Trouble at Mill: Layer 10 and the new international zero-trust reality.

It's about trust. As Ford Prefect would put it, I trust them "about as far as I could comfortably spit out a rat". The age of data war is also the era of Zero Trust. When British mathematician Clive Humby said "data is the new oil", I doubt he was thinking that like oil "it will be the cause of horrible and bloody wars". Only those as cunning as Elon Musk saw how taking control of data wields more power than money or armies.

Now it is the job of us as citizens of liberal democracies to fight and take control of that data, or perish. Along the way we might have to confront our own governments, institutions and peer businesses who have recklessly made deals to broker data and rope us into corrupt arrangements that are economically advantageous for the few, but disastrous for civic and national cybersecurity.

I cannot emphasise enough how urgent and important this is, because even if lawful process cannot remove Trump/Musk or democratic nations cannot help the US restore democracy, the least we can do is limit the spread of US technofascism via its networks.

No surprise here. We've been warning and educating people about this for years, encouraging diversity as resilience, compartmentalisation, sound trust modelling, and good data sovereignty practices. The over-reach of US agencies and FISA provisions have been problematic for years, but all of these issues have so clearly come to a head since January 2025.

To the extent any organisation or business totally depends on an overseas provider, controlled by now hostile agents, it has no effective cybersecurity. The problem of BigTech goes far beyond mere economic monopoly, lack of interoperability, poor ethics and abuse of people's data, it encompasses the political nature of technology and the actors involved.

In an information war it's hard to see what is what even when the harms are painfully evident. There is seldom any locus of action. Kinetic conflicts abound in places like Ukraine, Gaza, Yemen, Sudan, Haiti, and Donald Trump with his BFF Vladimir Putin promise to create more bloodshed by insulting and alienating allies, invading neighbouring countries and dismantling institutional balances.

But in cyberspace what we are seeing is an enemy from a new kind of cyberwar. It is not the hybrid cyber-physical incursions against power supplies, fuel, hospitals, and transport we have anticipated for so long. Perhaps those are yet to come, and the attacks on our data infrastructure are merely prelude.

A new kind of enemy is rogue leadership, which attacks the ground-truths of socio-political reality, not by disinformation, but by taking direct control of the apparatus of a technological society. From there, as in Orwell's Nineteen Eighty Four, entire political projects spanning decades can simply be deleted.

It's like a crazy passenger grabbing the wheel and steering us into the roadside.

The enemy is the "unreliable ally". It is the person or system you look to and depend upon, that turns out defective and derelict and upends your life. It's the system you depended on that lets you down.

Similar problems exist around China, Israel, and of course Russia. Until only recently Kaspersky was a trustworthy virus signature checker and HikVision cameras adorned our public buildings. There may indeed be nothing technically "wrong" with these products from a cybersecurity stance, given certain trust relations. Change those trust relations however, even a little, and valuable tools become lethal weapons pointed at us!

Note the primacy of layers 9 and 10 in security thinking. No situation or advantage means anything if the context/theatre of operation changes. Also note that we learned all these lessons on non-functional coupling from Software Engineering over 40 years ago, yet today governments are making the same mistake over and over again.

This is also all very much in line with Meadows' notes on leverage points. Intervening in a system at the highest of values has the most effect. Any defences implemented at lower orders are simply bypassed since traditional Western class-based/hierarchical security thinking has an Achilles' heel, it always trusts up.

In many ways the unreliable ally is worse than an overt enemy. He is proximate to the infiltrator or defector. A defective ally builds trust and dependency in order to exploit it later, as in the commercial process of "enshitification" where accumulated social capital is "cashed-out" when the abusive corporation turns against the unwitting customer.

So we're in a "data war", which I think differs from a cyber-war. It combines trade war, influence and espionage. It aims to exert international power via technology systems, diluting the sovereignty of nation states and sapping self-determination, independent thought and democracy.

Since Sun Tzu, our conflict thinking has recognised and used propaganda, psyops, manipulation and sabotage of communications systems. At the same time, designing, building and spreading communications systems, like DARPA's Internet, is war by other means.

If one controls the means of communication, that's control over every single user. Some people are still surprised to figure out "The Internet" was not some God-given gift, nor even a social project by benevolent governments, but after 1990 was an ad-hoc commercial playground for giant advertising and publishing companies who paid enormous sums for the radio, copper and fiber licences giving them "access" to you.

The idea of a Free Internet, a peoples' Internet, owned, run and maintained by citizens for citizens, paid for by a universal tax, and impossible for any government to shut down or censor, remains elusive in this century. Some progressive Nordic countries have come close. Despite the extraordinary economic benefits of a Free Internet no government except the US in its pre-fascist configuration has been able to let go of the urge to spy, police, censor and shut-down civil communications.

As Horace Mann saw universal education being essential to democracy, today a Free Internet is the bedrock component for democracy. But if you use Starlink, or an ISP owned by foreign money, your life is inevitably shaped and limited by the owners of that system. The only escape is to use Zero Trust principles, with strong end-to-end encryption and overlay (VPN-like) networks to tunnel between safe harbours.

It was never a great secret that the Internet was a project of cultural hegemony to "spread Western values of democracy and capitalism". We like those things, and we stood for that too, remember?

These are not the only values it can be used to spread.

Our mistake was to think it would work like BBC World Service, as a broadcast tool. We forgot that, like empires, communications tools work in both directions. What we reach out to touch, reaches back and changes us. We underestimated how 'meddling' in foreign media affairs has massive unexpected side-effects. The "Arab Spring", which by toppling dictators enabled religious extremists, was a clear lesson.

Strikingly, we ignored how vulnerable our own cultures are to non-linear info-war, influence, propaganda, agitation, and infiltration by old enemies… despite the fact that those enemies told us exactly what they're doing.

It is perhaps the most notable failure of intelligence and political education that all of this happened, as it were, in plain sight and therefore with our tacit assent. We knew perfectly well that surveillance, whether commercial or political mass-surveillance, is corrosive to democracy and to the mental health and prosperity of the whole nation. And so is dismantling education by replacing teachers with machines and filling schools with Microsoft garbage. Yet we allowed the seeds to fester and grow.

Even today there are fools who say "I have nothing to hide" or that they don't mind Google spies on their email and find targeted advertisements an "acceptable price to pay" for bargains and convenience. Like SUV drivers, the "I'm alright Jack" crowd look only as far as their own convenience, showing little if any social conscience about the effects of their actions with technology.

There are even useful idiots, such as ourselves, whose care for our children can be manipulated. Sincerely supporting the UK Online Safety Bill, even while drawing attention during its passage to obvious draconian and unconscionable tag-on amendments, took some faith in the British government which we've yet to see repaid.

Most of all, the Internet came as a progressive ideology. It presented a benign globalist vision for cooperation and trade. We're now rapidly abandoning that much cherished and beautiful dream of global technological advancement, knowledge sharing, the benefits of free trade and an interconnected world where a European can enjoy services of an American company, running on software written in Russia, on hardware made by a Chinese company.

What computer scientist Richard Buckland (UNSW) called the "miracle of standards" that allowed inventions like the CD/DVD player to create universal media format around the globe, now seems like a quaint bygone era. Luminaries like Sir Tim Berners Lee have made saddening remarks about the failure of "The Web" and networks as public projects in general. One now has to wonder what future bodies like IETF, ICANN or W3C have in a technofascist world.

Today you can not read the word "AI" separate from the phrase "arms race". States, businesses and the mass-media are helpless to frame computers and communications as anything but weapons, not tools of peace and prosperity as we did in the 80s and 90s.

That dream I grew up with, where science and reason provide the answer to climate crisis, disease, hunger and conflict, looks completely broken today and I, like all technologists who are anything more than docile button-pushers, mourn and grieve it.

As has happened more than once in recent history, the engineers and computer scientists who built the weapons now arranged against us are betrayed. BigTech is laying-off tens of thousands of workers, not because of "AI" but because BigTech qua technology is dying. It's cashing-out and moving into politics.

We held a wonderful alternative in our hands for a moment, but positive technological globalism has failed hard. Not because of big, exotic, 'unprecedented' problems, but because of small old familiar ones that lie in the hearts of insecure men.

Basic human biology/neuroscience also plays a part. An army of dark user-interface designers following B.J Fogg's formula for behaviour manipulation have unleashed wave after wave of deliberately weaponised software on all of us, especially children and vulnerable people, for decades now. It is terrifying how easily hooked we are by cynical manipulators who design ads and apps to waste our lives. None of this software is illegal.

Though we're slowly getting better at resisting, we have such a weakness to managing tech, to resist blingy convenient cult brand gadgets for amusing ourselves to death with. So we made tech our opium and, in Opium Wars II China and the West work together to keep stupefied populations.

It's not that we didn't recognise these harms and these enemies coming. They broke laws. They mocked judges. Did the Law arrest them, dismantle their companies, bar them from influence? On the contrary, it rewarded them, just as the British system of the 1980s rewarded the "Mayfair Set" of asset strippers who ran amok dismembering the old "Captains of Industry".

Did the research into the health effects of smartphones change policy? Not a chance! It was buried and drowned by millions of dollars of influence money, bribes and media hush-funds for government and mass-media. Long after researchers had called BigTech the "new tobacco industry", science was silenced so we would keep buying smartphones and using BigTech.

Even after it was obvious to all Americans that Silicon Valley swam with worst sort of white-collar criminals, instead the world lionised them, glamorised their money and dubbed them exemplars of libertarian freedom, champions of innovation. When they stole our data we were the happy "dumb-fucks" who applauded and smiled slightly at the convenience of something or other, and really felt their wish to "make the world a better place".

We have so very much brought all this on ourselves.

Lining the pockets of the already rich while selling harmful, addictive cruft to a bedazzled population can look a lot like innovation. For a while. Then at some point people get tired of the baloney, and so you find more addictive formulas, and ways to force your wares on people.

Peak smartphone happened in about 2015/6, and I wrote at length about it in Digital Vegan and several Times articles, however, almost 10 years later we are still catching up to the facts. Studies show our children are brain damaged and have dropped multiple IQ points. Even as we realise that AI makes us stupid we push ahead with the greatest anti-educational project in the history of humanity, while businesses and governments still try pushing "smart" solutions for just about every damn thing, even though people keep making it very clear we don't want this crap.

Problem is, we never had a vision around tech. Somehow just connecting everyone together was going to make things better. We concocted myth after myth; the "information superhighway", the "interconnected world", "the digital society", "smart cities", "cybernetic governance". All these overzealous schoolboy ideas, built from half-remembered fragments of 1950s science fiction, never cared to ask with any clear vision of what we wanted, as humans, from a technologically enabled (but also dependent) society.

In 2025 it is still not trivial or even possible to:

• access an ordinary simple webpage on a basic computer
• transfer a simple fle from one computer to another
• type a question into a search engine and get a straight-forward reliable fact
• send a private (encrypted) email to a friend or family member

Digital communications technology is a fucking mess. It's an embarrasment to anyone who knows the least thing about it.

Now we're left with systems that any capable enemy could shut down in a day. Telecoms, fuel pipelines, food supply chains, hospitals… all run on poorly written, insecure BigTech software. All of it needs stripping out, replacing with reliable, maintainable, simpler, public (Free and Open Source) code - and we need to retrain a new generation to maintain and run these critical systems.

Meanwhile, badly written regulation is making sure we get the worst of all possible worlds;

• rules that make it hard for ordinary people and small companies to comply, while enabling large abusive companies a fast-track because of their money.
• privacy invading surveillance of ordinary people while allowing wealthy cybercriminals and oligarchs to operate in the dark.

The story of the Internet, at its heart, is of a rather naive system of trust. Being designed as a military system it was never made with internal security in mind, and certainly not security from its own operators. However, almost since the start we've seen how electronic networks are fragile and prone to disruption by a very small minority.

Zero Trust, at its best, is an attempt to understand this problem and make systems safe from themselves and to make people safe from their own systems.

Zero Trust is not about "Not trusting" - it's about mindful and honest examination of trust relations and the ability to enforce those relations through technologies and laws.

The problem is, it creates MASSIVE inconvenient truths because it exposes latent trust relations that are defective and harmful. Many of the criminals running things today rely on unexamined implicit trust relations, user ignorance, or some form of monopoly or compulsion that is not even "trust" at all.

Maybe the most terrifying of its revelations is that trust is not a measurable thing. Trust is a reflective, contextual human emotion. As Blake says, it is easier to forgive an enemy than to forgive a friend. Why would that be?

It was not so long ago that discussion on Bruce Schneier's security forum produced one (patently obvious) statement that "BigTech is the cybersecurity problem". However, we have all long understood principal agent problems lurk beneath the surface of every IT decision and procurement choice. Of course they are! For some people BigTech is all there is. They don't know any other more secure, reliable and humane digital world.

The reality is that most serious computer misuse is insider crime and corruption. To distract from this awkward bind we invented "hackers". Going back to writings of Ken Thompson and Bruce Sterling we created a wholly distorted and perhaps a complete fantasy model of adversaries as oddballs and outsiders. They wore black hoodies. They stole "computing resources" for fun and profit. They were 16 year-old geniuses who lived in mom's basement…. Recognise this as a cultural mythology.

For decades we've focused on the wrong enemies, on cyber-criminals, scammers, paedophiles and plotting terrorists. Certainly these problems exist and wreak misery in society. But however awful their crimes, they are marginal. These "horsemen of the infopocalypse" have distracted us from a much more obvious, closer yet unthinkable scenario; what happens when the people who run our Internet turn against us? What if the "Good guys" are the real criminals? That's such a scary question to ask most of us bury it and simply refuse to think about it.

A striking example from just this week is how a smartphone 'app' designed to help vulnerable asylum-seekers access social security, was instantly repurposed in the US to track down, deport or imprison them.

This insight completely redefines cybersecurity. Civic cybersecurity, the cybersecurity of citizens of a democracy, is security from technofascist elements that own, govern and exist within the very systems that we've built society around.

It demands strategies, laws, checks and balances, separation of powers, and fundamental formulations of principles that set out a digital contract of rights and demarcations between states, citizens and businesses. We need nothing less than a cyber-constitution. Europe is now the place that this work will emerge,

It won't be easy. It's complicated and murky. It is not clear who owns what. A tech company may exist within Europe or the UK, but be owned and controlled by hostile foreigners. Benign companies are regularly acquired by malevolent ones. There is an intricate and ever-changing network of relations between states, military, defence companies, citizens, schools and universities, and personally ambitious politicians - with no clear narrative or intelligence regarding the ancient and urgent question… "friend or foe?". Radical transparrency will be a key factor.

Just as Western intelligence was totally caught with its pants down by the collapse of Soviet communism and the fall of the Berlin wall, we have been blindsided by a complete ignorance of how complex international data and IT systems may be used as a means to take power - not by hacking, but by exploiting the layer-9 and layer-10 vulnerabilities around ownership, control, and operation.

There is no need to use an obscure zero-day exploit when you can walk in the front door carrying a phoney "warrant" and demand root access to systems. This blind-spot allowed actors in the US to subvert democracy and the rule of law, and stage an "Electronic Coup".

It should be obvious to all by now that if you use the communication systems owned and run by your enemies, without strong end-to-end encryption, your are going to suffer. The adversary knows all your plans, tactics, contacts, and assets. You will be destroyed or enslaved economically, politically and culturally. One currently popular "mitigation" is denial, to pretend that your enemy is not your enemy - even while they publicly state their intent to harm you. Do you still want to keep doing this?

Layer-10 is not the exclusive preserve of political science, law and sociology. There are technical and tactical measures that people can take. When the building is on fire the first and most urgent matter is to plan your escape route. Hopefully at Cybershow we'll be talking to more European expert guests and helping you see the landscape around:

• Free software as a vital weapon against fascism
• European cloud and SaaS alternatives
• Using your own end-to-end encryption
• Standards and interoperability as resilience and an escape path
• Degoogling, on-prem and local solutions
• How to manage and help colleagues or partners who are still stuck on US BigTech (eg. How to politely refuse a "Teams" invitation and respond with something safer).

The time to start moving was yesterday. But today is the next best chance.