What is the difference between ‘security’ and ‘trust’ on the internet? Trust is local, security is global. 2015 is shaping up to be the year that consumers and companies both come to this realization. Opportunities to bridge this gap abound as cyber-security start-ups quickly become Silicon Valley’s most recent fascination and venture capitalists have flooded the sector with investment as they look to back the latest technology used to fight criminals online.

On the whole, we’re doing a great job at securing the internet and developing new technologies to allow for enhanced personal data protection. But if security is to be viable, it must be engineered at the global level. Enter Big Trust, the new coin of the realm that is rapidly replacing the market’s fascination with Big Data.

At the recent World Economic Forum in Davos 2015, Big Trust emerged as a concept that gives due weight to trust’s importance in the digital age. Companies that embrace Big Trust and prioritize security over customer-data commercialization will be rewarded by consumers who tire of repeated intrusions into their privacy.

At this year’s Davos Conference, I moderated a round table on CyberSecurity and participated as panelist at the New Business Context: Risky Business session. One conclusion was that with billions of people around the world have grown increasingly distrustful of the internet and that the urgent necessity for a new model has emerged. Big Trust.  Our panel also concluded that there is actual commercial value in offering trust and security.  The fundamental right to privacy is at stake and if users begin to abandon the Internet because of security concerns, the multitude of recent positive developments in digital communications will be lost. All kinds of applications and firms will be negatively affected, including social networks that need further customers and governments that rely on cloud computing.

Our Davos panel also weighed the challenges of scaling up user-centric solutions and they loom large. Sufficient venture capital funds must be sourced. Support from professional business service firms must be won.  Mobile telecommunications networks, typically the least secure, have undergone massive expansion. Finally, our world is becoming increasingly interconnected and multipolar.

Other participants called for collaboration around faster-moving experimental projects in which the new demands of users help feed processes of entrepreneurial innovation in digital identity and personal data management.

One of the most mature and concrete examples of Big Trust on the Internet are the root systems we have developed in Switzerland in collaboration with OISTE*. These systems are created and maintained in secure military bunkers under the Swiss Alps. In the past these vaults held gold, but now they protect something more important – your privacy.

Project DIKTYO:

Recognizing:

• With big data, the Internet of things and the arrival of new generations of powerful ubiquitous communication along with convergence and cloud computing, we are on the move into yet unchartered territory in digital communications.
• A wealth of new services, meeting our outstanding needs in health, education, commerce, and public services, stand to be developed and scaled in ways never seen before.

Aware that

• Continued disorderly access and uncontrolled diffusion of personal information without our knowledge harbours significant risks for misuse.
• Usability and security are currently subjected to trade-offs that create difficult choices for how to strike the balance.
• It is becoming increasingly expensive and distortive for financial and other sectors to insure and protect themselves against the risks of cybercrime taking advantages of security glitches.

Against the background of

• Billions of new human users – most of them members of a young generation – are set to join the Internet.
• Trillions of devices, ranging from critical infrastructures to sensors to cars to refrigerators to toys or even watches and clothes, stand to go on line.
• Each user and device will have to be embedded in trusted frameworks of authentication and authorisation framed, in a myriad of constant borderless exchanges and transactions.
• Devices will be set to take decisions automatically and autonomously.

We, the under signers, agree on the importance of:

• Mitigating security risks and increasing trust in this dense digital environment, with much higher precision and at lower cost than is the case today
• Initiating effective collaboration to put in place a coherent system for electronic identities, capable of handling derived identities, operating for humans as well as for devices.
• Putting users in better control of their digital identity, including what data they share and of their privacy,
• Ensuring trust interoperability between Cryptographic Rootkeys.
• Paving the way for trusted search and other e-services,operating across sectorial and national boundaries

We therefore agree to

• Plug into the proposed Single European Digital Identity Community as envisaged by the Digital Agenda (DAE) in its Key Action 16, collaborate with ETSI, W3C, and IEEE, and engage with the ITU,OECD, ISO and other multilateral and international bodies of relevance to the global linkages and ramifications.
• Build upon the Davos Charter of 2014 “Addressing Identity Management, Privacy, Security and Trust in Digital Communications” ()
• Draw upon the work that has been undertaken on new frameworks and business models, e.g., an Individual Digital Identity (INDI) by the GINI project (), comprising user control in sharing personal information, a new generation of service delivery, public data provision and user-driven operator services ensuring the integrity of data, reputational protection, intellectual property rights protection and trust;
• Benefit from the provision of OISTE ‘s Rootkey () and its innovative neutral Trust Framework.
• Further examining how to recognize diverse technical solutions, including requirements of common protocols, Defining what legal cross-border interoperability is required for orderly authentication and authorisation in the world of tomorrow?

In order to Achieve:

• A coherent system for trusted identities, operating for humans as well as for digital devices.
• A neutral platform for all stakeholders, bridging Multiple Jurisdictions, to address issues of Cyber Security, Search,Privacy and Data Governance in a secure and open Internet.

* The OISTE Foundation, is a Geneva-based, not for profit organization, founded in 1988 was created with the objectives of promoting the use and adoption of international standards to secure electronic transactions, expand the use of digital certification and ensure the interoperability of certification authorities’ e-transaction systems.

This article is published in collaboration with WISeKey. Publication does not imply endorsement of views by the World Economic Forum.

To keep up with Forum:Agenda subscribe to our weekly newsletter.

Author: Carlos Creus Moreira is Founder and CEO of WISeKey, a Geneva-based World Economic Forum Global Growth Company and.pioneer in digital protection, online trust and privacy protection since 1999.

Electronic communication keeps expanding. With big data, convergence and the Internet of things we are on the move into yet unchartered territory. A wealth of new services, meeting our outstanding needs in health, education, commerce, and public services, could be developed and scaled in ways never seen before. Conversely, however, the disorderly access and diffusion of personal information without our knowledge harbours unknown risks. Following developments ranging from the Snowden revelations to major hacks by criminal gangs, trust in the privacy and security of digital communication has come to a new low. Much is at stake, given the share of the global economy that is already based upon digital communication and its growing reach into new domains. Not only has the number of Internet users passed 2 billion. Another 5 are set to join in a few years down the road. 50 billion electronically communicating devices will emerge as well, each one embedded in frameworks of authentication and authorisation framed to decide who calls the shots, and who does not, in a myriad of exchanges and transactions every minute around the world. It is in this context that the development and usability of trustworthy eServices need to be shaped. Multi-factor authentications and hardware based credentials, a sound approach to privacy protection of biometric credentials, and for interoperability of different authentication methods, along with a common understanding of their respective credentials, are in demand. So is the rise of support actions including better harmonized and more compatible regulation, legislation and data protection schemes. Capturing the opportunities and countering the threats requires new responses. More sophisticated passwords and heavier PKI will not do the trick. A myriad of interlinkages supported by a range of communication tools requires a seamless and systemic response. It appears necessary to move towards a common framework for identity management. One way or the other, this seems inevitable building block in the discourse of achieving cross border or borderless communication and transactions in an increasingly fast-moving digitalised global economy. But how are different technological solutions to be reconciled? At what level are common protocols required? What cross-border legal interoperability is required for orderly authentication and authorisation in the world of tomorrow? Is the introduction of a common system for electronic identities the response that we need? A globally valid ID? Or a common European ID, in our part of the world, as a first step? Is successful collaboration in this respect the platform on which we can build trusted e-services, with the certification and support mechanisms that are required? If that is not happening, or cannot be achieved in Europe; why is that so? Will a common effort of this kind then instead take hold in other parts of the world? Or is there another way of coordinating and enabling joint progress? The situation at hand calls for immediate actions to increase security, interoperability, and privacy in order to regain trust. Following an initiative from WISEKey, OISTE, GINI S.A., IKED and the Fraunhofer Innovation Cluster next generation ID this topic is featured at the World Economic Forum in Davos 2015 in an event that brings together decision makers from in policy, industry, research and civil society around the world to discuss this most relevant topic involving all relevant stakeholders. Following the great success of the Davos 2014 Roundtable “Addressing Identity of People and Things, Privacy, Security and Trust on the Cloud“, sponsored by WISeKey, in which selectedalpha, including Neelie Kroes, European Commissioner; Humberto Ribeiro, SCS – Ministry of Development, Brazil; Prof. Thomas Andersson, IKED; Prof. Alex “Sandy” Pentland, MIT and Marina Grigorian, Fraunhofer FOKUS, discussed the future of identity management and data governance under the moderation of Carlos Moreira.

https://www.wisekey.com/press/wisekey-exclusive-panel-identity-security-big-success-world-economic-forum-annual-meeting-davos/

During the 2015 edition a second roundtable on the subject will be organised, this time addressing

THE RISE OF BORDERLESS ELECTRONIC IDENTITIES:  ADDRESSING PRIVACY SECURITY AND TRUST IN THE POST-PASSWORD ERA.

The objective for the 2015 edition will be to provide a neutral platform for all the stakeholders working on Cybersecurity, Trust Models and Digital Identification to work together and collaborate on a common electronic identity system. For Europe this responds directly to the proposed Single European Digital Identity Community as envisaged by the Digital Agenda (DAE) in its Key Action 16. Other regions, the ITU and other multilateral bodies are likewise increasingly engaged with these issues.

The roundtables will also explore the direct significance of such a common identity system for realising trusted e-services in diverse markets. This includes a financial track bringing experts from M&A to discuss trends Global Cyber Security as the spending on this market is expected to reach $100 billion in 2015 and is forecast to grow at an annual rate of 22 percent in the next five years to reach 160 million in 2018. The United States, China, Brazil and Europe account for 90% all deals globally triggered by growing cyber threats and increasing awareness among both organizations and consumers of accelerating breaches and attacks, from our report. In most regions, the private sector accounts for the majority of Cyber Security spending, with the U.S. the notable exception where government spending is almost equal to that of the private sector. The strong U.S. technology industry combined with the fact that the U.S. defence and intelligence budgets are significantly larger than in any other country are key market drivers. Other key drivers underpinning growth in Cyber Security spending include: Increasing cyber threats, both from new actors and new threat vectors (the paths that attacks can take). Greater vulnerabilities due to the more pervasive use of technology, particularly mobile devices and cloud computing. Increasing awareness by organizations and consumers of the threats and potential threats. Changes in technology driving product and service innovation of security solutions. Increasing regulation, particularly those enforcing the requirement to secure personal data. Changes in outsourcing; some organizations are increasingly relying on partners for security, whilst others are growing internal security spending to maintain greater levels of control.