RSA: Tim Berners-Lee calls for a new breed of information security systems

World Wide Web inventor Sir Tim Berners-Lee has called on the IT security industry to develop a new breed of systems that make it easier to manage the use of personal data.

Warwick Ashford Warwick Ashford

Warwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).

View all articles by Warwick Ashford >>

warwick.ashford@rbi.co.uk 020 8652 8505 Active Warwick Ashford False True

World Wide Web inventor Sir Tim Berners-Lee has called on the IT security industry to develop a new breed of systems that make it easy for people to use personal data only in appropriate ways.

"Think about systems that deal with 'appropriate use'; that make people accountable for their use of data and that check that data is used in the right way," he told the closing session of RSA Conference Europe 2011 in London.

Security developers should move beyond locking down information to finding ways of showing users only the data they should have access to, where the data has come from, where it is going, and how it should be used, he said.

Berners-Lee said he would also like to see users get more control over what information is used or passed on by web applications, and bemoaned the lack of any really good security model on the web.

"Users should have a way of saying to applications: I want you to behave as if you were unaware of my location," he said.

The World Wide Web Consortium, an international standards organisation founded and headed by Berners-Lee, is working on proposals that will allow web users to control what behaviour is and is not tracked by applications.

"A working group is looking at this, but the challenge is going to be getting consensus around how it would work in practice," he said.

Greater control of personal data is important for future development of the web, says Berners-Lee. He believes complete user control over a cloud-based repository of personal information that has no back-door, may be the answer.

"I would like to see cloud storage that I own and control that will enable me to give particular individuals or groups access to particular pieces of information," he said.

Berners-Lee believes that such a service should enable users to set up information-sharing policies and see at a glance through colour-coding who has access to what.

"If this can be achieved, we will see an explosion of interesting web apps that talk to each other," he said.

Asked what he would change about the web to make it more secure if he had it to do all over again, Berners-Lee said he doubted whether there was any single thing that would flip the web to being inherently secure.

"You can think about systems as much as you like, but people will still find a hole. There is no magic bullet," he said.

MetaKeywords MetaDescription Sensitive Landingpage False

Read more on IT news in your industry sector

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close