Protecting Internet users’ privacy was the main topic of discussion at the second Experts in Technology and Policy (ETAP) Forum on Internet Governance, Cybersecurity and Privacy. Nearly 25 participants from Israel’s academic institutions, government agencies, high-tech companies, and the country’s bar association attended the event held in August in Tel Aviv. Representatives came from Bar-Ilan University, the EMC Israel Center of Excellence, the Israel Chapter of the Internet Society, the Office of the Prime Minister of Israel, and the Standard Institute of Israel.
They covered a variety of topics, including cyberattacks, teaching new Internet users how to protect their information, and developing privacy standards.
The event was sponsored by the IEEE Internet Initiative, whose mission is to provide a neutral platform to connect the voice of the technical community to global policymaking for Internet governance, cybersecurity, and privacy where technologists and policymakers can share their insights and identify next steps to take.
FENDING OFF CYBERATTACKSIn her keynote address, Orna Berry, the general manager for the EMC Israel Center for Excellence, highlighted some of the challenges of preventing cyberattacks. “Almost anything can be targeted, whether for replicating intellectual property or getting influence over people,” she said. “Attackers are not only individual hackers but also national governments.” She predicted future cyberwarfare could include electricity blackouts, hijacking satellites and drones, and attacking financial markets and health-care systems. Berry said that protection of data is not just a matter for IT departments, but also is now a concern for top management. Adding to the problem is a shortage of trained cybersecurity engineers.
TEACHING DIGITAL RESPONSIBILITY
Keynote speaker Shifra Baruchson-Arbib, dean of the faculty of humanities at Bar-Ilan University, called for the joint development of a global university curriculum that covers privacy, freedom of expression, and how to act responsibility in the digital world.
“The educational system is not prepared to teach students how to live ethically and lawfully in the virtual environment,” she noted. She explained that for many users, the Internet is the first time they have been able to freely express themselves so they need to learn how to protect themselves online by creating strong passwords, using email wisely, and shopping safely, among other efforts. Baruchson-Arbib added that students need to be educated on laws related to downloading such material as movies and music, or trafficking in others’ personal information and pictures.
PANELISTS WEIGH IN
One panel session focused on the vulnerability of citizen’s biometric and government-held data and ways to protect them. Nir Hirshman, the spokesperson for the Digital Rights Association, believes the current draft of Israel’s biometrical database legislation that aims to protect citizens against identity theft is itself a security risk. It calls for storing fingerprints and biometric information together. “Given the constant stream of leaks from big databases, it is just too high a risk,” he noted. “Our security and privacy will be gone when the database is hacked.”
Morad Stern, business development and innovation manager at the Israeli chapter of the Internet Society, discussed how students lacked awareness about how vulnerable their personal information is to being stolen. “Things about privacy in cyberspace are not clear to them,” he said. “They are not aware how important it is to really think before sharing personal information.”
Attorney Jonathan Klinger called for engineers to design privacy into new technologies instead of patching them after implementation.
The panel suggested that a standard be developed for a so-called machine-readable privacy manifest that would allow for negotiations of privacy standards among a user’s devices and apps or services. For example, an app could express what kind of data it seeks from the device, what data it would store and where, for how long, and who the data would be shared with. In turn, the user would be given the ability to block certain uses or—depending on privacy levels—cut off the connection.
In a report that summarized the meeting, the ETAP forum participants suggested these possible next steps.
- Draft a machine-readable privacy standard. The Israeli Bar Association, the Standards Institute of Israel, and the IEEE Standards Association, along with other organizations that have worked on such a document, could collaborate on this project. In addition, this group could contact international digital rights organizations such as the Electronic Frontier Foundation to solicit their participation.
- Create an educational game on ethical online behavior program to be developed as a pilot program by IEEE Educational Activities.
- Consider developing a certification program for developers on privacy and security best practices. Also consider developing a program that certifies the security and privacy of websites and applications.