Industry Perspectives: The Contract for the Web

Tim Berners-Lee, creator of The World Wide Web, has proposed “The Contract for The Web” – a new framework to protect online privacy and personal data featuring nine guiding principles.

As their site says, “It took all of us to build the web that we have. It will take all of us to secure its future.

Half of the world’s population still can’t get online. For the other half, the web’s benefits seem to come with far too many unacceptable risks: to our privacy, our democracy, our health and our security.

Now for the first time ever, we have a global plan of action — the Contract for the Web — created by experts and citizens from across the world to make sure our online world is safe, empowering and genuinely for everyone. We invite governments, companies, civil society organizations and individuals to back the Contract and uphold its principles and clauses.

The Contract for the Web will become a strong mechanism for each party to be held accountable for doing their part to build an open and free web.”

Industry Perspectives:

Mounir Hahad, head of Juniper Threat Labs at Juniper Networks:

“The ‘Contract for the Web’ is a great idea, in theory, but challenging to have in practice. The biggest problem is that adoption has to be multilateral, otherwise, the idea falls apart – or just becomes a new type of censorship. In the last couple of years, data governance has become a high-profile topic, but there is no global standard for how it is managed. GDPR and ePrivacy have strict guidelines and other regions are starting to follow these, to some degree… but always with added or subtracted flavor. For example, the Australian Breach Notification regulation is only effective in the region. It’s not global and, therefore, is limited in impact. The only way that this new contact could succeed is for everyone to sign up and abide by it. Even if 99% of all countries and organizations agree, the 1% who go it on their own will cause the whole process to fail.”

Erich Kron, Security Awareness Advocate, KnowBe4:

“Like the highways we drive on, there are rules and regulations.  However, the information superhighway that we all call the internet does not have a similar set of rules or regulations. Using the internet like any tool has to be used correctly or it ruins people, corporations or governments.

The internet has been growing over the past 40+ years and in the recent years, has become a tool to help people find each other, deliver education, and increase productivity. However, its use is unmanaged and only regulated by company policies or a few countries with their own privacy requirements. Other organizations are making similar statements to work together and implement guidance on how the internet should be used.

One area of concern that should be addressed is cybersecurity awareness for people, the internet’s consumers. Making the call for stricter rules on privacy is an utmost concern, however, the need for more cybersecurity is also relevant and should be added as a basic principal. It is believed that cybersecurity is a byproduct of privacy, but it misses the opportunity to use information security principles to identity and classify the data that needs to be protected. In today’s society, data is becoming the commodity that is making money for organizations and should be protected securely and privately.

If governments, organizations and people can work together to create regulations to protect the internet, it will benefit everyone by assuring that data is secured and protected from unauthorized access and used for the purpose for which it was created.”

Ralph Martino, Vice President Product Strategy, STEALTHbits Technologies

“GDPR awakened the U.S. and states are now beginning to develop regulations and laws addressing online privacy and the collection of personal data.  However, just as the EU learned that a single regulation would work to greatly simplify compliance for all EU member states, the U.S. would most likely stand to benefit from one national law vs. 50 similar, but nevertheless separate state regulations.  A single source of understanding for what businesses need to achieve is much simpler, and thus, more likely to work. If we don’t want businesses to treat compliance as a checkbox exercise, then we need to make it as simple as possible. Why repeat past mistakes when this is precisely the reason GDPR came into existence?”

Jason Kent, Hacker in Residence, Cequence Security:

“I harkened this Contract for the Web to ‘The Hacker Manifesto’ from 1986.  We all want to be free to explore but I don’t know if it will work. I can write this a different way if that is more appropriate. As “The Mentor” said in his infamous writing “The Conscience of a Hacker “ “This is it… this is where I belong…”

And then Governments and Companies realized that many of us would figure out that the world of computers and the Internet meant we could find where we belonged and they followed us there.  They figured out how to watch us, how to observe us and they eventually began listening to us, without our permission.  Now, we don’t know when we are being watched.  We don’t know what information anyone has on us and we don’t know what they intend to do with this knowledge.

I love the idea that we should have free (uncensored) access to information.  I know that there are plenty of Governments and Companies that will disagree with that.  A little bit of freedom tends to equate to lack of control for any constituency.  I doubt that China will be removing the Great Firewall anytime soon.  I don’t think that Facebook is going to let me delete the meta-file they have on me that includes my personal likes and dislikes, just because I disagree that they can have the information in trade for use of their platform.  Freedom means I get to un-trust you because you don’t have my best interest in mind.

I don’t think publishing a manifesto on how people should operate yields alignment, or even partial alignment,  immediately.  Though they have built in a few incentives for Governments and Companies to act more in line with how we all want the Internet to work, the incentives to keep the privacy standards lax are too great.  Where is the oversite?  Who polices this?  Who is the public entity with no incentives that will ensure we are all safe?  Shouldn’t we be addressing security and safety online?

Just like “The Mentor” published “The Hacker Manifesto”, in order to illuminate Governments and Companies to the presence of the curious,  those that test systems and ensure security are often persecuted by Governments and Companies that would be shown in a bad light.  Those that wish to have Privacy and Security online will always want to ensure freedom.

“We explore… and you call us criminals.  We seek after knowledge… and you call us criminals.  We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.

“ ~ The Mentor 8 January 1986.