People: THE AUTHENTICITY INFRASTRUCTURE
Question 1 Authenticity calls for pervasive digital signatures by reliably identified human beings. How do you protect the private keys, while making them available for digital signatures?
Answer 1 The PEN Component
Nothing we do with computers, phones, tablets, or other information appliances will be secure until there is a sound way to keep files, directories, identifiers, and other important items in a truly protected space. That in turn requires isolation of private keys, or PENs.
Question 2 Reliable digital identity certificates, professional licenses, and occupancy permits call for a reliable source of issuing public authority that is independent of any geographic jurisdiction. Where do we find such a source of duly constituted global public authority?
Answer 2 The Public Authority Component
On March 7, 2005, the City of Osmio was chartered at the Geneva headquarters of the oldest international governance body in the world, the International Telecommunication Union. Osmio’s Vital Records Department is a certification authority that limits its practice to creating, maintaining, and protecting identity certificates. Osmio’s Professional Licensing Department will issue licenses that allow architects, contractors, and building inspectors to sign plans for facilities and occupancy permits. Osmio’s authority is strictly limited to those who choose to accept it, and its governance is as participatory as that of a small New England town.
Question 3 How do you establish identity in the first place?
Answer 3 The Enrollment Component
Enrollment can be costly or not, depending upon the level and categories of rigor needed by relying parties. The Enrollment Component ensures that evidence supporting a claim of identity is gathered properly for the requisite level of rigor and presented along with the public key in a certificate signing request to the Osmio Vital Records Department.
Question 4 When people identify themselves to you, how do you know how reliable their claim of identity is?
Answer 4 The Identity Reliability Component
The foundational identity certificate is accompanied by other certificates and by an identity quality record. Very little might be revealed to a relying party about the people identified, other than their identity quality information and the fact that the identity certificate has not been revoked. Despite that anonymity, the Identity Reliability Component establishes accountability.
Question 5 Personal control of information about oneself has been a long-sought goal of privacy activists. How can a universal identity credential restore privacy rather than erode it even further?
Answer 5 The Personal Information Ownership Component
The foundation of real privacy is your own control over information that identifies you. Without such strong controls, individuals will rightfully resist the idea of a strong identity infrastructure. While the companies that accumulate information about you regard that information as their own corporate asset, the PIOC provides technological and legal tools by which you can reclaim that asset as your own personal property. The PIOC accomplishes accountable anonymity, letting you assert your identity without revealing your identity.
Question 6 We value anonymity, but at the same time we want others to be accountable. What happens when someone whose privacy is protected anonymously harms me, my community, or my country?
Answer 6 The Accountability Component
As QEI must protect your privacy, it also must protect your right to recourse if you are harmed by someone whose privacy is similarly protected. Law enforcement must also be able to seek a court order for identity disclosure when a legitimate court deems it necessary for the protection of public safety. The Accountability Component ensures that due process prevails even in jurisdictions that are not known for adherence to due process.
Places: THE INDOORS INFRASTRUCTURE
Question 7 By what standards are we assured that an information facility is habitable, that is, secure and manageable?
Answer 7 The Building Codes Component
Your information is never secure in a private, cryptographic tunnel if it is exposed at the ends of the tunnel. Indeed, a tunnel can be less secure than the outdoor space around it, because it gives its occupants a false sense of security. Building codes are sets of standards and procedures that ensure the integrity of the virtual buildings that enclose, for example, the ends of tunnels.
Question 8 How do we bring the benefits of InDoor spaces to our computers, tablets, and phones?
Answer 8 The InDoor Operating System
We can work around the vulnerabilities of popular operating systems so that the components of QEI provide genuinely secure, manageable, usable, and private space inside those systems. An even better solution for the long term will be to exchange today’s vulnerable and cranky old operating system foundation for a more reliable, secure, and manageable one, while keeping most of the familiar user interface and application programming interfaces.
Question
9 Who decides whether a facility is
habitable, that is, that it conforms to building codes?
Answer 9 The Professional Licensing Component
As with physical real estate, our bounded online spaces need qualified architects, contractors, property management people, and building inspectors to ensure that they serve our purposes. The Professional Licensing Component provides a system of certification of their professional credentials and of the results of their work, as well as of the work of attestation professionals and others.
Question 10 How do we bring privacy and authenticity to social media?
Answer 10 The Community Component
Where are these online buildings built? Who owns them? Who pays for them? How do they connect to each other in a rational way? How does online real estate become profitable? We find our answers in the surprising intersection between the media industry and the urban planning profession.
Question
11 Can the outdoor public transport
system also benefit from QEI?
Answer 11 The Public Roadways Component
The roadway system, the Internet, is far ahead of the real estate, the secure online places where people can safely gather. Its protocols, like those for the next generation of concrete interstate highways, are well established. But the facilities that control the Internet are entirely too vulnerable to criminals and vandals. Access controls based upon measurably reliable identities, as well as professional licensing, must be put in place for DNS and other essential roadway components.
Things: THE COMMON VOCABULARY INFRASTRUCTURE
Question 12 Strict definition of terms reduces confusion in the world of building codes and permits.
Can terminology standards reduce rampant “FUD factor” confusion in information technology?
QUIET ENJOYMENT
Answer 12 The Common Vocabulary Component
What information technology provides to the online world is no more mysterious than what architects, contractors, and property managers provide to the physical world. The Common Vocabulary Component requires the use of standardized terminology in the permitting of new facilities. By using the well-understood language of architects, structural engineers, contractors, property managers, and building inspectors, management can finally direct information technology, rather than the other way around.
As you can see, the real estate theme is not just an illustrative metaphor. QEI is indeed about indoor spaces. Think about it: Where do you go to get things done, to pursue your life’s various agendas? While we enjoy the outdoors, we get things done in buildings.
Some people a long time ago told us that the Internet was a highway. Fine. A principal use of highways is to bring us to buildings. Learning, shopping and doing business by the side of a busy highway is just a nutty idea. It is the source of our problems.
This book is about real estate.
The Quiet Enjoyment Infrastructure and its 12 components are described in detail in Part Two. Before we get there we’ll need to make the case for why it’s needed and why it needs to be designed, built and deployed in certain ways. But if you’re already convinced, then by all means skip ahead to Part Two.