Reprinted from Global Agenda 2003 (World Economic Forum)
For computing to achieve its full potential -- and to enrich the daily lives of people and businesses everywhere -- it must first be made as secure and reliable as it can be, says Bill Gates
by Bill Gates
January 23, 2003
Not so long ago, most people paid little attention to cybercrime. Malicious hackers, hi-tech bank robbers and identity thieves were the stuff of science fiction novels; few outside the industry of information technology had more than a passing knowledge of their damaging potential. As recently as 20 years ago, the role of computers was mostly behind the scenes. The data they contained were relatively easy to secure because they were rarely moved or communicated to other machines.
That is not to say that the computer industry ignored security. In fact, it has worked to address security and reliability issues for decades, helping to ensure that banks could safely process transactions, that flight control systems functioned flawlessly and that sensitive data remained in the hands of those authorized to use them. But this all went on behind the scenes -- and the average citizen knew little about it.
The past few years have seen all that change. The amazing growth of PCs connected to the Internet transformed the nature of computing, setting information free and creating tough new security challenges.
A number of malicious and highly publicized computer viruses demonstrated the importance of ensuring the integrity and security of these increasingly interconnected computer networks.
And the terrorist attacks of September 2001 reminded us that our computing infrastructure is as critical to our econ
omy as our physical infrastructure -- and that the safety of each is at least partly dependent on the other.
The convergence of these three developments -- and the increasingly central role that computing will play in our lives in the coming years -- has led to a renewed focus on ensuring that our computing systems and information are safe from harm. Yet security is just one of a broader set of challenges that must be addressed to realize fully the vast potential of computing. As people increasingly depend on computers, they need to be sure that computing systems are available and functioning properly whenever and wherever they need them.
They must also be sure that they protect their sensitive information from theft or loss, and that the companies providing services and handling personal information are adhering to fair information principles.
To make this happen, our computing systems cannot just be secure -- they should be unfailingly trustworthy. We should be able to rely on them as we in the developed world rely on electricity or a telephone service today.
Although complete trustworthiness has yet to be achieved by any technology -- power systems still fail, water and gas pipes rupture and telephone lines sometimes drop calls -- these systems are usually there when we need them and they do what we need them to do. For computers to play a truly central role in our lives, they must achieve this level of trust.
As we move from a world of stand-alone desktop computers to an interconnected, decentralized global network, we face a number of new challenges.
The growth of the Web has encouraged businesses to make large amounts of business data available on the Inter-net, so that they can work better with partners and suppliers and build deep customer connections.
Consumers are conducting more and more business online, sending sensitive personal and financial information over the network. And businesses are increasingly motivated to make their internal business data securely available to employees at home or on the go.
These trends create vast new opportunities to enrich our lives and rewire our economy, but they also offer a tempting target for vandals, criminals and terrorists. To meet these challenges, we must change the way we create software.
Many desktop applications were not designed to operate in a networked environment, and the core protocols of the Internet were not initially designed to serve the 500 million users who rely on them today.
Much of this software has performed well in this new environment, but a lot of it must be refined, improved and rebuilt with security at the core.
At Microsoft we halted development on several key products and invested more than $100 million to evaluate our existing software for security issues, and to train our developers to build security into our future products from the ground up.
At the same time, the entire computer industry is working with government, law enforcement and business leaders to deter cybercrime at its source and build a secure digital future.
As the Internet became a viable platform for commerce -- another use not anticipated by its original design - the amount of sensitive personal and financial information exchanged on the Web has skyrocketed.
This has led many consumers to be concerned about the safety of their information and the potential for misuse, fraud and identity theft. In fact, such fears continue to hold back growth in Internet-based commerce.
Existing industry standards, business practices and regulations already do much to ensure that people can retain control over how their personal information is obtained and used by others.
Standards such as P3P help consumers understand and manage the disclosure of their personal information to trusted parties. Microsoft is collaborating with industry partners to develop sophisticated new tools that will enable companies to implement and assess their own privacy policies.
Nonetheless, industry and government must continue to improve the software and tools that preserve individual privacy. And industry must keep working closely with govern
ment to ensure that laws and regulations which protect consumers are followed.
Security and privacy are the most immediate short-term challenges today, but achieving trustworthy computing involves a host of other issues. For example, we must continue to tackle the complexity and stability issues that affect many systems today, both at home and at work.
Just as a homeowner has no fear that fitting a new lamp will break his refrigerator, computer users should not have to worry that installing new applications will destabilize their system.
Companies should feel confident about embracing e-commerce, knowing that they can always depend on their software to meet their evolving needs reliably. That is why Microsoft, along with a host of other companies and researchers, is working aggressively to create computing systems that will be self-managing, self-repairing and inher
ently resilient. Put simply, they will just work.
We are in the early years of a time I call the
-- an era in which computers move beyond being merely useful and become a significant and indispensable part of everyday life.
In the years ahead people will increasingly rely on computers to communicate and to be entertained, to run their lives and their businesses. This transformation has tremendous potential for enriching and enhancing our daily lives, while sparking a new era of growth for the global economy.
But for this to become a reality, we must first make computing as secure and reliable as it can be. Achieving truly trustworthy computing is a long-term challenge -- perhaps a 10-year process -- but considering the amazing opportunities the digital decade has to offer, it is essential that we meet it.
©Bill Gates 2003. All rights reserved.