Sunday, September 18, 2016

Digital Citizens: The Integrity of our Trust Decisions...

Operating globally in business requires travel across borders and into less than familiar places.  Operational Risk Management (ORM) is at the forefront of global commerce for good reason.  The tools we use to assist us; range from the smart phone airline App to hold your boarding pass and even the latest travel warnings from the U.S. State Departments "SmartTraveler" App.

Perhaps on your last trip abroad you ditched your regular personal smart phone for a pay-as-you-go model that you could throw away, upon your return.  Most likely a prudent strategy, especially if you are traveling into physical places that are known to be less trusted for their wireless communications infrastructure or for other questionable reasons.

Regardless, the use of a Virtual Private Network (VPN) on connecting a device in any country is worth the extra step of privacy.  OpenVPN or Golden Frog's VyprVPN can provide your iOS or Android device, with an encrypted tunnel to prevent eavesdropping on your Internet traffic.  Again, a wise step to take at all times.

However, even today that may not be enough.  Digital Trust is paramount in a mobile-centric 24x7 business world.  The integrity of communications from the CxO ranks while traveling abroad is vital when interacting with senior staff and other government collaboration partners.  Our Trusted Apps perhaps need to have a new and emerging set of new capabilities going forward.  Marc Canel writes:

"A group of security experts led by ARM, Intercede, Solacia and Symantec collaborated to create a new security protocol for smart connected products.

The companies agreed that any system would be compromised unless a system-level root of trust between all devices and services providers was established. This led to the definition of the Open Trust Protocol (OTrP), which combines a secure architecture with trusted code management, using on mobile devices proven technologies from banking and data applications.

The protocol is now available for download from the IETF website for prototyping and testing. The key objectives of OTrP are to develop:

  • an open international protocol based on the Public Key Infrastructure (PKI)
  • an open market for competing certificate authorities
  • an ecosystem of client and server vendors around the protocol
Collaboration began in early 2015 and soon grew to 13 companies. The alliance worked with the IETF and Global Platform to get OTrP adopted as a protocol within their organizations."

The OTrP protocol adds a messaging layer on top of the PKI architecture. It is reusing the Trusted Execution Environment (TEE) concept to increase security by physically separating the regular operating system of a device from its security sensitive applications.


We have created devices we want to trust.  Our business and global commerce requires the ability to effectively communicate with integrity.  The Open Trust Protocol (OTrP) is only the beginning.

Why?
The foundations of the Internet and the future of Artificial Intelligence (AI) will soon be at a break point.  A place in the growth curve where there is a bifurcation.  If we do nothing, the system will decline and die.  As opposed to being re-engineered now to survive and adapt, to the evolving environment ahead.  A digital environment where machines are talking to machines on a more massive scale at light speed, beyond just digital switches, routers and other mobile (IoT) devices.
The continuous integrity and assurance of our networked infrastructure to enhance "Digital Trust" is already well on its way.  Important foundations have already been established and the transformation steps are underway beyond protocols, with the education of our most promising generation of new software engineering talent.  Here is just one example in Jeffrey Ritter's University of Oxford course, "Building Information Governance":

"To govern information now requires mastery of a diverse, often international, portfolio of legal rules, technology standards, business policies, and technology, all applied across increasingly complex, distributed systems and repositories. The increased scrutiny and requirements of official agencies and business partners impose new requirements for compliance documentation and transparency. This course introduces participants to a structured design approach that will enable strong, responsive and resilient information governance to be incorporated into the design and management of digital assets. 21st century information governance must navigate and embrace records management, privacy, electronic discovery, compliance, information security, corporate governance, and transparency of operations—all of these will be considered in this course."

The future of "Privacy Engineering" is at stake in a mobile commerce digitally trusted environment.  All of the protocols being developed for moving zeros and ones from point A to point B will not mean anything, if we have not effectively enhanced our "TrustDecisions" capabilities and outcomes.

The environment is virtual.  Just like the physical world, there are places that are safe and others that are dangerous and evil.  Since the beginning, the diversity of content and the people who are operating in the environment, are good and bad.  This is the reason the virtual environment of the Internet has rules and the engineered governance that is necessary for the integrity and safety of the global citizens who utilize it.

You have to wonder what our digital world would be like without rules or any governance.  Without the international Rule of Law.  Without the enforcement of international safe havens for people to operate with integrity and in safety.  In the physical world and on the Internet.  It would be global uncontrolled chaos.

As you ascend into the next generation of mobile and global commerce, think harder about "Digital Trust".  How will the Trust Decisions that your business or your country relies on, remain in a safe haven?  Will the confidentiality, integrity and assurance of the underlying data science continually be trusted?
"These forces are concurrently driving transformations that are now already visible in how we structure the governance of our political states, our commercial consortia, our corporate digital ecosystems, and our interactions as individual users with the digital assets of the Net.
Ultimately, the Net succeeds or fails based on the cumulative affirmative decisions of individual humans to trust the networks, systems, devices, applications, and information assets that are the blocks from which the Net is constructed.   For the Net to prosper, and to be functional as a global infrastructure, the values and consequences of building digital trust must be embraced.  That evolution is already underway"...  Jeffrey Ritter