As Europe and its remaining partners prepare to truly counter the enemy’s disinformation and attempts at division, it has become painfully clear that one of the strongest, and currently missing, defenses is a transparent, reliable, and verifiable chain of trust for public discourse. A strong digital ID for each constituent that is mandated on trusted social platforms for people that wish to actively participate, but crucially NOT required for private person-to-person messaging. That last part is critical for the system to remain effective, more on that later.
Effectively all social media platforms have been and are currently running entirely without firewalls against bots and bad actors. This is a ludicrous state of affairs from a security and usability point of view, as it allows those with an agenda to freely propagate their messaging without checks or the risk of being held accountable –both in good and bad.
Barring unauthorised, untrusted, and unidentified agents from the trusted platform at the gates is quite literally one of the most simple and effective ways of curbing the tactics that Russia, China, and others employ to destabilise and divide people for their own authoritarian goals. Removing this capability alone will obliterate the enemy’s ability to project their strategic goals of information warfare, as the bad actors currently rely chiefly on the quality of quantity and the statistical gains this spamming on the free Internet provides through uncertainty and numbing in and of the reader –many publications are also culpable in this, either directly (paid, deliberate propaganda, etc.) or indirectly (incompetence, prejudice, etc.).
The glaring downside to this type of identification obviously being, that now everything people do online on these platforms is verifiably tied to them and trackable –and there is no guarantee that this data wouldn’t eventually (lol) be weaponised to the constituents’ detriment, be it politically, economically, or socially. It’s therefore vital to limit the scope of the application (identification) to select platforms or areas of a platform, and NOT MAKE IT MANDATORY ACROSS THE ENTIRE INTERNET. Just give the decent people a chance to interact with each other in a secure and trusted setting without the miscreants, and it will in time flourish.
Another chief concern is the ultimate root of trust. Authoritarians would and do salivate over the prospect of controlling this kind of ultimate source of truth. It’s therefore important to realise the need for the collective truth to be comprised of many independent and intertwined perspectives and chains of authenticity that, even independently, maintain sufficient resiliency to targeted attacks. In practical terms this means each democratic country should maintain their own systems and NEVER yield that digital sovereignty to anyone or anything else (e.g. The European Union), as this introduces a massive lynchpin vulnerability that may destroy the entire system when compromised or affected by the enemy (because everything falters at times).
Strong digital ID is a weapon. It is devastatingly powerful in its application, and it should only be wielded as a precision instrument by those who understand the weight of exercising that power. As war approaches, brandishing the weapon has not only become a morally valid option, but a neccessity for survival.
The Risks
There are a myriad of issues with implementing strong identification online and on social media. Few of them are somewhat easy to see coming, and others are likely impossible to predict before people start interacting within and outside the new environment. Below I’ve noted some of the most obvious issues that are virtually guaranteed to cause significant issues either immediately or as time goes on.
Lack of Leadership
The existing political leadership is far too reactionary to be considered a leader on any real scale, doubly so for all things digital. Even if the leadership learns to be proactive, there is the issue of trust. The most prominent existing political figures are not exactly know for leading by example from the front, and I wouldn’t hold out my breath for them to ever grow the spine nor competence to demonstrate otherwise. As a result, the contemporary career politicians have a arguaby well-deserved bad rep among the general population due to the inefficient systems they helm and the often detached-from-reality viewpoints they hold and advocate for.
There are many ways this poor leadership manifests in practice; but, a somewhat consistent example on the topic of digital identification, piracy, and surveillance would be the various proposals for online CSA prevention and online DRM. It’s a running gag at this point how certain entities attempt to cram various “think of the children” legislations to the brim with tools and mechanisms to degrade the privacy and security of the general populace, highlighting the need for eternal vigilance, as even good-sounding proposals can contain malicious and damaging components to society.
Here’s a semi-recent EDRI case relating to the CSA Regulation, and the occured maladministration which permitted not only corrupt lobbying, but also enabled the redaction of the corrupt “expert group” actors from the initial documents –an attack against transparency and verifiability. Proving that the existing leadership is either corrupt or incompetent in part, but also uses existing mechanisms to protect those abusing the system for their own financial and authoritarian goals.
As seen from above, repeated counts of consecutive maladministration appear to slip through all the time, and it seems to keep happening until someone points a finger and starts asking questions –highlighting the importance of transparency in the chain of actions. To put it bluntly, all the people responsible for those first rounds and overseeing them at the time were either incompetent or corrupt on an individual level. This type of ineptitude would, objectively speaking, disqualify someone from a position of responsibility. You can’t have a “leader” that needs to be supervisied like a toddler in charge of things, as that enables corruption and abuse. As it stands, not enough transparency exists to make these cases, and the people responsible, more obvious to everyone.
Without the relevant competency, transparency, appropriate initiative, and the willingess to demonstrate these traits on a continued basis and assume the relevant responsibility, an entity can’t, and mustn’t, be called a leader. Furthermore, a good general rule to remember is that: Anyone who claims to be for safe and secure digital forums would not champion the cause by staying in the shadows themselves. So anyone who redacts their name from these documents and wants to be excluded from their effects is in the simplest terms a liar and a fraud. A real leader would lead by example and subject the proposals to themselves before wider adoption of the technologies. To date we’ve seen the exact opposite, often succinctly put as: “Rules for Thee, not for Me”.
Lack of Technical Proficiency
Perhaps unsurprisingly, designing, implementing, and maintaining technical solutions requires at least some modest amount of technical proficiency. To say that the existing administrations and the organisations they helm have poor understanding of the technologies they have access to would be beyond generous. Fancy, proprietary, and complicated systems seem to be favoured over tried and true paradigms that are easier to secure and manage, resulting in many security events that put sensitive data and operations at risk. This is seemingly often done to save a modest amount of cost and time upfront during deployment, only to pay for it dearly during the lifetime of the solution in various ways.
Then there’s the issue of informational and operational security. In the current world these aren’t optional skills for workers and citizens alike to have. Everyone at every level must be sufficiently proficient “in computers” and securely managing their own sensitive information. So this is as much a requirement for the average person, as it is for the leadership. Failing to understand how to use the needed systems, and sefekeep the sensitive data is an outright recipe for disaster, which will be directly reflected in the running costs through, yet again, security events that will either directly or indirectly incur a cost.
The average person has to learn how to detach themselves from the digital pacifier that is their smartphone and old-school social media, in order for them to even begin to grasp the basics of proper digital communication skills. And likewise the leadership must reign in the status quo of uncontrolled social media algorithms, and call the bluff of the massive corporations claiming that no one understands how the algorithm works –because that’s bullshit, and only a deflection of responsibility. None of it is magic, it’s all by-design, both the design and the implementation.