Originally published October 16, 2012
Ultimately, success in cyberspace will be determined by trust. We mentioned in a previous article how heartwarming it is to at least see interest in the topic. Last year’s ACT-IAC Executive Leadership Conference (ELC) featured a track on “Innovation, Mobility and Trust”; and some months ago, I participated in a panel titled, “Should a Privacy Ecosystem be a Mandatory Component of the Identity Ecosystem – Are Privacy Challenges Manageable?” It was part of the two-day (March 13-14, 2012) NIST NSTIC/IDtrust Workshop on “Technologies and Standards Enabling the Identity Ecosystem” held at the National Institute for Standards and Technology (NIST). NSTIC stands for the National Strategy for Trusted Identities in Cyberspace, and it is a White House initiative to “improve the privacy, security, and convenience of sensitive online transactions.”
This is, of course, better said than done. The Strategy calls for the creation of an "Identity Ecosystem" for people, organizations and infrastructure. The assumption is that if these entities – persons, groups, things – can be authoritatively authenticated through technology, standards and policies, then we can all be safe from cybercrime and live happily ever after on the Internet.
Fascinating! One goes into the NSTIC’s home page and aside from the reference in the NSTIC name, there are very few actual references to the term "trust." Yet that’s what it is all about.
In my article Innovation, Mobility and Trust, I mentioned that trust is a term to which everyone inside the Beltway pays lip service, but it almost never generates real action. Specific experiences convinced me of this going back to a presentation I made almost thirty years ago in Congress dealing with a closely related topic. It was largely ignored. And when the Digital Government Institute announced a conference on “Building Trust in E-Government” about ten years ago, it was cancelled due to lack of registrants.
The difference between then and now is that we are under siege on the cybersecurity front. The head of the FBI has declared recently that it will be a bigger threat than terrorism. The generals have created a Cyber Command (USCYBERCOMM) and are ready to fight and win the cyberwars. And we are all under a constant bombardment from the press about the perils of identity theft, privacy breaches, industrial cyber espionage, and invasive and destructive malware.
Protecting ourselves from these challenges is going to be expensive and time-consuming. Furthermore, we need to sort out how much of this falls in the realm of our personal responsibility, what should be left to the marketplace and what role the government should play. And if government includes the military, law enforcement and the intelligence community, then how can we at least safeguard an individual’s civil liberties. Ultimately, people will need to “trust the system.”
On a trip to Vienna a few years ago, I puzzled over a metal bar embedded to the left of the main entrance of St. Stephen’s Cathedral. (Actually, there are two, but that’s just a technicality to be resolved as you read on.) On inquiring, it was explained to me that it was installed there centuries ago as a way of allowing “visiting merchants to comply with local regulations” since many towns had measures that were of common use, especially with respect to length and weight. In Vienna, length was measured in terms of the “ell” or Viennese yard, which applied mainly to linen. There was a separate “ell” measure for drapery, hence the second bar on the side of the cathedral. This allowed the buyers to verify before paying and hence assisted in establishing the trustworthiness of the vendor in the eyes of the customer. The fact that the measuring rod was on the side of the Cathedral, the House of God, was not lost on the parties involved.
Recent articles by Dr. Ramon Barquin