On October 5 and 7, The Decade of Digital Inclusion event series featured a virtual track called Creating a Secure Network for Everyone with two thought-provoking panels that brought together business, academic, and nonprofit perspectives on this timely topic:
Digital Equity and Security on the Internet
- Moderator: Richard Clegg, Lloyd’s Register Foundation
- Panelists: Madeline Carr, University College London; Khushboo Savita, Digital India Foundation; Eben Upton, Raspberry Pi, Ltd.
How Can We Use the Security Lessons of the Past to Bring the Next Billion Online Safely
- Moderator: Vint Cerf, Google
- Panelists: David Clark, MIT; Taher Elgamal, Salesforce; Vasu Jakkal, Microsoft Security
Digital safety, security, and trust impact everyone from online veterans to the newly and not-yet connected. These topics cross geographic, cultural, and demographic boundaries and present some of the most formidable challenges in our connected world.
While employers can force security on their employees in work environments, safety and security at the consumer level must be simple to use and understand, while being highly effective.
In today’s fast-moving markets, designers and application developers nearly always prioritize speed to market and simplicity over security and safety. As with all new technology, innovation runs ahead of regulation. Five top takeaways from our panels of experts include:
- We must set the dial correctly
“How do we extract the maximum value of digital technology in a way that works for the most people most of the time?” is the question that Madeline Carr asks as she considers the balance among safety, privacy, and human rights. New Internet of Things (IoT) devices that detect light, sound, or movement are building insecurity in all of our networks.
At the same time, we need to find the right balance between a walled garden and open access. While China may have the safest Internet on the planet, most countries and consumers would balk at the cost in privacy and choice. While there may be very little pushback against appliance computing, such as providing tablets and small computers with locked-down access to school kids, Eben Upton warns, we need to look for ways to allow for freedom and creativity without exposing young people to the full dangers of the Internet.
2. It’s a behavioral issue
We often forget about human beings when we start talking about technology, security, and infrastructure and a focus on technical security alone will not help us solve the problem.
Attackers prey on what makes us human—our desire for belonging and the magnetic effect of polarizing opinions. This is difficult, if not impossible, to train away (see discussion below on digital literacy).
Finding the right solutions requires the diverse perspectives of behavioral psychologists, economists, and other social scientists who understand why we behave the way we do. It also requires gender, ethnic, and demographic diversity that represents the landscape of lived experiences and scenarios in which consumers will be vulnerable. Diversity of experience will lead to diversity in the degree of safety.
3. Everyone—and no one—owns solving the problem
Regulating security and safety on the Internet is a cross-jurisdictional and multi-cultural issue. Our systems and data are interconnected and global. Cloud-based storage is not tied to a specific geographical area. Richard Clegg points out that, in many ways, regulating the Internet is like the complex challenge of controlling international waters.
Most panelists agree that open standards and codes of conduct are the best way to help create level playing fields for non-incumbents and foster safe and secure environments in different countries.
4. Digital literacy is a tool, but not a panacea
When connecting 10M families and 50M first time users in India, Khushboo Savita names digital literacy as one of the largest challenges and necessities in connecting new users at scale. From a security perspective, we can help all consumers—new and established—understand some of the dangers on the Internet and how to spot them. We can create digital literacy programs to empower people and give them agency to make informed decisions.
At the same time, David Clark reminds us, identity management happens at the application level and each application brings its own features and vulnerabilities to the party. This is not something we can solve through digital literacy.
5. It’s a question of identity
Vint Cerf notes that we need a notion of identity that is accepted by applications, makes consumers feel safe by reducing identity theft or fraud, and is simple to use.
While Taher Elgamal advocates for identity to be its own layer in the networks, others worry about how different parts of identity will be exposed for different applications, such as online banking vs. social applications.
“Security is a shared responsibility. Until everyone is secure, no one is secure.” – Vasu Jakkal
Our challenge lies in keeping the power of the global Internet while creating safe environments where everyone can belong. Security is a team sport and our tools must combine social science insights, standards, usability, and the right mix of safety and openness.