Last year, Craig Mundie issued a call to arms for a more “trustworthy Internet” — not that Microsoft has been entirely successful at implementing its arguably more humble Trustworthy Computing initiative. But let’s not let the computing industry’s failure to bring forward operating systems, web servers, or even Web browsers that don’t get gummed with malware, or pwned by exploits stop us for shooting for the Holy Grail of computing: a complete chain-of-trust throughout the Internet, from the bottom to the top, called End to End trust.
This year, Scott Charney, Microsoft’s corporate VP of Trustworthy Computing, carried the torch for End to End trust. Check out Dennis Fisher’s post on Charney’s talk.
Essentially, Microsoft wants to cull together devices, operating systems, data, and identity to create a pipeline of trust.
The challenging part of all of this, as Fisher noted in his blog is managing identity. For Microsoft’s part, it sees its Geneva server as the processor of individual identities performing some type of transaction. “This identity metasystem is the most controversial part because of privacy concerns,” Charney said at the keynote.
Indeed. The thorny issue here is not so much about managing passwords and authentication: we have much of the technology to do this today. It’s about exchanging just the right amount of personally identifiable information for the transaction. Perhaps if I’m buying a book from an online bookstore, the merchant just needs to know that I’m authorized to use a credit card, and that the credit card is valid. Now, if I’m updating my passport, or applying for a mortgage the government or loan officer will rightly need to know more about me. They’ll need a high-level of assurance that I am who I say I am – at the very minimum. Sometimes, however, we may want to be able conduct “transactions” on the Internet without anyone knowing, for certain, who we are.
That’s one of the most interesting aspects of Microsoft’s CardSpace. Cardspace makes it possible for identity to be “claimed” by digital tokens, so that one can vouch their identity without sharing too much about themselves.
Much of the discussion around CardSpace and End-to-End Trust will be around managing passwords, and the rights of individuals to protect their privacy from marketers. But the importance of Internet identity goes much, much further than that when it comes to overall IT security.
I was having lunch with Andrew Storms, director of security operations at security vendor nCircle, earlier this week and we had this very discussion. We were talking about how End to End Trust could go a long way to help to squelch malware, and even botnet attacks
If all software had to be properly signed (a level of trust in the identity of the software maker) before it was allowed to be installed on PCs would help eliminate certain classes of malware. If e-mail addresses were actually validated that the person who claimed to be the owner of that e-mail address actually was who they said they were, other classes of attacks, such as e-mail spoofs, could be eliminated.
“It’s so easy to be anonymous on the Internet, that people can launch the equivalent of cyberwar and cyber-terrorist attacks from their living room, anywhere in the world, and with complete anonymity,” says Storms. “We are seeing this is sociopolitical and geopolitical hotspots. Organizations are reaching out individuals, telling them that if they install attack bots on their PC, that their system will be used to wage war. People can go to terrorist Web sites and download and install bots on their own,” he explains. “And those that are installing these applications built to attack will do so in total anonymity.”
He also explained how many criminal gangs, from around the globe, actually seek to use U.S. e-mail provider because of how good U.S. laws are at protecting privacy.
I see plenty of benefits in the anonymity the Internet provides, as does Storms. But the sheer numbers of breaches today, the size of modern botnets, and the relative immunity attackers get by launching their attacks through servers (whether the attackers are physically there, or not) from within China, Russia, Iran – or any other nation that won’t necessary be “friendly” to foreign law enforcement requests is certainly not sustainable.
Andrew believes, and so do I now after our conversation, that higher levels of identity validation – for both devices and people – needs to be achieved if we are to have any hope of attaining anything close to “End to End trust” on the Internet.
But it has to be done in a way that protects the ability to do things anonymously, if not confidentially, just as we have in the physical world. We need the ability for sources to anonymously share information with journalists, corporate insiders speak their mind without revealing who that are – and we need anonymity to maintain true freedom of political speech.
But we don’t always need the privacy to do these things. Perhaps the end game here is multi-tiers of trust, where our systems can authenticate the validity of our identity for most day to day transactions, but also have the potential to log-on to places with our anonymity intact.
“I think something like this has to happen,” Storms said. And I agree.
But I don’t think we’ll ever achieve anything that resembles “End to End” trust in the digital world. But we can do much better at improving trust where and when it matters, and maybe even maintaining privacy for where and when that matters, as well.
But for today, I’d settle for an operating system I could trust.
