PCIA Phase 3 - Helping people fend for themselves online
The purpose of this mini-series of four workshops was to explore in some detail the responsibility that people have to attend to their own safety and security online, and to identify the type of support and tools people will need if they are to take on that responsibility for themselves.
No matter how much Government and industry work together to make the digital devices, networks and systems people use trustworthy and secure, there will always remain some aspects of people’s online safety and security that people will need to take care of themselves. These aspects mirror people’s responsibility for their personal safety and security in the physical world. For example, people will need to learn to keep their information valuables (e.g. their most sensitive personal information and access codes) secure. They will need to learn not to fall for scams (e.g. to recognise the difference between a legitimate e-mail and a phishing e-mail). And they will need to be alert to the fact that, online just as off-line, people are not always truthful about themselves or their intentions.
However, when we talk about ‘people’ and about people taking responsibility for their online safety and security, we need to bear in mind that this includes a hugely diverse population of many millions of individuals. Some people are early adopters of new technologies but most are not. Some generally understand new consumer technologies but many do not. And some want to be personally in control of their safety and security but most just want these issues to be dealt with invisibly by someone else. As a result there will always be significant limitations to how much responsibility people can be expected to take on and how much control they can be expected to exert. Simply calling for people to understand the issues better and to take more care will not lead to any improvement.
The goal of IAAC’s phase 3 work is to understand the balance of which aspects of safety and security people can be asked to take on for themselves and which need to be addressed by government, industry and other actors. The approach IAAC took was to look first at what industry and government can do to address the difficult trust and security issues, then to look at what issues remain that people will need to tackle for themselves. IAAC then looked at what industry and government can do to make those ‘people’ aspects as easy as possible for people to take on.
The first workshop in this phase of work took place on the 29th April 2010. It looked at what can be expected from the providers of the commodity products people use such as PCs and mobile phones. Understanding industry’s view of how much more it needs to do to make its products trustworthy and secure would help us to understand some of the challenges left for people to deal with. The report from this workshop is available here.
The second workshop took place on the 14th July 2010. It looked at the role of Government and at understanding what the Government could do to help make the digital environments people use more trustworthy, safe and secure. Understanding the government’s plans for facilitating safe, secure and trustworthy digital environments would help us understand more about the challenges left for people to deal with. The report from this workshop is available here.
The third workshop took place on the 12th October 2010. It looked at understanding people’s perceptions of digital dangers and their attitudes towards digital safety and security. It identified the role that people have in maintaining their safety and security online and at the responsibilities that go along with that role. It then suggested ways to help people take those responsibilities on. The report from this workshop is available here.
The fourth and final workshop in the mini-series took place on the 7th April 2011. It looked at understanding what it takes to communicate basic digital safety and security information and ideas to people. Given the enormous diversity of the people who need to be reached, it asked how they should be approached, who the messengers should be and what form the messages should take? The report from this workshop is available here.