To quote Neil Richards and Jonathan King, authors of Big Data Ethics.
“More fundamentally, law alone is not enough to enshrine big data ethics in our societies. Law has limits when things are moving quickly. Legal change is often slow and in our time of rapid technological change we are all aware that our legal rules are lagging behind our technologies. Laws we impose may cause unintended consequences of their own and unduly burden the big data revolution still in its infancy” There may inevitably be a gap between active legal rules and the cutting edge technologies which are shaping our societies and ourselves”
The bigger challenge however is enforcing the rules. We believe there is a technological solution that we had the opportunity to present to your colleague Michael R Nelson, Microsoft’s Principal Technology Policy Strategist at the Freedom Online Coalition hosted by Estonian President Toomas Hendrik Ilves recently in Tallinn Estonia.
Ronald Reagan’s Doctrine to Cyberspace
To us in Estonia “transparency reports” remind us of Soviet production reports – a noble and worthwhile goal but how can you trust the message if you can’t trust the messenger?Prior to the digital age the solution would have been “доверяй, но проверяй” – a Russian saying that was translated for Ronald Reagan and became his signature phrase “Trust, but Verify”. This worked in the physical world of nuclear weapons because it was possible to have extensive verification procedures to monitor compliance on both sides.
What however of the digital world?
How to verify anything at all when all activity is represented in digital form and easily manipulated without leaving a trace?
KSI achieves exactly that for the digital world – it is possible for anyone to independently verify act the activity of others whilst maintain the confidentiality of that activity.
A Public Ledger of Activity
KSI achieves this verification by using a public ledger of activity, equivalent to the Bitcoin protocol but without the need for proof of work and at a massive scale (i.e every event or digital asset that is created around the world in a single second can be entered into it). That means complete transparency and accountability for the entire Internet.
Jason Hoffman, founder of cloud computing company Joyent and currently VP of Ericsson Cloud Systems and Platforms along with Rainer Gerhards, German author of the Linux logging daemon were among the first technical visionaries to understand the implications of KSI.
In 2013 Gerhards integrated KSI into the de facto standard logging daemon for Linux, rsyslog. Available as open-source on most Linux distributions, KSI allows event-level verification for logging i.e. the time, integrity and provenance of every individual event in every log file in the Linux operating system can be verified without the need to trust the administrators of those machines or the security of cryptographic keys, with important implications for addressing the insider threat, a topic often in recent headlines.
The implications for data privacy and security and transparency on the Internet are profound. With the portability of evidence afforded by KSI signatures, implemented within governance frameworks consumers can define how their data is to be used, service providers can provide service, auditors can audit, regulators can regulate, and nothing can be covered up – effectively complete transparency and accountability for networked society.
Hoffman points out that with KSI implemented across service providers it is still impossible to prevent crime, but it is possible to have 100% detection and actions taken to hold accountable those responsible.
Hans Vestberg, CEO of Ericsson in a recent interview commented (on security) “Of course there are concerns, That’s why vendors like us must operate with complete transparency and trust.”
The good news is that by adopting governance frameworks implemented using KSI, delivered as a core network service to world governments and global corporations via their telecommunication partners it is possible to deliver complete accountability and transparency, re-establishing trust in global business, achieving the mutual benefits of shared data and still guaranteeing full compliance with the privacy rights of individuals. And of course solving a pesky two trillion dollar cybersecurity problem at the same time.
Brad, we invite you to Estonia. You have many colleagues here and we would be thrilled to walk you through how big data governance can be achieved at scale.