海角大神

Now that we need cybersecurity protections to the degree that we听do, to whom does the responsibility devolve? The worst laws are听those that are unenforceable, so what would we hope our lawmakers听say about technologies that are not yet critical but soon will be?

Do we forbid becoming critically dependent on them when it is not听their design but rather the sheer magnitude of their adoption that听is what makes them critically essential?

If a sharing economy is to be preferred, then are owners' privileges听due to wax while renters' wane, or the other way around? Is the听pool of shareable things in a sharing economy akin to the capital听in the banking system 鈥� something to regulate lest a demand surge听cause a run on available liquid assets?

Once an expectation of constant contactability congeals, a coordination听mindset eclipses a planning mindset; "I'll shoot you a text when I听get there," rather than, "I will be there at five minutes 'til two."

If you act on your expectation that information should be free,听then someone still pays, just not you and hence you are not the听customer, you are the product. In due course, ever more personalized听advertising supporting ever richer free information means a small-s听surveillance structure to power that very personalization.

Years of political capital have gone to making insurance, which is听to say risk pooling, mandatory and yet to forbid insurers to make听risk-informed pricing (the entire premise of Obamacare, gender-neutral听life insurance, assigned risk pools holding miserable drivers,听etc.).

The Internet of Things is running a 35 percent compound annual growth rate, meaning that in due course, its parts, each and severally, can only听morph into critical infrastructures. Their selling proposition is听either an expectation of mental leisure, "You don't have to worry听about XYZ any more," or else an expectation of insight, "How many听calories did I burn in that last game of tennis?" In short order,听you won't be able to get along without them.

We are in a sea change of expectation with respect to what cybersecurity听is and is for. The pervasive, eager willingness to collect and听share information, to deploy sensors, to delegate management of听daily life, to entrust health to the prerogatives of algorithms is听both cause and effect of information ever more digitally available.听

Heretofore, the great triad of cybersecurity goals was confidentiality,听integrity, and availability. The great power of data fusion applied听to that growing cataract of shared data means that confidentiality听and the gate keeping of data access supporting it can no longer be听the pinnacle goal of cybersecurity, perhaps not even a goal at all.听

If we are to have all-electronic health records and regular monitoring听by everything from our toilet to the breathalyzer in our car 鈥� all听the while the majority of medicines transition to being genomically听personalized 鈥� we had better be sure that it is data integrity that听is paramount.

That triad of confidentiality, integrity, and听availability may now contract to integrity and availability and do听so because that contraction is the logical outcome of our expectations.

In so many words, First World democracy is less choosing who gets听what title but rather what guarantees we want applied after the听fact to things we adopted out of their irresistibility. An expectation听of riskless life is the hallmark of adolescence. Perhaps all I am听saying is that cyberspace is solidly adolescent 鈥� too young to听take over but too big to ignore.

Yet in the end, reality always wins and wishful thinking always听loses. That eventuality may not be instant, just as John Maynard听Keynes put it when he said, "The market can remain irrational longer than you can remain solvent," but on the relentlessly听accelerating time scale of data accumulation, I don't think there听is a long wait in store.

My bet is that data protection soon means听some mandate ostensibly guaranteeing that data are untampered with听plus, where required, that data can been assuredly deleted. The听more we depend on data, the less we can keep it in a locked box but听the more we will rely on it being correct.

Dan Geer is the chief information security officer for听In-Q-Tel, a not-for-profit investment firm that works to invest in technology that supports the missions of the Central Intelligence Agency and the broader US intelligence community.

听