|Topic:||The wicked problem of privacy and security
in the opportunity-driven, connected person world
Konstantinos Karachalios, the Managing Director, IEEE-Standards Association, is an internationally-recognized leader within the standards development and intellectual property communities, and has extensive expertise in public policy, strategic planning, and the non-for-profit sector. His leadership efforts played a crucial role in the successful international cooperation between Germany and France in the areas of coordinated research and scenario simulation pertaining to large-scale nuclear accidents.
Following the success of these cooperative international endeavors, he joined the European Patent Office (EPO). It was with the EPO, his most recent tenure, that Konstantinos encountered some of his greatest successes. Among the highlights of his career within the EPO are his creation and leadership of the EPO’s International Academy, the Department of Technical Assistance to the Middle East and Africa, and the Bureau for Public Policy Issues, and his guidance and insights as the EPO’s envoy to a number of United Nations organizations. As scenarios analyst and co-editor of the EPO’s book “Scenarios for the Future: How might IP regimes evolve by 2025? What global legitimacy might such regimes have?”, Konstantinos contributed to repositioning these important issues, reframing the way in which they are debated in the global arena, and initiating and coordinating strategic responses to the challenges raised by those discussions.
Konstantinos earned his PhD in Energy Engineering (Nuclear Reactor Safety) and his master’s degree in Mechanical Engineering for the University of Stuttgart.
Cyber-security in the globally emerging reality of the ‘connected person’—in which people are connected ubiquitously across smart cities, smart buildings, smart cars and, perhaps, through sensors even on or in their bodies—qualifies as a classic case of the wicked problem. It is a problem of many interdependent parts, and a solution in one area can yield dramatic, often unforeseen ramifications in multiple others.
In a world in which more and more sensitive personal data is being shared more and more rapidly and widely around the world, privacy and security concerns are the talk around conferences, offices and media everywhere. Unfortunately, such talk frequently can veer into fuzzy, not especially productive discussions of abstract notions that are defined very differently in market to market and industry to industry around the globe.
To move beyond the theoretical and gain an actionable understanding of access control for information sharing today and where some of the real-world successes and challenges are being found already demands a shift in conversation to more concrete, tangible concepts. Assumptions of privacy and security can be hard to define and put bounds upon, but tools such as user choice, control and consent are more definitive—and, indeed, are capabilities that are starting to be achieved in some of the world’s most exciting areas of innovation, such as augmented reality, e-health, the Internet of Things (IoT) and the smart grid.
The globally open standards-development environment provides the equitable, multi-stakeholder forum—across national boundaries and diverse areas of technology development—in which real progress can be forged today.
Breaking down the wicked problem
Cyber-security in the globally emerging reality of the ‘connected person’ – in which people are connected ubiquitously across smart cities, smart buildings, smart cars and, perhaps, through sensors even on or in their bodies—qualifies as a classic case of the wicked problem. It is a problem of many interdependent parts, and a solution in one area can yield dramatic, often unforeseen ramifications in multiple others.
As it has proven to be throughout the development of the Internet, componentization is crucial in a space that is so complicated. Engineers may build in as much modularization as possible to information systems—even if the necessity of such modularization is not clear from a design-engineering standpoint. This modularization approach enables development downstream to proceed with much less ancillary, unintended effect rippling out in other areas across the infrastructure. Building into systems distinct functions and services ultimately stands to create a more stable whole.
Such a modular approach to innovation is gathering form across information security and privacy.
Asking more meaningful questions
What is ‘privacy’? What is ‘security’?
How are these concepts defined? Both average users and experts may answer those questions in unique and yet overlapping ways. While ‘security’ is often thought of as the protection of data, ‘privacy’ is more about the management of data sharing. Some key differences in perceptions of the concepts of ‘security’ and ‘privacy’ are apparent due to cultural, behavioral and political norms that vary from market to market and industry and industry worldwide. In Sweden, for example, a person’s salary is generally not regarded as so sensitive a piece of data as it is in, say, the United States. Such contextual differences make talking about broad notions of privacy and security challenging; process and decisions depend on whom you are talking to, where you are talking to that person and what you are thinking about doing with the pieces of information that are in question.
On the other hand, concentrating the conversation on the individual components on which privacy and security are being achieved is helpful: What is “choice”? I can choose one or the other. What is ‘consent’? I can say ‘yes’ or ‘no.’
In this way, discussions become more actionable and tangible components where modularized functions can be plugged in and configured appropriately to achieve the privacy and security goals of stakeholders in a given application. Choice, access control and consent are tools that are already being applied today in contextual ways.
Yet there is more work to be done to advance implementation of these types of tools, and the burden of personal data management should not be placed on the user alone.
Global participation in standards development
The globally open standards-development environment is one of the key places where that work will take place in the years ahead. Shared challenges such as privacy and security that cross so many dimensions of geography, technology, culture and behavior are highly informed through engagement of communities of interest.
For example, many industries share a stake in development of technical solutions and policies in these spaces. While each industry sector has its own unique set of priority variables to consider, a common core of requirements may exist. Addressing those common requirements together saves costs, resources and time, while enabling technology innovations for humanity with better opportunities for achievable user confidence in the systems where users engage.
The globally open standardization paradigm that is encapsulated in the “OpenStand” principles (www.open-stand.org) is based on the processes and lessons learned over decades of standards development, particularly for the Internet. The Internet has revolutionized the way humanity globally lives, works and plays. Foundational technical standards developed via a globally open model of development that invites participation from across all industrial, technological and geopolitical borders form the very lifeblood of the Internet.
The IEEE Standards Association (IEEE-SA) embraces the OpenStand principles—as do other leaders in the information privacy and security space, such as Kantara Initiative, a non-profit organization enabling trust in identity services through compliance programs, requirements development and information sharing. OpenStand demands:
• respectful cooperation among standards organizations;
• adherence to balance, broad consensus, due process, openness and transparency in standards development;
• commitment to “collective empowerment,” in that standards foster technical merit, interoperability, competition, innovation and benefit to humanity;
• availability of standards to all for implementation and deployment, and
• voluntary adoption and success is determined by the market.
The OpenStand paradigm has proven its ability to advance innovation in a variety of technology spaces and to accelerate and broaden market uptake of cutting-edge products and services with far-reaching societal benefit. Furthermore, the globally open (in terms of both input and output), inclusive and fully transparent OpenStand model of standards development has helped take down traditional barriers, facilitating global trade, across regions and national borders and enabling expertise across technology silos to address and solved shared problems cost-effectively and efficiently.
The standards model defined by OpenStand is broadly extendable to technology spaces across today’s economy of borderless commerce. The openness and inclusivity that are hallmarks of OpenStand are especially important in those technology spaces where political, cultural and behavioral questions loom as large as do technological ones. Certainly, privacy and security in the connected-person world qualify in this regard.
Inviting everyone—regardless of their market or industry—into the conversation about the concrete, real-world component capabilities on which information privacy and security in the connected-person future will be based is the best path to achieving the wicked solution that this wicked problem demands. The globally open standards-development model encapsulated in OpenStand fosters such multi-stakeholder participation.