Just a week today I took a train to Geneva to join a special meeting at the ITU.
The agenda was set to cover issues of e-security, privacy and identity management. But this was not a public seminar or conference. This was a private meeting of five, to discuss a new possible virtual municipality: The City-Hall of Osmio.
At the ITU together with me were Wes Kussmaul, author of an intriguing book about the future of the Internet called Quiet Enjoyment, Luigi D'Ardia, an engineer from Notartel, an Rome-based company which provides electronic services to the civil law notaries, and Ugo Bechini an Italian notary and representative of the notary association.
From left: Alexander Ntoko, Ugo Bechini, Wes Kussmaul
For the ITU, Alexander Ntoko, Chief, E-Strategies Unit, also responsible for the cybersecurity track of the WSIS, was our good listener and advisor. Dr Ntoko, a computer scientist by background, is working toward increasing awareness and understanding of the key issues affecting Internet threats to privacy and security which have been incrasing at impressive rates in the last few years.
The ITU, as many of you probably know, is an international organization representing 189 countries and working toward creating policies and standards that support and facilitate individual countries needs in international and global telecommunications.
Here the premises of our conversation:
The Internet is broken. And badly so. If you simply look at the amount of time, money and resources we all need to invest to protect ourselves from spammers, phishers, trojans, worms, viruses, DOS attacks you can see that my statement is quite true, though mainstream media and "interested parties" may like to convince you that this is just "normal".
If you expect or plan to carry out some serious business online, it's time to realize that the facilities and infrastructures we are using today to make these scenarios possible are the full equivalent of a shacks built along a main highway. They have no certifications, no building code standards to abide by, and no authority behind them to certify what they purport to guarantee.
From your WebEx space to your Groove Virtual Office, to your SocialText or Intranets.com workspace, all these apparently secure virtual spaces need not comply with anything but the ability to encrypt data in transit while integrating an authentication mechanism at their gates.
But is this true security?
To begin with, what are the sources of the identities we are authenticating? Is there any authority behind those assertions of identity?
Shouldn't the architects and builders of these virtual spaces need to comply with international standards and the building authority just like we do with our non-virtual office spaces?
Why are virtual working spaces built by technologists with no attention to the key issues of architecture and security that physical builders need to attend to?
How would you like see carpenters replace architects in the building of your physical spaces?
If we can't tell who is really on the other end of the virtual office, what are we authenticating? The username and password of whoever is at the other end or the actual identity of the person we are virtually meeting?
According to Wes Kussmaul, the only way out is certifying identity, and placing true authority (not some commercial enterprise) behind not only identity but behind all the certifications that add authenticity to the resources that we use in our every day lives.
This is why the ITU may be so strategically important to this process.
Consider for example the issue of missing interoperability between different national PKI systems which are fastly emerging. How are these identification systems going to work and be trusted across national borders?
It must be stressed that the ITU does represent the interests and agendas of those 189 sovereign nations rather than its own agenda and interests; and that nothing resembling an ITU endorsement of this course of action has taken place. The attendees from the notarial profession were similarly representing only themselves as interested observers and not their notarial associations nor the state which granted them their authority.
If you would like to understand more about the vision and such security issues we discussed in Geneva, please listen to this 35min. conversation with Wes Kussmaul, covering the vision for the virtual city hall of Osmio, the need for individual authentication via personal enrollment and the emerging need for an established authority to govern and certify the construction (building codes) and use (licensing permit) of the new offices and buildings we are inhabiting online.
Would you run your business out of a tent on the side of the highway?
Audio recording: 35"
a) .zip MP3 8.1 MB
b) .WMA 5.4 MB
