The Internet is at a crossroads and, with it, our societies, economies and our planet – the fates of which are inextricably bound to the technology ecosystems we create, use and destroy.
Some 35 years after Tim Berners Lee stood up the first World Wide Web page, we live amidst shining towers of transformative technologic innovation that have flowed from his vision and those of other Internet pioneers. E-commerce has transformed the way we market, sell and buy goods. Smart phones and mobile computing have put the Internet in our pockets -with far reaching consequences for human society. Cloud based computing, the Internet of Things and – now -artificial intelligence are remaking industries, governments and communities.
Soaring heights…with lots of wreckage
At the same time, we struggle with the consequences of what we have built. Among other things: the hardware and software that powers our homes, businesses and communities is routinely shown to be of low quality: poorly designed and executed, and deployed without a thought to cyber risks. Devices from consumer electronics to medical equipment to industrial control systems suffer from debilitating software security flaws that throw the doors open to malicious actors of all stripes.
The result? There is an epidemic of profit-motivated cybercrime amounting to hundreds of billions of dollars of losses annually and the theft of sensitive data for billions of people. Corporations and governments are besieged by online attacks linked to politically and ideologically motivated nation state actors pursuing economic, military and geopolitical interests.
Ensh*ttification: Is there a cure?
And finally, there is the predicament facing individuals, communities and businesses as private interests move to exploit technology platforms to promote wasteful and anti-competitive practices. Manufacturers of home printers are today using always on Internet connections and software locks to block the use of third party ink cartridges and disable fully functional and supplied printers simply for lack of an active software subscription. Agricultural equipment makers liberally deploy ECUs and digital rights management technology on their machines to lock out owner- and independent servicing and repair of their equipment. Practically: that’s been good for their bottom lines, while putting both crops and farms at risk of catastrophic failure. And consumer electronics makers are actively pursuing strategies of planned obsolescence, using arbitrary software “end of life” declarations to force consumers to dispose of working hardware and upgrade, while online retailers construct marketplaces that exclude or hamper fair competition in order to eliminate price competition and limit consumer choice.
Together, these practices are leading to what Cory Doctorow has termed “enshittification” – an epidemic of rent seeking activity that exploits technology innovations (ECUs, DRM, cloud computing, etc.) to lock in both suppliers and customers while locking out competition – all in the name of maximizing shareholder profits. It’s a phenomenon that – as the label suggests – is eroding consumer choice, product quality, and software integrity not to mention individual privacy and civil liberties protections.
Making matters even worse: these anti-social business practices are regularly justified in the name of cybersecurity. In confronting efforts to improve the accessibility, security and resilience of software and connected products, business interests lean hard into the concept of “security through obscurity” – the idea that to keep technology secure you must keep its workings a secret. Hardly a day goes by without new evidence that software secrecy doesn’t equal software security. Still, the concept of security through obscurity still sits at the center of contemporary discussions about cybersecurity policies, regulations and business practices.
SRFF: Giving Cyber a seat at the table
What we need as we stare at these crossroads is for cyber security professionals – and the cyber security community- to step off the sidelines and get active. We need a platform from which we can speak up for the values, ideals and rights that we hold dear, while preventing others from misappropriating cybersecurity concepts or ginning up fears of cyber attacks to further business objectives at the expense of the public good.
That’s where the Secure Resilient Future Foundation (SRFF) comes in. SRFF (pronounced “SURF”) is a 501 c4 non profit organization created to give cybersecurity- and IT professionals a seat at the table as corporate and industry leaders, as well as policymakers debate the best way to solve the myriad tech-fueled problems plaguing our society and economy. With the help of the best minds in information security – by tapping the wisdom of reverse engineers, tinkerers, and fixers – SRFF will work to promote enlightened policies and practices for creating cyber secure and sustainable products and services. SRFF seeks a future in which businesses, consumers and communities enjoy the benefits of competitive marketplaces populated with cyber secure and resilient software, hardware and services.
We hope you’ll take the time to learn more about our organization and our goals, sign up for news updates, and join our online discussion groups. We also hope that you’ll recognize the importance of our mission and do what you can to contribute to our cause.