In this series of posts I describe the possible futures of the privacy plate shift we're riding right now and how it relates to the landscape of security. See SecuriTea Leaves Part One for more detail.
Future 2. No privacy. Strong persistent security. Teleportation a maybe.
This future shares much with future 1 and is possibly just a stepping stone on the same trail. Like future 1 this world has voluntarily given away its privacy, leaving little of ones life out of public view. What differs here is that individuality is still very important.
People won't mind if their emails are made public. They just won't want someone speaking for them using their identity without permission. A person won't mind being one voice amongst millions, but they will still desire the likes, the lols, the smiles, follows, ratings, and promotion. In this future every picture you take is immediately uploaded to the cloud, (now a shared international database), using facial recognition to automatically tag you and all your friends. Every step you take is logged, every purchase you make is known, each entertainment choice is tracked and it has your name on all over it, but the phrase invasion of privacy never crosses your mind.
This future requires significant security to maintain. To protect the integrity of the data for the individual, identification verification security and general information security becomes very important.
For security of identification there will have to be multiple checks, a verbal password with constant retinal presence. A perpetual presence indicator (PPI) is what maintains validity of the person to the action. If you're not looking at what you're creating, or if the eye isn't yours, then the access is cut off. Security of the information itself will be difficult, keeping it both open but safe from alteration. Security priority here is not to keep it from public view but to keep the relationship of author to text or action valid.
This trust of the person-to-action relationship is most impactful and relevant with banking transactions, and that's where both the consumer and industry will want to position a mutual fulcrum and where this future has its genesis.
At some point, in the not too distant future, banks will no longer foot the bill for every purchase on a stolen credit card or money transfer made with stolen login credentials. They will turn the responsibility back to the consumer.
"Protect yourself, because we won't."
People might then be a little more cautious when using their cc online or they might embrace encryption or additional personal security options, but it is more likely people won’t voluntarily change their habits at all. Security changes will have to be forced on them.
Banks will effectively pass the buck, requiring a user of their online services pass several security requirements in addition to the PPI (AV, non public wifi use) before being allowed access to their own accounts. If you don’t qualify, you don’t get in. Retailers won’t rush to join this security revolution but it will be forced on them as well. The banks will require new security regulations of payment processing groups to guarantee the validity of the end user which will then trickle changes into the entire online shopping experience.
With so much awareness of you and your actions, this future world is incredibly personalized. What lives now as targeted ads and improved directions to your home will be mood based music selection, automatic grocery list creation, calendar planning (including television viewing, exercise schedule, and party attendance responses). Decisions will be made for you and they’ll be the same ones that you would have made. Doctors send prescribed medicine to you without you visiting them or even knowing you have a problem. Spending habits are so guided that budgets don’t factor into the purchases. Each day is laid out before you. Life becomes a big to do list.
Do you think this is a possible future? Thinking about this future as a complete world, what doesn't fit or what did I miss? Could this idea of a PPI provide enough assurance that an action or data transfer/creation was made by a certain user? Can data sharing ever be really secure, especially when databases are linked? Does taking away choice make life easier or happier, or do we need the chaos and uncertainty to be people of substance?
Other posts in this series: SecuriTea Leaves
Part One: The introduction
Part Two: Possible Future 1