Wednesday 7 September 2011

Respect! Ben was in the house last night …

Every once in a while, the great and good of the British cyber security community get together for a reality check. Are their prejudices the same as everyone else’s prejudices? Are the interests they are striving to protect equivalent to the interests of the English community as a whole? Or is a void developing, with Government protecting one set of interests, and Civil society feeling increasingly alienated as their cherished freedoms are steadily eroded.

And last night, a select gathering of this great and good met at Simpson’s-in-the-Strand to find their thinking challenged by Ben Hammersley. Ben is a pioneering British internet technologist, strategist, and journalist, currently based between London and New York. He specialises in the effects of, and strategy needs resulting from, the post-digital, post-internet age. He may wear bright red trousers and sport tattoos on his arms, but he’s equally at home in Finsbury Park and Downing Street,- and that gives Ben just the right sort of street credibility for his opinions to get a hearing, rather than being dismissed entirely, in the sort of company that surrounded him last night.

As the meeting was held under Chatham House rules, it would not be fair to attribute the points I’ll be making in this blog to remarks to any identifiable individuals who contributed towards last night’s discussions, So I won’t.

For those who need reminding, when a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.

But I will jot down, in no particular order, a couple of thoughts that were profound enough to prompt me to note them on the back of the dinner menu.

The internet, in the developed world, has really become the defining moment of civilization. When Governments turn off the internet, they turn off modernity.

The internet has also allowed networks to develop, which have destroyed hierarchies that have previously been replied upon by elites to govern civil society. Opinions are no longer the privilege of the elders – anyone can review anything these days, and their reviews are available to anyone with an internet search engine. Of course, what would be useful is for someone to provide a “translation layer” between the views of the pre-internet and post-internet generation.

These days our data really matters – and our internet records comprise the vapour trails we leave behind us.

In terms of data sharing on the internet, and contrary to the opinions of older generations, the younger generations really do understand the value of their data. They’ve done the sums and find themselves in profit. They totally get it. They sell their data in exchange for a better world they want to live in and they are very conscious of this.

Their support for the development of services based on publicly available datasets is clear - their mantra is “you show me yours – I’m already showing you mine.”

In terms of security, most people don’t have that much at risk. A security breach may mean they lose their photos, or they have to fill in a few forms to get some money back from their bank, but it’s not as though they are going to die. And they feel that most parts of the critical national infrastructure are not connected to the internet either, so the threats are actually much less that some in the security industry make out.

What is of concern is the grotesque over securitisation of trivial services. Why is it necessary to have to many complicated passwords or other internet access tokens to obtain stuff which is actually not that important? Why is it necessary to undergo such detailed authentication procedures is all someone wants to do is obtain a couple of visitors parking permits from a local authority’s on-live “services” desk? Or has this over securitisation process actually resulted in us using the same few passwords to access everything on-line, as we are not able to protect the stuff that really needs to be protected (like our banking details) with unique passwords that we can actually recall with ease?

Did, Richard Reid, also known as the shoe bomber, actually achieve one of the fundamental objectives of terrorisits back in 2002, which was to sow mistrust and a sense of alienation between civil society & air travellers, on the one side, and airline & government security officials, on the other side, through the adoption of preposterous security precautions that are now imposed on all travellers? Who, in their right minds, actually feels safer because they have had to take their shoes off and throw away virtually all of the liquids they are carrying “landside”, when they have to buy those same liquids from the airport retail outlets as soon as they get “airside” ? Or are these precautions another example of the over securitisation of a pretty trivial service?

Some of the participants had very radical ideas as to how to change the current image of the security industry. But they are far too radical to be reported in today’s posting. I’ll mull on them and see what I can do to draw some attention to them, though.

If you’re ever invited to an event hosted by the Information Assurance Advisory Council, I do urge you to accept. You never know who you might bump into!