Global Innovation Outlook: Security and Society

June 2008
Sun	Mon	Tue	Wed	Thu	Fri	Sat
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

June 11, 2008

Rainbows and Unicorns

Some topics just don’t lend themselves to optimism, I guess. And the tone of the Chicago dive, the final in our cycle of Security and Society discussions, was alternately productive and dour. Here's a quick glimpse of what we heard during the day:

“I’m struggling to find things I’m hopeful about,” said one participant.

“I’m not optimistic at all,” said another. “We’re facing a long-term crisis, and there is an abundance of blissful ignorance.”

“I know this conversation is supposed to be about rainbows and unicorns, but the Internet is horribly, horribly broken,” said yet another.

The good news (and there was precious little of it) was that nearly all of the dire predictions centered around privacy and the security of the Internet. How is that good news, you ask? Well, when we shifted our focus onto physical security issues – things like the protection of natural resources, border control, terrorism, etc. – there were some sunny statistics upon which to hang our collective hat.

Andrew Mack, the Director of the Human Security Report Project at the Simon Fraser University School for International Studies in Vancouver has a long list of data that supports the notion that, historically speaking, the planet is considerably more secure today than at any time. For example, the end of colonialism has created a more stable political environment. Likewise, the end of the Cold War has removed one of the largest sources of ideological tension and aggression from the global landscape. And globalization itself is building wealth in developing countries, increasing income per capita, and mitigating social unrest.

All in all, Mack reasons, we are in a good place. There have been sharp declines in political violence, global terrorism, and authoritarian states. Human nature is to worry. And as such, we often believe that the most dangerous times are the ones in which we live. Not true. Despite the many current and gathering threats to our near- and long-term security, we are in fact a safer, more secure global society.

Unfortunately, that was where the optimism ended. There was more attention being paid to gathering threats, in particular the future of privacy and the security of the Internet. Not surprising, considering that the participants included two experts on identity theft (from the Identity Theft Resource Center, and Debix Identity Protection Network), one chief privacy officer (from Facebook), and the Information and Privacy Commissioner from the Province of Ontario.

In Chicago, we discussed many of the same privacy issues we’ve treated in previous dives. But one important point of progress was coming to an agreement on terms (which would have been useful to do in the first dive, but alas.) Part of the reason why the privacy debate raged on throughout all six of our deep dives on Security and Society is because if you ask twenty different people what privacy means, you are likely to get twenty different answers. But I think we may have found a definition that everyone can agree on. It’s something called “Informational Self-Determination,” a concept developed by the Germans during a census collection 25 years ago. It’s basically a fancy way of saying that individuals should have the right to decide what information about themselves should be communicated to others and under what circumstances.

If that sounds vaguely familiar, it may be because it’s the same basic principle that governs privacy in the physical world. It is also useful to understand what privacy is not. It is not the same thing as anonymity. It is not having the ability to choose your own identity. It is not the right to be left alone. In short, online privacy is no different than privacy in the physical world. Chris Kelly, Chief Privacy Officer at Facebook (a company this is widely, and wrongly, criticized for somehow being a threat to personal privacy) describes it best in the following video:

A ray of hope, perhaps? Maybe. But two things that quickly brought us crashing back to earth were a.) the privacy debate does not exist in the developing world, where they have quite the opposite problem, i.e. a complete dearth of personal data, which actually exacerbates security issues, and b.) none of this matters if the Internet itself is compromised, blown up, shut down, or otherwise rendered useless.

Though the final dive on Security and Society was not hopeful, it was instructive. And as we begin the process of digesting the many insights gleaned from the six deep dives, and fashion into a report, it’s important to understand that there are many challenges ahead, few easy answers, and much work to be done. In short, there are no rainbows and unicorns.

June 11, 2008 in Security and Society | Permalink | Comments (1) | TrackBack

June 06, 2008

Privacy Redux

If you watch enough of the kind of brainstorming sessions that make up the Global Innovation Outlook, you start to realize that over time, each conversation develops its own center of gravity. A single, unifying theme almost always emerges, determined by some combination of the type of people in the room, the local zeitgeist, current events, and other inexplicable forces (Caffeine? Weather? Astrology?)

Yesterday’s Vancouver deep dive on Security and Society was no exception, as the twin issues of privacy and identity dominated the morning’s discussion. The group that was assembled was undoubtedly qualified to take on this thorny debate. We hosted representatives of some of the most successful organizations in North America, including the Royal Bank of Canada, Exxon Mobil, Visa, Best Buy, The Kroger Company, and Sun Life Financial. We had two venture capitalists, academics from The Marshall School of Business (University of Southern California) and John Jay College of Criminal Justice, and a director from the United Nation’s Counter-Terrorism Committee. We even had Phil Zimmermann, the man responsible for the world’s most widely used encryption technology, called PGP.

With a group this varied and knowledgeable, the conversation could have gone in any number of directions. But it was apparent early on that we were coalescing around the idea of privacy, personal data management, and the implications of both on security. This isn’t the first time we’ve had this conversation during this focus area. In fact, it was a major theme in our exploration of Media and Content back in 2007. But we came at it from some new angles this time and challenged some of our basic assumptions.

For example, the group was deep into a discussion of tradeoffs between privacy and security – does giving the government more information make us safer? Is Facebook the end of privacy as we know it? Are surveillance societies inevitable and irresistible? – when someone asked a seemingly innocent question: Does a lack of privacy actually make us less secure?

Though the answer may seem obvious to some, it’s an important question that I don’t think the group managed to answer. For example, there was an assumption among much of the group that divulging more personal information to the world makes us less secure. But does it? Another word for a lack of privacy is transparency, which is generally seen as a good thing when it comes to improving security. Many times during the course of this focus area, we’ve heard participants lament the loss of community-based security, in which a village or neighborhood maintained security simply because everyone knew everything about everyone. There was no anonymity. Nowhere to hide. No way to deceive.

“When I was young, I was a hippie, and we did crazy things,” said Larry Ponemon, Founder and Chairman of the Ponemon Institute, a research consultancy focused on privacy and data protection. “But God forbid there should be a record of that the way there is for kids today on Facebook and MySpace. We did the same things back then, but we didn’t have the data tail.”

An argument could be made that having that digital record, or data tail, actually makes us a more transparent society, and perhaps more secure. Many participants have voiced the need for some kind of online scrubbing tool that would essentially remove your digital tattoos online, give you a fresh start at building a new online persona. But would a tool like that work in favor of the good guys or bad guys?

The idea of a service that could ferret out all the information about an individual and delete it is admittedly farfetched (not to mention technically impossible.) But one idea that emerged which has legs was that of “data tethering” and “digital annotation.” The former is the concept that an individual should have the ability to know where a piece of personal information about them comes from and where it goes throughout its lifetime. The latter is the idea that though you may not be able to remove information about yourself from the ether, you should be able to comment on it, dispute it, or correct it (think Wikipedia.)

We clearly could have dissected the privacy issue all day, but in an effort to move on, we gave the group a challenge in the second half of the day. Throughout these deep dives, we have heard two distinct camps of security philosophy: 1.) The centralized, regulation-oriented, government-dictated camp, and 2.) the distributed, networked, personalized and community-driven security camp. Both are compelling. Both have strengths and weaknesses. And we did some exercises to try to build-out more ideas about how we could employ each in a more directed and strategic way. We split the group in two, and had each group take a side, identify some opportunities and present the findings back to the collective.

The good news is both groups instantly recognized the need for the other. I’ll let Jeff Jonas, an IBM Distinguished Engineer and Chief Scientist for Entity Analytics Solutions, explain the concept:

All in all, a great day. But we really just scratched the surface of what are some very compelling ideas. Next Tuesday we wrap it up in Chicago, and begin the long process of collating all of the insights into a report. So stay tuned.

June 6, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

May 22, 2008

The Internet Immune System

Metaphors can be useful constructs. When employed properly, they can help us understand something that is complex and confounding by comparing it to something analogous and familiar. In the Taipei deep dive on Security and Society, we tapped into the immune system metaphor, diligently comparing Internet security to the security systems that govern the human body. And the exercise helped us identify some undeniable weaknesses in the world of digital security.

We spent most of our time in Taipei talking about digital security (though we did touch on the intersection of digital and physical security…more on that later). And the immune system analogy is certainly not a new one. After all, we call malicious code “viruses.” Computers get “infected” and need to be “quarantined.” So when participants began comparing network security to the SARS outbreak that hit this area hard 5 years ago, it wasn’t all that surprising.

But what was surprising was how the conversation illuminated some of the gaps in today’s digital security, and how we might take a lesson from the marvelous human immune system. For example, our immune system is not overly concerned with preventing viruses from entering the body. It is concerned, however, with controlling, containing, and assimilating the virus as quickly as possible once it is discovered. One participant called it “an ecological view of security, rather than an absolute view.” By that he meant, we should be focused on maintaining the overall health of the body, keeping the immune system strong, rather than tilting at windmills by trying to prevent any and all attacks.

The “body” in this case could be seen as an individual computer system, or the entire network. And the concept is that by allowing a steady series of small attacks on different parts of the system, we gradually strengthen the overall network. It’s not unlike biological evolution, and you could argue that we are in the midst of an accelerated version of digital Darwinian as we speak.

Another area in which the immune system analogy worked was that of detection and response. When the human body is infected, there are a series of universally recognized signs: fever, cough, sneezing, fatigue, nausea. These symptoms alert us that our immune system has been engaged, and we know to get extra rest, avoid other humans, or go to a doctor. But in the Internet world, victims rarely even know they’ve been victimized. Data gets stolen, PCs are compromised, and credit card numbers are bought and sold, but most people are lucky if they ever find out, let alone with an early warning. The symptoms are subtle, and sometimes undetectable.

If you are one of the lucky ones (and I say that with tongue firmly in cheek), and you are somehow made aware you’ve been victimized online, then what? The human body kicks an elaborate defense system into gear. A virus is reported to the authorities (the immune system) and then immediately acted upon. But where is the analog in the digital world? If you bring your PC to the police station, and file a report that says “someone has accessed my system illegally,” they would probably laugh you out of the station. But why? Who are the authorities on digital crime? And why shouldn’t there be an enforcement body that is as powerful as cops walking the neighborhood beat?

“We really need to work on systems that can alert someone when they have been victimized,” said Rama Subramaniam of Valiant Technologies, a digital forensics company based in Chennai. “The police also need to take on a role so that these crimes can be properly investigated and prosecuted.” This sentiment mirrored the thoughts of Tokyo’s participants; that legislation around digital crime is severely lacking.

It also shed light on the fact that the worlds of digital and physical security are not all that different, but for some reason remain separate. Crimes that take place online have very real consequences in the physical world. Which begs the question of why the same law enforcement agencies that police the physical world should not also be policing the digital world?

We ran this immune system metaphor into the ground before it was all over, but that’s not to say that it wasn’t useful. For instance, one participant noted that right now we have a hodgepodge of security systems for the various constituents on the network. Each has wildly varying levels of quality and effectiveness (not to mention cost.) But there is no international immune system, a security system that is looking after the overall health of the system. And that could cost us all dearly some day.

May 22, 2008 in Security and Society | Permalink | Comments (3) | TrackBack

May 17, 2008

The Global Village

It is often said that in Japan, safety and water are always free. But after our third deep dive on the Security & Society focus area, held here in Tokyo, the feeling around the room was that only the latter remains true today.

Of course, Japan is still one of the safest countries in the world. But many of the Japanese participants in this session expressed grave concern that in today’s rapidly globalizing world, the approaches that facilitated this secure environment in the past -- common social values, community-oriented security -- were impossible to maintain. And that sentiment fueled a compelling, productive day of conversation around the respective roles of community and government in providing security.

The group actually came from all around the Asia-Pacific region. Aside from the Japanese participants -- which included representatives from Toyota, Nissan, Bank of Tokyo, Chuo University, and the Ministry of Internal Affairs and Communications – there was a venture capitalist from Australia, a security expert from Visa based in Singapore, and an innovation consultant from Malaysia. And each brought with them a unique perspective on what government can and cannot provide when it comes to security.

One of the basic functions of government is to provide a safe and secure living environment for its people. Some do this better than others. Some do it by building and maintaining strong law enforcement agencies. Others by cultivating common values and a culture of security. But the participants in this dive seemed to feel that the changing threat landscape was getting the best of many governments.

In particular, the legislative and penal systems that address digital crimes are dangerously immature. “When it comes to security and crime, there are two major disincentives,” said Dr. Lynn Batten, a Professor of Science and Technology at Deakin University in Melbourne. “First, there are the protection systems, like the vault at the bank. The second is the judicial system, which says if you get caught, you will be put in jail or worse. But as we move into the digital Internet age, that second component has been very weak. Businesses have been challenged to come up with great security technologies, but where is the government analog? Some of these cyber crime cases are entirely dependent on expert witnesses because no one else knows about this stuff. And many of these cases take place across national borders, which highlights the many problems with international law.”

Earlier in this GIO focus area, we talked about the role of incentives in providing security. But equally important, as Dr. Batten points out, is the need for effective disincentives. There was also a prescient warning from one participant against relying too much on government to provide security, because, among other things, the government will often turn to industry to aid in the cause, sometimes inappropriately.

For example, purchasing the book Mein Kampf, Adolf Hitler’s autobiographical account of his political ideology, is illegal in Germany. But should merchants, Internet service providers, and payment system vendors be responsible for reporting online purchases of this book from inside of Germany? There are countless examples like this, where industry has access to information that would be helpful to governments endeavoring to secure their nations. The question is to what extent should these businesses cooperate?

“Government is probably the least capable organizations in terms of dealing with modern security threats,” said Hamzah Kassim, the Chief Executive Officer of The IA Group, a consultancy based in Kuala Lumpur. “In the future, it will be communities that are more powerful in this regard.”

This idea of community-based security is not dissimilar to the discussions we had in Moscow and Berlin. We all know what this means in the analog world: because there is transparency in a community, i.e. we all know each other and what we look like, there is a collective set of values that guides good behavior. And those that eschew that behavior are ostracized. But what does that look like in the digital world, where anonymity is a fundamental part of the experience? Is there a digital scarlet letter than could follow a user from place to place? Is there a cyber code of ethics that will someday emerge?

In some smaller online communities, there is some effective self-policing that takes place. Second Life, World of Warcraft, and Wikipedia all demonstrate the power of collective self-managment. But the Internet allows a single person to assume many identities, rendering traditional community-based policing useless, or at best temporary. Also, as Hiroshi Maruyama, the Director of the Tokyo Research Lab for IBM, said, “Can you trust the wisdom of a community? Or are they just a mob?”

There was a lot more that came out of this deep dive, including a fascinating conversation about the potential of mobile technology, and some important discussion on the tradeoffs between security and privacy (including some very cool biometric solutions from here in Japan.) More on that later. And stay tuned for the results from the Taipei dive next week.

May 17, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

May 08, 2008

Mobile Musings

Late in the day at the Berlin deep dive, we let participants choose a topic that they would like to discuss. The group chose Mobile Security, which is a fascinating, but at times confounding, subject. Here’s what happened:

At first, the group struggled mightily with the topic. As often happens, many of the participants bemoaned the current state of mobile security. There were comments about how terrorists use mobile phones to set off bombs and coordinate movements. There was some fear around sending sensitive information over the airwaves (despite the fact that sending information wirelessly is no more or less secure than sending it over wires.) And there were many that talked of how easy it is to steal mobile phones and the information on them.

It went on like this for a while until Marshall Behling, director of business development and strategy at Verisign, a GIO partner, put an end to that talk by simply saying: “Every new technology has the inherent ability to be used for good or evil.” Well said. Now let’s get on with it.

What came next was a far more thoughtful, progressive conversation that yielded some interesting ideas about we can use mobile technology to our collective advantage. First, we started thinking about the uniqueness of mobile devices. What is it about them that we could leverage for better security: they are pervasive (nearly everyone’s got one, some people have two); they’re personal (we carry them in our pockets, and this is a hugely important characteristic); they are increasingly powerful and functional (phone, camera, email, video, web); and they will soon have blazing fast connections to the Internet (WiFi, WiMax, 4G).

With this arsenal at our disposal, we began to discuss the potential all kinds of security applications. For example, you could issue localized security alerts that could be sent to all the mobiles in a given area. If there were a terrorist threat, a warning and a short set of instructions could be sent out, potentially saving lives. On the flip side, concerned citizens could send security alerts to law enforcement, even snap photos or stream audio and video of an event in progress. Some of this is already being done, though it’s not as organized or sophisticated as it needs to be.

Time constraints prevented us from doing much more than scratch the surface on this front, but you get the idea. When you combine a powerful, networked technology with the notion of personal responsibility (see last entry) you get some pretty compelling possibilities. We’re looking forward to exploring these ideas in our upcoming dives in Tokyo and Taipei, where the technology is highly advanced. Check back next week for a look at the results of the Tokyo dive.

May 8, 2008 in Security and Society | Permalink | Comments (2) | TrackBack

April 29, 2008

Personal Responsibility

During the Berlin deep dive, an idea surfaced that we hadn’t seen since the Media and Content focus area of 2007. It’s the idea that individuals should be able to control their personal information, the data that companies buy and sell thousands of times over in an effort to market to us more effectively.

Depending on the purpose, this data might include mailing address, email address, telephone numbers, age, sex, income level, employer, purchasing history, credit card number, social security number, bank accounts, etc. In other words, it’s pretty personal stuff…and valuable. When we discussed ownership of this data in the Media and Content deep dives, it was in the context of allowing individuals to better control what content and advertising they receive. One male participant lamented the fact that he frequently received discounts for feminine hygiene products.

But in Berlin, the discussion revolved around improving security by giving individuals more control of what information is released, to whom, and for how long. This, several participants reasoned, would reduce the risk of having that information stored ad infinitum on hard drives around the world. Because, as one diver put it, “electrons are very patient. Once it’s out there, it’s out there.”

Many agreed that in the Information Age, we have all gotten extraordinarily adept at putting our information out there. But we’ve no idea how to get it back. Or how to ensure its accuracy. Several participants suggested some kind of data retrieval service, through which you could reclaim information that was once yours to give. Perhaps the most compelling idea, however, was the suggestion that any time you enter your personal information into a database, you could assign an expiration date to it, ensuring that at a prescribed future date, that information would be destroyed.

These are all great ideas, but at some point the conversation became more about civil rights and less about security. By that I mean, does anyone think that giving the billions of individuals on the planet control over their personal information will make us collectively more secure? In fact, you could make a pretty compelling argument to the opposite effect; that individuals have proven themselves to be poor stewards of their own information, and that the continued popularity of phishing scams is exhibit A.

Of course, this doesn’t mean that we should all throw our hands up and resolve ourselves to corporate ownership of all personal data. But it does mean that we need to be thoughtful about how we approach big issues like this. We have already discussed the strategy of pushing more of the responsibility for security to the edges of the network, i.e., individuals. But can we all really be trusted with that kind of responsibility? Isn't that why we outsourced security to government in the first place? Because, as one participant so eloquently put it, "the problem is humans." Therefore, if security is the end, is personal ownership of data the proper means? And if not, what is?

Once again, the GIO has succeeded in raising more questions than it answers.

April 29, 2008 in Security and Society | Permalink | Comments (1) | TrackBack

April 16, 2008

It’s the Network, Stupid

There is a natural tendency for people, when looking for security solutions, to appeal to some higher authority. In many cultures, we’re accustomed to abdicating the bulk of the responsibility for our collective security to a number of organizations, such as the government, the military (often one in the same), local police forces, our parents, even corporate policy.

Considering how fundamental security is to the well-being of our selves and our loved ones, it’s surprising how willing we are to give up control of it. Perhaps that’s why in our latest deep dive in Berlin, a new concept of security began to emerge, one that builds on some ideas that first bubbled up in Moscow.

In Russia, we called it a more “distributed” approach to security, one in which individuals, with proper incentive, take on an increasing share of responsibility. In Berlin, we called it “sustainable” security. Regardless of what you call it, it’s an idea that has legs. William Heath is the founder of an IT consultancy called Kable, and the brain behind the Ideal Government blog. He participated in our Berlin dive, and described sustainable security, as opposed to what he calls top-down “control-oriented” approaches, thusly:

The idea behind this is quite simple but very powerful. It is the concept of leveraging the power of a network. Just like with information technology, networks are pools of resources that, when connected, are much greater than the sum of their parts. Many people in the security game complain of the “multiplier effect,” the notion that bad guys take advantage of networks to cause damage disproportionate to their resources; viruses that are passed from computer to computer, terrorist cells that splinter and grow.

But a few people in the Berlin dive asked why the good guys have been so slow to leverage the same network effect. Why are we complaining about a lack of security resources when there are countless more good guys in the world than bad guys? Activate all those good guys on security’s behalf and, voila, resource problem solved.

“To fight a network, you need a network,” said Katharina von Knop, an adjunct professor of Terrorism and Security Studies at the George C. Marshall European Center for Security Studies.

It is true that as the many complex networks that make up our modern world continue to grow – think about commercial networks, technology networks, social networks – there will be more opportunity to exploit and attack them. One participant urged us to think about the deluge of new IP addresses that will be added to the Internet over the coming years, everything from your automobile tires to your refrigerator, and how each of those is open to attack.

But by the same token, those new nodes on the network have an ability to report back useful information on possible attacks, sensing threats earlier and taking steps to combat those threats. For example, one participant noted the immense security potential that wireless networks and devices afford us: localized, personalized security alerts; or using picture phones and text messaging as virtual sensors, picking up and reporting back data on potential threats to law enforcement.

Of course, all of this requires a certain level of autonomy at the edges of the network, be that a human being or a refrigerator. Personal responsibility, and collective responsibility, are concepts that will need to gain ground if this “sustainable” security is to work. You could argue, cynically, that humans are already the weakest link of the security chain (one participant said that the greatest point of vulnerability in Internet security lies between the seat and the keyboard.) But humans are also the key to security’s greatest potential. Technology and machines that provide security are amoral, and inherently open to both good and evil intent. But human beings, presumably, know the difference between right and wrong.

There is already some sharing of distributed and centralized security in most areas of life. Individuals buy and maintain anti-virus software (or at least some of us do), but also expect a certain level of security from our Internet service providers. Families lock their doors and install alarms in their homes, but also depend on local police forces and government to provide generally safe living conditions.

But the ratio of distributed vs. centralized security may have to change to really make a dent in this issue. And considering how security is a shared concern at all levels (personal, corporate, national, global), and our interests are pretty well aligned (we all want to live in secure environments safe from threats), my guess is that with some well-placed incentives, a lot of ground could be made up. For example, one participant suggested some kind of Cyber-Driver’s License, which would require netizens to pass a basic test before they could surf the web. Just like with real driver’s licenses, if you are reckless on the Web and put yourself and others in harm’s way, there are consequences (maybe your ISP charges more, or you get your license revoked.)

Whatever the incentives, the safer each of us is individually, the more secure the network is as a whole. That goes for thwarting Internet threats, detecting terrorist activity, or catching a petty thief. It’s the neighborhood watch approach, applied globally.

April 16, 2008 in Security and Society | Permalink | Comments (4) | TrackBack

April 11, 2008

Power to the People

The 2008 Global Innovation Outlook kicked off in earnest yesterday, and in the shadow of Moscow’s magnificent Kremlin, participants began the long and difficult process of sorting out some of the biggest security challenges facing the world today.

The organizations represented at the table ranged from Aeroflot, Russia’s largest airline, to the Central Bank of Russia. Participants also came from throughout Europe for this dive, including Gas Natural (an energy producer in Spain), UniCredit (the Italian bank), and Synectics (a CCTV provider in the U.K.)

Given Russia’s unique and rapidly evolving economic and political position in the modern world, it seemed only appropriate to begin the deep dive with the obvious question: what will be Russia’s contribution to the future of global security?

Responses to this important question ran the gamut, thanks to the wide variety of disciplines represented at the dive. Here is a sampling of the answers, in no particular order:

• The Russian experience has been quite difficult, and we have learned to survive through communities of mutual support. We have learned how to produce security at the village level. And this is something we could share with the world.
• We have some of the best hackers in the world. They are extremely technologically advanced. Would it be possible to re-train them to use their skills to provide security rather than undermine it?
• In Russia, we have learned many lessons about privacy during the Soviet era. We have already lived in a society in which there was no privacy, and we can tell the rest of the world that it did not make us more secure.
• Russia’s oil and gas supplies are critical to the world’s energy supply. Perhaps the biggest contribution Russia could make is securing and stabilizing those supplies.

Needless to say, the Russian perspective on security is fascinating and instructive. When the group turned to more productive and less philosophical discussions, ideas began to emerge rapidly. A few participants latched onto the idea of building a “secure Internet,” one that wasn’t burdened by the anonymity and openness of the existing Internet.

“I race cars. And when I race cars, I’m thankful for having brakes, because they allow me to go fast,” said Paolo Campobasso, Chief Security Officer at UniCredit. “That’s what having security does for business. It allows it to move more quickly and efficiently.”

Interestingly, there seemed to be some disagreement over whether the openness of the Internet created more or less security. Some folks believe that transparency breeds more ethical behavior. Others think it gives the “bad guys too many places to hide.”

There were many worthwhile side discussions like this one, but one theme came up repeatedly throughout the dive. Standards and regulatory organizations were a common (and perhaps obvious) response to many of the security challenges posed at the dive. It is a natural human response to the daunting nature of the subject; looking for some governing body to impose order on what can sometimes feel like a chaotic security landscape.

It is true that standard definitions of legal behavior across national borders would certainly simplify the provision of security, especially in the Internet age, when criminals based in one country carry out crimes in another. Some participants went so far as to suggest the need for global ethical standards. But everyone in the room knew the feasibility factor for these top-down, regulation-based approaches was extremely low, not to mention expensive.

Everyone agreed that for broad security change to take place, it must happen at the behavioral level, because the weakest link in the security chain is man himself. And as one participant noted, “all the technology in the world won’t bring you more security. Just look at Iraq.” So the group set to figuring out how to affect behavioral change at the level of the individual in a practical and innovative way.

One suggestion was that victims of Internet attacks need to have countermeasures at their disposal. In other words, in the physical world, when your security is breached (a mugging, personal attack, car jacking etc.) there are a number of ways you can respond in kind (carry a gun, fight back, contact police or sue.) There are real consequences that prevent certain types of security threats (not always) in the physical world. But victims of Internet attack are often without any means of recourse, and the perpetrators often suffer no consequences. So ideas for how we could better arm well-meaning Internet users to carry a so-called “big stick,” would be welcome. Protecting yourself is one thing. Fighting back is another.

This is just one idea that represents an important step away from the traditionally heavy-handed, regulation-driven approaches to security, and moves toward a more distributed model. It could work at the community level, or even the individual level. Participants were imagined a world in which people had incentives to take a more active role in the security of themselves and each other. The assumption, of course, is that there are more good guys in the world than bad guys, and through leveraging the collective strengths and aligned interests of those folks, the world could be a safer place.

Now all we have to do is figure out what those incentives might be.

April 11, 2008 in Security and Society | Permalink | Comments (5) | TrackBack

April 09, 2008

Everyday People

When dealing with an issue as globally important but deeply personal as security, it helps to get as many perspectives as possible. Unfortunately, we’ve yet to find a meeting room big enough to accommodate all 6.6 billion people on the planet. So we’ve done the next best thing.

For the Security & Society focus area the GIO is hitting the streets, stopping passersby and asking them their views on security. We think the views of regular folks -- people that don’t necessarily think about security issues for a living, but share our security needs nonetheless – will add a new perspective to the deep dive process. GIO deep dives typically feature a host of experts from across a wide range of disciplines, but they don’t include the views of the so-called “man on the street.” So without further ado, please watch the video we compiled on Security & Society:

As you can see, the average person thinks about security in many different ways. But they also think about it in some pretty sophisticated ways. We think it’s important to keeps these perspectives in mind when we talk about security strategies at a global level. Because ultimately, if the security priorities we choose to pursue are not addressing human concerns at the individual level, they can’t possibly be considered effective.

Stay tuned for results from the Moscow dive, which is less than 24 hours away.

April 9, 2008 in Security and Society | Permalink | Comments (3) | TrackBack

March 28, 2008

False Sense of Security

Earlier this week, a report began to circulate that confirmed what many had already suspected: less than one percent of commercial flights in the U.S. had a so-called “air marshal” aboard.

Air Marshals, or in-flight security guards, have been around for decades. But it wasn’t until September 11th, 2001, that the concept of air marshals really took hold. The story cites a number of anonymous sources, all claiming that the actual number of air marshals on U.S. flights is appallingly low. Add it to the steady stream of media stories that expose lax security at airports, train stations, and ports.

What’s more interesting than the story itself, however, is another issue it raises: the difference between perceived security and actual security. For centuries societies have known that the mere threat of security can be an effective deterrent to illegal activity. Empty police cars slow drivers down and remind them of the potential for getting a ticket. Defunct video cameras are often enough to ward off a would-be thief.

The same concept applies to transportation security. And the media plays an important role in supporting (or, in this case, sabotaging) the ruse. After 9/11, media stories were splashed across the front pages, detailing the elaborate (and expensive) new security measures that were theoretically being put into place around the world. These stories were willingly fed to the media, which dutifully played its part in letting any and all bad guys know they had better think twice about their line of work.

But the truth is that many of those security measures were merely red herrings, hyperbole designed to deter the bad guys, not catch them. If these agencies really wanted to catch the bad guys, why tell the press how they’re planning to do it? And it’s all fine and good until the press goes and peeks under the covers.

The really interesting thing about all this is that the perception of safety is at least as important as the reality, and in many cases, the two are indistinguishable. In this regard, security is a state of mind, and an important one. The perception of security keeps people going to work, shopping in the stores, and trusting their fellow man. Even if that sense of security is a false one.

March 28, 2008 in Security and Society | Permalink | Comments (1) | TrackBack

March 21, 2008

The Politics of Security

In case you haven’t noticed, there is an historic presidential campaign underway in the United States. All the usual political issues are being debated (foreign policy, healthcare, the economy) as well as a few new ones (race, gender, and religion.) Well, now you can add security, privacy, and espionage to the list.

Yesterday we learned that three contractors from the U.S. State Department improperly reviewed the passport files of presidential candidates Barack Obama, Hillary Clinton and John McCain. Their motives are anyone’s guess, as is the information to which they were privy. And all politicking aside, there are number of security issues raised by this breach of privacy.

For example, officials were made aware of the breaches only after they had already taken place. And the breaches took place on three separate occasions, in January, February and March. The State Department says its security measures worked properly to alert officials the breaches. But it’s hard to imagine security measures that would allow three different breaches, each a month apart, to the same file. And State Department officials were notified of the latest breach only after a reporter called to question them about it.

This brings up two important aspects of security: 1.) what happens before an event, and 2.) what happens after.

Let’s take the first question. According to Jeff Jonas, Chief Scientist of Entity Analytics at IBM, “the world is a big competition, and when you’re competing, you want the best the best tools and the best data. But not only do you want the best data, but you want it first. We’re talking at the speed of light. You need to make sense of the data as it’s happening so you can respond at that moment.”

This, of course, is the concept of shrinking the amount of time between when a breach occurs and when it is first detected. Jonas believes that not only can that time be instantaneous, but through smarter application of data analytics, it can be eliminated entirely. Needless to say it’s complicated, and incredibly technical, but we’ll get more into that as the deep dives progress. Suffice to say that three breaches in three months is not quite fast enough.

The second issue is, in some ways, equally important. Security breaches will always happen. It’s part of life. But how a government, company, or individual, reacts to a security breach is absolutely critical. Speed is of obvious import, but so is communications. Both can make the difference between a security breach and a public scandal (and lawsuits.)

Life, in all its facets, continues to serve up interesting fodder for our discussions on Security and Society. Feel free to add your own!

March 21, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

March 11, 2008

Sneak Peek

Security and Society is admittedly a big topic, even for a GIO. So as a group, we have been struggling to whittle down the many moving parts of this focus area, so that we can have coherent and productive discussions. So far we’ve settled on a handful of sub-themes, such as the delicate relationship between security and privacy, or the impact of global interdependence on security.

All of this is part of a rigorous research process that includes soliciting input from dozens of experts, both inside and outside of IBM. But you never really know what you’ve got until you put it to the deep dive test. So we asked some of the best strategic thinkers in the world to hash it out for themselves, and give us a sneak peek of what this GIO is going to look like.

As part of a meeting of the Corporate Strategy Board, a membership group of leading senior strategy and corporate development executives from around the world, we ran a “mini” deep dive on Security and Society in Chicago last week.

We had CSB members representing a major investment bank, a technology producer, a consumer appliance maker, an insurance firm, a construction company, and others take a slice of time out of their normal CSB duties to run through the topic with us at warp speed. And we weren’t disappointed.

To keep things as wide open as possible, so as to surface whatever ideas first came into our participant’s minds, we opened up the discussion with this simple question: How do you see the biggest security challenges evolving over the next 3-5 years?

It didn’t take much prodding to get the conversation flowing. And given the level of insightful and articulate analysis among the group, it was clear that this was a subject that took up considerable real estate in the minds of these strategists. Here is a quick glimpse of the gems that surfaced in just 90 minutes of discussion:

• The cost to attack and disrupt is decreasing, while the cost to secure is increasing.
• Younger generations have poor judgment when it comes to exposing personal information, which could have implications over their lifetime. We’re in the equivalent of “free love” era for exposing information.
• Why doesn’t our increased ability to track and observe behavior make us more secure? (This is the debate over whether less privacy equals more security.)
• Those that live “off-the-grid” are the only ones that can limit their security exposure. How much would you pay to get your anonymity back?
• Most national defense organizations are using antiquated, Cold War ere technology. They need to be detecting threats from the “edges” and communicating that information back to central command.
• It is a false assumption that you can be safe, and the need to feel safe drives poor investment choices.
• Information technology, and the ability to work from anywhere in a knowledge economy, could have a profound effect on the populations of major urban areas, where security risks tend to run higher.

This is just a sampling of what came out of this lively, albeit brief, discussion on Security and Society. It shows a broad range of concerns, to be sure. But it also demonstrates some creative problem solving, some new perspectives on addressing security, and even some opportunity inherent in the challenges that face an insecure world. Most importantly, the Chicago mini-dive validates that the world is ready to apply fresh thinking to global security issues.

March 11, 2008 in Security and Society | Permalink | Comments (1) | TrackBack

March 05, 2008

Shared Responsibility

It’s an attention grabbing headline, to be sure: “Did iPods Cause a Crime Wave?” And while there may be evidence to suggest that the popularity of the diminutive music players has indeed resulted in an increase in theft, there is a far more interesting angle to the story.

In this article, The Urban Institute, a Washington think tank, posits that because iPods combine three elements present in most crimes, it is responsible for a spike in robberies in 2005 and 2006. The theory goes like this: when you put a motivated perpetrator together with easy prey and a high likelihood of not getting caught, voila, you get crime. In the case of the iPod, you have a compact, valuable, device that is easily resold; easy targets, with headphones sporting the iPod’s patented “mug-me” white; and virtually no security built into the device. And, the argument goes, that’s too tempting for many would-be criminals to resist.

The institute’s suggestion? Consumers should demand more security options in their digital devices. But it opens an interesting discussion. Who should be responsible for the security of products once they leave the shelves? And what level of responsibility do consumers themselves have for the securing their devices? You can almost see the lawsuit coming: Man Sues Apple After Getting Mugged: Claims the iPod Made Him A Target.

This, of course, is absurd. The most efficient way to find the right level of shared responsibility between producer and consumer is to let the market decide. If people grow tired of having their iPods stolen, perhaps they will stop buying iPods, which would force Apple to add security to the devices. But one of the beautiful things about the iPod is how easy and effortless it is to use. Anyone can learn the interface in minutes. And when you start adding security measures to an elegant device like that, it gets inconvenient.

Perhaps that’s the lesson in all of this. For some products and services, built-in security is necessary. For example, no one buys a car without locks. You wouldn’t even consider it. But for other products, security is downright inconvenient. I get frustrated when my bank asks me to change my online password too often. I know why they are doing it, but I’d be lying if I said I hadn’t thought about switching banks because of it.

Consumers want security, but they don’t want the hassle of it. They want it to be easy. And companies don’t want their products and services to earn a reputation of being easily stolen. So the interests are aligned. And the responsibility is shared.

March 5, 2008 in Security and Society | Permalink | Comments (1) | TrackBack

February 28, 2008

Importing Uncertainty

As the GIO team attempts to parse the Security and Society focus area into evermore digestible chunks, we are learning that the need for security affects just about every single aspect of our lives. Some we think about often. Some we take for granted. And some only concern us when they hit the headlines. Like this story about securing our food and drug supply.

This particular story is about the production of an esoteric specialty drug called heparin, used as an anti-coagulant during surgical procedures. It’s made from the intestines of pigs, which are farmed throughout the world, by an endless network of micro-producers (otherwise known as independent farmers), none of whom are regulated, most of whom are not even registered with any government.

Because of a recent outbreak of severe reactions to the drug, food and drug regulators are busy trying to trace the supply chain backwards to discover where in the convoluted process a contaminant might have been introduced. The search has led them to China, where they have encountered the impossibly difficult task of investigating hundreds of mom-and-pop pig operations throughout the countryside.

The story is emblematic of how complex and unmanageable supply chains for all manner of products have become. No longer do we buy our goods from the local trades people. Rather we buy our bananas from Costa Rica, our coffee from Africa, and our tangerines from Argentina. Pharmaceuticals are engineered using ingredients from multiple continents and dozens of suppliers. And manufactured goods can sometimes touch four different continents before they arrive at your door. The average consumer has no idea how many different parties contributed to the production of their consumables. And the further we get from the raw ingredients, the more variables get introduced along the way.

Trying to secure supply chains this complex is not for the faint of heart. An un-integrated mosaic of local regulatory bodies is, in theory, overseeing many of these processes. But in truth, there is simply not enough manpower in the world to effectively secure the billions of products on the move around the globe every day. And should it even be the government’s responsibility to police this commercial activity anyway?

Some might argue that shoddy business practices have their own consequences. And certainly companies that have been outed in the press for endangering consumers have been punished by the market before. But how many of them have gotten away with it?

This is going to be one of the toughest questions the GIO will put to its participants this year. Obviously, a market full of terrified consumers is not good for anyone. So can the private sector work more closely with government organizations to ensure the security of supply chains? The ultimate goal is a confident consumer that is willing to spend without trepidation. Because consumers shouldn’t be burdened with the task of discerning which products on the supermarket shelves could be harmful.

February 28, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

February 25, 2008

Partly Cloudy

It seems like everyday we dream up some new way to render ourselves vulnerable to attack, be it physical, digital, or financial. Most of it is in the name of convenience, progress, or self-expression. The world continues to open barriers of all kinds. National borders are quickly and easily crossed. Teenagers bear their souls (and much more) on social networking sites and blogs. It’s enough to make you ask: are we asking for it, or what?

Take the trend towards “cloud” computing. In our endless efforts to design smaller and lighter computing devices, we are forever blurring the distinction between your home PC and the Internet. It is about processing power that resides not in the palm of your hand, but rather on the network.

It’s nothing new. Computer companies have been talking about it for decades. And it has become a reality in many ways in just the last few years. Entire corporate applications no longer reside in a company’s data center. They live on the Internet, accessible with a minimum of effort, just a username and a password. That one day everything but the viewing screen and input device will live on the network is understood. It’s only a matter of time.

But this move to cloud computing cedes more control over the security of data to the companies that house that data. Today, we can protect our most valuable digital assets on a personal hard drive. Whether it is photographs, music, financial information, or just plain work data, because it resides on our own hard drives, each individual is responsible for the safety and privacy of that information if it sits on their C Drive. It is distributed, and thereby less vulnerable to widespread, massive attacks.

The world of cloud computing complicates this simple truth, however. Increasingly we trust our data to data centers that we will never see in our lifetime. Already I have valuable data sitting in hard drives on four different continents. And this trend will only continue. And as that information becomes increasingly centralized, the possibility of a catastrophic security breach becomes greater. At some point, the losses would be so great that it would not be a corporate data loss crisis, but a national, or even global, security crisis.

It raises some very serious questions. For instance, should these private enterprises that house treasure troves of digital information be entitled to government protection? What recourse do private citizens have if a private enterprise, or government, were to fail to protect valuable data?

These are all questions we hope to address during our Security and Society Deep Dives. But your thoughts on these topics, and others, are welcome as always.

February 25, 2008 in Security and Society | Permalink | Comments (2) | TrackBack

February 19, 2008

Compulsive Disclosure Disorder

Merriam Webster’s defines privacy as “freedom from company, observation, or intrusion.” It defines security as “freedom from danger, fear, or anxiety.” And the focus of this GIO blog entry is the point at which the abuse of the former results in a breach of the latter.

When it comes to personal data, privacy and security are terms that are often used interchangeably. They shouldn’t be. Privacy is about being afforded the decision as to whether you want to make personal information public. It’s a philosophy, a lifestyle choice. On the other hand, security is about protecting that information from harmful agents. It’s about keeping it from the bad guys. It’s about keeping your money, and your person, safe and intact.

Privacy is about deciding which things about you are known. Security is about ensuring those things are not used to harm you.

Perhaps no company embodies this complicated relationship better than Facebook. The wildly popular social networking site is subscribed to by more than 64 million users. On each individual’s profile, you can learn, among other things, their birthday, location, full name, nicknames, friend’s names, spouse’s name, what they look like, what they listen to, what they watch on TV, what they had for dinner, and what they are doing this very second. And that’s just a small sampling of the personal data that is up for grabs on Facebook.com.

That so much personal information is readily available on Facebook.com is a clear indication of the state of privacy in the Internet era. Through online mechanisms, people are more comfortable sharing boatloads of information about themselves, and broadcasting it to anyone that might be stopping by. Sociologists might be led to speculate that society needed this kind of an outlet. We must have all been craving some more disclosure in our lives. The Internet just gave us the means.

The decision to share this information is strictly voluntary. No one forced Facebook members to share their private thoughts with the world. They chose to. But that is not to say that information won’t be used against them. And this is where privacy, or lack thereof, becomes an issue of security.

With a full name, birthday, and location of birth, identity thieves can find all the necessary information they would need to clean out a bank account or book a few dozen air fares on your credit card. And we’ve all seen the television news magazine pieces about online predators and the like.

The consequences of the world divulging information so readily is simple: it heightens the needs for newer, more sophisticated types of security. In revealing so much information about ourselves, we are, in effect, rendering ourselves vulnerable to attack. In the physical world, it is the equivalent of walking through Times Square with a billboard detailing every aspect of our lives.

There is the sense that we have reached a point of no return. People may learn how to be smarter with their digital identities (a colleague just educated me on making my own Facebook profile less tempting to identity thieves…it started with removing my birth date and only allowing friends to view my profile.) But to what extent people will stop sharing information that could be used against them is unknown. My guess is that they won’t. And that means that security against the bad guys is going to have to evolve as fast as the Web 2.0 craze itself.

February 19, 2008 in Security and Society | Permalink | Comments (1) | TrackBack

February 12, 2008

Where Government Ends and Business Begins

Some breaking news here in the United States perfectly illustrates what is sure to be a hot topic of debate during the Global Innovation Outlook Deep Dives on Security and Society.

In this article in the New York Times, we see the result of three year’s worth of debate over whether the federal government should have the authority to eavesdrop on American phone calls without a warrant. The verdict: affirmative.

Three years ago there was a brief wave of moral outrage over the discovery that the National Security Agency had been working with the telephone companies to monitor overseas phone calls. The program was limited to eavesdropping on individuals who were suspected of having terrorist ties. But it circumvented a 30-year old law in the United States called the Foreign Intelligence Surveillance Act, which was specifically enacted by the Supreme Court to prevent the abuse of government wiretapping. It uses a secret court to issue wiretapping warrants, and includes provisions that ensure the warrants adhere to the same rigors of any other warrant.

Today the Senate indicated that it would not only allow the federal government to continue these practices, but that it would grant immunity to the phone companies that cooperate.

This last bit brings into sharp relief the intersection of business and government against the backdrop of national security. There are, of course, private businesses that provide security-related products and services to the government. But there are also those businesses that, by the nature of what they do, handle sensitive data that is of great value to federal and local government security efforts. Communications companies, credit card companies, banks and lenders, rental car companies, money transfer services, airlines and transportation firms, internet service providers, even fertilizer companies. The list goes on.

Though these are all legitimate businesses, they are sometimes leveraged for nefarious purposes. And they will all have to decide some day, if they haven’t already, where the protection of their customers’ privacy ends and their cooperation with authorities begins.

But making that decision can get complicated fast. You may value the privacy of your customers, but maybe you work in a heavily regulated business that depends on expensive lobbying efforts in Washington D.C. Or maybe you’d be inclined to help the government’s cause, but haven’t considered the cost of lost business for not protecting customer data.

It is a critical issue, one with no easy answers. It is part government policy, part business policy (especially as more and more businesses use their privacy policies as a selling point.) Your thoughts on this important discussion are welcome.

February 12, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

February 05, 2008

Communication Breakdown

In researching the Security and Society focus area for the upcoming set of GIO deep dives, there has been a surprising amount of philosophical pondering among the team. On the surface, the topic seems rather uncomplicated. But upon closer inspection, myriad subtleties begin to present themselves.

For example, what does security really mean? Where does personal security end and national security begin? What’s the difference between security and safety?

All of these questions and more will be tackled by far greater minds than our own when the deep dives kick off in April. But in the meantime, there are lots of interesting angles to explore right here on the pages of the GIO blog.

One of those angles is surfacing right now in the Middle East. In just the past week, four undersea communications cables have been cut, disrupting internet service from Singapore to Bangalore, and throughout Egypt and the United Arab Emirates. The cause of the problem is still undetermined, but officials have already ruled out their first explanation: that wayward ships dropped anchor on the cables. With every passing day, sabotage seems more likely.

Whatever the ultimate cause for the disruptions, the phenomenon brings into focus the world’s sudden and nearly complete reliance on global communications, and how surprisingly fragile those communications are. Though telecommunications has been around since the early 1800s, it wasn’t until the advent of the Internet that the power of this medium took hold in a global sense. In a very short amount of time – less than 20 years – the world has grown fantastically interdependent, each region becoming increasingly affected by the actions of its global neighbors. As such, the number of so-called “points-of-failure” has increased exponentially, and our ability to police and secure those vulnerabilities, thereby protecting the critical channels of global commerce, has been greatly diminished.

It is also a stark reminder that no matter how digital we become, communications are still grounded in physical reality. Whether it is satellites, cell towers, or hard wires that run the length of the seas, we still live in a physical world. Damage to those physical structures can result in millions of dollars lost, and lives put in danger. We won't know for weeks how much India's outsourcing call centers have lost due to the service slowdowns of the past week.

One quote from the International Herald Tribune’s coverage of the cable cuts is particularly enlightening. Colonel R. S. Parihar, secretary of the Internet Service Providers Association of India, said “this has been a real eye-opener for us, and everyone in the telecom industry worldwide. Today the cause may have been an anchor, but what if it is sabotage tomorrow? These [cables] are owned by private operators, and there are no governments or armies protecting them.”

Parihar’s point is well taken. It is a classic question of whether the private sector has too much responsibility for the security of the Internet. And what role should government be playing?

The need for collaborative efforts between the government and the private sector in industries that have global security implications is nothing new. But because the Internet has evolved so rapidly, these relationships are immature at best, and in many cases non-existent. Perhaps getting the right players together through the GIO will help.

February 5, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

January 31, 2008

Security and Society

We’re deep in the throes of winter and the GIO team is hard at work planning the next round of deep dives on a brand new topic area. Though we’ve been toying with the idea of exploring this topic for years, allow this to serve as the official unveiling of the next GIO focus area: Security and Society: Minimizing Risk in a Global Economy.

It may seem an obvious topic, but in true GIO style, we’ll be coming at this from what we hope will be some unique and productive angles. Here’s the basic idea:

The 21st Century has brought with it a near total redefining of the notion of security. Be it identity theft, border security, or corporate espionage, the security of every nation, business, organization and individual is in constant flux thanks to sophisticated technologies and a growing global interdependence. All aspects of security are being challenged by both large and small groups -- even individuals -- that have a disruptive capability disproportionate to their size or resources.

In the midst of all this, the arms race of security technology continues to provide unprecedented ways to sense and deter theft and other security breaches. It’s a vicious, possibly never-ending, cycle. And though costly, these are battles that we all must fight, continually, lest we become the path of least resistance.

Security threats of all kinds cost us billions every year. Everything from the cost of doing business to our tax bills are affected by the many threats. That’s what makes this is a perfect GIO topic. It affects all of us, in lots of big and small ways. And few would disagree with the sentiment that we could be doing it better.

The big question is simply this: Given the constant increases in global interconnectedness (is that a word?) and technological sophistication, can we ever feel secure again? And regardless if the answer to that is yes or no, can we at least address global security concerns in a meaningful way, and allow our societies and businesses to grow and prosper?

Now, every GIO topic has its own set of challenges. For example, when we examined healthcare, every global region had such different needs, it was difficult to reach consensus on the best collaborative projects. And Africa brought with it the very delicate balance of addressing long term economic growth in regions that had very immediate social and political crises.

But Security and Society brings with it a new kind of challenge for the GIO. This is an area where there is much already being done, so to some extent it precludes the idea of so-called “Greenfield” opportunity. There are many established businesses working on cutting edge strategies and technologies to address everything from national security to data protection. And many of these businesses are not going to be willing to share their intellectual property, even in a setting as collaborative and collegial as the GIO.

So the onus will be on the GIO community to do two things: 1.) Gather together the right mix of action-oriented, big thinkers that are ready and willing to work together for dramatic change, and 2.) push the conversation forward an order of magnitude, considering global strategies that could only be accomplished collaboratively.

We’re currently researching the topic and crafting compelling lines of discussion for the deep dives. But we could always use help from the broader GIO ecosystem. After all, it’s not just the deep dives that are collaborative. The planning is too. So if you have thoughts on experts in the security field that you think would make valuable contributions to this global discussion, please don’t hesitate to send their names to the comments sections of this blog. And if there are specific areas of focus that we should be considering, don’t hesitate to direct our attention to them. We’re happy to consider your suggestions.

In the meantime, I’ll be ramping up the coverage of security related news on this blog in anticipation of the first deep dive in April. So stay tuned.

January 31, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

January 14, 2008

The Eco-Patent Commons

Today I get to share some very exciting news.

Way back in 2006, participants in GIO deep dive discussions on environmental sustainability hatched a great idea. They proposed a place (virtual, of course) where companies could openly share intellectual property and patents that could have a positive effect on the environment. They called it the Eco-Patent Commons.

Well I’m pleased to announce that today the Eco-Patent Commons has become a reality. Along with the World Business Council for Sustainable Development, and in partnership with Nokia, Pitney Bowes, and Sony, IBM officially announced the Eco-Patent Commons, hosted here at the WBCSD web site.

It’s a simple enough idea, really (as most of the best ideas are.) The thinking is that many companies are protecting environmentally beneficial IP. But if that information were made public, then the benefits could be multiplied many times over. Not only that, but when IP gets widely distributed, it gets iterated and improved. And the costs to take advantage of those innovations go down for each individual company. Just look at open source software.

So there is an open invitation to companies (and individuals) to share, royalty-free, their environmentally responsible patents with the world. The patents can pertain to just about any aspect of environmental consideration, such as energy conservation, fuel efficiency, pollution prevention, materials reuse or reductions, and recycling opportunities. For example, IBM has pledged a cost-effective, shock-absorbing packaging tray that uses 100-percent biodegradable fiberboard and no glues. Nokia is contributing a patent designed to help companies reuse mobile phones by transforming them into other useful products, like cameras or monitoring devices.

You get the idea. The point of all this is that when you get hundreds of smart people representing the right organizations, good things happen. So go to the web site, browse the patents, and see if there is something that you or your organization can use, or improve upon, to make a difference.

And stay tuned for an update on the 2008 Global Innovation Outlook topics. It’s going to be another big year.

January 14, 2008 in Security and Society | Permalink | Comments (0) | TrackBack

March 05, 2007

Countdown to Innovation

Starting tomorrow in New York, IBM will once again set the table for innovation and collaboration with the Global Innovation Outlook 3.0. What is the Global Innovation Outlook, you ask? The GIO, as it is affectionately known, is essentially a global series of open and candid discussions –- called “deep dives” -- with business leaders, academics, politicians, non-profit groups, and other influential types that have the knowledge and ability to affect change through innovation. I know, it’s a mouthful. But it’s a pretty big deal.

The GIO tackles some very tricky subjects; global issues that have a great need for innovative advancement. Issues that affect both business and society: healthcare; the environment; transportation. For a thorough backgrounder on the GIO, click here.

By way of introduction, my name is Dan Briody, and I’ll be capturing the conversations from the deep dives all year long on this blog and through various other printed and online mediums. There are about ten of us that put the GIO together, and as the clock ticks down the final minutes and hours before the first deep dive, we’re all anticipating an enlightening year. It is a massive operation, this GIO. This year alone we’ll be collecting insights in 17 different countries on six continents. And the topics we’ll be covering are intensely interesting: Media and Content; Africa; and Security and Society.

Tomorrow’s deep dive on Media and Content will include some of the brightest minds in the world. Representatives from media and entertainment giants (Disney, HBO, Sony), marketing and advertising firms (Ogilvy & Mather, Mr. Youth), academic institutions (Syracuse University, University of Pennsylvania), VCs (Union Square Ventures, iN3 Partners) and non-governmental organizations (International Academy of Television Arts & Sciences, Public Knowledge) will gather to discuss, debate, and with any luck, emerge with some ideas for innovative approaches to everything from user-generated content to the blurring of the lines between advertising and entertainment.

The best part of the GIO? It’s wide open. You may not all be able to participate in the actual deep dive meetings, but you can read all about the insights that are emerging on this blog, and even contribute your own thoughts to keep the conversation. There will also be printed publications that come out periodically and will be available here.

It’s time to get this project started. Come back often and join the discussion.

March 5, 2007 in Africa, Media and Content, Security and Society | Permalink | Comments (3) | TrackBack

Global Innovation Outlook

About the GIO

Archives