Saturday, January 24, 2015

Internet Security and Freedom Intertwined - Foreword

Benjamin Franklin is famous for the following quote on freedom versus security in a civilized society: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”, which, in more modern a wording, reminds us that “Those Who Sacrifice Liberty for Security Deserve Neither”.

If this quote is famous for its relevance in political science, why should it make up the first lines of a compilation of papers on Internet Security? Because the whole theme of this series of papers is precisely to remind us, to make the point that Internet will not last if insecure and that its security will require freedom in its very design. Or in other words, if we bet that Internet will last whatever decisions people, companies or government will make, Internet will eventually be both secure and free, or else, another Internet will loom as a – free and secure – substitute.

This is not a mere wish, a dream or a prayer that some lunatic would hope to come true, like if from some technology god. All the contrary. It is a claim rooted in realism. Internet is now and will be onwards a net where mostly people interact. Yes, today, it is still highly used and kept busy by traffic generated by companies, state organizations and e-commerce activity. But its actors are individuals, and more and more, with Facebook as a major hint, it will become our second life, for us all.

Eventually, every one of us will be interacting to some degree with anyone of us thanks to the net. Internet is not the realm of collective entities, but that of individuals. It is thus the next free market, will behave as such and will follow the related economic and social rules.

And because it is made of individuals interacting, like the next free market, it will see similar mechanisms emerge. Mechanisms that emerged in the human society to enable safe and free interactions. Because why should I interact with you if I see you as a danger – unless I am forced to? The use of Internet does and will more and more rely on mutual trust. I buy on Amazon because for various reasons I trust their ability to meet my expectations whilst not forcing me to buy in any way. Trust is an expression of free will, of our individual freedom to adopt or not – Internet like anything else. Trust in turn assumes security: I need to identify and authenticate my counterpart, I may need to have confidence in their dependability and honesty, their ability to ensure confidentiality, or that they are not tampered with by some third party.

Nevertheless, security and interactions do not mean exactly the same as in the real world, and we need to have this awareness to be able to build security right. IT systems and the virtual world have a completely different set of features from which many concepts stem. For instance, IT risks do not follow the same logic as physical ones, mainly because IT has not a stochastic nature. The challenge for security professionals is thus to find the right balance between IT realism and social realism.

Freedom and liberty, at least their social principles, have proven to be those best adapted to make up a just and prosperous society – even if many in the political world may dispute this. There is simply no alternative than to have the Internet adopt them entirely, to embrace them fully – though with all the differences there are between the normal life and the virtual one – if Internet is to continue to grow and become the decisive driver to a happy and better future for the human race.

The objective of the series of articles to come is precisely to explain and illustrate the importance of a secure and free Internet, whilst articulating how its distinctive features and its virtual nature require our social mechanisms to be revisited to that end. There are many facets to this umbrella objective, the series promises to be fruitful.

No comments: