Despite some technology hype, there’s no such thing as ‘trustless’ transactions between humans. Just because I have a valid key doesn’t make me a trustworthy key holder and if my digital credentials are invalid it doesn’t necessarily mean that I am untrustworthy. Digital security and trust, like other themes explored in this blog, are evolving in ways that are often incompatible with a world that increasingly relies upon the blending of electrons and humans.
I recently visited my elderly parents who live in a beautiful semi rural area in the US where many of the people are holiday makers or retirees. The area has all the modern conveniences as well as some vestiges of the land that time forgot – including a local internet service provider that has aged along with many in the community.
This ISP offers email services and bandwidth that’s about a tenth of the speed and capacity at a similar price to national competitors. It also offers extraordinary customer support that reflects the community they support.
Soon after I arrived, both of my parents began having issues with their email. Their first thought was that I might have broken the home wifi due to my excessive (ie that of an average digital participant) data consumption through multiple concurrently connected devices (crazy stuff!). Looking into it, I saw that the ISP plan they were on offered very low speeds but the modem and router were working albeit slowly. As a trusted intermediary I asked them for their passwords so I could look at the ISPs email account setup and was given a collection of coloured post-it notes with three or for passwords on each marked with uncertain notes like ‘pc’, ‘ipad’, ‘apple’, ‘nokia’, ‘old’, ‘lulu’, ‘new’, ‘newer’ etc.. None of these seemed to work – not even the blue ones – and they suggested calling the ISP. I said that the ISP wouldn’t be able to help because their passwords were encrypted and we’d have to reset them – no, we need to call Mike or Lulu.
So I called, and the phone was answered in 2 rings (!) by Mike, who spoke to my Dad and got him to guess what parts of the correct password might be – I think it has this or that number in it – yes, says Mike, and there’s a short word before the number – what might that be? No, not that one, yes, that’s the one. Password (unencrypted on Mike’s end) confirmed – first problem solved, but my cyber security sensibilities were in meltdown.
Mike and I could then establish that my parents had thought that every email client had its own password (totally reasonable for those who became digital aliens around 1998). Each time a device was turned on (because of course you don’t want to wear out your mobile phone and tablet by leaving them on all the time) it would try to connect to the email account with a different (out of date) password and lock the account after three failed tries.
After an hour or so of deducing all this, everything was sorted – fixed the email set up on the pcs and portable devices and Mike and I tested each connection with me on the clients and his observation on the server. During all this time Mike had to stop and take other calls and then called me back!
Some of you reading this would have paused at the point where Mike was clearly looking at my parent’s unencrypted passwords and reading their email to see if test messages were getting through. Without this level of service though, my parents simply wouldn’t be able to reliably manage their email access on a day-to-day basis.
My parents trust Mike and his employer and Mike trusts that my parents are who they say they are – and that’s pretty easy because they have some consistent, unique and sometimes pretty frustrating analog characteristics. They have a human trusted relationship and a service arrangement that is ‘old fashioned’, and simply unavailable through ‘modern’, secure and less expensive competitors.
Thanks for your care and patience Mike – a pixie in human form.
Pixie Dust 