Like all good think-tanks, FISP applauds policy developments that are evidence-led. We also, however, like to be forward looking – thinking through the issues that are just around the corner.
Right now the minds of policy puzzlers are immersed in issues of cyber-security and the real (or sometimes imagined) fears for our data-dependent enterprises and communities. Not surprisingly, great minds are engaged in the emergent landscape and David Souter’s blog for the Association for Progressive Communications (APC) suggests that we should anticipate three challenges:
First, there are changes in the nature of digital devices, and the ways we use them, that we can predict.
- Example one: IoT devices won’t just be made on the cheap in many different jurisdictions (to variable standards, with variable levels of security); supposedly secure ones will be faked, like Gucci shoes and Rolex watches.
- Example two: within the next ten years, we’re likely to see IoT devices implanted in the body. How does that change how we feel about our personal security?
Second, cybersecurity thinking needs to deal with more than just specific challenges; it must also address systemic changes that will arise within the coming digital society. Two examples again.
- Data, in a digital society, are gathered by default. Traditional approaches to data protection, based on authorising data collection where it seems appropriate, won’t work in that environment. They need to be rethought.
- Algorithms will make more and more decisions that affect our lives. How do we protect against the hacking of those algorithms?
Third, we know the pace of change. We know that many of the services and devices we’ll use in ten years’ time have not yet been developed, perhaps even envisaged. How do we plan cybersecurity for the “unknown unknowns” that we know there’ll be in future? Where is the scenario planning going on for this?
To David Souter’s analysis, FISP would amplify further concerns over Data Privacy.
The enduring tensions between the State’s need for security and the democratic demand for privacy is widely recognised. FISP is advocating that the conventional “silo” approach driven by multiple agencies/authorities is unlikely to result in an effective consensus. Just recently Nesta published ‘My Data & I’ with a supposedly comprehensive review of fascinating developments – but that review (perhaps inadvertently) overlooked one of the UK’s foremost projects in the field of personal data ownership. At least, however, that’s a start towards recognition of policy agendas that weld together ownership and defence of data.
FISP is now working with a number of interested parties in developing a more consensual and integrated approach to Cyber Security, Data Protection and Privacy (CSDPP) in the hope of breaking down some of these silo barriers. FISP-Cyber-Security-Data-Protection-and-Privacy-Hub-Proposal_- Implementation Approach