"Sir, were there reasonable alternatives at the time?"

Having recently found his voice, Ray Ozzie is also finding that he has a lot to say -- both on his his blog and elsewhere. In an article today on news.com (the decorated version is better) , he concludes:

Someday, some shareholder is going to lose quite a bit of money because an electronic message was "sniffed," or "spoofed." Someone's health or financial records are going to get into the wrong hands. A design will be compromised; someone will get hurt.

And at that point, network television cameras are going to be focused on a lawyer who's asking a company executive, or a government official, "Sir, were there reasonable alternatives at the time?"

(Also today, on his blog, Ray cites Charles Mann's extraordinary Atlantic Monthly piece on Bruce Schneier, which I mentioned here a couple of weeks ago, and which is now -- happily -- online . It's crucial for more people, and especially non-geeks, to understand Schneier's philosophical transformation and current thinking.)

For me, the most salient fact about Ray's career is that he has chosen to tilt at not just one windmill, but two: collaboration and security. We tend to preach both but practice neither. Partly that's because we care less about these things than we say we do and believe we should. Do you communicate with coworkers as often and as well as you'd like? (If not, why not?) Do you switch from your cordless phone to a landline when ordering a pizza with a debit card? (If not, why not?)

Partly, though, it's a matter of architecture . The path of least resistance rarely coincides with the path of highest value, but given the right architecture, it can. As Ray has discovered, blogging represents an architectural solution to some longstanding problems that have plagued public online discussion. Groove, likewise, aims for an architectural solution to secure collaboration. Since "security" and "collaboration" are contradictory and almost mutually exclusive from IT's perspective, that's quite a challenge. But it's inescapable.

Cyberspace is not really borderless. More accurately, it's resolving into sets of discrete, sometimes overlapping, sometimes concentric spaces. In these spaces, people and documents gather for moments, days, or years. Requirements for confidentiality run the gamut. Public and semi-public spaces need to advertise their existence, in order to promote awareness globally or within various groups. Private spaces need to be, well, private. Everywhere, strong identity (or at least strong pseudonymity) should be a given.

Weblogs don't yet offer an architectural solution to secure semi-public collaboration. Wrapping SSL and passwords around your blog can work, but the administrative hassles involved push this option far off the path of least resistance. Groove-style "always-on" and "complacency-immune" security sounds appealing, but it's not a solution yet either. It works by invitation only, and that cuts across the grain of blogging which thrives on linking and serendipitous discovery:

A collection of weblogs isn't just a pool of documents. It's also a knowledge network, where at each node human intelligence performs the routing function. The network's architecture is publish/subscribe. Its protocol is RSS (Rich Site Summary), a simple, powerful, and popular application of XML. Bloggers tune into other bloggers' RSS channels; they select and react to items flowing through those channels; they post items that also flow out on their own RSS channels. It's a kind of Krebs cycle where the input is individual thought and the output is group awareness. [ Google and weblogs: best hope for KM ]

So what's the architectural solution that will make the cells of this awareness network semi-permeable in the appropriate ways? Perhaps translucency is part of the answer. I'm not smart enough to see the endgame here. But I'm sure glad to see that Ray's on the case!

Addendum: The phrase "Patterns of cooperation without vulnerability" seems to capture the essence of the challenge.

Former URL: http://weblog.infoworld.com/udell/2002/08/14.html#a383