Yup, there is a new fashion in town and it will force the companies to fix the one element in IT that most corporations have ignored fixing for the longest of times. The issue that needed fixing for the longest time was non-repudiation, the issue has been clearly around for almost 10 years, 15 if you want to set a time table, but today on LinkedIn ‘Netflix and don’t share‘ shows that the industry will start doing something about it. The problem is what drives the masses to think that a paid service could ever be free. And even as we see: “Market leader Netflix has already declared it is examining how to curtail password sharing among family and friends. But streamers are treading carefully in teaming up “against the grifters,” aware of the backlash record labels previously generated in the Napster era” we need to be aware of the setting that it is a Netflix world and if you don’t pay, that is fair enough, but it also means that you can’t have Netflix. This issue is not limited to Netflix, it has a setting in video games, a setting in programs and in the past it had a setting in music. The problem is how to go about it. For places like Netflix, there is the non-repudiation solution, so in your network there are a few devices that could be set to receive, in the home environment the router tends to be the most culpable solution, yet in equal measure the home devices are also solutions that give rise to the patch of hardware that will allow one person to be connected, as such, Netflix was nice enough to allow 4 devices to be linked. Yet what to use as a system of non-repudation?
Well, email is certainly one way of doing it, but that only helps to some extent, the nice part about e-mails are that it allows Netflix (and like-minded people) to communicate with the owner on hardware, so as long as the email address is not hacked, this is decently safe.
The term Non-Repudiation is not new, It refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. So you and only you could have instigated the connection, bio-metrics are only one part of it, so is a password, non-repudiation is more, an autograph have the elements to complete non-repudiation, but in automated traffic, a copy of a autograph is becoming exceedingly simple, so we need to set the state where two tiered enabling is the way to go. Even if the origin of the two tiers was done in separate ways, combining them in any stream would be a decent level of assurance to convict a jury of peers (and Netflix) that only you could have instigated the stream. And Netflix is not the only one seeking for a solution. Bank solutions, use a pin and a bank pass, it is close but in in the end it is not real non-repudiation. Netflix needs to find a solution and whatever they find will push authentication technology.
And the system needs to be simple, not just for customers sake, the setting of complexity in these matters was best described by Scotty the Chief Engineer in Star Trek 3 whilst sabotaging the Excelsior: “The more they over-think the plumbing, the easier it is to stop up the drain“, it does apply to authentication and non-repudiation systems, especially when distance is an issue. So whatever we have at point X requesting for an authentication that tends to be the soft spot in the track.
It has to be simple, it needs to always work and it needs to set 2-3 alternatives at the spot. The problem with such a system is that it is not really non-repudiation at that point.
A programmable dongle can be hacked; the hacked account can be copied. And these dongles will come from somewhere, so criminals will end up having access to the stuff they need.
As such the best you can hope for is a system that will take out 80% from accessing such a solution, add proper cyber solutions in the form of law and you have a solution that a company can live with, as it deals with 10% of the outstanding 20%. It is not pretty at times, but at least it works. So these solutions could stop 90% from using stated systems in a non-paying capacity.
We can go in all directions from there, but the world needs a solution where non-repudiation will stop 96% dead in its track, and only up to 1% would be able to find a workaround. Making the non-repudiation system a 98.9999% working solution. I reckon that this is as good a solution as we are going to get and the solution is needed faster as 5G will require correct non-repudiation solutions to be up and running. With 5G out and about, the criminals get a 500% chance to get to more systems to infect more and more devices as such the need for Common Cyber Sense is becoming a pressing matter and from there we can move onto non-repudiation. Consider that the current situation allowed cyber criminals to lay their fingers on $120 billion dollars and with 5G out and about criminals will have access to well over half a trillion dollars, one could argue that it is a great day to be a cyber-criminal, or we can do something about it, because the one thing I do know is that the banks will only take hits for as long as they cannot make a case for ‘negligent care, the person did not take care of the item like a father would take care of its child‘, that is not some rant, the art world is already working with terms like that. How long will it be until banks and payment systems will take the same steps? At that point, the hardship will fall on the owner of the hit bank account, not the bank, unless a clear established path of evidence is presented that the bank itself was the intended target.
Non-repudiation will be the big next thing soon enough and whoever gets a system like that up and running will make an absolute fortune, it would change my 5G IP systems into small change, nothing more. It is the next thing and we are in dire need for such an inventor soon enough, not just Netflix.