Somehow I keep digressing from writing about "Automated Discovery and Exploitation of Zero-day Faults." I am going to get to that topic soon, but for now I figured that I ought to address a fundamental fault within the philosophy of zero-trust architecture, which will eventually tie into automatically discovering the gaping holes in a physically implemented telecommunications network, due to its incorrigibly faulty construction based on — बिनविश्वास सुरक्षा प्रणाली संरचना.1
By the way, "zero-trust" does not simultaneously mean a neutral stance with "zero-distrust."
As such, those who say phrases like, "Never trust, always verify", or, "Trust, but verify", and thereafter say, "In God we trust," happen to be the ones who would like to give their stamp of approval and verification, to God's fiat and to natural laws, upon placing themselves above and beyond God as well as nature.
The philosophy of having zero-trust in any client-side component of a system that has server-client architecture, supposedly minimizes the uncertainty in verifying the authenticity and legitimacy of a client's business-oriented requests from server-side components. Axiomatically, within a server-client architecture of any system, a "sender" of data becomes the instantaneous server, and a "receiver" of that data becomes the instantaneous client, during all conceivable interactions among components of the overall communication system. This means that server-side components can dynamically acquire roles of a client, with respect to other server-side components that happen to have "greater privileges" for accessing, processing, and distributing data during interactions among the overall system's day-to-day operations.
Even in the context of a business corporation, when viewed as a system, communications among members employed by, for example, the finance and sales departments within a corporation, causes a server-client relationship to arise among those departments as a consequence of power dynamics and information asymmetries prevalent within groups of people with designated duties and job roles. All of the business owners and employees of a corporation would otherwise appear to be, strictly server-side entities compared to the corporation's customers.
Therefore, one can observe that within any system's architecture that involves communicating machines or human beings, the need for transacting any data is invariably initiated by "a client" that needs to receive a comprehensible response from "a server."
So how do client-side components ever manage to acquire "a routing table" with addresses and policies about which 'etiquette' or "protocols" to use, while directing their requests to an addressable server? One could conceive of a mythology about how, there once existed an infallible and omnipotent architect, who bothered to decide upon and implement, an ideal, or the most optimal set of rules, for creating an order of presidency among different types of server-client relationships, along with all the possible branches, categories, classes, species, breeds, 'races', casts, tribes, and groups of entities and relationships that could have ever come into existence. However, the physical reality is that all such concerns are still being researched concurrently throughout the world, by people working in several public as well as private sector organizations. New and previously unforeseen outputs discovered from such ongoing research by humanity about its physical reality, are being evaluated at various levels of scientific discourse, especially regarding the topic of what a particular node's pre-cursors and properties can be, within a particular type of a networked architecture.
Subsequently, a philosophical position about what counts as, "the least amount of privilege that can be given to a governed entity within a network", is decided upon, by those who somehow, already, happen to have the maximum "deserving" level of self-serving leeway and privileges, to decide and grant, who else gets to have a particular degree of merit and credit, based on pre-determined (but, usually hidden or obscure) standards of authenticity, meritocracy, integrity, credibility, regularity, health, and creditworthiness.
A logical counterpart to zero-trust philosophy, adopted by end-users in assessing the least amount of confidence that can be assigned to entities in supervisory roles, on a case-by-case basis of evaluating the stance and position of each supervisor, is the "no-confidence" model; wherein, the end-user has to question, doubt, and verify the legitimacy, competence, good-faith intentions as well as authenticity of a supervisory authority figure, during each and every interaction, when requesting a service or a privilege.
-
In this mode of interaction, no form of implicit trustworthiness or credibility is ascribed by the end-user to a so-called authority, administrator, or a supervisor of a system. Only upon strict verification, end-users invest "minimum credit and credence" in the intentions of supervisors. The eventual behaviors demonstrated by governing administrators and authorized professional service providers, then, lays grounds for subsequent levels of trust the end-users can repose within the offices of those professionals vested with a fiduciary role, on a case-by-case basis.
-
Additionally, end-users naturally revoke or divest, the confidence they had previously reposed in those fiduciary authorities and professionals, as and when necessary. This is especially true, when the end-users of an organization's goods or services also happen to be investors with voting rights in the very same organization and in its holding company, rather than being intruders or simply helpless indentured servants, of the company.
However, the situation faced by many end-users of various kinds of systems, are too often of the format wherein, an end-user is forced to rely upon a system's supervisor or an administrator due to the power dynamics of their existing situation, even when the persons appointed in those authoritative roles are accurately known to be dishonest and habitually rapacious, and to have been thoroughly compromised due to their discriminatory prejudices and bad-faith intentions. It is awfully painful, to be forced by circumstances to have to rely upon, untrustworthy and feckless officials, who have overbearing privileges with which, they can make or break a human being's life and livelihood, at a whim.
Whether the philosophies and ideas of zero-trust systems architecture are applied to information technology systems in a public university, a judiciary, a private hospital, or to implementation of foreign policies in a geo-political context, or to any other socio-technical interactions a person can have with civic institutions, the perspective of end-users and bystanders, about how they view the system's "policy-makers and administrators", is often discounted and brushed aside by tone-deaf authority figures. It is so plainly evident, that people from Britain and the US who popularized zero-trust systems architecture, only considered their ego-centric position and cultural vantage-point as "rulers with powers to give or deprive a person of basic privileges." Clearly, zero-trust architecture isn't end-consumer-centric, it does not prioritize and value the end-consumer's sentiments and needs. Consequently, zero-trust systems architecture conveniently neglects the risks posed to the well-being of end-users and unassuming bystanders, because the architects and promoters of zero-trust security primarily use that model to mask their emotional handicap resulting from their irrational xenophobia, distrust of diverse multicultural views, and mainly due to their deep-seated misanthropy.
There is no conceivable way, to eliminate the mutually exchanged concepts of "trust", "fidelity", "truth", "honesty", and "respect" from human-human interactions, particularly from interactions that are meant to be non-antagonistic and non-hostile. This is empirically and analytically observable across time and geography, regardless of the type of technological or linguistic user-interfaces people happen to use, for mediating human-human interactions, within any context or a system, that involves a human-in-the-loop.
For the sake of specificity and practicality, let us consider the example of a judiciary system and process, in which an enforcement directive has to be initialized by a public-service unit within a city or a municipal region. The "initializing signal", which triggers a member of the local constabulary of a city (like Kitchener, Ontario, Canada), to become alerted to a "disturbance" within their field of observation, needs to be of a certain magnitude to meet the threshold of curiosity of an on-duty constable, for that constable to then follow up with a set of pre-defined procedures for an investigation. The on-duty constable's cultural upbringing, personal character, and routine training give shape to their sense-and-sensibilities, to generate a minimum criteria for things worth investigating in a professional capacity. When the said threshold is met, because of whatever reasons, the on-duty constable acts in accordance to their indoctrinated principles, know-how, priorities, and organizational culture, about what to do next.
Naturally, by the time a set of documents and communications can be prepared by the front-line worker to request any additional resources and permissions for implementing law enforcement procedures, the situation being investigated evolves to a stage where the permissions granted to the involved public-service units, by their supervisors, can be excessive or inadequate. Which means that, no matter what type of "minimum escalation of privileges" are granted to front-line workers by their administrators and sponsors, the eventual "fit" between:
-
the institutionalized behaviors of those front-line workers along with that of their supervisors,
-
with respect to behaviors of community members being subjected to actions taken by policing or early-responders,
is naturally going to have a certain level of mismatch, or a clash.
The conflict of interests, arising due to the lack of fit, that is, due the clash in expected versus actual behaviors of parties involved in a situation, can be due to intrinsic characteristics of individual persons, as well as due to emergent characteristics of organizational culture, aside from prevailing ecological factors.
So, it turns out that, if the organizational culture inculcated among a group of bodies or units recognized under the directives of a provincial or a federal judiciary, has come into existence via problematic system-wide policies and practices, only to have laid blame on targeted individuals who were falsely implicated, investigated, arrested, illegitimately detained, and were then tortured, especially through the use of fabricated evidence during their arrest, then, that overall legal system is corrupt. Such corruption is typically because, while the victims continue to be targeted and then abused, authority figures and supervisors frequently decide to willfully turn a blind-eye to the flaws and errors generated by hired or employed professionals, who conduct investigations and make critical decisions on behalf of the judiciary.
As such, the overall "peace, safety, security, and law enforcement system", repeatedly fails to demonstrably adhere to its publicly espoused principles of providing fair, equitable, conscientious, and uniform application of proper legal frameworks, to all natural persons and groups of individuals, within its jurisdiction. Worst of all, the overall corrupt behavior of coordinated law enforcement and public service units, due to a range of duplicitous and erroneous practices adopted by a number of their professional members, continues to result in a range of pernicious harms and damages being inflicted upon selectively targeted community members, especially upon vulnerable individuals such as orphaned youth and children.
The issues resulting from corruption can also be observed among the behaviors of other public-facing institutions like healthcare, education, business, religious, and government services providers, and of their contractors, wherein, the problematic organizational culture of those publicly equipped entities along with the deleterious outcomes evidenced from their coordinated activities, is almost never called into question, or suspected of resulting from systemic flaws and errors, compared to suspecting the motives and traits of an individual newcomer who is expected to "assimilate", and to fit into the box of cultural expectations and behaviors of existing members, dictated by those state-regulated organizations. These fundamental problems as well as the devastating harms inflicted by them, upon innocent members of the public, have only been increasing year-over-year, throughout provinces like Ontario, Canada.
These days, the earnest and legitimate chore of identifying and describing systemic factors that have continued to negatively impact the well-being of ethnic minorities and peoples of color in North America, is being labeled as, "Critical Race Theory" within media and news outlets. There are those in Northern Atlantic regions of the world who think that Critical Race Theory is an essential component of social studies education in schools and colleges; and then there are those who scoff at Critical Race Theory and deride it vehemently as being racist in and of itself, against white, Caucasian, or Euro-centric cultures. So, even being able to highlight fundamental faults and systemic errors of publicly funded organizations in North America that have had an undisputed track-record of willingly harming ethnic minorities and peoples of color, is being blocked by the cultural faults inherent to supervising and authoritative members of those very same institutes and organizations.
The easiest and most insidious way, for those harmful authority figures in seats of social, political, and economic privileges to continuously conduct pre-meditated forms of pernicious activities against non-mainstream groups, is to passive-aggressively state that, each person who voices a dissenting opinion against the ruling body in any form of a protest, happens to have "personality issues, or personality disorders, or is a pathological liar." Those treacherous authority figures continuously make such hurtful remarks and claims, even though none of them can possibly describe a scientific way to identify the components of a personality or a psyche. Those draconian authority figures continue to attribute labels like "mentally unfit", upon targeted individual and groups, even though those authorities figures with various professional titles, lack the authenticity and legitimacy in being able to describe the physiological basis of their conceptions. This is one of the main ways in which, those authoritarian leaders via their authorized proxy agents, continue to prescribe the use of physiologically harmful and socio-economically repressive procedures and instruments, sponsored by tax-payer monies, to 'rectify' said personality or behavioral issues of targeted individuals and groups, in an invasive and tortuous way.
Of course, those authority figures can always convince themselves that they "had to use, a 'minimally' intrusive and invasive method, with 'the least amount' of non-lethal force and aggression within a zero-trust situation", to counteract the "bizarre, or strange, or abusive, or bad behaviors" of a person or a group of people, who were "manipulating, disrupting, or disturbing the peace and order", of the main-stream society being governed by those authority figures. The insidiously cunning, abusive, tortuous, subversive, repressive, superficially humble, sapping, sabotaging, attrition based, pernicious strategies and tactics used by those authority figures, at least, aren't immediately lethal and destructive.
One can only wonder, are any individual human beings or any judiciary bodies, residing within any part of this universe, sufficiently self-aware and free of fatal blind-spots, to independently recognize and rectify their own flaws, misconceptions, missteps, and wrongdoings?
Now, for the sake of attaining even more specific granularity and deep-dish practicality, let me share with you, my so-called 'bad-behaviors' from January-February, 2020, that lead to me being subjected to murderous forms of punitive medicine under captivity, in Kitchener, Ontario, during May-2020. Those forms of punitive medicine were being, and are still being practiced by colluding groups of public-service units in Ontario, Canada.
You may click the following link to read an article showcasing the details of how and why politically motivated crimes are being committed in Ontario, Canada, or follow along with the next section about, "Automated Discovery and Exploitation of Zero-day Faults."
Footnotes
-
Isn't बिनविश्वास सुरक्षा such a hilarious oxymoron? 🤣 ↩