Privacy 3.0: The Genesis of EarthCom...

Information classification in the private sector is gaining traction again as the nature of sensitive national security leaks are published in the popular press.  Data breach laws and cyber legislation is a daily discussion on Capitol Hill.  CISOs and CSOs even at the Washington Post are in "Incident Response Mode" after a successful phishing exploit by the Syrian Electronic Army.  These Operational Risk Management (ORM) challenges are not only on the rise because of the amount of information that is exchanged each day in an era of the "Internet of Things"; these risks are now front and center as "Privacy 3.0" evolves in the Cloud.

Andrew Serwin of The Lares Institute puts it all in context:

The question confronting modern-day privacy scholars is this: Can a common law based theory adequately address the shifting societal norms and rapid technological changes of today’s Web 2.0 world where legislatures and government agencies, not courts, are more proactive on privacy protections?

As private sector companies produce the technology solutions to accomodate the exponential expansion of our global ICT ecosystem, we must acknowledge the genesis of it's origin.  Human beings.  The products, systems, software and patents are the result of inventions by mankind.  Yet there is evidence that the evolution of ICT, whether it be in hardware, software or the data itself has similarity to biological evolution.  For decades scientists have studied the similarity of the ecosystems of information to the biology of immune systems.  These same smart and bold people have written books, journals and peer tested papers on the subject of transformational systems thinking.  Growth and change in the digital universe follows a biological path found in nature.

The organizational growth cycles are:

• Forming = entrepreneurship
• Norming = production
• Integrating = diversification

This cycle of growth has many labels, yet systems and organizational experts will say that the integrating phase of growth will encounter a bifurcation point, where it is necessary for the system to again innovate and form something new.  To adapt to its new environment.  If the system does not break away and create a new forming stage of the growth cycle, it will eventually perish.  This is why organizational change experts invented such innovations as the "Skunk Works" or why a private sector company breaks off a business unit and creates a whole new company.

Privacy 3.0 is now four years old.  Are we now at the bifurcation stage of the societal information growth cycle and the speed of business is leaving existing government rule of law in the rear view mirror?  Andy Serwin from his 2009 paper said:

Given the changes in society, as well as the enforcement mechanisms that exist today, particularly given the FTC's new focus on “unfairness,” and the well-recognized need to balance regulation and innovation, a different theoretical construct must be created--one that cannot be based upon precluding information sharing via common law methods. Instead, the overarching principle of privacy of today should not be the right to be let alone, but rather the principle of proportionality. This is Privacy 3.0.

As information flows through the manmade veins of supersonic light or invisible waves of zeros and ones around our planet, we are approaching a "Breakpoint."  A place in time, where the system will need to bifurcate in order to survive.  The system of privacy proportionality in government circles has been four levels of classification:

• Restricted = For Official Use Only (FOUO)
• Confidential
• Secret
• Top Secret (TS)

In the years ahead, as you hold your IP Phone (iPhone) to update Twitter, Foursquare, Facebook or WordPress App, you are behaving in the Privacy 3.0 ecosystem.  While you are at work in the public or private sector using Google Business Apps in the cloud, your behavior and your words including personal data such as your semantics or GPS coordinates, are entering one of four levels of sensitivity.

In order to make the leap to our next systemic "Breakpoint", we will need to design in proportional privacy to our Operational Risk Framework.  Without it, the system will decay and ultimately cease to exist.  Is privacy an after thought in your organization?  What information governance education takes place on a continuous basis?  How do you monitor and measure?  Have you tagged the information into four levels of sensitivity?  These are just a few of the questions that the Privacy 3.0 enterprise is encountering, at the genesis of an ICT "EarthCom."

4th Paradigm: Predictive Risk Innovation...

21st century innovation requires new thinking, new tools and the application of a creative mind.  When it comes to innovating Operational Risk Management (ORM), take a leap towards "Predictive Intelligence".  What has been holding you back?  Is it the right combination of new thinking, new tools and the applications you haven't even thought of yet?

How could we apply the use of a High Computing Cluster (HPC) using Amazons Elastic Compute Cloud (EC2) with the right haystack of data to get the answers we seek?  Without building a new data center and for under $5K.  Think about the possibility of 10,000 plus server instances running across five data centers, with the results we seek in hours.  Utility Super Computing is here today for white hats and also even the "Black Hats."

Predictive Analytics is an art and a science, that is thriving with the use of "Fusion Infrastructure" by the hour. Why do we need to spend tens of millions of dollars on our own data center anymore, to get the rapid answers we require to run our business or to defend our nation?

Now the debate has gone beyond the infrastructure, to look at the other bottle necks.  What about the database architecture itself?  Is the traditional implementation of the disk intensive real-time Relational Database Management System (RDBMS) paradigm over?  Hadoop is here, yet requires new language learning curves and is a batch solution.  This could be one of the answers to predictive risk innovation:

MemSQL is the distributed in-memory database that provides real-time analytics on Big Data, empowering organizations to make data-driven decisions, better engage customers, and discover competitive advantages. MemSQL was built from the ground up for modern hardware to leverage dozens of cores per machine and terabytes of memory. We are entering an era that will be defined by distributed systems that scale as you need capacity and compute, all on commodity hardware.

How long will it take you to stand-up your own "Operational Risk Intelligence Center"?  One or two days or a week, with the right people and skill-sets in place.  What kinds of questions and answers will allow you to predict the future, faster than your competitor or your latest cyber adversary?

At the Black Hat security conference in Las Vegas, a quartet of researchers, Alex Stamos, Tom Ritter, Thomas Ptacek, and Javed Samuel, implored everyone involved in cryptography, from software developers to certificate authorities to companies buying SSL certificates, to switch to newer algorithms and protocols, lest they wake up one day to find that all of their crypto infrastructure is rendered useless and insecure by mathematical advances.

We've written before about asymmetric encryption and its importance to secure communication. Asymmetric encryption algorithms have pairs of keys: one key can decrypt data encrypted with the other key, but cannot decrypt data encrypted with itself. 

The asymmetric algorithms are built on an underlying assumption that certain mathematical operations are "hard," which is to say, that the time it takes to do the operation increases proportional to some number raised to the power of the length of the key ("exponential time"). This assumption, however, is not actually proven, and nobody knows for certain if it is true. The risk exists that the problems are actually "easy," where "easy" means that there are algorithms that will run in a time proportional only to the key length raised to some constant power ("polynomial time").

Innovation in the Operational Risk Management spectrum is on the verge of massive change. Operations Security, Fraud Analytics and Supply Chain Management are just the beginning.  The Board of Directors of the commercial enterprise, Military Strategic Commands and virtual chat rooms on the deep web, are debating these very subjects.  Application of "Utility High Performance Computing" in combination with 4th Paradigm databases, puts innovation back at the forefront of the creative mind.