Ditch One To Get The Other

In the INFOSEC realm, we often discuss the CIA Triad: Confidentiality, Integrity, and Availability; this is the basis and end goal of information security efforts.

It occurred to me the other day that we could get rid of one of the legs of the Triad in order to perfect another.

Without Confidentiality, we could have perfect Integrity.

If I gave up all privacy, I could be protected from all fraud. If I were to livestream my entire life, it wouldn’t matter that you could see my credit card number and PIN and whatever other credentials/authentication techniques I used; you could not use my payment methods in order to make unauthorized purchases, because my bank would also be able to confirm whether or not I, myself, had conducted those transactions— by watching the same livestream you took my payment info from.

In fact, we could (theoretically) do away with all systems-based payment methods, and revert to an older, historical model: trust-based methods. I wouldn’t need a credit card (or even a credit card number)— I could just say, “I agree to pay you X amount,” and that would suffice for my bank to pay you that amount. Not too long ago (150 years back or so), this was very close to how money and debts were conveyed: I would write a note to you, and sign it, as an instrument of payment or promise; you could present this to my bank for payment, or transfer it to someone else who was willing to purchase it (perhaps your own bank, or another person) on the assumption that they, themselves, could collect it from my bank.

Manual confirmation (a bank teller watching my livestream to confirm I’d promised payment) would be time-intensive at the moment…but I get the feeling this could be automated very quickly.

This idea intrigues me.