THE DECENTRALIZED WEB PODCAST: 003 DR ZULFIKAR RAMZAN, RSA

In the third episode of The Decentralized Web podcast, hosts Jonathan and Justin Bingham are joined by Dr. Zulfikar Ramzan, Chief Digital Officer of RSA, the Security Division of EMC – a Bedford, Massachusetts based security solutions company enabling customers to detect, investigate and respond to advanced threats, confirming and managing identities to help prevent IP theft, fraud and cybercrime. During the podcast, Jonathan and Justin dive into consent-based data sharing, the evolution of on-line transactions, and the future of digital identity and privacy.

Web progression since the 90’s

 Zulfikar recalls using the web in the early 90’s when producing personal home pages was one of the few things possible in terms of sharing information. The big question at the time was: could on-line transactions on the web be enabled? The big advance in this area was the SSL protocol that evolved over time to SSL3, enabling people who had never met to establish trust via the web. Once the web was trustworthy people weren’t afraid to transact, the ‘dot com’ era was born and people started to buy on-line. No-one could have predicted the phenomenal trajectory to where we are today.

Early RSA involvement

Taher Elgamal, known as the Father of SSL, was an employee at RSA in the early 90’s, he took mathematical ideas and transformed them into a library of STKs that could be used to implement the RSA algorithm. After leaving RSA, Taher realised that he needed the implementations, so RSA allowed him to use their libraries meaning the very first e-commerce transactions included the RSA libraries at their heart. In every transaction since, RSA has played a crucial role in enabling technology to hit the masses. The expansion of economies and societies would not have happened without this crucial security technology, because commerce on the web would not have been possible. Without commerce on the web the whole industry that evolved around it would have been lost. Incredibly these early core security concepts are still being used today, making RSA technologies the most widely deployed technology vendor on the planet. Modern commerce giant Amazon, so vital to so many as a remote shopping resource during the pandemic, would not have prospered without the customer trust built through the security technology that originated from RSA.

Progression of the web

The early days saw a decentralized web that evolved into being centralized, and now there’s a drive to return it to its decentralized state. The mid-90’s was about democratising the internet to make it widely accessible; this lasted a few years until a shift towards a handful of organisations that effectively controlled all data.

20-30 years ago, there was no way of carrying around crypto-graphic credentials, however today our mobile phones have secure enclaves that solve this distribution problem. In addition, a societal need has driven the need for PKI (public key infrastructure) instead of the myriad of passwords that have become part of modern life. Also, we have a deeper level of appreciation for privacy. Existing technology in these key areas could help people move towards a state of decentralization.

The complexity of decentralization

Decentralization has created a level of complexity seen as the enemy of security, challenging resilience and seeping into the user experience. Essentially there are two areas of focus, firstly technology layers to help manage the complexity of decentralization and secondly to create a nice form factor for end users so they are unaware of the different layers. File-sharing applications such as Dropbox have been successful hiding the complexity of inner workings to make the platform appear simple for the user. The focus must be on simplifying the user experience and managing the complexity on their behalf.

Digital identity and data

Thanks to the pandemic, people aren’t meeting in person as frequently to enable them to establish trust together, consequently they interface virtually with an increasing number of services. Most services will have a single sign-on, however people interface with many different services and will have different identities and sign-ins for each. Individuals must be able to control the destiny of their identity, to manage it and think about how their digital identity evolves over time. Technology capable of decentralizing data around the individual, enabling them to control their consent while building their dataset and having the agency to move amongst applications exists and should be made available.

Our digital identities are the focal point for our digital history, all our on-line transactions and data elements are tied together by our digital identity, if you don’t get your digital identity right you can’t get decentralization right.

The potential for patients to be in control of their healthcare information rather than it sitting in silos with each separate healthcare provider, and for hospitals to be able to on-board new staff more quickly utilising digital identities are just two positive applications for decentralized digital identities. Data centralized around and controlled by individuals will create a power shift in e-commerce and on-line services.

What next?

A new set of challenges will emerge following decentralization, including how individuals ensure their digital security. Security around data interoperability with different applications in a decentralized ecosystem where you are interfacing with different security machinery, running in different servers on different stacks is challenging technically, and making this useable by everyone is extremely difficult. Because useability is being considered now, a positive outcome is more likely. Within decentralization, the ability to maintain the simplicity of transactions while concealing the mathematical complexity from the user will be vital to its success.  

If you’d like to find out more about decentralization and the evolution of digital identities, click to make sure you don’t miss the full episode.