in covert location, contact, confederate, and dossier technology.

The Digital Ecosystem can’t differentiate Nefarious from Principled Users or Usages

IRREFUTABLE TECHNICAL CONFLICT: User-controlled-cloaking, and covert-visibility are critical to virtualization and surveillance respectively. Both are strategically compatible in that they can provide personal, commercial, and national security benefits. However, the means by which each is presently enabled are irrefutably technically incompatible. Red and blue administrations, corporate, institutional, and thought leaders, along with millions who take privacy and security for granted, presume the only issues related to surveillance are who, what, when, and why.

The Elephant in the room is How to enable both Virtualization & Surveillance

IRREFUTABLE OPERATIONAL CONFLICT: Network centric application service “providers” such as Apple, Google, Microsoft, Yahoo, and Facebook, often act as trusted-third-parties (TTP) of their customer’s personal and proprietary (private) information, as often do communications service providers such as ATT, Verizon, Comcast, and Time Warner. The current national-security-operating-model allows the courts to legally compel such TTP to covertly (without the customer’s knowledge) produce their customer’s private information. Nevertheless, many providers’ business models rely on even more customer private information than that sought by the government. Their exploitation of client information (revealed in the fine print and authorized by insufficiently sophisticated customer’s) is for all intents and purposes “clandestine”.

The Customer’s Info is Mine to mine – I may provide/sell the Customer’s Info to Others

IRREFUTABLE LOSS OF CUSTOMER CONFIDENCE: Questions arising from operational conflicts abound: When better informed about the nature and extent of sharing and mining of their private information for national security or commercial purposes respectively, will customers snap with outrage from their current state of hopeful reliance, and what other choices will they have? Will the compromise of their customer’s private information, even in accordance with lawful national security initiatives, provide sufficient “cover” against customer backlash? What unintended consequences will the accumulation of increasingly large caches of proprietary business and personal information (enabled by third-party-controlled security) foment in the years to come? When these providers bring to market next generation virtualization capabilities, will they have sufficient customer credibility to again be called upon as trusted-third-parties?

Only Customer-Managed Security can interdict Covert/Clandestine access of Client Data

CONSENT DOESN’T CONNOTE RESOLUTION: Consent has no impact on resolving technical and operational conflicts, nor does it reflect likely customer privacy preferences. Nevertheless, the government believes national security interests out weigh the needs of institutions, businesses, and the public for privacy, which is fundamental to virtualization.

Confident of the beneficial impact of covert surveillance on national security objectives, legislators have provided NSA the funding, and the courts have confirmed its actionable authority under the 1978 Foreign Intelligence Surveillance Act (FISA), supported particularly in cryptography by the Invention Secrecy Act (ISA) of 1951. Nevertheless, the lawful consent of the Courts, and the silent consent of the People who retain limited expectations of privacy and limited awareness of likely collateral consequences, do not materially impact the conflict induced by surveillance technology and its operating model.

VIRTUALIZATION WILL FORCE CHOICE OR INNOVATION: The well-documented failures and limitations of current security technology (e.g. hybrid cryptography, forensics, and analytics) compel a fundamental new security technology breakthrough. It must be capable of securing the entire digital ecosystem (terrestrial and wireless network connected users, platforms, devices, apps, data, and content), while enabling ultra secure free-agent virtualization (the ability to choose from among many efficient and cost competitive remote providers from task-to-task and session-to-session, and on-demand single-use-intranets compatible with existing Internet infrastructure). The technology must also enable expeditious administration and collaborative oversight of surveillance.

Institutions, Business, and Consumers may not always agree to subordinate the powerful benefits & value of Virtualization in favor of the current Surveillance model