This is the first time I have the honour to publish a guest entry on my blog and it's no small thing that it has been written by Colin Williams, a close friend of mine in the Cyber community and a real authority on thinking and doing. Where most can only see as far as their nose, Colin sees beyond the curve.
Colin is Public Sector Business Development Director at SBL, one of CyberTalks editors and a visiting lecturer at De Montfort University. Among other things. Colin is a true polymath and a very sharp one at that. Why do a few things good when you can do many even better? Holds true for Colin.
The Army of Redress Marches Again (Colin Williams)
In the early decades of a new century an established, once expensive and privileged technocratic elite found its prestige and power, if not its very means of existence, challenged by the introduction of a radical new technology that it neither understood nor controlled. This new technology placed the power to produce directly into the hands of the hitherto unskilled. It democratised a crucial area of economic activity, at the same time as it lowered the costs of production, at the same time as it increased productivity. The claims to social status and the command of elevated economic privilege enjoyed by the old elite were predicated entirely on their closely guarded mastery of complex and sophisticated technology. To use the established technology required great skill and expertise, not so the new. The new technology enabled the unskilled to generate greater effect in less time than the skilled.
Mastery of the skill of using the old technology itself became a practice to be defended; regardless of the wider benefits to be obtained from the new, and regardless of the necessity of generating the desired effect that was supposed to have been the object of the exercise in the first place. The old elite focused on a doomed attempt at the defence of an obsolete means of generating effect as an end in itself, rather than embrace a new and improved means of creating the effect. They defended the way that a thing had previously been done rather than accept change.
Inexorably, inevitably, the disruptive and transformative effects of the new wave of technology destroyed the old elite who perished despite desperate, fierce and well-organised resistance. The new technology was enthusiastically embraced by the controlling minds of the institutions of the nation, of business and of wider society who were in desperate need of innovative and enabling responses to profound and rapid transformations to macro-economic and social conditions. These transformations were themselves wrought within a context shaped by expensive overseas wars fought against an opponent with a diametrically oppositional worldview held with a sense of revolutionary zeal and according to which human society required a radical reformation. A context further shaped by rising food and raw material prices, spiraling national deficits, wholesale revisions to the system of taxation and a sustained period of accelerated technological innovation across the broad canvas of human affairs. Those who mounted a futile attempt to resist the spread of the new technology, who attempted to defend their own status and to preserve obsolete machines and systems, did so at the expense of those who saw great benefit in a world reshaped by the new technology, and so were ultimately outlawed. Some were executed whilst others were transported.
This one time technocratic elite, these defenders of an established pattern of thinking and behaving, the self-appointed guardians of the true and proper social and economic relationships between technology and humans saw themselves as the defenders of values and practices worth defending because they were good. These were people who felt compelled to the use of force and violence by circumstances beyond their control; they were, in their eyes, legitimised in their organised and premeditated violation of the social contract because they were seeking to right a great wrong. They were not merely defending themselves and their families from penury and starvation; they were prosecuting a moral cause.
Accordingly, these people called themselves the Army of Redress. They crafted an archetype to stand as their leader. A fictive construct who was as immune to capture by any of the thousands of soldiers sent to deal with the Army of Redress, as he was resistant to static definition. They became the soldiers of General Ludd, the subjects of King Ned. To the establishment of the day they were dangerous and violent criminals whose acts of wanton sedition were outlawed by the Frame Breaking Act of February 1812.
We have been taught to know these people as Luddites. Their context was that of the early Industrial Revolution and the Napoleonic Wars.
Luddites have not been judged kindly by historians. Eric Hobsbawm’s view stands as representative of the historical commonplace. In The Age of Revolution, the first of his three-part history of the nineteenth century, Hobsbawm characterises Luddites as “simple minded labourers” who “reacted to the new system by smashing the machines they thought responsible for their troubles”. This sense of the Luddites as mindless and unthinking enemies of technology has grown, developed, and amplified throughout our culture, and it now saturates the narrative of the human relationships with technology in general and computers in particular.
Luddite has become a synonym for those opposed, or unable, to accept the relentless advance of ever more sophisticated technology, and in particular computers, into every facet of every dimension of human existence. Luddite has a deeply pejorative associative pattern of meanings. To be a Luddite is to be one of Hobsbawm’s simple minds. It is to be a victim of future shock, to be incapable of playing a full and meaningful part in the techno-glory of modern society. It is to be primitive, backward, incapacitated by ignorance and an obstacle to progress; an enemy of the greater good. Luddite has become a narrative trope, a package of integrated self-referential explicit and implicit meanings, deployed extensively in the established and emerging discourse around the nature and shape of the socio technical phenomenon we are increasingly referring to as the cyber domain. Discursive energy, with narrative payload, is deployed in the exercise of power every bit as much as kinetic energy. This indeed is the essence of soft power.
Luddite has also, inevitably and as a direct function of its use as a trope by the self-appointed technocratic elite of contemporary enterprise and formal computing, become a contested term within an oppositional discourse in which to espouse Luddism and to be a Luddite is to defend the human against the machine. It is to promote the virtues of a sustainable and simple life over those of the complex and destructive matrix of modernity. It is to be in favour; of the artisan over the industrial, the bucolic over the bureaucratic, the rural over the urban, the pastoral over the post-modern. However, the oppositional form propagates the common sense of the trope just as it contests it. In each of the contesting discourses, the technocratic elite are on the side of computers; the others oppose and fear them.
Located within the technocratic elite of enterprise and formal computing, We the community of Information Assurance professionals and cyber security experts, deploy the trope of Luddism as readily and unthinkingly as we deploy that of the User. Indeed, for Us, the two tropes are closely intertwined with each other and integral to a discourse in which We possess a unique, if not secret, knowledge about how computers should work and a privileged status that enables Us to dictate how They, the Users, should interact with Our systems. In Our discourse, the Users are subjects to the objects of Our systems and, at best, stupid if not the manifest enemy; the insider threat. Moreover, They are ignorant of the benefits of Our technology. They neither understand nor embrace technology, change and innovation as We do. Driven by fear, uncertainty and doubt, they seek to defend the established pattern. They place shortsighted self-interest above the objective necessity and manifest benefits of Progress. Any attempt They make to resist or subvert the rules of Our systems proves to Us that They are unfit to be trusted with the control of Our systems; that They do not understand security; that they have no comprehension of the dangers that lurk in every nook and cranny and under every bed in the cyber domain. We have deployed the trope of the User as the Other; We are defined as not Them and We control and define Them on Their behalf.
The Users however, experience a daily duality. In the enterprise, IT is expensive, cumbersome, inhibitive, old and inefficient. Systems designed on Their behalf render Them as subjects; and as subjects render Them subservient to rules and procedures that actively impede the achievement of Their core objectives. As rational actors, the Users are compelled to break the rules of the system; over time rule breaking becomes not merely excusable, it becomes a rewarded and therefore a repeated behavior. The experience of formal, enterprise IT, is in essence, appalling. The User is told that the price and the costs (in every sense) of this experience are the inevitable, necessary and desirable consequences of a managed service and of the absolute imperatives for security. This is how IT should be done; according to Us, We are experts and We know how to do things properly. The consequence of Our wisdom is that in the enterprise formal computing delivers a now ancient computer, subject to zealous application of the rules of least privilege and stable state, running an unpatched, obsolete and unsupported Internet browser on top of an equally unpatched, obsolete and unsupported operating system, all in return for an annual charge per desktop of several thousands of pounds.
Informal IT is the IT of the home and of the mobile experience. It is cheap, easy to use, powerful and liberating. Here, They are in charge and They have embraced Their technology with a velocity and vigour that has petrified Us. They live in a world We do not understand. A world in which technology has become democratised. A world in which mastery over the means of generating effect has become abstracted into insignificance compared to the generation of the effect itself. Not for nothing does Samsung use the strap line “designed for humans” to promote the Galaxy S3. They, the Users, have powered Apple, Android and Samsung to positions of market dominance and have, on the way, eclipsed the once uncontested economic might of Microsoft. In an article on the 8th February 2013, the Financial Times estimated that the combined values of cash and marketable securities for Apple, Microsoft and Google were, respectively; $137.1 bn, $63.8 bn and $48.1 bn. Samsung for their part obtained estimated revenue from the sales of smartphones and tablets in 2012 of $60 bn, an estimated increase of 100% on their 2011 sales. Samsung shipped an estimated 400 million ‘phones in 2012. Neither Apple nor Google nor Samsung depend upon the enterprise formal computing market. They are the D in BYOD. They are reshaping the world of IT in their own image because of the loving and eager embrace of Them, the User.
From within this experiential dialectic it is probable that an entirely new form of computing will, over time, emerge.
The following exemplar serves to illustrate the wider consequences of the now catastrophe of formal IT. Since 1945, the turnout for UK general elections has been in steady decline and with it the legitimacy of the democratic mandate. We have a paper-based voting system that is intrinsically and structurally insecure and, as recent prosecutions have evidenced, vulnerable to fraud. Recent events in North Africa have shown that nascent democracies can, and will continue, to return results that grant democratic legitimacy to those with worldviews hostile to the liberal democratic underpinnings of the nation state. Sooner rather than later emerging democracies will deploy the cyber domain as integral tools of the democratic process. This will result in voting systems demonstrably and indisputably more secure than their analogue antecedents. The claims to legitimacy and the strength of the mandate of the digital democracies will be further amplified by turnout rates that we have long ceased to even aspire to. Regimes hostile to our way of life will be elected through democratic process manifestly more secure and more representative than ours have been for decades.
Replacing our archaic paper-based voting system with a fully digitised democracy would go a long way to countering our growing democratic deficit and the need to do so has become urgent. The renegotiation of the Social Contract is already underway and the lead is being taken by Anonymous as they petition the US government to recognise DDoS as a legally permissible expression of the democratic right of protest in the cyber domain. We have been tragically silent in Our response to this. The cyber warriors of our future must be as adept at scripting narratives and counter narratives as they currently are at scripting code. Proving that we are fit and competent to safeguard the human experience of the cyber domain means proving in practice that we can solve the problems of enabling digitised democracy. If we fail, others will take our place.
Hitherto, the most strident voices against the introduction of digital democracy, the strongest opponents of online voting have been Us; the community of security experts. Every attempt at innovation in this area has been met with a flurry of dire warnings and predictions of catastrophe from the assembled host of those with the expert and secret knowledge. These same voices opposed the introduction of digitally signed and encrypted patient records in the NHS thus condemning the system to continued use of insecure and inefficient paper-based systems. These same voices drove a culture within which police forces failed to share intelligence.
Our modes of thinking about and practicing security have become an active impediment to our ability to exploit the power of the cyber domain, at the same time as they have become an asset to the power of our adversaries to do likewise. Moreover, We, not Them, have become the single most significant cause of adverse outcomes because we continue to insist on a systemic construct in which human behavior is marginalised and abstracted; a construct in which the human is subject and not object. If we continue to design and implement systems knowing that rational human actors must break Our rules in order to accomplish Their equally rational and correct goals, then We, not They, bear the burden of responsibility for what then follows. The fact that Users write passwords down is now Our fault, not Theirs.
One of the most important questions that now confronts Us is simply this: who are the real Luddites of the cyber domain? Is it Us or is it Them? As We fight the onslaught of BYOD, as We castigate the ignorance of the wetware, as We glory and revel in spreading fear, uncertainty and doubt, as We celebrate the power of the adversary, as We shelter behind digital Maginot Lines and hunker down in Cold War bunkers, as We defend the (long gone) world We once thought We understood and could control, as We daily witness Our elite status ebb away from Us and as We stare petrified, immobilsed and uncomprehending at the complexity and sophistication of a technological wonder We helped to create, do We not march to the comforting echoes of General Ludd’s drums?
The Army of Redress is indeed on the march again; and this time it’s Us.
