Thought for the day:Absence of trust

Hard-hitting IT columnist Simon Moores gives his personal take on the hot issue of the day.In a speech I recently gave at the...

Hard-hitting IT columnist Simon Moores gives his personal take on the hot issue of the day.In a speech I recently gave at the Houses of Parliament, I argued that the continued absence of a universal trust system presents a risk to the continued development of e-government and the knowledge economy.

Downing Street's declared objective is that by 2005, the transformative impact of joined-up government will swiftly create the climate for a knowledge economy. But before this can be delivered, we need to have in place a new architecture of trust to support it. This demands an irrefutable and totally secure means of proving one's identity over the Internet; cheap, available digital identification for every citizen and every business in the land.

A company called Quizid has introduced what it sees as a cost-effective security system for the consumer market. It's a digital identity that combines a credit-card-sized security token (the Quizid Card), a dynamically generates unique authentication key, with authentication (the Quizid Vault - where authentication key codes sent by partners companies are validated.

Richard Barrington, director of industry at the Office of the e-Envoy who spoke at the same launch event, conceded that the digital certificates market has, so far, failed to deliver robust certification that meets government needs.

The Government has, quite correctly, encouraged industry to develop the initiatives that will allow us to carry out digital transactions with something rather more secure than a PIN number or a password.

But industry, as Barrington suggests, has failed to live up to expectations and, instead of a single solution, has created a number of small islands that have bought us no closer to the goal.

This failure rather begs the question of whether, as a nation, we should be looking for a single and absolute, end-to-end solution from the beginning or do we lower our sights and deal with the challenge of authentication first, using a solution such as Quizid, which supports US standard FIPS-140 crytpo-technology.

Two weeks ago, the UK arrived at a watershed with one million broadband Internet users. Twenty million homes and almost half the population are now regularly using the Internet, e-commerce and e-government.

Millions of us own "chipped" smartcards, issued by the banks and credit card companies in a world of virtually no smartcard readers. Instead, we use the lowest form of personal security, passwords, frequently our mothers' maiden names, for many of our most sensitive on-line transactions.

In fact, few people realise that many of the UK's online banking systems share the same Internet security technology as the Lego online toy store.

The continued absence of a universal architecture of trust, in conjunction with the very real risk of expensive failure, threatens the credibility of the Government's programme and with it, any hope of building a true knowledge economy at a time of threatening recession.

Action is needed, not excuses. We're either an online society or we're not. Without a readily available authentication capability, more elaborate than a simple password or PIN number, we are most definitely not in danger of becoming the first world knowledge economy that I imagined two years ago.

What is your view?
Has industry failed to deliver a workable model for trust in the new e-economy? Tell us in an e-mail >> CW360.com reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Zentelligence Setting the world to rights with the collected thoughts and opinions of the futurist writer, broadcaster and Computer Weekly columnist Simon Moores.

This was last published in October 2002

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close