Edward Tenner writes about the revenge effect in technology in his book, The Revenge of Unintended Consequences. He points out specifically that security is an example of where we can see the revenge effect. “Security is another window on revenge effects. Power door locks, now standard on most cars, increase the sense of safety. But they have helped triple or quadruple the number of drivers locked out over the last two decades— costing $400 million a year and exposing stranded drivers to the very criminals the locks were supposed to defeat.”
When we created the backbone of our current device authentication system, PKI, we did not intend to create certificates that have become the target for attackers to steal and the point of entry for approximately 80% of successful data breaches. The purloined credential has given rise to the growth of progeny technology in Two Factor Authentication to deal with the vulnerability created by the strong, but stealable certificate meant to protect.
Adding insult to the injury, we frequently find ourselves codifying the revenge effect’s vulnerability into industry standards and regulations. We have done this with PKI. This codification stifles innovation and perpetuates the vulnerability and at the end of the day creates a safe harbor of a predictable future for attackers.
We may be approaching an opportunity to break the hold of the revenge effect. It appears to some that quantum computing could become both a technical and commercial reality. As we contemplate what that could mean, we should pause for a moment and contemplate what unintended consequences might be lurking in the quantum shadows.
John Ellingson started his digital career with the Boeing Company working on the 747 aircraft in the late 1960s. He became a computer-literate attorney performing what is today known as forensic accounting. As the founding chairman of the ABA/YLD Subcommittee on Tax Treatment in Bankruptcy, John worked with the Congressional Joint Tax Committee to create the Internal Revenue Code Provision enabling the tax-free merger and acquisition of debtor corporations. This law became part of the Bankruptcy Tax Act of 1980. John had a national M&A practice in this area and obtained the first IRS Private Letter Ruling on this Code section. As a result of this practice, he observed a frequent element of white-collar crime in many bankruptcy cases, and he subsequently developed and patented a method to detect identity fraud. The product derived from that patent is still deployed at most retail banks throughout the US today.
This success started John on a path of protecting digital systems and identity management. He continued in this role with American Operations Corporation and ASM Research before founding infOsci LLC and later QWERX, Inc. John holds numerous method patents in digital system security.
John was appointed to the United States Air Force Academy and medically separated before graduation. He holds a Bachelor of Science degree from the University of Wisconsin and a Juris Doctor degree from Seattle University. For 20 years John served as a liaison officer with the United States Naval Academy and the United States Military Academy. He also served on the Service Academy Selection Boards for two U.S. Senators.
Tuesday, 28 February 2023
15:00 - 15:45 GMT
Share this event on social media: