Ever since it was discovered that people could send information encased in arranged groups of electrons, a realization about the nature of that information began to set in: It was no longer as secure as it had been before.
Physical objects were easy to keep track of and catalog. They were harder to replicate, which made it easier to control their numbers. Large numbers were correspondingly harder to move, or lose, than smaller numbers. And they could be locked in a coherent space, with no chance of somehow seeping through the cracks and escaping. But the new digital file presented a problem that was as far beyond the constraints of physical objects, as a horse would be compared to a slug. And whereas you can confine a group of slugs with the simple expedient of encircling them with salt, you need a considerably more sophisticated method to corral a herd of horses.
Speaking of herds
In the early days of North American colonization, ranchers and farmers ran into problems establishing their lands, and keeping others’ herds of cattle, horses, sheep, etc, off of farming lands. Over time, methods of fencing land, documenting property lines, branding animals and cataloging them with the local authorities were devised… and this, despite violent disagreement and joint animosity, in what was considered at the time a “lawless environment,” that suggested that such control would never be accomplished. Bandits and rustlers regularly demonstrated that those controls could be broken, and often made others’ lives miserable (and even shortened) in their acts of flaunting their ability to break the laws. But the steps were bolstered by law enforcement, and by a cooperative nature that forced farmers and ranchers to work together, or be denied fair commerce and other social perks over their transgressions, and soon, the bandits and rustlers were brought under control. In the end, the steps were seen as beneficial to all, as they provided security and protection fairly to those in the community, whilst allowing commerce and fair profit to be made.
There are a lot of similarities between today’s digital document landscape, and the “lawless West” of the 1800s Americas. Before control was established on Westward Expansion, property was stolen, claims were jumped, herds of livestock were rustled and human lives were snuffed out by petty criminals, on a frighteningly regular basis. Despite the romanticism of the movies, there were no codes of conduct, there was only greed, anarchy, and the rule of the gun, the mob and the masked gang.
Today, computer bandits (usually called “pirates”, but they might just as well be considered the modern version of “cattle rustlers”) demonstrate every day that electronic files can be hijacked, security measures can be broken, and property can be stolen almost at will. And they, as well as others who have bought into the pirates’ constant insistence that they cannot be stopped, believe that there will never be a way to provide security and protection for digital property. Anarchy exists today, and those who seek to establish any rule or control over their property are at the mercy of those who revel in lawlessness.
It is, of course, possible to find other ways to support digital content, such as through sponsoring programs, subscription models, and other pre-sale devices, thereby allowing for the files’ free dissemination, and largely removing the need for security measures. Yet, despite the present reality, there are security measures that can be taken—some already developed, some under development, and some beyond the horizon—as well as changes to law enforcement and the social activities of individuals, to help provide the backing of that security and ensure its overall effectiveness.
Most of today’s digital file security technology—aka Digital Rights Management, or DRM systems—are based on simple number- or text-based passwords, which are usually unique to the single item and therefore essentially disposable. The simple password systems are usually easy to break as well, leading eventually to potential dissemination of unprotected files. The fact that text-based passwords are so easy to circumvent, and that there is little disincentive to do so, makes existing DRM quite literally worthless… and this is the source of most of the anti-DRM sentiment in electronics circles. But there are better encryption methods available to digital files, methods that would make code guessing practically impossible. The most advanced and promising of these are biometrics.
The 21 st century “key”: Biometrics
In the movie “The Incredibles,” fashion designer Edna Mode provides some laughs when she enters her secret design lab by quickly and casually punching numbers into a keypad, providing a handprint, allowing her eyeball to be scanned and speaking into a voice recognition microphone (and just as quickly clearing Helen Parr, her guest, before she gets shot as an intruder).
Although the scene was comical, it hints at the future of security in the form of biometric identification systems, identification systems based on physical attributes that are unique to each individual. Many of the security methods in the Incredibles scene are already in use today, and others are still on the drawing boards. In fact, many biometric systems are now available as over-the-counter accessories for computer hardware, such as fingerprint ID scanners that can be used to log into a computer, or to unlock the files on a storage device such as a USB key. Such an encryption system would be orders of magnitude safer than mere text-based passwords, harder to spoof, and almost impossible to unintentionally share.
Although these devices are considered optional today, they are already being incorporated permanently into some devices being used in business circles (fingerprint ID scanners are now built into the bodies of many laptops). Businesses, ever mindful of security and seeking new and better ways of doing things, have usually been the first to experiment with these security devices. But, as has happened with other business-developed hardware and software, office-proven equipment could eventually find its way into the home. This could happen as other entities find uses for security hardware and software that benefits consumers.
We can easily envision an electronic landscape where every device capable of accepting a digital file, or for that matter needing any sort of personal security, is equipped with a fingerprint ID scanner (the smallest of them are about 1×2 centimeters in surface area). A user would activate the device by swiping their finger over the scanner, essentially replacing the “on” switch on most devices.
When a digital document was to be purchased, the purchaser would swipe their finger across their scanner for the purchase. Their scanned fingerprint data would be permanently encrypted into the document, and when the document was accepted or opened, the device would require a scan to decrypt and open it (probably the “on” scan would suffice, but a second verification scan might be useful). If the scan did not match the encryption password (the right biometric ID), the document would not open, or would not be accepted by the device at all.
Users would eventually adopt a new action, the “swipe,” in their everyday dealings with protected electronics. The “swipe” would replace password typing, card-inserting, fob-waving and many other existing forms of initial electronics access, and would be added to individual files on an as-needed basis. If the system is kept relatively simple and accurate, the “swipe” could become second-nature in no time.
But how do consumers, who are notorious for not wanting to try radical new things, get into the use of biometric systems? And once in, how do they resist the urge to break them? The key, so to speak, is “incentive.”
Incentives for new habits
In order to get people to try something new, you generally have to present them with a new way of doing things, show them how effective it is, encourage its use with appropriate incentives, and sit back while the population turns over. Most widespread changes are incorporated into daily use in this way.
A fairly recent example of this is the incredible proliferation of the cell phone, considered when it was introduced to be a rich man’s toy that most people couldn’t see any real need for. It was through incentive—subsidized phones, competitive prices and packages, cool designs and the usual “be cool with your friends/the opposite sex” ads—that cell phones became the runaway phenomenon of the 1990s and 2000s. Now, many cell phone users are cancelling their land-lines, something largely unheard-of just a decade ago, and leave their phones on at all times. A completely new paradigm of behavior was created in one generation, and many of us can scarcely imagine what life was like before the cell phone transformed our lives.
In another example, incentives such as online store discounts, exclusive content and advance opportunities at other offers and products have proven to be effective in encouraging customers to sign up for and use store and club cards, a system that uses security to ensure the customer gets deals that non-members cannot get. Interestingly, even though certain personal information is knowingly being collected, maintained, accessed by third parties and used to deliberately sell targeted products at the card owners… consumers largely accept all of this Big Brother-ish activity, for the perception of saving money.
Similar incentives could be applied to biometric systems, in effect, encouraging consumers to add the requisite hardware to their electronic devices, and to use it without fail on any device capable of reading a digital document. Unlike proprietary store cards, a biometric system would need to be standardized and widespread, applied equally to every electronic device that can accept external digital files. This would remove the danger that a vendor or company would fold and their proprietary biometric system would take valuable content with them… a major “disincentive” that is presently working to drive consumers away from proprietary systems.
In addition, a standardized way to encase the files within this encryption system would need to be devised. Protocols for assigning an encrypted “key” to a file, unlocking that file, and establishing fair use guidelines, would have to be established and followed. The methods of using these tools would have to be easy, almost thoughtless in their simplicity.
And finally, good reasons for using these tools, and good reasons not to abuse them, must be established. Access to exclusive content, discounts, convenience of use, and even social incentives (however real or bogus) should be used to drive consumers in the direction of biometric security systems. There should also be a significant downside to breaking or abusing these tools, as in a loss of access to other content, or having rights, privileges or accounts taken away… this disincentive method has been effective in keeping cable subscribers from sharing TV signals for years, and today is used effectively in preventing some software (like the Windows OS) from being shared on multiple computers.
Properly used, these tools enforce consumer honesty, with honest and dishonest alike, because of their desire to have access to the perks and to avoid jeopardizing that access. This can also stymie content pirates, who may still be able to break into content, but often find no market for it in a world where consumers have accepted the incentive-based legitimate systems and shun illegal markets for fear of losing their legitimate access.
This combination of law and social cooperation finally brought the American West under control, and turned a chaotic mob-rule countryside into a safe, orderly and profitable place to live. It may not be perfect—things still get stolen, and people still get hurt—but compared to its former state, it is a relative paradise of civilization today. And it is a shining example of what can be accomplished, given the desire of the majority to do so.
Big Brother, or Big Deal?
Of course, no one really likes security. Everyone wishes they could leave their front door unlocked at night, and not need to remember a password to get into their computer at work. Some cling to the notion that life is only worth living if it can be this way, and insist it is the only way of any future worth living.
Most of us, however, are more realistic than that. We understand why we lock our car doors, why we don’t volunteer information to strangers over the phone, and why we don’t open every e-mail we get. We understand why there are fences and drivers’ licenses, metal detectors at airports, theft detectors at the department store and cameras in the ceiling at the grocery store. We understand that, as much as we might like it to be otherwise, there are needs for security and protection in the modern world. And we understand that security doesn’t automatically equate to totalitarianism, as some fear mongers and Big Brother evangelists would like us to believe.
Some would like to think that a biometric system would somehow have to be tied in to a universal database in some government sub-basement, where all of a consumer’s private data would be updated, and presumably accessed and abused, with every swipe of a finger. Not so: Existing fingerprint scanning devices would send the fingerprint data to the document itself, to be encrypted within and matched locally (within the machine) when opened… waiting for some universal database to clear and catalog every transaction would be too slow and impractical to be workable. A user’s files and activities would not end up in a privately-controlled database somewhere, any more than a database buried somewhere is storing every instance of you unlocking your front door.
Others decry that no security system is perfect, and therefore they are by definition useless. Not so: Security systems are generally not expected to be “perfect,” they are only expected to be effective at controlling loss; if the level of loss control is considered reasonable to the sellers, to the extent that fewer criminals are willing to go through the trouble of breaking the security for the resultant payout they expect, and the sellers do not lose more money than they want to due to theft, the security is considered successful.
Though we might prefer a world of free and unencrypted content, we tend to respond to access to good material, and the threat of losing access through inappropriate actions, by being good consumers, and accepting certain measures of security and control in order to gain access to that which is desired. Most businesses thrive on this theory, the idea that customers overwhelmingly prefer the easy option to get what they want, and if it is easier to just go with the flow, they will go with the flow. Easy access to desired content even trumps “Big Brother” concerns for most people, and the better the content, the less the concern.
The reality of the theory
To date, incentives have been applied to new technologies and selling paradigms, encouraging their use. The success of that use was dictated by a measure of the usefulness of the technology, against the undesirable qualities of the security system. If usefulness outweighed the undesirable qualities—as it did with cellphones and store cards—the technology was accepted. If undesirable qualities outweighed usefulness—Disney’s “time-limited DVDs”, for instance —they were abandoned in favor of better tech. Each successful application has ably demonstrated that we are capable of accepting some amount of inconvenience for the sake of effective security.
The realities of this instance is that it would take quite some time to roll out biometric ID hardware for all electronic devices, and this isn’t even the greatest hurdle. An encryption “lock” must be devised to house the digital files, something that can be applied at point-of-sale or transfer, and unlocked by the consumer on-demand. A method of transferring the document’s key access to another, at least on a limited basis, would be helpful (while not an absolute necessity, it is something consumers are used to, so it could be considered another “incentive”). Then consumers must be convinced to use biometrically-encrypted files through the use of incentives and disincentives, possibly including short-term extra incentives to get them on-board.
It is wholly possible that a combination of hardware, software and incentive/disincentive program could be rolled out and largely accepted by the public within a few short years… provided a dedicated organization was behind the push, and had full public support behind them. More likely, it would take between five and ten years for groups of organizations to work out standards, implement them, and find commercially-viable ways to get the public on-board… assuming the organizations all agreed on the need for the system, and got started on it together. A government could step in and create the standards for the organizations to follow… but waiting on a government to do that would probably take even longer than depending on the organizations to get it done. Consequently, we are probably talking about a system that could work today, but will probably not see widespread use for another decade or more. (At least that’ll give the Big Brother alarmists time to get the howls of protest out of their systems.)
But that doesn’t mean it isn’t something to look forward to. Just like the American West was eventually brought under control through an application of laws and social cooperation, making it a better and safer place to live and do business, the digital landscape will be a better and safer place when document security has been established, and social cooperation backs the laws that protect it. And when that happens, there will be few people left who will look fondly back on the lawless era that preceded it.
When security measures are applied to a formerly unsecured product or service, no one is happy about it. But given time, everyone gets used to the situation, and even come to understand the advantages in better security. Digital document security can be established in this way, by creating a workable system and providing enough incentives for consumers to get on board. It’s not impossible. And given the many examples of the past, and the fact that we will remain to be, for the foreseeable future, a goods and finance-based global market, I’d say it’s inevitable.