[Read more session reports and live updates from the 11th Internet Governance Forum]
Ms Shane Tews, IEF Board at American Enterprise Institute, session moderator, announced the participants’ decision to follow a roundtable format.
Company owner, Ms Alexa Raad, spoke about the meaning of privacy. She highlighted the importance of being aware of how much information is exposed in the digital world, how critical is to know about it, and how it is used.
She reflected on questions like what information is out there about you? Do you know about it? How is that information going to be used in context and do you have any control of that information?
Mr Scott McCormick, spoke about phishing and whaling attacks, the latter seen more in recent days. He explained a whaling attack as a more specific phishing attack designed to go after high executives of a company or people with money.
McCormick mentioned that they design systems to help prevent that and mentioned end-user education as one of the ways to do it. He underlined that education should be at the top level, but due to the new technologies coming out so fast, there are many issues around this topic. McCormick added that many people do not even know they have issues, as they trust their devices and many users do not have the expertise to monitor the traffic or to know when their devices have been involved in a denial of service attack.
Mr James Edwards from New Zealand, spoke about market failure and trust. He said people are so excited about the IoT and the potential for ubiquitous connections that they do not care about the quality of the devices. Manufacturers see opportunities to sell things without caring about the issues that come when these devices connect to the Internet, without security. He said these devices are designed to be attractive and marketable and not necessarily to be secure. They have a default password. Maybe they have no option for changing the password. Maybe they have no facility for updating the software, which it is an important tool to address vulnerabilities over time. Speaking about geolocation to erect a barrier on IoT devices, Edwards recommended limiting the permission structure to geolocation that can be achieved in terms of network addressing, and manufacturers should consider this.
Ms Raad talked about how much information is distributed from mobile devices about our patterns and behaviours, and how this can become very scary; it is important to keep big data in the picture and know the kind of pattern matching that can be done.
The audience asked what people need to know about interacting on their phones and not become susceptible or victims;
Raad offered some suggestions like disabling functionalities you are not using.
Mark, from UK government, mentioned the need to bring others into this debate, in global and national IGFs to get them involved in a strategic plan for education:
The audience considered the following:
The moderator focused the discussion on Lessons Learned, with different experiences from around the world:
Many thought the solution is in government regulation, while others thought bottom-up models that self-organise end-users is the way to go. The solution is not on either side. We need to find a balance involving all stakeholders in an active way. Government involvement in these dialogues is important.
The workshop concluded with Tews indicating the discussion could be continued online by making comments or offering suggestions to the workshop’s results, and contacting her afterwards. She finished with: ‘Getting everyone connected is important. If we can do it in a more, secure fashion for the next billion users, that is ideal. In a way, it is actually user friendly, perhaps more bottom-up and less top-down. Those are excellent suggestions and I wrote other things as well.’
by Wanda Pérez Pena, Internet Society Dominican Republic