Whose governance do you trust most (or least): The Guardian, Google or GCHQ?

Recently I have been privileged to sit in on a number of discussions:

– on security and surveillance in the post Snowden world and the effectiveness or otherwise of the various initiatives being touted by those with no more understanding of what is happening today than those who created the mess we are in 

– on how much (or perhaps it should be how little) security, surveillance and privacy technologies has changed over the past twenty years, (since the Internet became commercialised (after the success of the Atlanta Olympics)

– on the growing divide between those who understand the various security, surveillance and privacy technologies and those driving the formation of policy (whether government or commercial), let alone those trying to implement or enforce the policies.

– on the stand-off between Cabinet Office and the Silos of State over policy of personal data and privacy while action on fogging (the false obtaining of genuine government issued credentials) remains stalled.
These have caused me to juxtapose some of the stories currently in the news, particularly:

– the concerns of US hardware, software, network and service suppliers  that their businesses are at risk because they are no longer trusted  with

– the parallel concerns (both US and UK) over whether  Huawei products and services might have similar backdoors   with

– the allegations that our home routers are also part of the Anglo-US GCHQ surveillance network   with

– news of the sheer scale of  the theft of on-line credentials  with

– the Daily Mail campaign in support of small firms whose banks are refusing to reimburse then after on-line frauds   with

– whether digital by default is compatible with socially inclusive public services which reach those in most need, whether inner city or rural 

Then Bill Maslin accused me (see his comment in response to my review of Carlo Solari’s book on what is happening)  of a touching faith in the Governance of GCHQ.

I do know a little bit about its governance and some of the things that I would like to see done which it has been prevented from doing. Unfortunately, having signed the Official Secrets Act many years ago, I too am not at liberty to say why it gives me so much more confidence than what I know of the governance of Google, let alone the governance of the Guardian, answerable to a self-perpetuating off-shore trust .

I should perhaps add that I had more confidence on the governance of the News of the World than that of the Guardian. It was not politically motivated and had been behaving in much the same way since it was founded in 1843 to enable the working classes to read the scandals that previously only the upper classes could read in the Times or the Pall Mall Gazette. It employed only 19 of the over 300 journalists who used the services of the phone hackers identified by the Information Commissioner office and accounted for less than 200 of over 3,000 of their transactions.  . Unlike their other newspaper customers, however, the News of the World kept records. More-over its owner ordered full co-operation with the police, regardless of how reluctant the editor and journalists might have been.

Back in 2001, for the LEO anniversary I wrote my predictions for the second 50 years of business computing . One was “The development and use of trusted technologies, which provide an unalterable record of what happened for use as evidence … Before then we may have to pass through a period when parchment, vellum and physical witnesses may be the only truly “trusted” record.  Encryption techniques will come and go as their flaws, more likely to be of management and application than of mathematics, are found and exploited …”

I fear that 2014 may well see the nadir of trust in the on-line world.

If so, that will not be because we lack the technologies to run trustworthy systems. It will be because we lack the people processes and skills to make proper use of the technologies we already have and, in some cases, have had for over twenty years.

Whose fault will that be?

That is four bottle question and I am being called for dinner.

Suffice it to say that it is not just the fault of the NSA, albeit they are currently the pantomime villain.

If I do not make time to return to this topic in the next couple of day, probably in the context of the Cabinet Office consutlation on identity policy that is supposedly about to be announced, have a Qeasy Christmas and a FUDdy (fear, uncertainty and doubt) New Year.

Enhanced by Zemanta