[Read more session reports and live updates from the 11th Internet Governance Forum]
Ms Shane Tews, IEF Board at American Enterprise Institute, session moderator, announced the participants’ decision to follow a roundtable format.
Company owner, Ms Alexa Raad, spoke about the meaning of privacy. She highlighted the importance of being aware of how much information is exposed in the digital world, how critical is to know about it, and how it is used.
She reflected on questions like what information is out there about you? Do you know about it? How is that information going to be used in context and do you have any control of that information?
Mr Scott McCormick, spoke about phishing and whaling attacks, the latter seen more in recent days. He explained a whaling attack as a more specific phishing attack designed to go after high executives of a company or people with money.
McCormick mentioned that they design systems to help prevent that and mentioned end-user education as one of the ways to do it. He underlined that education should be at the top level, but due to the new technologies coming out so fast, there are many issues around this topic. McCormick added that many people do not even know they have issues, as they trust their devices and many users do not have the expertise to monitor the traffic or to know when their devices have been involved in a denial of service attack.
Mr James Edwards from New Zealand, spoke about market failure and trust. He said people are so excited about the IoT and the potential for ubiquitous connections that they do not care about the quality of the devices. Manufacturers see opportunities to sell things without caring about the issues that come when these devices connect to the Internet, without security. He said these devices are designed to be attractive and marketable and not necessarily to be secure. They have a default password. Maybe they have no option for changing the password. Maybe they have no facility for updating the software, which it is an important tool to address vulnerabilities over time. Speaking about geolocation to erect a barrier on IoT devices, Edwards recommended limiting the permission structure to geolocation that can be achieved in terms of network addressing, and manufacturers should consider this.
Ms Raad talked about how much information is distributed from mobile devices about our patterns and behaviours, and how this can become very scary; it is important to keep big data in the picture and know the kind of pattern matching that can be done.
The audience asked what people need to know about interacting on their phones and not become susceptible or victims;
Raad offered some suggestions like disabling functionalities you are not using.
Mark, from UK government, mentioned the need to bring others into this debate, in global and national IGFs to get them involved in a strategic plan for education:
- Those entities and services at national level that can deliver the education.
- National consumer advice activists, agents, independent personal data regulators and so on.
The audience considered the following:
- The need for digital literacy and digital skills.
- The role already connected participants and influencers on the Internet have to play in helping the next billion and shape the process to follow.
- The development of some principles that everyone will agree on about how to proceed with empowering the next billion.
- Educating the next billion to get digitalised; they cannot be pushed and coerced into it, for economic or political measures, like the Indian case.
- Making things easier, for example, app disclaimers are too long and users needing the application just accept them without reading.
- Having manufactures make smarter devices and protect users.
The moderator focused the discussion on Lessons Learned, with different experiences from around the world:
- The Indian case mentioned that an educational plan is needed using tradition communication methods, rather than forcing people to go digitalised.
- When digitalising the economy, you need to first connect people, and educate them in the use of access devices, applications, and associated bank accounts needed to manage e-Services.
- Governments cannot think about eGovernment services and investment on online services and leave behind people who are not connected at all.
- Mapping needs to happen about the next billion to connect and the context in which we are trying to introduce these digital devices. It is not just about connection.
- Top-Down approaches to educating have been used in many countries, and some considered bottom-up approaches the right ones to use, ones that meet people where they are and discovers what the real barriers, discovers what the priorities are.
- Sometimes governments are investing in things that are not at the right level of entry.
- We need security safeguards built into the devices; vendors have a role in this matter, and some of them just think about revenues and forget to implement security.
Many thought the solution is in government regulation, while others thought bottom-up models that self-organise end-users is the way to go. The solution is not on either side. We need to find a balance involving all stakeholders in an active way. Government involvement in these dialogues is important.
The workshop concluded with Tews indicating the discussion could be continued online by making comments or offering suggestions to the workshop’s results, and contacting her afterwards. She finished with: ‘Getting everyone connected is important. If we can do it in a more, secure fashion for the next billion users, that is ideal. In a way, it is actually user friendly, perhaps more bottom-up and less top-down. Those are excellent suggestions and I wrote other things as well.’
by Wanda Pérez Pena, Internet Society Dominican Republic