XXX
What are we going to do about the continuous stream of data breaches, identity thefts, bot wars on social media and varied privacy catastrophes that characterise our days? I’ve already said many times that we need an identity infrastructure for the world in which we now live. We need an identity infrastructure that deals with the realities of the modern world, the world of the Nth industrial revolution (where N is 4, or 5, or something similar). But why should this infrastructure be a government priority? Well, it’s because of the nature of that environment. It’s not simply about making life easier when you log in to your bank or to do your taxes. Identity is far more important than that.
I see identity as vital national infrastructure, which is why I want the British government to do something about it. In recent times they have failed in both the physical nation (with the identity card system abandoned by the Conservative government in 2010 after £300m had been spent on it) and in the virtual national (with the gov.verify scheme). It is important that they do not walk away from their responsibility here, although it is just as important that they facilitate national identity infrastructure that is for the future, not the past.
The need is urgent. The UK has no tradition of identity cards or national identification systems, or anything like it. To the British, national identification is “papers, please”: something associated with authoritarian tyrannies, France and wartime. Even in wartime, the idea of requiring people to hold some form of identification was regarded as so fundamentally incompatible with the customs and practices of Her Majesty’s subjects that the last British identity cards (from the first and second world wars, essentially) drew what Jon Agar calls parasitic vitality (a phrase that I love) from other systems such as conscription and food rationing. Identity cards were not an end in themselves, but a means to effect activities in support of a a war effort. Identity infrastructure was created as a form of mobilisation against the enemies of the Realm.
(This dislike of identification as a State function is hardly unique to the United Kingdom today. In America there are similarly strong opinions on the topic and the failure of the Australia card in 2007 stems, I think, from the same common law roots. These views of course stand in stark contrast to the views of almost all other nations of the world. The majority of all people on Earth have some form of state identification and would find it impossible to navigate daily life without it. That doesn’t make the need to be identified at all times either right or proper, as I will hope to demonstrate.)
If a national identification is only possible as part of a war effort… well, we are in a war again and we need an identity infrastructure to support mobilisation in defence of ourselves and our communities. It’s just that this time we’re in a cyberwar and our identity infrastructure needs to support mobilisation across virtual and mundane realms. There was no specific date when this war broke out and there is no conceivable Armistice Day on which it will end. Rather, as Bruce Schneier puts it in his new book “Click here to kill everybody“, cyberwar is the new normal. Or to put it another way, World War 3.0 has already started, but a lot of people haven’t noticed because it’s in the matrix.
(This will, unfortunately, make the war movies of the future rather dull. No more “Dunkirk” or “Saving Private Ryan”, no more “The Dambusters” or “Enemy at Gate”. Instead movies will be about solitary individuals sitting in dimly-lit bedsits typing lines of Perl or Solidity while eating tuna out of a can.)
This isn’t because computers and communications technologies have only just reached the Armed Forces. Far from it: the very first computers were developed to compute ballistic trajectories and part of my young life was spent trying to work out how to use radio and satellite technologies to keep NATO computers connected after a nuclear first strike against its command and control infrastructure. But in those far-off days, the reason for knocking out the enemy’s IT infrastructure was so that you could then send in your tank columns or paratroopers. There were cyber aspects to war, but it wasn’t a cyberwar. Now it’s a cyberwar and in historian Niall Ferguson’s terms, it’s war between networks.
The British response to this new state of affairs has been comfortingly backward-looking. Back in 2013 there was a plan for the creation of a Digital Dad’s Army of well-meaning volunteers to stand on the cyber-beaches to repel invasion. I’m sure behind the scenes they have been working around the clock to defend our electricity grid and water supplies against foreign hackers but I do wonder if the insidious threat from the intersection of post-modernism and social media had as a high a priority? XXX Explicit XXX
(I should explain for foreign readers that “Dad’s Army” was a popular television comedy a good few years ago. It was based on the hilarious antics of a bungling unit of the “Home Guard”, which was the amateur domestic defence force created during the Second World War, or Great Patriotic War, whichever you prefer.)
Marshall McLuhan saw this coming, just as he saw everything else coming. Way back in 1970, when the same Cold War that I fought in was well under way, he observed that “World War III is a guerrilla information war with no division between military and civilian participation”. Indeed. And as we are beginning to understand, it is a war where quite often the control of the enemy’s assets is more important than their destruction.
These enemies may not be foreign, but domestic. Smart cyberrebels will want to XXX take Facebook over, just as rebel forces set off to capture the radio and TV stations first: not to shut them down, but to control them. The lack of identity infrastructure makes this easy for them. While writing these words I read of (yet another) complaint about social media companies doing nothing to control co-ordinated bot attacks. But how are they supposed to know who is a bot and who isn’t? Whether a troll army is controlled by enemies of the state or commercial interests? If an account is really that of a first-hand witness to some event or a spy manufacturing an event that never happened?
Social media are creating entirely new opportunities for what The Economist referred to as “influence operations” (IO) and the manipulation of public opinion. We all understand why! In the future, “fake news” put together with the aid of artificial intelligence will be so realistic that even the best-resourced and most professional news organisation will be hard pressed to tell the difference between the real and the made-up sort.
The need to tell “us” from “them”, real from fake, insiders from outsiders, attackers from defenders is critical and the lack of an identity infrastructure as well as the creation of identity infrastructures that are too easy to subvert XXX manipulation XXX stronger and border XXX are both roads to chaos
Philip K. Dick
We need to create an effective infrastructure as a matter of urgency but it should not be framed in the context of a 20th-century bureaucracy responding to the urban anonymity of the industrial revolution by conceiving of people as index cards, but in a 21st-century context based on relationships where both security and privacy are strengthened, twin foundations for structures we need to protect and survive.
If this all sounds over-dramatic: it isn’t. I think it is perfectly reasonable to interpret the current state of cyberspace in these terms because the foreseeable future is one of continuous cyberattack from both state and non-state actors and digital identity is a necessary building block of our key defences.
We may or may not need a Space Force, but we most certainly need a Cyberspace Force.
Snippings 