In his acceptance speech for the Lifetime Achievement Award at RSA Conference, Art Coviello once again, as so many times in the past, showed the exceptional insight and leadership that has been his hallmark throughout his career. There have been many discussions this week about the interrelationship of privacy and security, particularly in the context of the legal issue between the US government and Apple. But it was Art who challenged the audience to look beyond that issue to a larger question. "The issue of privacy and security," he said, "is the defining issue of our time." Trust in the privacy of our online communications was foundational to the development and adoption of digital technologies. The safe exchange of personal and payment information underpins our interactions in the online world, with respect not only to commercial and consumer transactions but also interpersonal and social activity. Privacy and security are both essential not only in the digital world, but in our physical world with which the digital world is now so tightly knit.
(Image from RSA Conference US 2016)
This was the message not only in Art's acceptance speech, but also in his preface to the white paper "Advancing the Dialogue on Security and Privacy in the Digital World" that has just been released by the Digital Equilibrium Project. At a summit of cybersecurity leaders from around the world, held on the first day of RSA Conference, we had an extensive discussion of the Digital Equilibrium Project, of the contributions it will make to government policy, industry strategies and public awareness, and of the ways in which the work of the project can best be supported and leveraged. The project has already brought together a group of extraordinary individuals with a passionate concern for this topic, supported by expertise from McKinsey in the development of this first white paper. This is a working group, inviting all of us concerned with this defining issue of security and privacy to join in a constructive dialogue: defining the issue, establishing our common ground, actively engaging multiple perspectives that, like the diversity of our societies, enable us to create stronger, more flexible and more resilient constructs for the architecture, implementation and use of the digital environment.
Several years ago, I wrote about security and privacy as "partners in trust". The relationship between security and privacy is often spoken of as a balance, the gravitic equilibrium of two opposed weights. But the equilibrium we need for privacy and security is more dynamic, interactive and cooperative than such a metaphor implies. Think instead of the complex dynamics of active agents in equilibrium within a solution: cooperating in the effect they achieve, constantly adjusting in position and concentration, actively responding to changes in the conditions around them.
It is this essential dynamic interaction of privacy and security that has led the Digital Equilibrium Project to envision what is needed as a constitution rather than as a book of laws, as a framework rather than a blueprint, as a guide rather than a specification. "The framework must embody basic beliefs and guiding principles that will be meaningful beyond any evolutions of technology." (p. 13) It is an ontology of trust, the mutually-agreed conceptual fundamentals that enable discussion across differing perspectives, transforming speaking against each other into speaking with each other.
As Bruce Schneier wrote many years ago, there's no security without privacy; security and privacy are complementary, not in opposition. They are mutually supporting, interconnected and interacting, two dimensions defining a plane of trust. But that mutual support, those interactions are as complex as the social engagement they underpin and enable. The Digital Equilibrium project will be extremely valuable in helping all of us achieve the dynamic equilibrium of privacy and security that we desperately need. I'm looking forward to my own participation in the project. I hope you will join the conversation as well.