Global Innovation Outlook - Security and Society

Posted by Gunter Ollmann on May 28, 2008 at 2:26 PM EDT.

Over the last couple of weeks I’ve been privileged to participate in the Tokyo and Taipei sessions of IBM’s Global Innovation Outlook (GIO). For those of you who don’t know what the GIO is, it’s an annual program that began back in 2004 whereby IBM opened up its annual technology and business forecasting processes to the world.

Essentially, IBM pulls together a mix of industry experts and technology influencers from around the world for a series of “deep dives” (consisting of free-form conversations bound by a very loose agenda – which was pretty much forgotten after the first couple of hours at both Asia events I participated in) in a handful of (lavish) locations around the world and, after completing the deep-dives, brings all the findings together into a series of publications.

If you visit the GIO site at you can download the previous year’s studies.

This year there are two focus areas; “Security and Society” and “Water and the Oceans”. You can probably guess which topic I participated in…

The “Security and Society” focus area was proposed as “the challenges every organization and individual faces resulting from the changing nature of security in an interdependent global society” or, as the GIO Web site states more fully,

The 21st Century has brought with it a near total redefining of the notion of security. Be it identity theft, border security, or corporate espionage, the security of every nation, business, organization and individual is in constant flux thanks to sophisticated technologies and a growing global interdependence. All aspects of security are being challenged by both large and small groups — even individuals — that have a disruptive capability disproportionate to their size or resources. At the same time, technology is providing unprecedented ways to sense and deter theft and other security breaches.

Businesses are looking for innovative ways to better protect their physical and digital assets, as well as the best interests of their customers. Policy makers are faced with the dilemma of enabling socioeconomic growth while mitigating security threats. And each of us is charged with protecting ourselves and our assets in this rapidly evolving, increasingly confusing, global security landscape.

My Perspective on the Proceedings

I really enjoyed the deep-dives and the flow of discussion that came from both sessions. It was incredibly interesting to observe how the mix of hosting location and participants drove unique perspectives on this very broad topic.

One consistent theme between both sessions was the role of government in providing necessary legislation and enforcement for Internet security in order to protect both privacy and society. As a result, we spent a lot of time covering how governments could evolve future incentive platforms (both carrot and stick), as well as reviewing some of the things that have worked (and failed) in the countries of the participants. However, it was clear to all that in a networked world in which criminals can conduct their fraudulent and illegal activities across multiple national borders, agreement of policies and the ability to police and enforce them is an increasingly tough hurdle to overcome. That said, practically everyone agreed that governments have yet to fully grasp future legislative and collaborative requirements – and a lot of education is necessary to avoid counterproductive reactive measures.

With that in mind we also discussed how online communities can effectively police themselves in some circumstances – based upon some experiences to date. For example, flame-wars driving off unwanted participants, anti-leaching peer-to-peer networks, online auction evaluations of sellers and MMORPG gaming factions - but also bearing in mind theres a fine line between community enforcement and mob rule.

An interesting aspect to the discussions included the dimension of “identity” – in particular what an identity entailed and how it drove behaviors. While we’re all familiar with the identity established by government issued documents (e.g. drivers license, passport, birth certificate, etc.), and how physical-world identities can be linked together (e.g. employment identity, family member identities, etc.), in a networked world the norm is to have multiple identities that are not typically linked together. For example, an identity used for online gaming versus an identity compiled from Web browsing habits.

The identities assumed in a networked world tend to be more varied – whether that’s due to an assumed anonymity or something else, who knows; we’ll leave that for the sociology and psychiatric professionals. And, more importantly, these assorted identities are used to engage with different social networks (for good or bad).

Because most social networks are infrequently linked together, the probability that governments can readily connect identities together is remote – which of course makes it more difficult to enforce laws, and perhaps emphasizes community policing?

Related to this discussion was the increasing role of business in protecting identity information. This appears to be pretty difficult. While there have been a constant stream of reports of business that have failed to adequately protect the personal information they were entrusted with, we have also think about information being accumulated today that may not appear personal or personally identifiable, but could become so in the future – especially if it is shared amongst different businesses and likely to be correlated. Personally, this is an area that I think governments should provide better oversight of.

Then again, since we’re looking in to the future, given the age and occupations of the participants at the GIO sessions, does the age-gap have an effect? For example, there was a lot of concern about the level of information being shared by younger generations on popular social networking sites such as MySpace and Facebook. While I myself can be found on some social networking sites, I’d consider myself pretty careful about the type of information I include, let alone publicly share. However, while I’d cringe at the thought of posting family photo’s there and my personal contact details, I appear to be in the minority.

So the question then becomes, when these youngest members of social networks (that share as much information about their personal life as possible) become old enough to open their first bank accounts and apply for a mortgage, how will the security mechanisms that we rely upon today to verify identities have to had changed? – I have no idea. Ask me again in 10 years time.

In the end, having participated at the sessions in Tokyo and Taipei, I think we raised a tremendous number of unanswered questions – but also identified many areas in which future collaboration and education will be critical in helping to solve them.

There are still a couple more sessions to be conducted in North America before the GIO team begins their work final bringing it all together and publishing the results. I don’t envy them that task. Given the breadth of the discussions, they’ll have their work cut out. That said, the GIO organizational team have had a lot of experience managing these focus topics and the quality of their work is evident in their previous publications.

I really look forward to seeing how they pull together all the ideas and concepts from the various sessions around the world in to publications that will shape the future of “Security and Society” and IBM’s technology investments.

    Copyright 2001-2008 © Gunter Ollmann