By Melih Abdulhayoglu, Chief Security Architect - Comodo Group
Any infrastructure that is built with inherent weaknesses is bound to crumble, sooner or later! Similarly, the huge potential of the Internet, e-commerce, and all it can offer cannot be expected to be realized and flourish long term unless its weaknesses in the areas of trust and security issues are addressed.
How can you be sure of the credibility of an Internet retailer? You go to a website selling goods very cheaply, perhaps one third of the price you could pay elsewhere. You are suspicious, so you look at their website to see if they are authorised to sell these goods to you. Aha! - they have an "Authorised Dealer" logo displaying on their website. But, you think to yourself, ‘how come, this is too good to be true.’ Maybe it is maybe it is not – but you just don’t know. The real problem is that you don’t have any means of verifying this either!
The outcome might be that you decide not to buy it from this particular merchant, but stick to your tried and tested web merchants! Thus the inability to verify a logo or hallmark on a particular site stifles one of the benefits of the Internet, namely freedom of choice! You don’t know that the logo you see on a web site is authorised by the logo issuer. This is why the majority of us only shop with the known brands - lack of ability to establish Trust! And this is not because other sites don’t display logos saying they are authorised – it is simply the inability to verify the legitimacy of these logos.
Let us consider this in more detail. To the question of "Are you a fraudster" you will never get a "Yes" answer (unless you are "dumb fraudster" in which case we don’t mind you being a fraudster). An honest person will answer "of course I am not" and the fraudster will answer "of course I am not" (because he/she is a fraudster!). Generally, when we want a reference about a person or a company we go to third parties to get that reference, yet when it comes to Internet we have "click to verify" systems! Who is the dumb one here then?
How can we possibly be satisfied by a logo on a website that will offer us verification? By clicking to verify within the boundaries of the website’s control we are simply asking the website to provide us with the verification! It would be easy for the website authors to fake a verification page. So how do you know the supposed verification page is an authentic one? You don’t!
What is needed is a way of verifying the logos or hallmarks in online
content in such a way that the website for whom the reference is required
will not even be aware that the request for reference has taken place!
After all, if the website does not know when you have requested the reference
then it won’t know when to fake it!
Consider a new British £10 note that we use in the physical world. In order for this banknote to be recognized as having its true value we have integrated ten different technologies to provide the following:
If we had none of the verification technologies mentioned above to verify the banknote, what would happen to our economy? Lets say that you are given a banknote and you don’t have a clue about its authenticity and no means to ascertain/verify it either - i.e., what if we had no verification technology - what would happen?
Quite simply there would be no economy! The only way an economy without verification technology could possibly work would be if everyone was completely trustworthy – a set of circumstances we cannot envisage even in another thousand years!
So, we need verification in the digital economy and probably even more
than we do in the physical one. The only interface we have in the digital
world is a few pixels of display on your computer monitor. In the physical
world you can touch, smell, interact with the person you are transacting
with. In the Digital world you just have an image, all you have is what
you see on your monitor! So, we need verification technology even more
in the Digital world than the physical world, unless everyone promises
to be trustworthy from now on!
In a world where copying is as simple as a couple of ‘clicks’ of a mouse, digital content is worth a lot less than its physical counterpart, because there is no way of establishing authenticity. We need to know what is authentic or not otherwise there will be no trust.
Internet use should not be a simple replacement for conventional mail or telephone. We should not be using the Internet simply as our shop window or to send somebody email. The true potential of the Internet and our digital world is so much more - all we need is the technology to unlock these potentials.