What we need to see: protection by security

Body

End-to-end encryption will be the default in devices, networks and platforms for data in-transit and at-rest. If deviation from the default is to occur, other essential and equivalent safeguards in law are required.

Data minimisation will be implemented across all devices and platforms by design. Less data generation and processing means that less data that can be misused or breached. 

Security researchers will be able to and encouraged to test the products and services to break security and privacy. Open and transparent security research identifies defences necessary for cyber-physical security and safety and challenges information asymmetry.  

Cyber security will be considered a common good, which benefits everyone. Policies and initiatives must not advantage only some people over others. This means that a national government policy should not disadvantage people outside that country, or certain sectors of society.

What this will mean


Industry will have to commit to patches and updates for their systems, and create an environment where bugs are sought and reported, and fixed for users globally. 

Industry will have to clearly articulate the length of time for which they will commit to security updates for a given service or product. It is essentially statement of expiration of the security viability of that connected service. 

Listening and always on devices that are under the control of the service provider will be patched so long as it is processing for that provider. 

Essential reform actions


Companies will have to notify individuals of the life-span of technologies and the period for which they will maintain security updates.

Cybersecurity policies must ensure that they protect all people across economic and geographic boundaries and promote end-to-end encryption.

Consumer protection policy should reflect the security responsibilities of manufacturers and/or vendors.

Initiatives promoting the ‘Fourth Industrial Revolution’ and the ‘data revolution’ must place privacy at the centre of their policies where the minimisation of data is essential to a safe and secure future.

Cases of positive steps

Listening devices that only store data in buffers.
Microsoft providing clear roadmaps of the support of their operating systems: https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet
Many Linux Distributions do similar, although this is more fragmented: https://en.wikipedia.org/wiki/SUSE_Linux_Enterprise#End-of-support_schedule
Apple Expect iPhones to last only three years: https://upload.wikimedia.org/wikipedia/en/timeline/b684b193e11b6eb006fd76d778e3abc3.png
http://www.telegraph.co.uk/technology/2016/04/15/its-confirmed-your-iphone-has-a-limited-lifespan-says-apple/