Roles for Information
While the Standards of LIFE presents a valid model for the organization of any society, irrespective of the advancement of their technological capabilities, and it also specifically leverages an in-depth understanding of modern information technologies for the benefit of the society as a whole. Information technology is already indelible in the fabric of societies around the globe and its integration into public policy and governance is past due.
Informed & Active Citizenry
The health and well being of all in any society are dependant on an active and informed citizenry that allows, and benefits from, the involvement of all in the democtratic decision making process. Free access to information is crucial and, together with freedom of speach, provides the bedrock for a free press.
Adjoined to information access as a pillar of our freedom, is the security and accuracy of the information about us held by governments and private institutions. Our privacy, our freedom and our personal security is inextricably tied up with the electronic data about us, and that makes electronic identity management a vital concern for us, as individuals and for our societies as a whole.
Harnessing the true potential of our economic output requires that we free the individual to make the contributions they are best suited to make. This compliments our existing enterprise economies with a resilient and sustainable micro economy. All markets need a marketplace within which demand and supply meet eachother and exchange value determined by the customer and supplier. The macro and enterpise markets can function in the marketplaces of macro government and capital intensive retail agglomerations we call “malls”. The micro economy needs a marketplace within which diverse and dispersed micro customers can meet micro suppliers and it is modern information technology that makes this possible.
Micro economic activity is vastly more resilient and sustainable than macro enterprise economic activity and yet is dependant for its functioning on the availability of a marketplace supported by technology that is macro in its conception and execution. The high value of the micro economy to our societies and the need for broadly available unperpinning technologies means that public services must provide at least the minimal enabling infrastructure such that it can operate effectively without the selective or optional investment of private parties.
In short: the micro economy must be guaranteed a marketplace and the only way to do that is to make it available on a public infrastructure.
In addition to maketplace provisioning, technology can make the vast amounts of data collected by government in the normal course of their regulatory activites, such as census data, available to people to assist them in the development of their products and services, the indentification of markets and the promotion of their activities.
Service Access & Management
Another critical role for information technology is the enablement of the material support infrastructure, as embodied in BASE.
Information is crucial to the collection of taxes, the provisioning of BASE services and the effective management of both processes. The flexibility and efficiency with which any of the services can be delivered is significantly dependent on the availability and accessibility of an information technology infrastructure.
To bring the benefits of information to individuals and constituencies it is necessary to have a pervasive information technology infrastructure that strives towards two goals:
- the deepest penetration
- the highest security
Achieving the highest levels of penetration will require the involvement of Communities in the responsibility to deliver access to their constitiuents as a primary charter. As access to information becomes a citizen’s right then so does access to the information technology infrastructure. Each layer must take responsibility for ensuring that the infrastructure network crosses their boundries, and Communities have responsibility for pushing access down the ‘last mile’ to individuals.
The most pervasive access will provide access to the kinds of information found today on the Internet. Inevitably secure access to sensitive data, such as personal indentification records, will be less ubiquitously available due to the need to provide more security. Communties can extend general access through the provisioning of public wireless access networks and secure access through the availability of secure public access terminals in facilities such as Community Centers.
There is opportunity for public-private partnerships in extending the reach and penetration of access, but the non-commercial nature of information as a public right and the need to maintain the security of sensitive data with be limitations to the extent to which privately owned communications companies can or will participate.
In technology, security is synomous with isolation. The common refrain being that there is no such thing as a 100% secure system connected to anything else. While this has philosophical validity, in the real world is as possible as it needs to be to create nearly 100% secure systems by following simple principles and to limit the exposure and risk from any security breach using segmentation and tracking.
There are two primary elements that need security: the network and the data.
To provide network security at the same time as meeting the objective for pervasive reach it is necessary to distinguish between general access and secure access.
Secure access requires the use of a certifiably secure connection from a secure access device to a secure network link that maintains a separate transport connection back to secure data stores.
General access assumes that the network connection is unsecured and provides access to the broadest data sets but not directly to secure data stores
The security of information is the real objective of all technology security. Equally important to any technological mechanisms for securing data are the principles of segmentation and tracking.
- Data segmentation is the practice of separating different types of information into different data stores. This improves security by allowing access control to be limited to subsets of data, and by ensuring that a breach of a single store exposes as little information as possible.
- Tracking requires that all access to data is logged, and fulfills the same requirements as notes and minutes do in the normal course of all official business. It provides an audit trail and a reviewable record of activity.
- Encryption and secure authentication are technical solutions that provide data security by making data unreadable without qualified credentials based on a verified identity. these technologies allow sensitive data to be managed by people without them being able to read or access the information in the data.
Taken together, segementation, tracking, encryption, identity and authentication, provide near 100% security that is completed by the ability to determine if there are breaches and what is exposed by any breach.
Communities, as outlined above, have two primary responsibilities: extending the reach of general access and providing facilities for secure access.
It should be the goal of every Community to enable high speed general information access from every residence and most public areas of their constituency.
Satisfying the requirement to provide secure access will require the Community to build facilities that meet security standards and have secure access to the secure public network. Within these facilities they need to maintain devices that qualify as secure access terminals for the use of their constituents.
The standards for the facilities, network access and terminals will be determined at a higher layer and dependant on the capacity of the rest of the system to manage the complexity and maintain integrity.
Regions & above
Broad information access requires that systems are interoperable and conform to recognized standards. Interoperability will require adherence to standards set at the highest layer possible, preferrably at the World level.
Standards are already in place for most of the technical requirements for general access, and are emboddied in the Internet standards already in use around the world.
The standards that need to be developed for secure information access can be readily adapted from existing standards in the analog world for information security and audit trails. These can be combined with technical standards for encryption and authentication to create a first version of the security standards to be used. The xID specification contains many of the detailed elements that must be covered by the security standards and also provides the flexibility necessary for interoperability across constituencies with different capabilities.
The xID specification follows the principles for segmented data storage and requires personal identity information to be held in stores as close to the citizens as is practically possible. Ideally this would mean that every Community would have its own xID store, in practice it will take even today’s most technically advanced societies many years to reach this goal.
xID stores are most likely to start off at the State level because that is where any existing infrastructure capable of providing the service will be. It is important, for freedom and privacy, that the initial plans for xID implementation include the devolution of xID data stores down at least to the Region level at the earliest possible opportunity.