America's Strategic National Investment

Secure Aggregated Content Control

The Importance of Fine Grain Content and Context Control

By Roy D. Follendore III

October 24, 2003

The high technology of the Roman empire is arguably the invention and use of a simple building construction material that we call concrete. With it the Romans were able to large and complex structures that have stood the test of time. Every concrete mason since that time has known that the quality of their product depends on the aggregation of the mix of gravel. The wrong aggregated mix affects both the finish and the strength of the final product. For instance, the use of irregular crushed stone has certain advantages while rounded stone possesses other advantages. The implication of this is that in order to properly utilize concrete, the Romans not only had to think about the objectives of the architect, they had to pay attention to the qualities of aggregated mix with respect to their architectural objectives.

The process of selecting and putting networked content together is also called aggregation. Engineers use computer and network technology to aggregate bits to represent new useful data, just users aggregate data to create information and information to create knowledge. The level of control that is available for accomplishing this is called the grain. Fine grain aggregation is the ability to put together data with information or knowledge to create new information and knowledge. If all that we considered important was the transfer of data, information and knowledge from one point to another, then the simple fact that new data, information and knowledge would be arriving at the distant end would still constitute the concept of aggregation. The reason for this is that aggregation is not a device oriented concept; It is a mind oriented concept. The issue of aggregation is the issue of affecting the way that people are able to utilize content. The reorganization of aggregation can be the creation of new and potentially more useful content. When we stop and think about this, it only makes sense that this way of thinking is a critical aspect of our strategic network infrastructure. After all, the purpose of our strategic network infrastructure is the dissemination of useful new aggregations of content.

The way that we work at using network technology today is as though it has been created as an assemblage of stove pipes. We pass fixed aggregated arrangements of content through those pipes as static message files. At the distant end, we then open the messages and manually dissemble the aggregation of these message files. We cut and paste the aggregated parts, adding new content to create new messages that are appropriate to other people in other situations. When these aggregations become sensitive the files are monolithically secured through encryption of entire individual files. This means that knowledge of the entirety of the content is not only protected, it is isolated from knowledgeable practical use.

Few "team players" within organizations are willing to argue against the classification of aggregated content and its subsequent cryptographic protection, even if doing so is catastrophic to the purpose of the organization. This has created a stagnation of cryptographic requirements that have not been considered. The hierarchically overwhelming shrouds of bureaucratic secrecy means that the disadvantages of using traditional cryptographic security is never actually considered with respect to the dissemination of aggregated components of the content. Because sensitive files must be encrypted external to the influence of the content, they must be managed as sensitive unknowns. Content as critical aggregated components suffer the potential of remaining uncoordinated, uncorrected when in error. It is a simple observation that time catches up with, and degrades all aggregated content composed of data, information and knowledge.

There are in fact two tremendously important classes of security concerns for our American strategic network infrastructure. The networked economy is based on our ability to efficiently and effectively communicate. Therefore the first issue simply involves our capability to communicate and the second issue involves managing the content of our communication. This question, whether as a nation we have the competitive ability to efficiently communicate, is largely considered a hardware problem. However it is also a problem that reflects the fact that we are faced with continuous transitions within technologies, which we must constantly integrate and overlay with respect to existing technologies. The question concerning our ability to effectively communicate is largely a human and social problem. It involves the way in which we wish to structure and manage our networked content and that in turn involves our purpose and objectives.

The issue of bringing better management policies into our strategic security equation begins with this second class of security concerns. Each time we try to manage and enforce content control processes through physical connectivity, we are negatively affecting our national ability to effectively communicate. It is the effectiveness of people and organizations of people that determine the effectiveness of our network infrastructure. Instead of preventing content from being distributed through our networked infrastructure, we should be finding ways to allow more and better content to flow without affecting the capabilities of hardware. This kind of content control can only be achieved through the use of embedded artificial intelligence within the core of cryptographic functions.

The reason for this observation is simple. The aggregation of content must not only be secure, it must also be flexible. The aggregation of content within our network infrastructure must be transparently reusable. Within that concept of content reusability must be enough degrees of freedom so that new arrangements of information and knowledge can be expressed. The kind of aggregation control this implies must be capable of reducing risk and improve effectiveness of users and their organizations to many points and through any type of network.

In order to accomplish this while reducing complexity and increasing our objective capabilities the United States must invest in ways to disseminate inherently secure aggregations of data, information and knowledge in reusable and manageable ways. We must begin to think outside of the cryptographic box and redefine the traditional boundaries of cryptographic philosophy. What our nation must begin to invest in are tools to manage the enforceable quality of content through the use of machine intelligence based cryptographic controls that can beneficially regulate content.