The
History of the World in One (long) Page
Long ago, smart people learned that living in houses and raising food on farms was better than living in caves and eating whatever you could find that looked like food.
Some, however, never got the hang of farming. Instead, they joined with other non-farmers in gangs that offered to protect the farmer if he handed over a couple of geese and pigs.
"Protect from whom?" asked the farmer.
"From me, of course" said the leader of the gang of thugs as he carried off the livestock.
Now the farmers could put up with one gang of thugs but with many competing gangs, each demanding more geese and pigs, life became very difficult.
Then the smartest leader of the toughest gang came up with a solution. "I'll protect you not only from myself but from the other gangs as well. Just hand over geese, pigs, a few goats, and a son to join my protection enterprise. And toss in that shiny trinket so I can add it to this fancy thing I want to wear on my head. And oh yes, refer to me as 'highness.' "
That's how the smartest gang leader became king. His sons had sons who had sons, and each generation became more interested in sitting on a comfy throne than riding around in the cold wet countryside keeping order and exacting tribute. Over the generations successive kings learned how to build an organization of courtiers and knights and justices of the peace and spies that enabled them to maintain a life of comfort. As long as everyone in the realm acknowledged his authority, all was cool.
The king's authority was signified, conveyed and applied through the use of a wax seal. But as the kingdom grew it became impractical for every deed to be made official with the king's seal. Public officials were appointed and commissioned and given their own seals, which conveyed the delegated authority of the king.
Over the centuries, people caught on to the king's little secret: their consent to his authority was the source of all his power. Gradually they took more and more of that authority upon themselves. The notion of "state" came to mean "that which holds and applies public authority," whether it's the king, the people or, in most cases, king and people grudgingly acting together to constitute and apply public authority.
As more and more people wandered away from their villages, that wax seal conveying public authority in private matters became very important. For centuries, people would carry notarized letters of introduction when they traveled, as there were precious few other sources of authenticity to let people know who they really were.
Beginning around 1865 a series of inventions allowed people to engage efficiently with each other over distances. If you wanted to do a reality check on someone you just met, you called a mutual acquaintance on the phone. Circles of trust remained of manageable size, kind of like a village where everyone knows each other. Wax seals quickly became obsolete in the telephone century.
Then came the twenty first century. Those inventions have brought us to something that has been called the global village.
Except that a village or a circle of trust is defined by the fact that everyone knows enough about each other, or can find out from a trusted village acquaintance, to determine the authenticity of their assertions, starting with their identities. That fact provides accountability, which is the essential building block of a village.
In this new mass of six and a half billion people brought close through technology, there is no accountability, meaning it's not a village at all. It's a global mob. We regularly encounter people online with no means of knowing whether their identitiy or their other assertions have any authenticity. Online, inauthenticity rules.
And it doesn't stop with the online world. The financial world is in the throes of collapse because those same inventions, applied to the world of transactions, with the same lack of tools of accountability, allowed worthless loans to be foisted off as grade-A securities.
Inauthenticity rules. Everywhere. The built-in lack of accountability in our systems of communication have turned fraud and theft into normal business practices.
But what's the alternative? Would you want a global village where everyone knows everyone else's business? Where a personal identifier made it possible for snoops and governments and cookie clubs to watch your every move, building tables of data about all your actions, including the web pages you look at and the people you hang out with and the things you buy? Accountability in a village of 650 people may cost a certain amount of your privacy, but that kind of accountability in a global village of 6,500,000,000 people would be a Kafkaesque nightmare.
And that nightmare is well on its way. The title of a recent MIT Technology Review cover story says it all: "The Internet Is Broken." Spam brings us phishing attacks and botnets. Our "information homes" are intruded upon regularly. Privacy has been thoroughly eroded by both "legitimate" business and by a new global online mafia.
Welcome back to the eighteenth century. We need to take a close look at well-established sources of authenticity and accountability. And we need to use available technology to build a reliable means of providing individual privacy.
The important news is: it can be done.
In fact it is being done.
THE FOUNDATION OF THE SOLUTION
A source of public authority is always necessary for there to be any kind of order, productivity, and progress. In democracies and dictatorships, strong central governements and federations of cities and provinces, there are always keepers of the seal who apply public authority - the authority of the state - in private matters. They are called notaries, justices of the peace, consular officials, professional licensing boards, building inspectors, etc.
Did you know that a document that was notarized by a U.S. notary will be honored in Cuba, Iran, and North Korea - and vice versa? (Sometimes an "apostille" attesting to the validity of the notary's commission is also required.) We find that unusual because when we think of the policies of nations we think of governments rather than state.
Public authority is held by, and applied by, the state. State is not the same as government. Government does things. Government builds roads, fights wars, provides for the welfare of the disadvantaged, employs people to help the economy, and launches countless other programs and initiatives.
The state, by contrast, just is. It holds authority to be applied according to due process. The main purpose of that due process is to allow people to discern what is authentic from what is inauthentic.
The durable asset of the state is public authority. While the titles of state authority are sometimes gained through intrigue and maneuverings and inauthenticity, the participants tend not to mess with the authority asset, because they know it's essentially the state's only real asset. Without that authority asset they would have no... authority.
Government gathers and applies public money.
State gathers and applies public authority.
THE SOLUTION.
The solution is quite straightforward. Individual privacy and public security are not antithetical.
We can have both at the same time.
We can have authenticity.
What will get us there?
Very simply, a well-thought-out and well-engineered system that will replace that which has gone missing.
What has gone missing?
Authenticity and Privacy.
We need an Authenticity and Privacy Infrastructure.
A real, workable Authenticity and Privacy Infrastructure, however, requires facing the fact that most of our information security methods and procedures are built upon flawed assumptions. Among the things we must abandon is the basic assumption underlying firewalls and intrusion detection systems and intrusion prevention systems - and all the anti-malware software that we dutifully and futilely maintain in our personal computers.
That is, we must abandon the preposterous notion that one can determine the intentions of the sender of a stream of packets by examining the contents of those packets. Years ago we should have seen how that defies common sense. You cannot "profile" data. If you rely upon that approach, that set of assumptions, then you merely eliminate the work of the least talented, least ambitious, and least well funded intruders.
We used to characterize the Internet as an Information Highway, and indeed it is an outdoor public transport system. It does that job well.
Now would you have your meetings, keep your files, and let your kids hang out outdoors by the side of a busy highway?
Typically we use highways to bring us from one building to another - from one indoor space to another.
So where are the indoor spaces? Where are the buildings?
You know what indoor spaces require: architecture, building codes, code-qualified building materials, building permits and occupancy permits. Each of those is generated by individuals with professional licenses that are issued by public authority.
Let's look at how an Authenticity and Privacy Infrastructure can provide what we need.