The Internet has evolved rapidly from a small system for academic collaboration to a general platform for almost everything. As we anticipate the next waves of Internet growth and change, it’s timely to review whether the original underlying platform remains fit for purpose. This will become critical as basic civic and financial services are deployed “online-only.”
In Look Who’s Watching: Surveillance, Treachery and Trust Online (by Fen Osler Hampson and Eric Jardine, CIGI 2016) the authors elaborate on the question of “trust,” and present the loss of trust in the Internet as a serious problem with technical, legal and economic dimensions. Citizens of countries with modern economies are accustomed to trusting complex systems that they personally barely understand, including water and power, banking and insurance, healthcare and public safety. Major negative events that shake trust in these systems have severe impacts: in the wake of a tainted water scandal, people may purchase bottled water at great cost because they no longer trust the municipal supply.
The Internet as a platform faces a number of potentially trust-destroying circumstances, including theft of data by states and/or criminals and careless stewardship of private data by government and corporations. Revelations that state actors apparently spy on anyone more or less at will have given constituents pause to re-consider “security” measures that were passed in trying circumstances. The ongoing attempts by States and corporations to recapture control over the “wild west” of the Internet either through regulation or through the creation of “walled gardens” runs counter to the inherent free nature of the Internet.
The authors define “trust,” examine likely impacts from this loss of trust, then estimate costs in lost productivity, stifled innovation and political disconnection. They identify potential failure points for each pillar of trust, noting that some are inherent, some derive from basic human behaviours and how some can be manipulated by bad actors with an agenda. All, however, have a cost: if consumers stop trusting online banking, a retreat from online banking back to teller-based in-bank transactions would be ruinously expensive.
Since the public and most journalists approach the subject of Internet security from a technology perspective (more crypto! less crypto!), the addition of non-technical considerations in a formal framing will be welcome to the technical reader.
The ongoing roll-out of “Internet of Things” devices, where literally everything is connected to everything, will face public resistance in the absence of trust. Examples abound, including some apparently silly ones like covering laptop cameras with a sticky note are in fact not silly, as they demonstrate that once trust is shaken (“people can spy on you that way!”) users will endure inconvenience rather than a perceived reduction of security. This has enormous impact on the “features vs. security” design discussion, and should serve as a warning to software developers who rush features to deployment without adequate consideration for security.
The book offers a light enough treatment of the problems so as to be accessible to most readers, and has enough currency (NSA, Russia/China, cyber criminals, the Dark Web, crypto, quantum computers) to engage the curiosity of casual readers. Once it has the readers’ attention, it raises important questions such as, “who runs the Internet now, and who should do that in the future?” The engaged knowledgeable reader will find references of interest to pursue further.
Successfully answering such questions is the key to moving ahead and flourishing in the next wave of Internet growth. The authors present a sound foundation for examining the basic assumptions that underlie the Internet and how we use it to interact.
