Web inventor Tim Berners-Lee on vision for the future of IT security

Web inventor Tim Berners-Lee told RSA Europe attendees the future of IT security must include greater simplicity for users.

LONDON -- Sir Tim Berners-Lee, inventor of the World Wide Web, used his closing keynote speech of the RSA Europe Conference 2011 to describe his vision for the future of IT security. He called for secure systems that make it easier for people to get things done, rather than adding obstacles to their work.

He drew on his recent personal experience of buying a house in the US, where he had to exchange documents and forms with the real estate agent, solicitor and accountant involved in the transaction. All parties knew they had to send encrypted emails in order to comply with regulations, but each of them used a different system, each involving a third-party service provider.

“I received an email asking me to click on a link to retrieve my documents, and I then had to hand over information to people I didn’t know,” Berners-Lee said.  “And they all used different systems. The whole thing was dysfunctional.”

Berners-Lee said he had expected public key encryption technology to deliver more benefits by now, but suggested many current encryption tools have poor interfaces and are too difficult to use. He cited GPG (the Gnu Privacy Guard, a free implementation of the OpenPGP standard), which could be adopted by anyone without cost “but its user interface is terrible.” Therefore, individuals choose not use it.

The same principle applied to personal devices, where Berners-Lee said it would be good to give users more control over how their machines were used, and how systems resources were used and accessed. Again, the user interface needs to help users manage their applications and devices for their own benefit, down to a fine-grain level. “We need a user interface that’s incredibly easy,” he said.

He is in favour of the cloud, but wanted cloud storage that could be controlled by the user at more detailed level.

Berners-Lee also outlined the notion of a security friendly Web interface in which users would be able to divide their lives into their different activities – for instance, family, work, public – each of which could be colour coded and assigned a different level of privacy, set by the user. This way, even when filling out a form, the different fields could be given different colours according to their privacy rating. This kind of approach, he said, could create “an explosion of interesting new applications.”

As director of the World Wide Web Consortium (W3C), Berners-Lee said the organisation is looking at a simple “one-bit solution” that would enable users to define whether their actions should be tracked or not, although he added it will take a lot of work to implement.

One clue to what motivates Berners-Lee is in a blog post he wrote after the death of Apple Chairman Steve Jobs earlier this month. “Steve was a champion of usable technology -- even sexy technology. Intuitive on the outside and extensible and cool engineering on the inside,” Berners-Lee wrote. “The geeks among us need to be at the same time deeply insistent technically on beautiful, clean, extensible design inside, and utterly impatient as naive end users about the outside.”

During the final Q&A of his session, Berners-Lee was asked what message he had for the assembled room of security experts. After a long pause, his suggestion was concise: “Just fix it.”

Read more on Privacy and data protection