05 January 2015

2015: Risk of Trust Decisions 25 Years Later...

Operational Risk Management (ORM) in 2015 will encompass a higher degree of focus on the corporate enterprise privacy debate.  The "Privacy vs. Security" battlefield has been gaining momentum, as a result of the rapid pace of data breaches and massive corporate data espionage.

General Counsel in collaboration with outside law firms are developing new legal strategies for data loss incidents. "Incident Attribution" and proving harm by nation states is going to be a new defense, as the sophistication of malware payloads approaches the intent of "Stuxnet."

"Trust Decisions" are being made at light speed by a system-of-systems to operate the global banking and e-commerce infrastructure.  Connected globally by billions of computing machines, each of these digitally enabled humans are making dozens if not hundreds of digital trust decisions on a daily basis. Those trust decisions incorporate a number of rulesets known and unknown to the decision maker. The potential legal consequences of the wrong privacy policy or gap in compliance can cost your enterprise millions of dollars:
In 2007, a class action lawsuit was filed in the United States District Court of the Northern District of California against Facebook on behalf of 3.6 million users of Facebook concerning its “Beacon” program. KamberLaw represented the plaintiffs in this action and Cooley LLP represented Facebook. This suit was settled in 2009 and was granted final approval by the Hon. Richard Seeborg in March 2010. As part of the settlement, the parties created the Foundation (the Digital Trust Foundation) “the purpose of which shall be to fund projects and initiatives that promote the cause of online privacy, safety, and security.” The case settled for $9.5 million, with the Foundation receiving approximately $6.7 million after attorney’s fees, payments to plaintiffs, and administrative costs. There were four objectors to the settlement, two of whom appealed the approval to the Ninth Circuit Court of Appeals and subsequently the Supreme Court. But ultimately, in November 2013, the appeals were rejected and the Foundation was funded. The Foundation will distribute more than $6 million and will close its doors once all of the grants have been distributed and completed.
In this particular legal case of Facebook, the $6,000,000 in fees to further educate youth, understand socioeconomic status and privacy, assess digital abuse and enhancing privacy technologies will not solve the problem at hand.  This brings us back to "Trust Decisions."

Jeffrey Ritter believes in "Building Digital Trust" and he captures the essence of where the future solutions to help solve the global privacy problem will be found:
I discovered that, to build digital trust, I had to first stop and learn how humans achieve trust itself. In doing so, I figured out that trust is not an emotion; trust is an outcome of a complicated calculus that each of us performs countless times each day as we interact with the world around us. Trust is a decision process. The process is based on catalogs of rules we assemble and the information we gather with which to evaluate whether our assembled rules are being satisfied by the person, the tool, the system, or the information we are deciding whether to trust.
 A "Trust Decision" by a machine, involves the interpretation of a ruleset (databases of rules) that are established for a set of semiconductors and microprocessors to execute.  In most cases the initial ruleset was written in code by a human. Therefore, the software computer code that was written for the machine to execute, will therefore have flaws.  It will be capable of failure, errors or omissions. These instructions query other rulesets (laws, policies, historical precedence) that assist the human in making trust decisions.  This is just one of the reasons for the existence of data breaches.

2015 and beyond will be an opportunity to further define and debate our "Trust Decisions."  The years and decades ahead will be full of asymmetric warfare, that is fought by criminal syndicates for hire and implemented by rogue nation states themselves.  All accomplished utilizing this invention, we call the "Internet."  The same "Zeros and Ones" ecosystem we built to connect our billions of man-made machines.

A recent visit to the Computer History Museum in Mountain View, CA is a reminder about how far we have come and yet how much we are still in our infancy.  The Internet history timeline begins in 1962:
This Internet Timeline begins in 1962, before the word ‘Internet’ is invented. The world’s 10,000 computers are primitive, although they cost hundreds of thousands of dollars. They have only a few thousand words of magnetic core memory, and programming them is far from easy.

Domestically, data communication over the phone lines is an AT&T monopoly. The ‘Picturephone’ of 1939, shown again at the New York World’s Fair in 1964, is still AT&T’s answer to the future of worldwide communications.

But the four-year old Advanced Research Projects Agency (ARPA) of the U.S. Department of Defense, a future-oriented funder of ‘high-risk, high-gain’ research, lays the groundwork for what becomes the ARPANET and, much later, the Internet.
By 1992, when this timeline ends,

  • the Internet has one million hosts
  • the ARPANET has ceased to exist
  • computers are nine orders of magnitude faster
  • network bandwidth is twenty million times greater
We are now arriving at the 25th anniversary of Tim Berners-Lee's first proposal for the World Wide Web.  Little did Tim know, that it would become the core focus for Operational Risk Management (ORM) in our digital enterprises in the year 2015.

No comments:

Post a Comment