Tuesday, June 13, 2006

BW on Web 2.0

BusinessWeek has provided some intersting comments on Web 2.0 phenomena. A little bit on the light side perhaps, but after all they are the People Magazine of Corporate America. Their role is to spot trends, and report on them, not to analyze them, or reach any final conclusions.

There are a zillion phenomena that would be part of Web 2.0, and predictions of success and failure are hard. When even the business model of Amazon.com is still in question, and nobody really knows why Skype was worth billions. However there can be no question that something is afoot.

That the corporate world doesn't get it is equally sure. Just like they didn't get the PC revolution, or the Web 1.0, certainly not in the beginning, but even now it remains shaky - "The Cluetrain Manifesto" covered a lot of that. However, people are too cavalier in thinking that the PC revolution was a success of sorts, when it really has brought about a set of new problems which are barely beginning to be dealt with, witness the explosive rise of on-line fraud, and data theft from corporations as well as individuals. So if the success of the PC revolution was ease of use, then we are living the failures of it in the form of explosive new risks. We're just starting to realize the overwhelming problems which have been created by the PC revolution, and its presumed "ease of use," which is a powerful tool in the hands of the wrong people as well as ourselves. And we don't even know for sure who the good people are...

The Internet, and what we may now regard as Web 1.0, extended functionality and ease of use, but exploded vulnerabilities and insecurity in a way that is increasingly overwhelming everything else. So we are now living at the time when some of the world is still discovering the potential of email, while at the other end of the spectrum people are already giving up on email because of spam and viruses on one hand, and because it is not in real time on the other. Web 2.0 is about doing things in real time.

The biggest single problem then is that the potential speed up also will exponentially magnify the potential for abuse. With email you have time to think about a 419 scam, and perhaps have second thoughts but on chat, you are far more vulnerable. Urgency, urgency.

So security and privacy are overriding issues on the Web, and if those are not adequately addressed, the backlash will be considerable until it does, for people will boycott the medium if they're beset by problems every minute. I unsubscribed from some lists recently, because of virus problems. It's not a reasonable thing any longer.

When we are within corporate walls we have a modicum of assurance that other employees are who they seem to be, but on the Internet we have no such assurance. False identities are perhaps a bit harder on LinkedIn, but not impossible even then. On the wide open net, all we have a lot of the time is an email address.

The underlying problem in networked computing is that "My Computer" is a meaningless term, if I have no way to assert that ownership, and the rights that it entails. To all intents and purposes, "my house" and "my appartment" are relatively clear concepts, and I can have reasonable security to restrict access or at least to know when someone trespasses. Not so with a computer, yet given our information dependence, a computer becomes the central repository of information in our lives, but we routinely have far less ability to restrict access to it, and in the age of networked computing ownership of the physical device is meaningless from the moment we connect it to the Internet.

Mathematically speaking, logically speaking "personal computer," and "personal computing," are meaningless terms if the user, the "person" is an ambiguous concept and today it is. I have more security on my Windows PC than many if not most, but it's still a sieve. I have individual log-ons for other members of the family who occasionally use the machine, and restrict all of their rights on my PC. Yet when I have a problem, and bring it into the store, the technician just casually reset my administrator password in order to do his job. To call that security is a joke. And on all current generation consumer devices this is the prevalent situation. Web 2.0, with a technical foundation in IPv6 offers the opportunity for much stronger virtual networking than has been the case heretofore, and this will make the lack of meaningful access security from edge devices even more of a joke.

Therefore the central value of Web 2.0 is indeed shaping up around the idea of instant collaboration, in real-time, compared to which email is a silly store and forward medium, not much better than snail mail, and equally overwhelmed by an avalanche of spam anyway, just like your physical mailbox is by junk mail. So we move on to chat, filesharing, and other forms of collaboration, between known users, defined either by corporate perimeters, or by memberhsip in a service. But today's common form of access, by username and password, offers little or no protection, no definition of who that user is, even if the service otherwise provides technically competent "security." It is time people should go to jail for marketing anything as "secure" when any fool knows that a username/password can be cracked in 25 seconds or less. It's a joke far worse than "organic produce," and for that at least there is some modicum of consumer protection now. There used to be such a thing as truth in advertising.

THE KILLER applications of web 2.0 will be the ones that satisfactorily solves the twin problems of security, including authentication, and privacy. And also of meaningful ownership of data, which means the ability to exert all rights of an owner, such as back-ups and copies, which I can store wherever I deam them safe, otherwise people have the single provider problem, which is a security threat in and of itself.
The biggest enemies of such solutions are the users themselves, and the legal systems and government policies in many countries. Governments have a habit of doing either too much or too little. Proper authentication, and security automatically provide the ability to do secure transactions over the Web, money transfers, digital signatures: business without borders. But the risks have to be statistically insignificant, so they become properly insurable, otherwise the system will fail. Instant communication, collaboration, filesharing, and social networking and other such features will all fail if they continue to be a constant source of abuse.

The prize will go to those providers who can succeed by proving that people will pay for security. And they will, regardless of what the naysayers think, for if it enables the functionalities described in the previous paragraph, without undue risk, only a fool would not use such services.

Copyright © 2006 Rogier F. van Vlissingen. All rights reserved.