Google's chief technology advocate Michael T Jones wants the information security industry to become ‘citizen police’ and more responsible for the online lives of those they sell computer software to – and he’s warned that his AusCERT2013 keynote talk on Wednesday morning may ruffle some feathers.
“Most people that are speaking at the conference will be from more of a ‘things you can buy’ or ‘technology you can use’ angle to have more control over your online activities,” he says.
“They are computer security experts so their starting position is that to be more secure in your computer usage, you need to buy programs and have procedures and do audits, and it’s very computer activity-centric. The truth is the majority of computers aren’t at the bank, they are in people’s pockets.”
Infosec professionals need to use their expertise to educate the less technologically-minded on how to be safe online, he says. Google sees up to 100,000 daily global instances of account hacking, and the source is not always the stereotypical hacker.
“What I want to do is remind people if you use a password in more than one place then the least reliable of those places is very likely to be the place that betrays your password. We see that all the time. It’s well known by professionals that this is a problem, but the problem is not everybody is a professional.”
Jones will urge his fellow technology experts to become knight-like figures working for the good of the community. He called the practice ‘citizen policing’.
“I want to encourage computer professionals to feel a professional obligation to educate when they sell. Be an education agent,” he says.
“It’s not like it’s hard. When we computer security experts get together and talk about how to beat criminals in Nigeria, I want to make sure we actually talk about that 99 percent of the problem that happens to people who aren’t in the room, because no one ever told them what the problem was.”
Jones says the risks of operating online were not clear to everyday users, and the industry needed to work harder to educate these internet citizens.
“If I brought a hot plate to your table, I wouldn’t hand it straight to you because you’d burn yourself. I’d set it down on the table and tell you it was hot,” he says. “You owe it to people to help people understand what they don’t understand.”
While he admits there is no long-term solution to permanently securing users online, something as simple as never using the same password twice is imperative. He highlighted online password vault services as one way of securing online identity.
“It’s kind of like police and criminals. Criminals do something, police do something, criminals do something – you’re never not going to have problems. But what I can tell you now is to lock your front door, and that will help secure your personal life.”
Jones highlights Google’s 2011 introduction of two-factor authentication – a service that requires two steps for verification when an account is accessed on a new computer – as one way of securing users. He says while Google was unable to individually assist and “hug” its billion daily users, it tries to give them frequent advice on how better to operate securely.