Microsoft Trusted Stack: Can We Ever Trust People?

Trust In People

Seriously where do you really want to start? After decades of computer support experience, I just don't believe we can ever have trust in people – end of!

Perhaps one of the most famous Internet jokes was an early one. The New Yorker magazine ran a picture of two dogs at a computer screen with the caption, “On the Internet, nobody knows you’re a dog.”13 That remains in large part true, even as child safety issues have driven people to look—mostly unsuccessfully—for ways to distinguish minors from adults. The problem relates to how identity is determined in an electronic world…..

Microsoft Establishing End to End Trust Paper

The End to End Trust paper discusses a number of methods to achieve this from a stand point of proof of identity. This is predominantly due to the anonymity of the internet and that people can masquerade as other people or create their own fictitious identities.

Leaving aside all the politics and social implications. Let’s say that we could actually identify everyone out there. For example let’s do something extreme such as put a chip into everyone worldwide and have them sign on to the internet via a chip reader (uhhh and don’t think this is so far fetched because some of our governments have ben working on and preparing the way for this to occur for a while now). Ok so now we have a method of identifying everyone….or do we?

Here are some challenges to our Utopian ideal.

  1. Fallibility:
    Show me a human being who has never made a mistake and I will show you a working TARDIS (Time And Relative Dimensions In Space) unit for space and time travel.

    A fact is that we all make mistakes, we all misinterpret, and we all have misunderstandings. This has an effect on Trust and it is unfortunately how some wars have been created.

    Some examples of mistakes to our Utopian chip ideal include the wrong people having the wrong chips. If the chips are updateable which they will need to be if people are allowed to have name changes, then mistakes could include misspellings of the name change and any other details that need to be updated. The result is that the network or system may misidentify the person.

  2. Organised Crime:
    Let’s not even consider chopping people’s hands, or any other protrusion that contains the chip here. If chips can be updated and changed then organised crime will eventually find a methodology for accessing those chips even if they have to steal the technology. Once they have any type of access – at worst they will be able to create a denial of service attack. At best access to everything owned by the individual including banking details.

  3. Identity Loan:
    I once had a Podcast with a couple of people who posed the question. How do you know that the logon hasn’t been borrowed? In other words how do you know someone hasn’t logged on and allowed their neighbour, friend or family member access. Sure with audit capabilities you will be able to track the individual that had logged on but you won’t necessarily know the culprit. How many of us would want to put a loved one in prison and who’s to say organised crime isn’t holding a loved one at gunpoint?

Yes I know in some of the points I’ve been picky…but that’s what security people do and if this utopian society ever does exist then you can bet the news articles we read will focus on these areas.