What is the difference between ‘security’ and ‘trust’ on the internet? Trust is local, security is global. 2015 is shaping up to be the year that consumers and companies both come to this realization. Opportunities to bridge this gap abound as cyber-security start-ups quickly become Silicon Valley’s most recent fascination and venture capitalists have flooded the sector with investment as they look to back the latest technology used to fight criminals online.
On the whole, we’re doing a great job at securing the internet and developing new technologies to allow for enhanced personal data protection. But if security is to be viable, it must be engineered at the global level. Enter Big Trust, the new coin of the realm that is rapidly replacing the market’s fascination with Big Data.
At the recent World Economic Forum in Davos 2015, Big Trust emerged as a concept that gives due weight to trust’s importance in the digital age. Companies that embrace Big Trust and prioritize security over customer-data commercialization will be rewarded by consumers who tire of repeated intrusions into their privacy.
At this year’s Davos Conference, I moderated a round table on CyberSecurity and participated as panelist at the New Business Context: Risky Business session. One conclusion was that with billions of people around the world have grown increasingly distrustful of the internet and that the urgent necessity for a new model has emerged. Big Trust. Our panel also concluded that there is actual commercial value in offering trust and security. The fundamental right to privacy is at stake and if users begin to abandon the Internet because of security concerns, the multitude of recent positive developments in digital communications will be lost. All kinds of applications and firms will be negatively affected, including social networks that need further customers and governments that rely on cloud computing.
Our Davos panel also weighed the challenges of scaling up user-centric solutions and they loom large. Sufficient venture capital funds must be sourced. Support from professional business service firms must be won. Mobile telecommunications networks, typically the least secure, have undergone massive expansion. Finally, our world is becoming increasingly interconnected and multipolar.
Other participants called for collaboration around faster-moving experimental projects in which the new demands of users help feed processes of entrepreneurial innovation in digital identity and personal data management.
One of the most mature and concrete examples of Big Trust on the Internet are the root systems we have developed in Switzerland in collaboration with OISTE*. These systems are created and maintained in secure military bunkers under the Swiss Alps. In the past these vaults held gold, but now they protect something more important – your privacy.
- With big data, the Internet of things and the arrival of new generations of powerful ubiquitous communication along with convergence and cloud computing, we are on the move into yet unchartered territory in digital communications.
- A wealth of new services, meeting our outstanding needs in health, education, commerce, and public services, stand to be developed and scaled in ways never seen before.
- Continued disorderly access and uncontrolled diffusion of personal information without our knowledge harbours significant risks for misuse.
- Usability and security are currently subjected to trade-offs that create difficult choices for how to strike the balance.
- It is becoming increasingly expensive and distortive for financial and other sectors to insure and protect themselves against the risks of cybercrime taking advantages of security glitches.
Against the background of
- Billions of new human users – most of them members of a young generation – are set to join the Internet.
- Trillions of devices, ranging from critical infrastructures to sensors to cars to refrigerators to toys or even watches and clothes, stand to go on line.
- Each user and device will have to be embedded in trusted frameworks of authentication and authorisation framed, in a myriad of constant borderless exchanges and transactions.
- Devices will be set to take decisions automatically and autonomously.
We, the under signers, agree on the importance of:
- Mitigating security risks and increasing trust in this dense digital environment, with much higher precision and at lower cost than is the case today
- Initiating effective collaboration to put in place a coherent system for electronic identities, capable of handling derived identities, operating for humans as well as for devices.
- Putting users in better control of their digital identity, including what data they share and of their privacy,
- Ensuring trust interoperability between Cryptographic Rootkeys.
- Paving the way for trusted search and other e-services,operating across sectorial and national boundaries
We therefore agree to
- Plug into the proposed Single European Digital Identity Community as envisaged by the Digital Agenda (DAE) in its Key Action 16, collaborate with ETSI, W3C, and IEEE, and engage with the ITU,OECD, ISO and other multilateral and international bodies of relevance to the global linkages and ramifications.
- Build upon the Davos Charter of 2014 “Addressing Identity Management, Privacy, Security and Trust in Digital Communications” ()
- Draw upon the work that has been undertaken on new frameworks and business models, e.g., an Individual Digital Identity (INDI) by the GINI project (), comprising user control in sharing personal information, a new generation of service delivery, public data provision and user-driven operator services ensuring the integrity of data, reputational protection, intellectual property rights protection and trust;
- Benefit from the provision of OISTE ‘s Rootkey () and its innovative neutral Trust Framework.
- Further examining how to recognize diverse technical solutions, including requirements of common protocols, Defining what legal cross-border interoperability is required for orderly authentication and authorisation in the world of tomorrow?
In order to Achieve:
- A coherent system for trusted identities, operating for humans as well as for digital devices.
- A neutral platform for all stakeholders, bridging Multiple Jurisdictions, to address issues of Cyber Security, Search,Privacy and Data Governance in a secure and open Internet.
* The OISTE Foundation, is a Geneva-based, not for profit organization, founded in 1988 was created with the objectives of promoting the use and adoption of international standards to secure electronic transactions, expand the use of digital certification and ensure the interoperability of certification authorities’ e-transaction systems.
This article is published in collaboration with WISeKey. Publication does not imply endorsement of views by the World Economic Forum.
To keep up with Forum:Agenda subscribe to our weekly newsletter.
Author: Carlos Creus Moreira is Founder and CEO of WISeKey, a Geneva-based World Economic Forum Global Growth Company and.pioneer in digital protection, online trust and privacy protection since 1999.
Image: An internet cable is seen at a server room in this picture illustration taken in Warsaw January 24, 2012. REUTERS.