The Challenge Network

   back   menu   next   

Risks in the information economy.

Risks in the information economy.

The information economy is often seen as being synonymous with the spread of information technology. Electronic media transmit information, but they are not themselves the source of it. They make up a potent aspect of what is happening, but their agency is far from being the whole story. Equivalent new risks are often seen in terms of the support technology, which may also deflect attention from proper concerns.

Information, in the sense of patterns of knowledge which have been organised to purpose, represent between 45-60% of the business output of the industrial countries, according to the OECD. The Chatham House Forum suggest that the new economy is best thought of as a vast tool kit, accessible on demand to those with ideas to implement. Many commentators - for example, Goldman Sachs, Roger Bootle, DeAnne Julius - estimate that the use of this tool kit (outsourcing, business-to-business value network creation) will allow a faster pace of economic growth before inflation is triggered across much of the industrial world. The USA is the most advanced of the nations which are taking account of this potential, and Japan is arguably the least active of the industrial states in this regard.

The past century saw an unprecedented web of mutual dependency and communication sewn between the industrial nations, reaching out to the states in rapid economic development. Interconnection is set to grow rapidly and to extend in scope. Such connectivity comprises ideas, standards and ways of operating as much as economic and social activity. These forces are enabled by the conduits of information technology, but not predicated upon them. The inter-linkage of a myriad of hitherto isolated commercial, social and political domains will continue to create self-accelerating change. Both will generate social reaction, new challenges to surmount and new threats to manage.

The central thesis of this note is as follows. There may be some novel threats that come explicitly from the use of information technology. Most problems, however, arise from insufficient social containment of the opportunities for crime and disruption. Criminologists point to the need for a standard 'regulatory triad' in any environment in which crime is to be contained: opportunity should be limited, crime should be detected and retribution should be sure. By contrast, we note a world of fast change, in which the institutions of containment, detection and retribution are yet to be properly conceived and executed.

Insofar as the information economy is an international phenomenon, then the construction of these institutions will require a degree of collaboration. This may prove problematic in ways which were not the case when legal authority, political boundaries and economic activity mapped directly onto each other. A faux Marks and Spencer web site, maintained on a Pacific island where the government scoffed at attempts to regulate e-commerce, could damage the brand in ways that a standard retail outlet on the same island could not.

Areas of concern.

Areas of concern.

Differing compartments of opinion and praxis will increasingly be brought to abut against each other in the decades ahead. Even without ill-will, this implies major changes in governance (and in who participates in this governance.) This sets an agenda which must be met if there are not to be difficulties. The issues are treated, very briefly, in the section which follows.

As we have already noted, new systems are potential prey for criminal and disruptive action. There exist actual threats and the inhibiting the fear of threats that have yet to be recognised. These issues are treated in the second section. We consider the sweeping concerns that emerge from these considerations. Finally, we examine the possible containment of formal subversion: of information warfare, systems busting and the like.

Problems innate to closely-coupled knowledge-utilising systems:

Such systems cannot easily be managed, but they can be overseen. Some difficulties are created by action in ignorance of the larger picture, the situation in Asia in the lead up to the crisis of 1998. Others are generated by over-simple views of the world, as with the surge into US technology stocks that market the end of the twentieth century. Dangerous overshoots can be avoided through timely market insight and a pluralism of voices. The machinery by which to do this in the international context has yet to evolve satisfactorily.

The pursuit of best practice creates a common cost structure internationally, meaning that prices (which are set by the marginal cost of the least effective competitor) fall to near the now-common marginal cost. Profit evaporates from the industry. Minor shifts in - for example, exchange rates - can lead to major vulnerability between firms and nations. The drive for low costs has major implications for staffing and thus continuity and level of employment.

Expert choice and opinionated perspectives will clash in many agencies, often co-ordinated internationally around their area of interest (energy, health) or through transnational activism (in the environment, for example, or in respect of old age.) These are vastly complex structures that could easily become paralysed if not 'knowledge managed' by - perhaps - national politicians and their apparatus.

Perceived problems

Perceived problems

The preceding section sketched in something of the world in which we may live in twenty years. Some eight billion people will be alive. There will be more graduates alive than there were people living a century ago. All will be interconnected - by culture and institutions, by mass media and learning, by trade and commerce - as much as by personalised electronic means. This said, two billion household appliances are due to join the internet by 2005, so one can expect billions of people and as many firms to be actively in communication by 2010.

All structures which have great potential both attract subversion and have exploitable, structural weaknesses. Here, listed under national governance, commercial management, non-commercial organisations and private individuals, are some of the issues which these raise.

The central issues are quite extraordinary in the degree to which they build structures - process, ownership, wealth, custom - from the intangible. It is worth noting that if you, the reader, knew the correct digits to dial and the right words to say, then you would be a billionaire in a few minutes. All that would define this wealth would be some ones and zeros on magnetic media, some abstract property rights in various jurisdictions and the habit of respecting these practices.

A key issue for states, most of which are already operating under tight resource budgets, lies in tracking complex and volatile value chains so as to collect taxes. Harmonisation of accounting systems will prove a major issue where value chains and envelopes of ownership sprawl across political boundaries. In the absence of harmonisation, firms will tend to employ artificial transfer prices so as to take profit in low tax arenas. Harmonisation beyond the industrial world offers major opportunities for corrupt practice. US multinationals declared around 5% of their profit in tax havens in 1990, rising to 37% in 1999.

Undeclared and untaxed earnings may come from legitimate or illegal activities. In the order of 10% of the world stock of money lies in short term deposits, which can contribute to economic instability Much of this money is of dubious origin. Tracking these gold seams and their relationship to organised crime and to non-institutional politics is already a major task for national intelligence services. States which offer havens for capital (and for activities which others have outlawed or which they deprecate) generate friction and instability, and afford opportunities for cross-border crime and corruption. Small states (such as some of the Caribbean islands) may host world-scale banking and trans-shipment activities.

States may also provide a safe home for activities which others deprecate. Some of these - such as child pornography - are relatively uncontentious. Others are specific to particular national regimes, as Iran disapproves of satellite TV and of the states which own its equipment and provide much of its content. Management of advertising content - such that the broadcaster has no incentive - has lost its power now that pay-for-view and as new media, such as DVD, mature.

Two new capabilities will widen the range of activities which other states will try to limit. The first is biotechnology, applied to agriculture, to industrial processes and to an increasingly elastic definition of health and well-being. We may disapprove of this on ethical grounds or as a consequence of the social impact of, for example, being able to choose the gender and other characteristics of your child. Our key disapproval will, however, be reserved for unsafe work conducted with self-propagating technologies: with badly contained biological processes, with xenotransplants* and the like. We also seek to limit the spread of weapons-focused technologies and - perhaps - we may choose to halt the development of capabilities such as the development of independent, machine based awareness.

This has, of course, no immediate relevance to the information networks per se, although heavily predicated on the knowledge economy. Second, however, technology may also change the way in which locally-illegal goods and services are delivered. DVD you-script-it pornography, microgram active drugs by mail are available now, whilst genetic modification and gender choice of offspring or geriatric treatments that use dangerous technology are likely to be forthcoming. These may be acquired in novel ways: "Scratch off and swallow the third full stop in this letter, and you will conceive a boy."

Equally, the technology employed offshore may be used to breach confidentiality: "attached find the dirt on your neighbour, spouse, manager." There is anyway likely to be an unavoidable potential pressure on civil liberties as a result of much-extended intelligence gathering. As national political boundaries become a less critical organising principle, so the focus will shift to those which are making and subverting the new order: onto the affairs of companies, NGOs, political pressure groups, the media, capital and intellectual property. Extraordinary things can now be done with knowledge mining tools. This capability will be automated, rendered more sophisticated and deployed so as to create explanatory contexts and historical threads, so as to explain complex day to day events to scrutineers. That some of this understanding will leak into the state sphere is unavoidable. Intelligence is the one aspect of the security apparatus which will surely expand on all fronts.

Intellectual property is the key coinage of the knowledge economy. Patterns of understanding - of a gene, software source code, the formula for a winning cosmetic - are costly to create and cheap to replicate. In China, where foreign intellectual property appears to be fair game, leading brands may enter a market, gain and then maintain apparent market share. All but a few percent of this will, however, be comprised of forged goods. The majority of software, CD music and entertainment, machine parts, medicines and cosmetics in East Asia are forged goods. In the absence of controls, state-industrial collaborations will be required in order to manage the theft of domestic intellectual property by foreign states or companies. Its natural extension is into the gathering commercial intelligence in its own right, and some states have already taken this step.

Access to markets may well depend on compliance by the exporter with the host county's political agenda: human rights, biological safety, compliance around intellectual property. In complex, fluctuating supply chains, assessing the local content of a good (or of its safety) becomes very complex. For example, Mexican steel used in the US contained radioactive material from a scrapped medical irradiation device. Consider the plight of firms guaranteeing 'organic' or 'GM-free' food sources from countries with endemic corruption. Components bought from reputable suppliers under their own brand may still be falsified by employee-based scams - re-filled lubricant drums, for example, exported by an oil major from Ireland, for example.

It is now relatively easy to carry out criminal acts within a country whilst never visiting it. "Tele-crime" is facilitated by IT and by the complexity of the systems with which it interacts. Remote extortion ("we will damage your brand on the internet"), breaking into secure systems from overseas, potentially disabling vehicles and JIT or factory systems remotely are, of course, feasible. It is for the state to identify instances, often to provide the proof and to take the required international action. All of this demands significant oversight. The integrated nature of the systems in question offers the prospect of major breakdown: as one commentator has put it, technology is our 'Irish potato', in that we depend on the telephone, electricity or retail delivery systems as Ireland depended on the potato in the 1840s.

The Y2K crisis-that-never-was showed us one thing, which is how breath-taking is the cost of renovating legacy IT systems. Embedded in source code that may never be entirely retired is who-knows-what by way of trap doors and simple weaknesses. Microsoft achieved certification for NT only some years after it was implemented in the military sphere. As more and more structures come to play roles in systems that were never conceived for them, so these weaknesses may become apparent, or may be analysed and made apparent.

We have already discussed the vulnerability of complex systems to, for example, extortion. Commerce is, however, chiefly vulnerable to three factors: to the ill-conceived, to the larcenous and to competitors. E-commerce does not change this. Systems integration makes the sweep of the ill-conceived greater, and makes it possible for a single firm to poison half of America in a week. It hardly matters whether this is done for political reasons - on purpose - or by mistake. Commercial systems - in exact analogy with civil air liners - operate under autopilot, arrive on an anticipated schedule and can carry passengers and freight, or disaster.

Larceny will focus wherever there is value to be had. The more opportunity there is to commit crime, and the weaker the chance or retribution, then more crime there will be. In normal life, people appear ready to hand over their life savings to strangers on their door step. They will, eventually, begin to do the same through their PC. The criminal version of business-to-customer e-commerce will develop in, perhaps, three key ways. First, confidence tricksters will get the money but fail to deliver the goods. Second, they may do this by subverting familiar conduits, such that the retailer with whom a customer thinks that they are dealing is in fact a back room in another country. Third, criminals may intercept transactions so that they can, for example, use credit card details elsewhere. There is, of course, nothing notably "E-" about any of these modes, and all but direct swindling are countered by adequate encryption and transaction management. (We deal with this in a later section.) Business-to-business transactions face the same hazards, but these are most likely to be effective when abetted by staff.

Staff activities may now span many boundaries - organisational, cultural, those of ownership and loyalty - and they may find themselves faced by diverse and attractive options. Firms are vulnerability to 'insider' crime, particularly via complex systems that their staff tend, or which former staff have tended, or set up to be tended by outsiders after they have left. Quis custodiet those who manage complex black boxes? The compliance group cannot be omnipresent or omniscient.

Collaborators present a potential threat to firms in the knowledge economy. Collaborators are, for the most part, also potential competitors. Knowledge is easily moved, replicated, extended, protected by law, 'spoiled' so that it cannot be protected, betrayed. Knowledgeable people can be hired away. Customers can be attracted by a new virtual array of value creators. The barriers to entry are usually much weaker than they have been in the past.

Firms that operate in a value network are, therefore, vulnerable to other peoples' mistakes. They are dependency on an essentially uncontrollable network. They need networked quality control, and this is, frequently, something that can easily be subverted. There is, therefore, an area of major uncertainty associated with managing outsourcing and contract in a virtual world, where jurisdiction, enforcement and due diligence are conducted across 'cultural' frontiers. Contracts usually state that the jurisdiction of a given legislature will prevail. How this is to be enforced, particularly in the development stage before specifications come to be written, and where intangibles flow across jurisdictional boundaries, is usually anybody's guess. Trust and the management of long term relations has tended to lie at the heart of business-to-business relations, albeit supported by tight contracts, and such issues have usually been given elaborate contingent exposure in the contract itself. International, transient relationships are much less manageable. Relationships around intangible issues - where the nature of the outcome cannot be pre-specified - may continue to prove themselves fraught with difficulties.

Mail order has proven that brand becomes a key factor in achieving a relationship of confidence and trust with the remote customer. It helps identify what is or is not the case about the offering: what it covers, to whom it is pitched, the 'tone' of the offer, the probity and continuity of the supplier. Brand, in this sense, also helps customers to find what they want: it offers navigation cues about the overt and more subtle nature of what is on offer. The branded portal is, therefore, a very important concept in e-commerce. It is the 'place' which offers access to a restricted range of facilities which are all cognate with certain concepts and values. Puncturing this envelope is deeply damaging, as with pornography being exposed on a family TV channel. Brand damage may, therefore, be one of the most potentially damaging forms of extortion that business may face. False sites that steal can be handled by encryption and validation. Sites which parody or subvert cannot.

Customers and partners, staff and shareholders have become more litigious. Large judgements are obtained that may transfer the ownership of firms with few tangible assets: that, for example, they have not exercised due diligence. There are cases where the situation in which this occurs was set up by 'entrepreneurs' who subsequently acquired and then gutted the firms in question. Access to legal machinery and to the oversight necessary to build a case is becoming easier. Instances of 'harm' are becoming strained: one plaintiff was awarded over $4 million because the car that was delivered to him was the wrong shade of red. A couple were awarded in excess of $300 million because a satellite company charged them rent for two years after their aerial was disconnected. As the customer base becomes global for e-commerce, and the relationships more impersonal, examples of legalised larceny will undoubtedly increase.

Networked services, of which pro-active tort law is a likely new arrival on the scene, may extend to non-traditional areas that we shall have to learn to constrain. At times, for example, everyone longs for the form of words that will stop antagonists in their tracks. Investigative entrepreneurs are beginning to offer to dig for dirt on neighbours, colleagues, bosses, subordinates, suppliers, customers and officials. Others are offering access to the disaffected within rival firms. There is, of course, nothing new in this, but few would expect a service from their office desk, perhaps charged to the company. Coupled to enhanced litigiousness and increased workers' rights, it may be that employee relations is about to enter a difficult phase.

Homogeneity and harmonisation will enable "big" mistakes of the sort already discussed under commerce. Regulators, however, have the capacity to change the direction of entire industries: exhaust catalysts or lean burn engines, nuclear power or energy conservation, agricultural productivity versus policies that lead to environmental complexity and high rural employment are all examples which have changed industries and lives, for better or worse. This is hardly new. What is new is twofold. International benchmarking and evidence-based policy is creating ever-greater uniformity. Second, through out-sourcing, the delivery is being separated from the management, with the loss of common-sense checks and balances.

Big systems are very efficient when suitably deployed. They are, however, slow to change their mission. The are vulnerable to embedded, tacit perspectives which fail when exposed to new conditions: for example, to evidence-based medicine. The clash between tacit goals ("cure sick people") and explicit ones ("make good use of public money") may then become acute. The organisation will be seen to have lost its way and become prey to pressure groups.

There may anyway be increased recruiting by pressure groups and foreign interests amongst vocational organisations. These may appeal to humanitarian goals over necessarily balanced scorecards, resulting in - for example - leaked discussion documents that are then used in professional media management in order to achieve political ends. Whilst there is nothing new or innately wrong about this, the pace of change and the range of agencies in communication with each other greatly exacerbates the management challenge, the possibility of alternative power bases and the options for outright subversion and criminalisation.

Important systematic structures become vulnerable to arbitrage. Thus there is a Claimants' Union web site and, apparently, a 'beat the DSS*' CD ROM. Tighter-focused and legally-aware pressure groups impose rigorous constraints on public agencies. They also cause them to act in a legalistic manner, rather than through common sense or gradual migration. Arguably, as statutory bodies they should behave in exactly this manner. The machinery of continuous, purposeful change under such strictures has, however, yet to mature sufficiently. What is in place defends the present, rather than move to meet the challenges that face these organisations. As has been the theme of most of this paper, such a capability has yet to be demonstrated and standardised.

Citizens have, to some degree, always been exposed to world events. The tight coupling together of domestic and foreign affairs may make this more apparent: jobs are lost and won, firms tighten their grip and regulation flows in from beyond the sovereign envelope. There are already substantial political movements that blame 'globalisation' for many woes, from there being no economic development to there being too much of it. Accuracy of analysis, in this context, is less important than political motivation.

There are, perhaps, three central concerns which many citizens feel about the information age. First, is there a place for them in it - will they have a job, and will they be competent? Second, will they live in a gold fish bowl, in which personal information and mis-information are generally available? Third, how are they to find their way about, navigating towards the best options for them, and avoiding the traps? These themes are inseparably wrapped together in the views that many take on their personal future.

One common model of the future of work, for example, is that it will involve more individual employers than hitherto, either in a sequence or in parallel. If this is to be the case (which is far from proven, at present) then people will have to 'declare' far more about themselves. They will have to create an electronic reputation - a brand - if that is how they are to find work, or they will need to generate a reputation within a social network if their work is to come from social interactions. Similar things will be true around access to credit and others benefits where 'gatekeepers' have to be persuaded. In electronic terms, therefore, an individual may come trailing an aura of past achievement, reputation and less fortunate associations. Repute may become something to defend, and people may come to police their own conduct more than has been the case in the last half-century of anonymity.

In general, however, any individual leaves a wide trail of data behind them as they buy and sell, work and claim allowances and benefits, become sick or gain qualifications, marry, own a house, raise a child, buy a television or subscribe to a magazine. Internet transactions* and credit card purchases, groceries bought with a store card, petrol acquired with a gift in view or air miles accumulated, travel and tax all leave more or less permanent records. Data mining tools exist to pull together disparate databases (some protected by law, some not, some echoed overseas where constraints do not apply.) The consequences of such tools is highly predictive of individual behaviour, interests, purchases, predilections. As health data become available and codified - particularly as the human genome project becomes mature - so predictive measures may be used for good or what most would regard as ill. Political agitation against such a goldfish bowl is already in place, but the institutional safeguards have yet to command anything resembling respect.

Data mining may also deliver back-bearings, playing a light upon the past, dragging things many would prefer to forget. Angels may, perhaps, live entirely in the sunlight but most citizens are happiest with a degree of obscurity. Equally, false data, misleading conclusions and the like are hard to detect and harder yet to challenge; and when they become 'history' may limit personal opportunities.

The chief concerns about the information economy are, however, those of vulnerability. The most obvious of these is straightforward theft: essentially, that by IT-incompetence, I will allow the burglar into the safe. This is, of course, the common reaction of the ill-educated to the city slicker. IT represents a new vulnerability: if we have not learned to love lawyers, we have at least learned to live with them.

It is, of course, relatively easy to make an internet or other IT-mediated transaction extremely secure. The equipment and software exist to ensure this, but place some demands on the user. In particular, smart cards and key-based encryption require physical additions to the PC and worryingly incomprehensible actions for the public. It is worth noting that around half the UK population who use cash dispensing machines write down their PINs and carry them with their cards. The author, working on retail e-commerce in the dark ages of 1985, found that half the UK population insisted on paying for groceries with cash, and quarter of those preferred to divide the household budget for the week between partners, each paying half of the bill. Such individuals seek hands-on control of their money, and will not take kindly to "RSA key validated DES-based encryption", or whatever black box is intended to protect them. They are as frightened of buying a ton of cat meat, or having their children do so, than they are of robbery; and as alarmed at their own susceptibility to impulse purchase as to either of those threats. They are also concerned not to leave a trail that may allow others to track what is done. Few who raise such concerns realise the degree to which, for example, mobile telephones afford such access.

A further vulnerability - the counter-face to that of over-transparency - is ill-managed credit, the nemesis of the USA in the 1991 recession. A reporter, giving a false address, was able to acquire 60,000 credit in an afternoon from stores lining Oxford Street in London in the course of a single afternoon in 1998. His bona fides were not checked by a single store. Many citizens carry debt to several creditors, which are similarly incurred without a synoptic check by creditor. There has been and appears likely to be a continued explosive growth in access to these sources of credit. Many consumers report alarm but continue because "everyone else does it."

A recent court case has highlighted the importance of safeguarding personal identity on the internet. People are concerned that posts will appear in their name or that purchases will be made on their account. Many of the issues which were involved in the early days of credit cards and mobile 'phones, but with the added worry about personal competence. The Vauxhall advertisement, in which an incompetent browser buys dozens of cars, exemplifies a common fear. Biometrics, associated with firmly established portal brands, seems ultimately to answer to most factual needs. The solutions to factual and to the perceived issues may, however, take some time to come into alignment.

The key geopolitical issues:

The key geopolitical issues:

The knowledge economy runs on ideas. Those who steal ideas subvert the key engines of growth. Nations learned to address this issue with patent law. The international community addresses it with admonition and hope.

Coupled systems are unstable. Financial instability that is brought about by uncoordinated borrowing will be probably be managed through co-ordinated reporting. However, such data will have the same affect on assessments of the credit-worthiness of the country (and upon assessments of its macroeconomic policies) as quarterly company results. Currencies will move in response, as will discount rates. There may be pressure to cheat on such figures (nothing new there, then) and to mis-report other factors, such as carbon emissions, when and if these become tradable. Calibrated oversight amongst scrutineers are at least equal to the key challenges which this presents, however, and with major sums at stake, intelligence gather is set to grow, with relevant red card systems.

Coupled systems bring into alignment many domains which were hitherto separate, and which will have to learn to live with each other. Many such develop forms of representation - such as NGOs - which are highly professional at applying friction. Decision processes will not only have to be honest, they will have to be open and complex, adaptable and acceptable.

Governments run on tax. However, some kinds of tax are going to become very hard to collect, particularly those involved in estimates of corporate worth and profit. These are rather small contributors to overall tax take (9% of the UK tax income, for example) and they may well be phased out. Value added tax will be likely to take the strain. However, levying VAT on the international trade in intangibles may become an issue: a style consultant, earning $100 for ten minutes discussion with a client in another country is not obviously captured in any national economy. This is, however, an issue for the national accounts of the purchaser's country and the tax collectors in that of the vendor.

Taxes on stocks (e.g. capital gains as a part of profit) may become difficult to assess now that the role of intangibles has become so important. In such a world, a project has a break-up value, but otherwise no clear benchmark value but the price that someone is willing to pay for it: its book value is near-arbitrary. In the order of 80% of US market value is presently of this form.

Central banks are taking on monetary management from the politicians as the issues involved become increasingly technocratic. Tax take is limited both by voter reluctance and difficulties in collection. Companies that issue securities or carry out bilateral value swaps in effect increase the money supply. Monetary management and, indeed the entire panoply of fiscal and monetary policy may become increasingly difficult to sustain on a national (or any other feasible) basis.

Possible shifts in employment patterns and clear changes in systems of remuneration (e.g. payment in share options) may mean the re-invention of income tax, or a universal shift to VAT, with safeguards in the external sector. (The difference would then be that income tax attacks savings, which VAT would spare.) Environmental taxes are, by and large, relatively easy to capture: what comes out of a pipe or goes down a road is relatively unambiguous. Re-distributive mechanisms would also be needed. Once again, institutions will have to change radically if the challenges are to be met.

Capital markets also point to potential shift away from reliance upon from national currencies to direct funding - through corporate bonds, direct swaps, chained auctions - and this means that, in non-retail areas, national currencies may become less significant. Tax collection will the become yet more complex unless it restricts itself to the 'retail' surface, where consumption occurs.

Governments also function within a remit of legitimacy and delegation, and this is subject to sharp challenge. Expert governance is needed to meet the challenges of the information age and to handle the sheer volume and complexity of events. Subsidiarity and delegation to expert agencies does, however, open the state to intervention by many single-issue and life-style related pressure groups. Learning how to handle these, in an era of transnational integration and rapidly proliferating connectivity presents some epic challenges.

Companies operate with information as, increasingly, the key factor of production. Poor information leads to weak choices. However, the means of gathering information in the information age is by means of people, filter-feeding, collaborating, working with partners, working with the supply chain. Well-informed individuals are mobile and valuable, and the act of becoming informed may also be the means of losing staff. The solutions are, of course, self-evident: to be interesting, attractive, to offer high potential high rewards and other HR truisms. Knowledge managing firms are, however, going to have to 'live the movie.' The scope for manipulation and dark deeds is, of course, considerable. Motivation is all, but oversight and compliance management can be a great help!

Most studies of consumer behaviour suggest that people grasp new potential most readily when they feel confidence in their understanding of the situation in which they find themselves, and of their own capabilities within this. Pitfalls recognised are pitfalls, on the whole, avoided. Equally, they need to perceive their options and feel confidence in the lasting nature of the infrastructure that they are about to exploit. Once again, the nature of the e-commerce that will fulfil this remit is relatively clear, as are the criminal and accidental obstacles that may emerge.

Studies suggest that the key limits to the acceptance of retail e-commerce are not much connected with the rational assessment of risk. People shop in different ways depending on their 'mission', and some missions lend themselves to point-and-click whilst others do not. The consensus is that for the next 10-15 years, the bulk of retail e-commerce will supplement rather than supplant much of conventional retailing. It is worth noting, however, that the populations of the industrial nations of 2020 will on average be older that now, and roughly twice as wealthy per capita.

Active subversion: information warfare.

Active subversion: information warfare.

This document is not intended to be a treatise on information warfare. There are, however, a number of distinctions which it is worth noting.

Offensive systems are intended to undertake active missions against a defined target. These can be more or less targeted, depending on how important it is to identify friend from foe, and can be more or less tailored, depending on how well target systems have been mapped and subverted. Their role may be to halt or to damage extant systems, or they may be to sow doubt and uncertainty over extant or new information, processing and interpretation. If you believe that the clearance system in a major country is corrupted, then you remove your money (and their central bank loses its chief leverage.) Such approaches are by no means limited to IT systems - as with conventional psyops - and may use IT only incidentally, as de Gaulle used radio to 'manage' the situation in Algeria or as reportage carries perspectives through media channels in every conflict.

Oversight systems are intended to monitor traffic, flows and stocks, doing so in financial systems, in communications infrastructure, in databases and in societies. Huge databases and intelligent classification systems are the key tool. Decryption technologies, whilst highly advanced, have tended to run behind encryption techniques. However, hitherto 'safe' technologies are now easily accessible, making once-secure material open and thus providing a framework for forward-casting on the less scrutible material. Quantum computing, which allows very massive parallel searches, may - if it can be made to work in a reliable manner - allow the un-scramblers a leading position. Fractal one time pads, quantum entanglement and quantum teleportation are technologies that may throw the race in the other direction.

Defensive mechanisms guard against offence. Smart routers, for example, can isolate damaged sections of a network and identify the traffic which may have caused the damage. Firewalls can be made as secure as processing and time will permit. Plural systems offer defence in depth. Careful checking of source code can ensure the absence of trapdoors. Core systems may be stored in a way that they remain uncompromised, and which can be rolled back, erasing and overlaying corrupted systems. More subtle continuity and validity checks allow confidence to be restored and sources of misinformation and mis-interpretation defined and isolated or replaced. Each of these consist of layers, where confidence in one layer is only valid provided that the problem arose after the record or standard had been established. Offensive systems that corrupt checker systems are particularly insidious.

Offensive systems may be finely targeted, perhaps to set up a system (human or IT) for a subsequent contingent trigger. They may also be crude brushfire affairs, aimed to damage anything which they touch. The virus in its various manifestations is the most commonly encountered of these. There have been other models, however, For example, 'phone phreaks applied common telephonic protocols against the public switching network, clogging it by means which were like a reverberation than a program. Pyramid spam (whereby an offensive site is bombarded by a myriad of e-mails) is yet another model. Why these are used varies from a desire to be noticed to political activism. Few are deployed with criminal intent. This said, their economic impact may yet prove high.

Middle ground systems, which are more purposeful and may well be used for reasons of gain, often employ use high level languages such as the Microsoft Office macro language, or the web browser instruction language, Javascript. These issue instructions that the computers holding this software will recognise. The middle ground systems may well deliver advertising, switch the PC to an internet site or capture data from it for remote exploitation. Obvious criminal uses - such as causing cash transfers to be made or orders to be fulfilled - are well understood and usually as well managed in the electronic domain as in the conventional (which is not saying much, in some organisations.) At a more sophisticated level, extortionists have, for example, threatened to confuse the orders placed by a firm's customers, or to send them an offensive logo-bearing screen saver, that refuses removal by an amateur. Tax accountants have been raided, PC stolen, and the more derelict of their clients threatened with exposure to the authorities. Indeed, it is stolen and obsolete PCs which have usually proven to be at the heart of much computer-based crime, rather than network-vectored 'hacking'.

The key to managing crude offensive systems is detection, isolation, erasure and reinstallation of a back-up: not always practical on a PC, but central to major structures. Middle ground systems are met with hygiene and firewalls, with features such as customer listing kept especially well-secured, physically and electronically. Semi-amateur or backroom hackers have, however, increasingly formidable skills. The most potent combination is human intervention and remote systems, whereby a coder or an operator provides the 'way in', eventually exploited by a remote system. This said, amateurs and criminals are unlikely to match the fine mapping and detailed intent of a state-sponsored toolkit.

It is clear that large sums will be spent in pursuit of integrity and in the creation of oversight. It is equally clear that commercial e-commerce and major infrastructural systems need to be protected both against latent threats and against that most lethal of outcomes, the loss of public trust.

It is not issues of this sort which are inhibiting the development of the knowledge economy, however, so much as the conceptual definition and subsequent practical instantiation and testing of the key institutions. The problems are at their most dense in respect of the state, where progress has also been at its most gradual. Commerce, which has at least a clear remit and a more-or-less clear sense of the issues has, however, yet to solve many of the issues which it faces. The international environment presents still greater challenges. The relevant agencies and national interests have yet to define where they would like to be, let alone taken confident strides in the correct direction.

 to the top 

The Challenge Network supports the Trek Peru charity.