Next week is the big RSA Conference in San Francisco . Among the keynote speakers on April 21 will be Scott Charney, Corporate Vice President for Trustworthy Computing, Microsoft Corp. The RSA Conference programs provides an abstract of Charney's keynote, entitled “Moving Towards ‘End to End Trust': A Collaborative Effort.”In preparation for next week’s keynote, Microsoft has updated the End to End Trust website with a new blog post by Scott Charney:
What is End to End Trust?
Friday April 10, 2009By Scott Charney
It is not an overstatement to say that the Internet has transformed the way we live. Social networking represents the new town square; blogging has turned citizens into journalists; and e-commerce sites have spurred global competition in the marketplace. But with people of all ages flocking online, and with the proliferation of high-profile, targeted attacks on individual or organizational information, assets and identities, more and more people consider the lack of security and privacy on the Internet to be at an unacceptable level. Indeed, the Internet has had a positive impact on many, many aspects of our society, but greater global connectivity combined with the increasingly valuable information stored online has resulted in a new array of threats and an increase in cybercrime. It has become increasingly clear that if cybercriminals remain anonymous and untraceable, there will be no meaningful accountability for online crime and little by way of deterrence. In the physical world, we have effective proactive measures (locks and keys, community watch, law enforcement patrols) and effective reactive measures (arrests and prosecutions). Many crimes are prevented, and many crimes are solved. But the Internet is different. Despite improvements in effective proactive measures, criminals are not held accountable for their actions and are increasingly emboldened. If we want the Internet to reach its full potential, we need a safer, more trusted online environment. This is why at last year’s RSA we proposed a vision, called End to End Trust, for a safer, more trusted Internet. This vision builds on Microsoft’s continued commitment to improving the security and privacy of our products and services. Along with our industry partners, we will continue to build a more secure, private and reliable computing experience. But Microsoft and the technology industry alone cannot create a trusted online experience. For that to happen, industry must not only band together but must work with customers, partners, governments and other important constituencies on a roadmap for taking Trustworthy Computing to the Internet. We believe there are four key pieces to creating greater trust on the Internet. The first is creation of products and services that are designed, deployed and maintained in a way that protects security and privacy, in part by embracing defense-in-depth techniques and responding to specific threats. The second is the creation of a trusted stack where security is rooted in hardware and where each element in the stack (hardware, software, data and people) can be authenticated in appropriate circumstances. The third piece involves managing claims relating to identity attributes. We need to create a system that allows people to pass identity claims (sometimes a full name perhaps, but at other times just an attribute such as proof of age or citizenship). This system must also address the issues of authentication, authorization, access and audit. Finally, we need a good alignment of technological, social, political and economic forces so that we make real progress. The goal is to put users in control of their computing environments, increasing security and privacy, and preserving other values that we cherish such as anonymity and freedom of speech. A more trusted Internet is good for our business and for our customers, but End to End Trust also reflects Microsoft’s sense of corporate and social responsibility, values that we know are shared by others in the Internet community. At this year’s RSA, I look forward to continuing the robust discussion we began last year on how to enable a safer, more trusted Internet. For those of you who haven’t yet read the paper on End to End Trust, I encourage you to do so by visiting http://www.microsoft.com/endtoendtrust.