Source URL: https://www.schneier.com/blog/archives/2025/06/the-age-of-integrity.html
Source: Schneier on Security
Title: The Age of Integrity
Feedly Summary: We need to talk about data integrity.
Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks.
More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes…
AI Summary and Description: Yes
Summary: The text emphasizes the critical importance of data integrity in the context of modern computing and AI systems. It highlights how integrity breaches can occur through both malicious attacks and inadvertent human errors, signaling that as reliance on data grows, so too must our focus on maintaining integrity.
Detailed Description:
– **Definition of Data Integrity**: The text defines data integrity narrowly as the prevention of data tampering in transit and storage, and more broadly as ensuring data remains correct and accurate throughout its lifecycle—from collection, usage, modification, to deletion.
– **Types of Integrity Incidents**:
– **Deliberate Manipulation**: Attacks like altering bank records or medical histories.
– **Inadvertent Mistakes**: Errors that compromise data accuracy unintentionally.
– **Existing Integrity Measures**: The author discusses primitive integrity measures already in place within computer systems, such as:
– Reboot processes
– Undo functions
– Error detection mechanisms for hard drives and internet connectivity
– **Privacy Breaches vs. Integrity Breaches**: It notes that just as failing to protect personal data constitutes a privacy breach, a lack of data integrity equates to an integrity breach, even without malign intent.
– **AI Considerations**:
– Integrity plays a pivotal role in AI systems, with many potential attacks targeting data integrity, e.g., prompt injection and misleading visual cues.
– The text cites that integrity is paramount in protecting AI systems and suggests the need for a shift in focus towards solving integrity-related challenges in AI.
– **Web 3.0 and Data Integrity**: The discussion expands to encompass Web 3.0, pointing out the need for verifiable, trustworthy data as foundational for decentralized networks, intelligent systems like driverless cars, smart grids, etc.
– **Call for New Terminology**: The author suggests the term “integrous” as a solution to describe integrity, advocating for its inclusion in common parlance to signify the importance of data integrity in system design.
– **Research Needs**: The text emphasizes the necessity for research in:
– Designing integrous systems
– Testing and measuring data integrity
– Creating verifiable sensors with auditable outputs
– Developing integrity recovery mechanisms
– **Philosophical Questioning**: The narrative concludes by calling for a conceptual shift in how we think about network integrity, paralleling historical shifts towards addressing availability and confidentiality, suggesting that while the answer to “Can we build an integrous network?” is uncertain, it remains a crucial inquiry.
The implications for security and compliance professionals are significant, as they must now consider integrity as a vital component of their security frameworks—especially as AI and cloud computing stakes grow higher. The need for proactive strategies to manage integrity risks will be central to maintaining the trustworthiness of systems in an increasingly data-driven world.