Infosec 2018: Corporates misuse data, but look East for a bigger concern
Infosec 2018: Corporates misuse data, but look East for a bigger concern

When Tim Berners Lee proposed the internet, he was met with the response that his suggestion was a ‘vague but interesting' proposal that could help academics and government collaborate and share information.  Privacy and security were not considerations.


Even when the now Baroness, Martha Lane Fox was launching Lastminute.com back in 1997, while it was clear that people's credit card details had to be secure, it came as a surprise when a customer complained that his travel tickets had been delivered to his wife - who was not his intended partner on that particular trip.  Privacy was not part of the deal.


Since then we've had the NHS IT scandal and more recently the Cambridge Analytica debacle.


But, during her Keynote presentation on privacy at InfoSecurity 2018 today Fox, noted how there has been an absence of real depth of information on consumer views about the internet, with most research coming from the companies involved, praising the companies and their enabling technology.


In contrast, the charity https://doteveryone.org.uk/ that Fox represents carried out its own research which found that only 40 percent of respondents believe the terms and conditions they sign up to online actually protect them, 90 percent say they don't understand the terms, and 60 percent say they don't know where their data is going - resulting in a huge unease among internet users. But she advocates a more bold approach to re-create the internet and digital services so that they reflect the values of citizens - our customers.


Fox explained to SC Media UK after her presentation that doteveryone seeks to help shape the parameters within which we operate, so that we can take advantage of technology without being luddite, but that we can create a positive future that respects security and privacy and is resilient.


She suggested that while GDPR was tackling the issue of corporate over-reach in data collection, and shaping a new way of looking personal user data, including in the US, that concerns about a dystopian future should focus on the east, and we should look to Russia, China, North Korea and Iran.  “These are people who understand the capabilities of the internet - at least at a government level - with China creating a parallel internet with social engineering of data held on every citizen, used to manipulated them, to ‘score' them for compliance, and get points for conforming to government rules. Russia has a deep technical knowledge and uses it for asymmetric warfare, to undermine the democratic process.”


Fox expressed her concerns about the use of information technology in propaganda, manipulating the information on which people base decisions. However she adds that, “We have it in ourselves to build the future we want. It won't be easy and it will require the actions of legislators, individuals and the private sector working together.”


Unfortunately, policy-makers were seen as largely not equipped to deal with the problems we face, and worse, “No politician loses votes by knocking the internet,” which leads to bad, reactive legislation, suggests Fox.


A questioner asked what could the UK do when the Internet is a global phenomena, and Fox replied, both that the Internet is increasingly balkanised, and that the UK can take action nationally, but also that it can provide a lead internationally. So in the UK the government can make it clearer where you go if you have a problem - as there are currently a range of ombudsmen and organisations such as the ICO, Ofcom etc. But also it can provide a moral and ethical lead, championing human rights and the rule of law, showing what ethical development looks like.