Evangelizing Mainframe
Print Email

SHARE Keynote: Modern Security Model Gets Medieval

In today’ information age, how we approach security is akin to feudalism with serfs (individual users) ceding their data to feudal lords (technology providers and governments) who pledge to protect them and their data. In this model, presented by BT Chief Security Technology Officer Bruce Schneier at the Aug. 13 keynote at SHARE Boston, the challenge becomes “Surviving in a Feudal Security World.”

Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center. He produces a blog, Schneier on Security, and an enewsletter with some 250,000 subscribers.

In his address, he explained that previously, security had always been individual users’ problem. People buy a computer, they need to load spam-filtering software on it; they access a network, they must get a firewall to protect their information and systems. However, that model was like buying a car without brakes standard, Schneier noted. “You wouldn’t buy a car from a dealer who said, ‘You’ll need brakes, here are some places you can buy them on the way home.’ Computers are unsafe to drive on the Internet without security, but those are considered ‘extras.’ ”

That model is changing, largely because of a few trends, he noted. The first being cloud. More and more, personal data is controlled by somebody else, for example, their personal email accounts, or their photos, likes and relationships shared on social media. The second trend is the loss of control of personal devices.

“I have no control of the security on my iPhone—Apple does,” Schneier explained. “Someone else controls the data and the device we use to control our data. In this new model, someone else controls your data and its security.”

People don’t know (or often care) about how they protect their data; they just expect them to do it. “In this feudal security world, we as users pledge our allegiance to a more powerful company that in turn promises to protect us,” he added. “I like it as a metaphor because it’s a great analogy historically, and everyone is watching ‘Game of Thrones’ these days.”

Just as the medieval feudal system arose for good reason, so has the modern version, he noted. Both historically and today, it’s a response to a dangerous world in which people seek protection. By and large, businesses like Google or Apple, do a better job of providing security than most individuals can on their own.

However, feudalism has its negatives, not the least of which is its lack of transparency, he said. A business might give your data to the government, and for companies there’s no way to audit the data entrusted to these service providers. Feudal security has risks as well, since companies act in their best interest.

“This is a trade off,” he summarized. “We give up some control to get protection from the vendors we can’t provide ourselves.”

The feudalism model is fundamentally based on trust. Providers need people to trust them with their data, photos and friends; information about their searches; what they watch; and where they go. It’s also a model based on power.”

Schneier noted that the tools of power are:

• Censorship or content filtering
• Propaganda, “the first business model of the Internet”
• Surveillance, “the second business model of the Internet”
• Use control, where providers restrict what apps you can use on their devices

“Trends in technology will only exacerbate these issues,” Schneier predicted. “That’s one trajectory that’s not positive.”

As technology evolves, the powerless often nimbly and quickly take advantage of it to gain power—sometimes by committing crimes or by promoting social change. For example, opponents of a dictatorial government can use Twitter and social media to organize meetings or rallies. At the same time, governments respond, though more slowly, to technology. So secret police forces can use social media information to track down and arrest people trying to organize antigovernment rallies, Schneier explained. “What happens to us in the middle? We peasants just get buffeted by the greater forces.”

But all is not lost. A different course is possible, he added. What’s needed is for people to engage and enter into a complex debate about the future of the Internet. That includes complex issues of personal privacy, surveillance, retention of data, etc. “The debate required to make such policy is probably more complex than climate change.”

Through debate and new policy, eventually, the power imbalance can be reduced, just as with medieval feudalism, Schneier added. Documents like the Magna Carta set rules for government, outlining its responsibilities to the people, striking a better balance. “What we need is an Internet Magna Carta to explain the responsibilities these corporate feudal lords have with our data.”

Posted: 8/20/2013 1:01:01 AM by Mike Westholder

Print Email

Join Now!