Technology companies should hand consumers back ‘control over their digital lives’, according to a privacy and information security expert.
Paul Simmonds, CEO at not-for-profit organisation the Global Identity Foundation, is keen for providers to move away from trying to control all aspects of technologies, particularly identity.
“The best solution is to say, ‘You play your part and your part only,’” he says. “It is persuading people that actually it is in their interest to do their bit and no more.”
He says that this could also save companies money. Customers want a simple product that ‘just works’, he told Business Technology ahead of The European Information Security Summit 2015. If a product can easily integrate with their existing range of devices and services they will be more inclined to make a purchase.
“The problem that we have at the moment is that you buy into someone else’s ecosystem,” Simmonds says. “Apple are probably the biggest culprit of this. You buy everything from Apple and as long as it is all Apple it stands a chance of working, and as soon as there is a flaw the entire ecosystem is exposed. What people want is primacy, which is them being in control over their own digital lives. You have to trust people and hand them back control allowing them to manage their privacy in a very simple way.”
One aspect of this transformation involves encryption. At present, companies storing customers’ data are generally in control of how this operates, but Simmonds says that users should be given the opportunity to use their identity to automatically encrypt information they consider private and decide who they share it with.
“If companies hold the key, if you hack the system you also hack their encryption,” he says. “I want to be in control and hold the master keys to my personal life. You might trust Apple, or Google, or even the UK government today, but will you trust them in 50 years’ time?”
But while recent incidents like the leak of nude photographs of celebrities stored on iCloud servers have drawn public attention to how companies handle data, Simmonds does not think that this will lead to the faster development of relevant legislation.
“I think all regulation ultimately plays catch-up, trying to close the stable door after the horse has bolted,” Simmonds says. He adds that Google is currently exposing the ‘ludicrousness’ of the right to be forgotten, which in his view has failed despite its ‘laudable’ principles.
“I have a real problem with that,” he says. “That is really Nineteen Eighty-Four stuff – people are currently using the right to be forgotten to try to censor history, and if people do not understand the risks in doing that they need to read or re-read Nineteen Eighty-Four.”
And the challenge only looks set to get bigger, with stories of hacked toilets and fridges that send spam all highlighting the vulnerabilities of the expanding Internet of Things.
“The big issue is context – devices and systems need to understand the context in which these things are operating,” Simmonds says. “If I buy an internet-connected light bulb, for example, what makes it mine? And what makes it possible for my family and nobody else to operate it?”
“This extends to everything else that we do in life,” he says. Everything from PVRs to pacemakers will be connected to the Internet of Things and needs to be safeguarded against both malicious and accidental damage.
It’s a big ask of an industry constantly adapting to new technologies and legislative changes, but Simmonds says a fairer framework for a more secure future is achievable if firms commit to co-operate to tackle issues surrounding privacy, primacy and the handling of data.
“We need to come together as an industry around a model that works,” he says. “It requires everybody in the industry to play nice.”
See the Global Identity Foundation’s Paul Simmonds speak alongside other industry leaders at The European Information Security Summit 2015.