The idea that states can contain citizens’ data within their borders is out-dated, the man known as the father of the Internet said May 6.
But, added Google vice president and chief Internet evangelist Vint Cerf, there needs to be international cooperation to ensure privacy and security of data as it moves across the globe.
“We are going to need more cooperation between the private sector and government,” Cerf told Vancouver International Privacy & Security Summit online conference delegates.
Further, he said, there continues to exist the idea that countries can legally mandate that citizens’ data must be kept on servers within geographic borders.
“That’s not true,” he said. “Data exists anywhere it is on the Internet.”
“The freedom to move data from one country to another across the Internet is what gives cloud computing its resilience,” Cerf said.
He said data shared internationally has more value than data “locked down nationally.”
Cerf said users seek reassurance they have control over what is done with their data about them.
And, he said, assurances must exist internationally, opening up questions about international collaboration and cooperation for law enforcement and agreements as to what constitutes abuse of privacy.
While the territory is complex, he said, that should not inhibit efforts to address the issues.
However, Cerf stressed privacy of data, something he said must co-exist with security of that data.
And that, he explained, comes down to data control, who has access to information and how are they accessing it. Further, he said, the ability to identify those trying to access that information and tracking access for audits in case of breaches are also key.
“You have to be able to find out whodunnit,” he said.
Cerf explained security can be done through software or hardware.
Foremost in Cerf’s remarks here is cryptography, locking information end-to-end between users and perhaps even after it is used so it cannot be seen in the event of a storage breach.
He is also a firm believer in double authentication, where users have to provide two codes to gain access through a variety of means.
One problem, Cerf said, is the growing prevalence of malware, code dropped into systems through a variety of socially engineered ways appealing to people’s behaviour patterns – including phishing or email lures.
He warned people to be suspicious of odd or urgent e-mails.
“Everyone should learn to think twice before responding to these kinds of social engineered attacks,” he said.
Legal protections are growing in importance, Cerf said, with terms of service including expectations on security issues.