The Techno-Centric "blind spot" and the Next Level of Intermediation

Too frequently  technology assumes either Identity is not a problem or Identity data issues won’t be ever addressed by organisations.

The #identity technology market is small, innovation is very limited too, and speaking of data control few companies really "get it." Very few vendors understand the difference between managing and auditing Identity data and controlling the technology itself. When anybody mentions the term "identity data" IT audiences believe they are talking about data mining or so-called "analytics." This is trendy but a rather unhelpful belief.

Historically, as the distance between users and their digital resources grows, the dangers of interference and attack increase. This is what needs to be understood. "Data" is only the residual trace left by the processes around it.

The increasing distance between users and resources has social causes which technologies are ill-positioned to remedy, so the "misunderstandings" of the techno-centric mind only perpetuate the problem.

Many get the causal chain wrong:  while social change comes first (e.g. the need for remote access), technical audiences adopt the mythology of social change driven by engineered, commercial products. While technical products come second in the historical process, the illusion persists that we live in a "new world" caused by technology.

In fact, technologies "intermediate" between users and their objects extending the distance and identities become "anonymous;" but in the techno-centric ideology the causal chain is reversed focusing on "technology" as a "thing," and missing the real problems. The distance between the user and the resources leads the need to "know the user" both for "targeting" and for "security."

In Information Security we can see clearly how Technology leaves gaps which then are "closed" with more technology. For example, virtual desktop environments or cloud software platforms open new gaps in the chain of control of business data – not to speak of legal complications for cross-border data processing. So "new" (actually very conventional) solutions become necessary to protect the data sent over the networks.

Technology thrives in the context of displacement, travel and globalisation. It thrives on the distance between the user and the resource. It is for this reason I think there is a blind spot which causes the perpetuation of the issues caused by intermediation. As a simplistic but striking illustration of this I like to say that "mobility is not caused by the mobile phone" — meaning that technology is not the engine of social change but a result of it. For evidently technologies extends the chain of indirection with further layers of mediation. I think this does not need demonstration.

In this historical process the networks become hybrids of threat and trust, where ‘good patterns’ are not pre-defined. Cyber-attacks appear after they are recognised. "Bad patterns" are found by the forensic analysts.

For these  reasons I keep inviting everybody to re-think "identity" ( "digital identity" as the trendy term goes). And this will lead to re-thinking "information" and "security." Re-thinking "information" is a pending task in our professions and I cannot be be amazed at the fact that in the so called "information era" there are no clear concepts about information security, with the sad consequence that we end up securing "objects" and "machines" but not the processes around these. In the post-cultural and post-national era, organisations disappear. It is wrong to believe that we are witnessing only the dilution of the organisational ‘perimeters.’  Security is weakened as work becomes an "activity" without a centre or a place. Internal and external boundaries dissolve, not because they become "open" but because they lose their centres. If we understood the deep transformation of all types of organisational entities, we would readily see that Cyber-security has to be multi-party security, that trust must be transitive. It is time to abandon the fiction there can be only information security for the "primary party" and finally admit that "third-party" risk is primary too. If anything can be predicted in the course of the historical process it is the increase of all trends of intermediation and the continued hegemony of the rootless mind. Technology reflects (does not create) intermediation, remoteness, loss, dispossession and wandering. The impossibility of the object. Where technology specialists believe they are "creating" a new futures, each step only reflects what is implicated: our rootless present.

Now, even in the space of this global phenomenon, there is no reason for despair or passivity, because, given that the "next stage" must be a new level of mediation, there are abundant reasons to work towards security through cooperative risk transfer (risk sharing and re-allocation). Do not be confused. This is not a call for primitivism or some pretentious abandonment of technology. Quite the opposite: when we understand that technology is not the driver of history,  we are in a better position to master it. We should not keep trying to address intermediation and anonymity only by means of technologies which reflect social atomisation. When we understand that technology only extends the chain of intermediation but does not cause it, we are also prepared to see for a better positioning of Information Security.

Crucially, this understanding should bring forward the up to now forgotten role of personal-individual cyber-security: surely this will be possible in the next stage of intermediation.

The blind spot can be overcome if we focus on *why* people connect instead of fantasizing about "how people connect." Or, to put it in different words: there is "connectivity" where there was *separation* in the first place.