Scott Charney, the Microsoft Vice President in charge of Trustworthy Computing, is speaking today at the RSA Conference in San Francisco. He is re-stating both Microsoft’s commitment to “End-to-End Trust” but also the need for business, government and the public to work together to ensure that those using the internet are safe and secure.
The message is an important one: responsibility for internet security has to be shared. The House of Lords Committee on Personal Internet Security, on which I sat, reported nearly three years ago and used a road transport analogy to make the point: safe road use requires responsible behaviour by drivers and pedestrians, but cars need to have safety features embodied in them, roads themselves need to be well-maintained and properly lit, there need to be laws regulating safe behaviour on the roads (speed limits etc) and those laws need to be properly enforced.
If anything the message has become even more important since our Committee reported. More and more commercial and personal interactions take place on line. Social networking sites are booming and an increasing proportion of commerce is conducted via the internet.
The threats to security have also become more pronounced. The threats are no longer from isolated individuals, but from organised crime and it is also becoming abundantly apparent that some nation states are operating in the same way to infiltrate commercial and government networks for their own purposes.
And the technology itself is developing. Cloud computing is becoming the norm and this presents its own challenges. Certainly, this has raised the issue of security for many people (although it is not automatically a given that the security of data held in a cloud is necessarily worse than if it is held on your own servers, particularly if it turns out that they are inadequately protected).
So how do we move forward?
Partnership is certainly essential. Governments have to work together in setting an international framework for collaboration and for law enforcement. And at a national level they must also work with IT service providers and with business in general.
But above all, the individual user must be at the heart of all this. Sensible security arrangements that make sense to the individual have to be devised. It needs to be acknowledged that most individual users of the internet, whether they are trying to do their weekly shopping or organise their social lives, are rushed and busy. Moreover, they are not technological experts. They have inadequate levels of knowledge, so an error message or system alert that makes sense to an IT professional will probably be gibberish to most of us.
And critical to all of this is the need for robust identity management.
Surely, it is not too much to ask that people can feel confident that their personal details are secure, that they can communicate with others secure in the knowledge that the person or organisation with which they are communicating is who it says it is, and that when they are asked to identify themselves they need reveal no more about themselves than is necessary for the transaction concerned.
If today’s discussions at the RSA Conference take us further towards those objectives, we will be making real progress and we can all feel more hopeful that a trusted and secure internet environment is being built.