Tech
Open cyber standards key to cross-platform integration | Computer Weekly
Vendor or supplier lock-in has been a longstanding topic of discussion, as far back as my first days in IT all the way back in 2002, and probably before. It was a common complaint of many large enterprises who felt penalised by multi-year managed service contracts that didn’t quite deliver on all the things they were promised, yet had no real means to do anything about it.
This was also an issue during the formative years of hyperscale cloud. People didn’t forget the pain they had experienced. As a result many discussions have focused on how to prevent vendor lock-in, concerned by the lack of interoperability to pick and choose solutions which were largely limited by the cloud providers’ ecosystem and service offerings.
Platformisation faces the same challenges, where financial efficiencies are weighed against functional and innovation limitations. Having worked for a hyperscale cloud company previously, the general consensus was “multi-cloud lowers capabilities to the lowest common denominator”, while customers complained “make it easier for us to do multi-cloud”. So where does the happy medium sit between these two ideas?
This is where open standards play such an important and pivotal role. Open standards are the common language that allow different software systems, hardware, and platforms to talk to one another without needing a translator. They are the antithesis of vendor lock-in and are critical for cross-platform integration for several key reasons:
- Interoperability: Open standards (like IPSIE or Oauth) operate across vendors and allow customers to pick and choose which solutions they can use, without being limited to a single vendor or technology stack. Developers don’t have to reverse-engineer how a proprietary system works. If a platform supports an open standard (like Oauth for logging in), the integration path is already documented and understood.
- Future-proofing and longevity: Proprietary integrations are fragile. If a vendor changes their internal code or goes out of business, the integration breaks. Open standards bring stability. Open standards are maintained by independent bodies (like the OpenID Foundation for IPSIE). They evolve slowly and deliberately, ensuring backward compatibility.
- Avoiding the ‘translation tax’: Without open standards, every integration requires a custom translation layer. When two platforms speak the same open standard (e.g., two email servers using SMTP), they communicate directly. You avoid the processing overhead and potential for errors that come with converting data from one proprietary format to another constantly.
- Innovation and competition: Open standards lower the barrier to entry for new competitors, which benefits the ecosystem as a whole. You can build a best-in-class tech stack. You might use a CRM from Salesforce, email from Google, and a database from Amazon. They all support open standards (like RESTful APIs), so you can stitch them together into a unified workflow.
Open standards are the fundamental bedrock of modern platformisation strategies. They shift the architectural paradigm from monolithic silos – where one vendor does everything – to modular ecosystems (where distinct, best-in-class tools connect seamlessly). This allows organisations to grow and adapt their technology stack when needed and ensures platformisation is not a one-way decision.
Stephen McDermid is EMEA CSO at Okta
Read more on Cloud security
On November 16, 2021, Matthew Ziburis sat in his car in a residential neighborhood in the Bay Area stalking an “enemy,” as he put it. A veteran of both the US Army and Marine Corps, Ziburis had previously served in Iraq. But on this mission, he was working at the behest of China’s government. The targets that autumn day were American citizens: Arthur Liu and his teenage daughter, Alysa.
Arthur’s personal story was an exemplar of the American Dream. As a university student, he took part in the 1989 pro-democracy movement in China. After the crackdown at Tiananmen Square that year, he fled to the United States, settling in California. Arthur poured a small fortune and an equal amount of energy into molding Alysa into a figure skating phenom. As a national champion at age 13, she bantered along with Jimmy Fallon on The Tonight Show, and was at the time on track to represent America at the Winter Olympics the following year in Beijing.
Ziburis was surveilling the Liu home when he called Arthur, falsely claiming that he was a member of the US Olympic Committee who needed to discuss upcoming travel to Beijing, Arthur says. Ziburis was adamant that Arthur fax him copies of his and his daughter’s passports as part of a travel “preparedness check,” Liu tells WIRED. This struck Arthur as odd. In his many years dealing with sports bodies, he had never fielded such a request. Alysa’s agent did not respond to a request for comment.
Ziburis’ surveillance of Arthur and Alysa Liu that November day five years ago was just one episode in a bizarre saga that spanned from California to Beijing, touched New York City mayors and members of the US Congress, and has seen two people plead guilty and two more awaiting trial.
Unbeknownst to Ziburis, as he sat outside Aurthur and Alysa’s Northern California home, he too was being watched.
Ziburis had allegedly been dispatched to Northern California by Frank Liu, a self-styled fixer in the Chinese community from Long Island, New York, who was in turn receiving orders from a person in China named Qiang Sun. According to US authorities, Sun was working at the behest of the Chinese government. A concerned private investigator who once worked for Frank Liu had alerted the FBI to Frank’s escapades and was assisting authorities. Law enforcement was already on to Ziburis by the time he arrived. Anthony Ricco, Ziburis’ lawyer, did not respond to requests for comment.
Officers watched as Ziburis surveyed Arthur’s home and visited his law office. The heavy-set man sulking around Arthur’s office also caught the attention of a neighbor, who approached Ziburis and asked him if he needed help, Arthur says. Apparently concerned, the FBI called Arthur to warn him that Ziburis was heading to his home. By then, in part because of the harassment, Arthur and Alysa were boarding a plane to fly out of California. “It was like a movie,” Arthur says.
Alysa’s showing in Beijing in 2022 was disappointing. Burned out, she retired from the sport. Then in February, after returning to the ice after a two year hiatus, Alysa became the first US women’s figure skater to win Olympic gold since 2002—intentionally without her father by her side.
Despite her much-publicized complicated relationship with Arthur, Alysa’s success—punctuated by her signature pierced smile, racoon-tail dye job, and palpable joy for her sport—has reignited interest in the long-running case of transnational repression against her and her father. Human rights advocates and researchers have documented in recent years the lengths Beijing has taken to suppress critical voices, even those residing abroad or whose perceived transgressions date back decades.
Neuroscientists know that there is a link between loneliness and cognitive decline in older adults, although it is still difficult to understand the exact magnitude of the link. A new longitudinal study provides evidence that a proportion of people who feel lonely end up having more memory impairment, though this doesn’t necessarily mean that their brains age faster.
The report, published in Aging & Mental Health, shows that older adults with higher levels of loneliness scored lower on tests of immediate and delayed recall. Even so, the rate at which their memory declined over six years was virtually identical to those who were not lonely.
“It suggests that loneliness may play a more prominent role in the initial state of memory than in its progressive decline,” said Luis Carlos Venegas-Sanabria of the School of Medicine and Health Sciences at Universidad del Rosario, who led the research. “The study underscores the importance of addressing loneliness as a significant factor in the context of cognitive performance in older adults.”
Six-Year Study of Thousands of Single People
The team analyzed data from the Survey of Health, Ageing and Retirement in Europe (SHARE), one of the most robust longitudinal databases for studying aging. For six years, the researchers followed 10,217 adults, aged 65 to 94, from 12 European countries. They assessed their level of loneliness and their performance on memory tests.
The results show that age was the most important determinant of memory level and speed of decline. From the age of 75 onwards, scores began to fall more rapidly. After 85 the decline became more pronounced. Depression and chronic diseases such as diabetes also reduced the initial score. Loneliness, while influencing the starting point, did not accelerate the slope of cognitive decline.
The study also found that physical activity was associated with better initial memory scores. People who engaged in moderate or vigorous physical activity at least once a month recalled more words on immediate and delayed recall tests. This effect did not change the speed of decline, but it did raise the baseline level, which functions as a kind of “cognitive buffer.”
Although the study does not explore the causes of the link between loneliness and cognition, previous research has proposed plausible mechanisms. Loneliness is often associated with less social interaction, a factor that influences cognitive performance. It is also associated with increased risk of depression, which does directly affect memory tests. In addition, lonely people tend to have more health problems, such as hypertension or diabetes, which also affect cognitive function.
By 2050, according to United Nations projections, one in six people in the world will be over the age of 65. Societies are entering a stage where old age will no longer be the exception but will become the norm. Dementia, as well as other neurodegenerative diseases that appear with age, will be a major challenge for health care institutions.
Privacy is not a modern invention; it is part of the human condition of trust, dissent, and intimacy. Every society has developed ways to communicate beyond the reach of power: whispered conversations, sealed letters, coded language.
The need to keep secrets is equally as important among the powerful – governments, more so than individuals, have jealously guarded their own secrets, even as they seek to uncover the secrets of others. What is new is neither the need nor desire for private communication but the current power of the observer.
We now live in what some have termed a “golden age of surveillance,” in which governments, corporations, and adversaries possess the technical capability to monitor human interaction at unprecedented scale. In this era of pervasive digital connectivity, most digital interactions leave a permanent, searchable trace, and the need to protect sensitive information has become critical.
End-to-end encryption (E2EE) is therefore not a technical abstraction or ideological indulgence; it is the most effective defence against unauthorized access to private communications in a fully networked world. As digital communication continues to evolve, the risks of interception scale with it.
Why E2EE matters
E2EE preserves data confidentiality by masking data from unauthorised users and ensuring that only the intended recipients, with a decryption key, can access the data. Using cryptography, E2EE transforms readable plaintext into unreadable ciphertext on the sender’s device, keeps it encrypted during transmission, and decrypts it back into its original form only when it reaches its destination and is decoded with the correct key. It is widely used by governments and corporations and is becoming increasingly common among individual users, reflecting its status as the prevailing standard for data security and privacy.
The most common use of E2EE is for secure communications on mobile and online messaging services. It is also widely used by password managers to protect users’ passwords; for data storage purposes to ensure that data is protected when it is stored and when it is transmitted between devices or to the cloud; and for file-sharing purposes, including peer-to-peer file sharing, encrypted cloud storage, and specialised file transfer services.
Using E2EE means that no one else, including the service provider facilitating the communications, has access to the unencrypted data without consent. If it were to be intercepted, the data would appear to third parties as random, unintelligible characters.
As the service provider facilitating the communications does not have access to the unencrypted data due to E2EE, it is unable to provide it to any third party. That includes governments and law enforcement agencies that criticize E2EE as an obstacle to investigations while at the same time relying on and demanding the strongest available encryption to protect their own systems. Thus, the debate over E2EE is not about balancing privacy and security. It is about whether governments can demand systemic insecurity while insisting on absolute security for themselves.
The risks of ‘exceptional access’
“Exceptional access” is the term used to describe the mechanism for enabling government access to encrypted communications. Different governments take different approaches to the methods they use to seek exceptional access. While the intentions behind exceptional access may be noble, facilitating such mechanisms in E2EE communications can create more problems than it seeks to solve.
The creation of government-mandated security vulnerabilities, commonly known as backdoors, into E2EE services jeopardizes the security and privacy of global communications. Once a backdoor is built, no one can guarantee that only the authorised third party will have access to it. Malicious actors will try to use such backdoors to enter and decrypt communications that are intended to be secure on the endpoints and only accessible to the sender and recipients. It is for this reason that the world’s leading providers have avowed publicly never to do so.
Third-party exceptional access mechanisms in which a copy of a user’s decryption keys are held by a “trusted” third party for potential future use by the government are at present fraught with insurmountable technological and security issues. Industry, backed by the vast majority of relevant experts, is saying that it’s simply not possible to have E2EE where a third party holds a key. It defeats E2EE’s central premise and is a deliberate breach of the security guarantee that E2EE provides.
Any kind of repository where providers are forced to store the keys would become a treasure trove of a target for attackers – especially so for sophisticated state actors who, as we have repeatedly seen, are adept at breaking into worldwide telecommunications networks and critical infrastructure.
Why encryption is not an existential threat to law enforcement
In any event, governments have for decades warned of the existential threat posed by encryption and on the grim possibility of “going dark.” But they have not gone dark, and there exist other means by which governments can get valuable data. Metadata remains available. Enhanced investigative means and other investigative tools are ever evolving and becoming more sophisticated.
Governments should be careful about what they wish for. In seeking to fetter E2EE, they may drive the very actors whose data they most need away from mainstream providers, most of whom have long-standing collaborative relationships with law enforcement. In doing so, they will lose the ability to gain the data they can still obtain notwithstanding the use of E2EE – or, worse, they will undermine the very technology on which they also rely.
At this stage of technological development, there exists no meaningful way to grant governments “exceptional access” to encrypted communications without deliberately engineering systemic vulnerability into the digital infrastructure on which billions of people, institutions, and governments themselves depend.
Once such vulnerabilities exist, they cannot be confined to the well-intentioned or the lawful; they become available to hostile states, criminal actors, and anyone capable of exploiting them. The consensus among technologists and security experts is unequivocal: E2EE either works for everyone, or it is broken for everyone. Governments may continue to warn of impending darkness, but the greater danger lies in demanding insecurity by design – an outcome that would fundamentally undermine trust, resilience, and the security of the global communications ecosystem.
2026 growth in Africa to drop by up to 0.2% due to Iran war: Report
Indian reforms strengthen DGFT norms committees’ functioning: Ministry
The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad
-
Fashion4 days agoFrance’s LVMH Q1 revenue falls 6%, shows resilience amid Iran war
-
Sports1 week agoThe case for Man United’s Fernandes as Premier League’s best
-
Entertainment1 week agoPalace left in shock as Prince William cancels grand ceremony
-
Business1 week agoUK could adopt EU single market rules under new legislation
-
Entertainment5 days agoIs Claude down? Here’s why users are seeing errors
-
Sports1 week agoLamar Jackson hits back at critics with faithful message on social media
-
Fashion1 week agoEnergy emerges as biggest cost driver in textile margins
-
Business1 week agoRoad accidents: a massive economic challenge | The Express Tribune