Accountability
Before we officially started Atsign, there was one conversation that shaped so much of what we wanted to create. That conversation was with Vint Cerf, the father of the Internet.?
Typically, when people talk about what’s wrong with the Internet today, there’s a whole list: No privacy! Misinformation! Cybercrime! Unequal access! SOCIAL MEDIA! Online harassment! Content moderation issues! etc.?
Vint, however, had a one-word answer: Accountability.?
He went on to say that, sometimes, he wanted to be anonymous on the Internet, and also still accountable. “Come back to me when you have solved that problem,” he told us.
It took almost three years, but we did it. We got back to Vint, who replied almost immediately and wanted us to explain how we did it. We think we passed that scrutiny with only one negative comment. More on that later.
Today, after just celebrating our fifth year as a company, we are still finding more reasons why accountability is truly the biggest problem we all face when it comes to Internet privacy and security.?
The cybersecurity industry has not offered solutions that center on accountability. Instead, they have created more and more security layers to try to keep bad actors out. Only now, with the rise of Zero Trust Architecture, has accountability started to play a role in solving security problems.
?
Even though Zero Trust Architecture is lately a huge marketing focus for many technology companies, there seems to be very little discussion, if any, about accountability. Yet, accountability and trust are the two essential components of any healthy relationship, whether that be between individuals or companies. So why isn’t it being discussed? Because accountability is hard, due to the fact that it is closely linked to identity, and identity is beyond hard—it’s impossible. Huge minds and companies have tried to solve “the identity problem” and all have failed.
From the beginning, we thought there had to be a way to solve these challenges. Our first aha moment was when we hit on an answer to the question, “What is the simplest way to assert an identity on the Internet?” The answer is “a unique string,” something that looks like an X or Instagram handle, “@colin”, but rather than the platform owning the handle, the owner would truly own it, and could use it on any platform to log in, to hold data, to exchange data. And, who would own and control that data? You got it—the owner, not the platform. We call these unique strings atSigns.
This simple change of ownership creates accountability; if you own your atSign, only you can update data behind your atSign. You are accountable for your own data.?
领英推荐
Why is this important and useful? Think about how often you sign up for a new app or website and have to, once again, fill in a form with your name, your phone number, your email address, etc., etc. What if instead you just shared your atSign, and granted the app or website access to the specific details they needed??
It becomes much easier to manage your information. If you move or get a new phone number, you simply update your information in one place, and every contact, both personal and professional, who needs to know is automatically updated. This could even work for things like a credit card number changing. Updating your atSign would eliminate the hassle of notifying everyone. Imagine the pain being removed, all because you are accountable.?
?
In addition to things being easier, we also benefit from greater data privacy and security. By eliminating intermediaries and granting individuals control over their data, we create a more secure digital ecosystem. This decentralized approach benefits both individuals and businesses, streamlining processes and reducing risks associated with traditional data sharing methods.
Now, to add an extra twist to the story: We know people answer questions differently depending on who is asking. But current technology doesn’t reflect that. Normally, a database gives the same answer to everyone who queries it. Atsign is different. Before granting access to your information, you’ll always know who’s asking (their atSign), and your answer can be tailored to reflect that.?
If you do not know the atSign asking for the data, then you can ask a trusted atSign, in this example, “@visa,” to attest for them. Let’s say you want to purchase something with your credit card, but you do not recognize the seller, “@vendor.” Before giving access to your credit card number to @vendor, you could ask @visa if they trust them and could attest for them. If @visa confirms them as “trusted,” then @visa becomes accountable for the transaction, allowing you and the vendor to proceed securely.?
In the background, @vendor might well be asking about @you to see if they should transact with you!?
This is precisely how we answered Vint’s challenge for accountability with anonymity. The attester has done the work to attest. Both the anonymous person and the person offering the service trust the attester, or can communicate to agree upon a shared attester. The person offering a service does not need to know anything other than that the attester trusts them.
This same mechanism can now be applied to Information Security in so many ways. Binaries could be attested by multiple engines before being run, preventing malware and ransomware. Network vulnerabilities can be mitigated by exposing network services only to attested atSigns, making the infrastructure literally invisible to everyone who does not have an attested atSign. This means that if there is a bad actor attacking you, someone is directly accountable for letting them in—you can quickly limit their access and trace them back to an employee or attester.
So, what was that one negative comment made by Vint about our solution to accountability? Vint mentioned that unicode and other character sets could be used to create atSigns that look like other people's atSigns and he was not so keen on emojis??. As a result, at least for now, when you get an atSign you can only use Latin characters and a limited number of emojis, but the tech of course does support Unicode.