It’s Time for a Collaborative G20 Digital Agenda

The G20 member states account for 85 percent of the global economy and are home to half of the world’s Internet users. From artificial intelligence to personal data protections, our physical world is being shaped by our digital world. As current president of the G20, Argentina has put a range of digital challenges on the table. But to tackle these, we need credible commitments and a long-term roadmap.

As three leading organisations from the Internet community, we welcome that Argentina continued the G20 digital work begun by Germany in 2017. Last year, Germany and the other G20 members outlined their aspirations for the development of our digital societies. And the Argentine presidency has identified five priority areas — digital inclusion, future job skills, digital government, SMEs and entrepreneurship, and Industry 4.0 — all dependent on a strong digital economy and society. Now is the year to turn these aspirations into actions.

We call on Argentina to build on this consensus with a dedicated G20 digital agenda. This roadmap must include milestones to the next G20 presidency, to be held by Japan. Priority commitments should include:

Thoughtful and proactive digital policies are needed to reap social and economic benefits for all, the G20 and beyond. A G20 digital agenda can help us to address the challenges facing the health of the Internet and future of the web and establish trust in the development of our digital lives.

The new challenges we face are complicated, but can be tackled through collaboration among all stakeholders to find the right solutions. Argentina can lead this effort through the G20. It must create a convening space, invite participation and ensure transparency and trust — from sharing documents to providing opportunities for inputs from across the spectrum.

The G20 member states are in a position to set the parameters for a global digital agenda that puts the individual first and makes the most of technology for society. We hope they will live up to this responsibility.

This is a joint blog post by the Internet Society, Mozilla and the World Wide Web Foundation.

Cathleen Berger, Global Engagement Lead, Mozilla
Constance Bommelaer de Leusse, Senior Director, Global Internet Policy, Internet Society
Craig Fagan, Policy Director, Web Foundation

The post It’s Time for a Collaborative G20 Digital Agenda appeared first on Internet Society.

Internet Society

2018: Time To Listen To The Voices of Women

2017 was a year when the voice of women resonated around the world. Global women’s marches, hashtags such as #MeToo and #TimesUp, record numbers of women entering politics – all together a global call for action that signaled women were tired of not being heard.

It’s been a year that’s left many in the western world asking how we got here and how we can make sure we never go back. A big reason for this is because of what the Internet helps us do. We can reach further, speak louder, and come together like never before.

We know that women use the Internet to build opportunities for business, their communities, and for their families. But for the first time we are seeing how women are using it to collaborate, coordinate, and unite to make change happen.

But now is the time to ask questions.

Just under 50% of the world’s population isn’t online. Break that down further, women are 50% less likely to be connected than men.

The Internet’s future is one where new divides are emerging. It’s not just the binary fact of being on or offline – it’s who, how, and where. And, as the world’s political and financial leaders gathered in Davos, many wondered if technology is actually the answer when it comes to closing the gender gap.

In my time at the Internet Society, I find myself coming back to a fundamental question: What would be different about the Internet if everyone, everywhere could have a role in shaping it?

A friend once exclaimed if you don’t have a voice – you’re invisible.

I tend to think she’s right about that.

The International Telecommunication Union, a United Nations specialized agency for the harmonization of the global communications system, held an open stakeholder consultation on “Bridging the Digital Gender Divide.”

While there are many ways to do this, the Internet Society submitted four:

  • Public and Private Sector Investment
  • Inclusion of Women in Decision-Making Processes
  • Power of Role Models
  • Policy approaches that encourage the development of women as entrepreneurs and managers.

I tend to think the most pressing of is the second one – women need to be included in the decision making process.

When it comes to the governance of the Internet – no matter if its the policies that shape it, the technology that builds it, or the content that lives on it – women need to be at the table.

The good news is that in the Internet community, an inclusive approach runs deep. Gloria Steinem once famously said: “I believe that change comes from the bottom, not the top.” This is even more important in the context of the Internet. Because not only does the Internet provide for inclusion and collaboration, but it facilitates bottom up change in a way that no other technology or point in history have ever been able to make.

But even when women are included in the decision making process, we need to make sure we listen to not just the voices we rarely hear, but the voices we never hear:

Girls, young women, older women, queer women, trans people, and women from all backgrounds, cultures, and economies.

What’s more, the people in charge need to listen.

Not just hear – but know that perhaps what they understand to be true might not be.

We also need to take discussions about the Internet outside of traditional meetings halls and go to where these women are. Rural villages, urban cities, classrooms, places of worship, workplaces, and more.

We need to breathe new life into the processes that shape the Internet and continually ask if the people who need to be at the table are actually there.

To shape tomorrow and build a future where the Internet represents all people will be tough. It will be uncomfortable. It will take humility. It will mean acknowledging our shortcomings. It will include listening.

And it will open a world of opportunities we’ve never known before and a digital future where all voices are heard. It could represent the very best of us. We can get there.

As millions of women around the world are raising their voices it’s time to make sure we listen.

Want to make a difference? Join SIG Women, which is open to all people and aims to “promote a global neutral space that works towards the involvement of women in technology and contributes to reducing the gender gap in the field.”

The post 2018: Time To Listen To The Voices of Women appeared first on Internet Society.

Internet Society

The Cyber Incident Tsunami – Time to Get Ready

In advance of Data Privacy & Protection Day, the Online Trust Alliance, an Internet Society initiative, just released the Cyber Incident & Breach Trends Report (press release here), a look back at the cyber incident trends in 2017 and what can be done to address them. This report marks the tenth year OTA has provided guidance in this area, and while the specifics have certainly changed over time, the core principles have not.

Originally we just looked at the number of reported breaches, but last year we broadened the definition to “cyber incidents,” which includes ransomware infections, business email compromise (BEC), distributed denial-of-service (DDoS) attacks and infiltrations caused by connected devices. This broader definition paints a more realistic picture of the threats and associated impact facing organizations today.

This year we found that the number of cyber incidents nearly doubled to 159,700 globally, and given that most incidents are not reported, this number could easily exceed 350,000. This is more than 30 times the number of breaches alone, so provides a very different perspective on the threat landscape. As in previous years we also assessed the “avoidability” of breaches by analyzing their cause and found that 93% were avoidable, consistent with our previous findings. While the rise in the number of incidents was primarily driven by a doubling in ransomware infections, there was growth in all facets, indicating that organizations must take a comprehensive view of their defenses.

So, what were the major trends seen in 2017 and what can be done about them? The report provides more context and detail, but here is a summary of the key findings:

  • Rise in Ransom-Based Attacks. This attack vector far outweighs the others, at least in terms of numbers. Ransom-based attacks can come in the form of ransomware entering the organization through malvertising and malicious email, but also via the threat of a DDoS attack if ransom is not paid. There are a variety of best practices to help block such attacks, but one new suggestion is to be prepared in case a ransom payment is deemed necessary by setting up a cryptocurrency wallet ahead of time.
  • Patching Pace is Critical. While the Equifax breach was probably the most public example of the impact of slow patching, lack of timely patching is the cause of many breaches and incidents. Recent news about vulnerabilities in some of the most foundational system elements – KRACK, BlueBorne, Spectre and Meltdown – makes timely patching more critical than ever. Organizations need to take a disciplined approach here, including provision for vulnerability reporting, and test and deploy patches as quickly as possible.
  • Closely Monitor Cloud Conversion. The transition to third-party, cloud-based services continues for organizations of all sizes, and while it has advantages in convenience and efficiency, it also introduces new risks since your data is now in someone else’s hands. This risk can be offset via thorough auditing of cloud providers, contractual commitments related to security processes and extra diligence regarding configuration (publicly accessible AWS S3 containers, anyone?)
  • User-Enabled Attacks. With all the technology, it’s easy to forget that users are the most important gatekeepers to your systems and data. Equipping them to make good decisions and instilling a culture of security (whether via training or technology tools), providing an extra ring of defense (through mechanisms such as multi-factor authentication and limiting access levels appropriate to the role) and monitoring systems for anomalous behavior can go a long way toward securing your systems.
  • Increase in IoT Devices. There’s a lot of buzz in this area, and use of IoT devices is expected to triple in the next several years, but the “shadow” element of this trend – presence of consumer-grade connected devices such as smart TVs or even employees’ wearables – doesn’t get much attention. These devices need to be viewed as a threat vector, and as such, steps need to be taken to reduce their risk. This includes items such as research into the security capabilities of the IoT devices, policies regarding their use in the enterprise, and setting up compartmentalized networks to limit their access.
  • Regulatory Shifts. Led by the EU’s General Data Protection Regulation (GDPR), which goes into effect this May, there have been many recent and significant shifts in data privacy/protection and data breach regulation throughout the world. Even if you are not based in those countries, you are likely subject to these regulations if you have customers there, so a thorough understanding of these new regulations and their impact on your data collection and storage practices as well as on your breach readiness and notification plans is critical.

Though there are a number of key trends that bubbled to the surface in 2017, there are also a number of foundational principles organizations should follow to be good stewards of their data and minimize the impact of attacks or incidents. Broadly defined, these principles fall into two categories:

  1. Implement strong data stewardship (including security, privacy and risk reduction) through all phases of the data lifecycle, recognizing the global regulatory landscape and its impact on breach readiness (e.g., GDPR enforcement beginning in May 2018)
  2. Prepare strong, well-practiced incident response measures (including a well-designed plan, appropriate team, predetermined action steps, regular training and testing)

As OTA has advocated for many years, this is not a “once and done” proposition. By establishing a culture of stewardship (vs just compliance) and implementing policies that take a proactive approach to proper handling and safeguarding of data, organizations can minimize exposure to the cyber incident tsunami and actually thrive by building and maintaining trust with their customers.

Read the Cyber Incident & Breach Trends Report

The post The Cyber Incident Tsunami – Time to Get Ready appeared first on Internet Society.

Internet Society

Limited Time Only: Read our Springer/Nature Paper on Healthcare, Security, and Privacy

Last year, I was invited to contribute a paper to a special edition of the Health and Technology Journal published by Springer/Nature. The special issue addressed privacy and security, with a particular focus on healthcare and medical data. I’m happy to announce that now, for four weeks only, the publishers have made the whole issue available free.

From our accompanying blog post last July:

“The paper, “Trust and ethical data handling in the healthcare context” examines the issues associated with healthcare data in terms of ethics, privacy, and trust, and makes recommendations about what we, as individuals, should ask for and expect from the organisations we entrust with our most sensitive personal data.”

Although we can find several comprehensive and mature data protection frameworks around the world, current legal safeguards to not seem to prevent data controllers from indulging in:

  • over collection
  • insufficient care of personal data
  • unexpected or unwelcome use
  • excessive sharing

In my paper, I argue that a narrow focus on regulatory compliance can lead to a “checklist” mentality, obscure the real reasons why organisations should treat data with care and respect, and lead to poor outcomes for both the organisation and the individual. I suggest that we should be encouraging organisations to develop a more collaborative approach, in which data subjects’ interests are better respected, and organisations find that, as a consequence, their risks are lowered and their reputations enhanced.

This also dovetails with the Online Trust Alliance’s new Cyber Incidents & Breach Trends Report that recommends, in part: “By establishing a culture of stewardship (vs just compliance) and implementing policies that take a proactive approach to proper handling and safeguarding of data, organizations can minimize exposure to the cyber incident tsunami and actually thrive by building and maintaining trust with their customers.”

I didn’t know it at the time, but I had some illustrious co-contributors to this special issue, including:

  • Giovanni Buttarelli, European Data Protection Supervisor and former Secretary General of the Italian Data Protection Authority
  • Ann Cavoukian, former Ontario Privacy Commissioner, and the architect of the “Privacy by Design” concept
  • Luca Belli, leader of the Internet Governance project at the FGV Law School, Rio de Janeiro
  • Julia Powles, tech law researcher at Cambridge University
  • … and many others.

If I’d been aware of the lineup, I doubt I’d have had the nerve to put pen to paper. So, whether or not you read my piece, do seize the opportunity to learn from these experienced practitioners and thought leaders on data protection and privacy. Here’s where to find the journal: https://link.springer.com/journal/12553/7/4/page/1

Data Privacy Day, an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust, is this Sunday, 28 January. Now is a great time to read these articles and reports and take a look at your own data privacy and protection practices.

The post Limited Time Only: Read our Springer/Nature Paper on Healthcare, Security, and Privacy appeared first on Internet Society.

Internet Society

Preserving Our Future, One Bit at a Time

“Culture, any culture… depends on the quality of its record of knowledge.” — Don Waters, “‘Preserving Digital Information”

Our culture and society has been enriched by the creation and proliferation of the Internet. Information has become increasingly more accessible and has enabled so many of us to become active creators rather than passive consumers of content. With that, we’re experiencing an explosive growth of digital data, with 2.5 quintillion bytes of data created every day and that data needs a place to live.

Not only does our data need a place to live, but it needs a place to survive into the future. What happens if years from now, we are no longer able to access our photos, documents, music — essentially all the records of our lives? We will not only be forgotten, but we’ll be thrusting the future into a “digital dark age,” as Vint Cerf calls it.

In short: “More and more of our lives are bound to the ones and zeroes of bits residing on a cloud server, or mobile device. Those bits in turn are mediated by the software and hardware implements we use every day. The bitstreams are unintelligible, however, without the suitable data formats, computer applications, operating systems, and hardware environments to interpret them for us. As those systems are modified or replaced over time, we inevitably lose our ability to access the content. The resulting technological obsolescence can leave us trapped in a “digital dark age”, in a culture that has lost its collective memory.” — Richard S. Whitt, “Through a Glass, Darkly”

Whereas with analog objects, such as books, the content is directly bound to the media itself (words on paper, for example), so preserving that data relies on preserving the books themselves. Throughout history, there have been numerous examples of tragic losses, such the destruction of the Library of Alexandria, one of the most significant libraries in the world, and its destruction has become a “symbol of the irretrievable loss of public knowledge.”

With a digital object (such as a .doc or .jpg file), the content is dependent on several externalities, such as the hardware (computer or tablet), the operating system, and the software or app on which the file was created (MS Word, Photoshop, etc). In order to preserve a digital object, one must take a ‘snapshot’ of that entire environment in order to be able to not only access but translate those bits of 0’s and 1’s into a human readable form.

The problem we face is that we don’t know if that form is permanent enough to preserve the bits and allow us to access them in the future. Media deterioration (the decay of the bits themselves) and technological obsolescence (the hardware and software are inaccessible) might render our bits, and by extension, our existence, unrecognizable. “In just 50 years from now the human record of the early 21st century may be unreadable.” (Deegan and Tanner, Digital Preservation) That is worrisome. If we lose access to our past, history itself is in danger of being rewritten.

As Cerf has said: “The ability of a culture to survive into the future depends on the richness and acuity of its collective sense of history.” 

At the Internet Society, we believe that the Internet is for everyone and we support efforts to promote the Internet as a positive tool to benefit all people throughout the world. Helping to preserve our digital bits is a natural fit for the Internet Society, in order to ensure that the information we create now will be accessible to future generations and that the Internet continues to be a beneficial tool for our global society.

Through our ISOC-NY chapter, we are launching a Digital Preservation Campaign. It is fitting that we have Vint Cerf, a founding father of the Internet as well as the Internet Society, speak about Digital Preservation at two important upcoming events:

January 12th, 2017
12pm – 2:00pm at Google’s DC office
This event will focus on the policy implications, challenges and possible solutions for digital preservation.
RSVP here: https://www.eventbrite.com/e/digital-preservation-policy-challenges-with-vint-cerf-tickets-41793714124

February 5th, 2017
5:30pm – 7:30pm at Google’s NYC office
This event will focus on the business side of digital preservation such as challenges and financial incentives.

The post Preserving Our Future, One Bit at a Time appeared first on Internet Society.

Internet Society