A dozen years ago (bear with me) I was involved in one of the dot-com boom start-ups using DRM (Digital Rights Management) technology to protect music and other digital content. It was a noble effort to protect information, but as we all know there has been somewhat of a battle in the music industry since that time … balancing the benefits of protecting digital information against the benefits of allowing it to remain open.
Mr Jobs’ negotiations with the music industry to provide DRM-free content through iTunes demonstrates the benefits (to listeners and the
industry) and a viable business model without the use of DRM, but I’m still concerned about my own information and how it is used. In today’s world of multiple identities (for instance, for my work and home lives) how do I separate and manage the use of my information … if indeed I can. So that got me contemplating the future of security, and in particular the future of Information Security.
When I share some piece of information – by sending it, posting it or broadcasting it – I do it with a particular hat on; a particular identity. It has context. If that information is consumed out of context there is a risk that it is misunderstood, misconstrued or perhaps at worst misused.
For example if I share images of me and my children on holiday to a limited audience but these images somehow find their way to a public forum (for instance they are reposted by their Grandmother who doesn’t quite understand the consequences of the technology she is using) then I may be mildly embarrassed when they crop up on some work colleague’s presentation. I may be similarly embarrassed by suggesting that my mother has technical challenges if she reads this work-related article.
So how can we deal with this? My vision of the future is that information will become … self-aware. By that, I mean the information will know it’s context and will only permit its use in that context.
Every piece of information will contain with it all of the contextual meta-data required to outline how the information will be used. And just as importantly, I can change the rules regarding how it is used at any time and wherever that piece of information is it will comply. I was explaining this concept to one of my Scientific Community colleagues and he came up with a scenario that I quite like (but is not quite perfect
yet) – that piece of information is on the end of a fishing line, and I can reel it in whenever I want. It’s not just about reeling it in though, it’s about adjusting the envelope, on the fly, so that the information is always (and only) accessed, and used, in the way I wish it to be.
We can also imagine more sophisticated scenarios – consider the ability to pass on some ownership or republishing rights as part of the meta data; and this is not just about access or no access. It’s about how the data is used too – at the moment that photo is not for republishing, not for editing, can be viewed but not included in another work. I may change my mind later and further constrain or relax those rules. The key thing is that this information lives in a fully connected world – I’ll get a little more scientific here and say that is exists in a field and changing the contextual parameters will result in interaction with that data wherever it is in that field.
This doesn’t necessarily require encryption or DRM technology – the meta-data concepts would still apply without this, but the ability to protect against abuse in the big bad world would need some protective measures like these.
The consequence of this vision is that we won’t in future need to rely on the protections (or privacy policies) of individual services – I have some of the social networking services in mind here. We’ll need an open, standard, reliable, trusted mechanism to makes our information self-aware; wherever it is.
That’s my vision; information that’s self-aware. So, are you ready to go fishing with me?Tweet