Category Archives: Strategy

RSA Conference 2019, San Francisco – Overview and Conference Exhibitor quotes


One of the many RSA Conference Exhibitor Floors and IBM Security Keynote Session
Photo Credit – Bill Owen

 

By Bill Owen – TechNewsBlog.net

This will be Part One of a two-part series of quotes from key contacts from a number of the Exhibitors at the RSA Conference that was held on March 4th– 8th in San Francisco. Part Two will be posted next week.

 

Overview of Conference

There were approximately 42,500 attendees, over 700 Exhibitors and 740 speakers and many sessions and seminars to attend. I attended a number of sessions and they were very informative with key information to take away for many attendees, depending on your focus.

Along with the well-known cybersecurity companies, there were a host of up-and-coming companies making their mark in the space. The emergence of new companies comes from the development of new and exciting technologies and the shear demand/need for their existence. The Dept. of Homeland Security (both the Cybersecurity Communications and Science & Technology Divisions), Deloitte, FBI, Dell Technologies, Intel Corporation, IBM Security, Cisco Systems, Microsoft, NSA, Oracle, Symantec, McAfee, Unisys, VMware and many, many others were represented. A link to the Exhibitor list follows.

Resources

RSA Conference 2019, San Francisco key links:

Breakdown review of each day of the RSA Conference via the RSAC Editorial Team:

Commentary

As a review prior to the quotes, I have to say that this conference was a great experience, not only due to the high level of expertise of the people there, but the overall energy of the entire conference. There was an incredible amount of interaction between Exhibitors and Attendees. I personally found that the vast majority of company representatives, all the way through and including C-Suite executives, were engaging and very upbeat about what their company has to offer now and into the future. It was a level of excitement that I have not seen at a conference or trade show in some time. The fact that many were very open to supply quotes and provide their take was a testimony to the general environment there. It is an important time for the cybersecurity industry as a whole. As you will see from the following quotes, threats are a constant, but so is the focus and diligence of expert companies and personnel in combating them. I would like to thank all of the contributors for their input on the following quotes:

Exhibitor Quotes                                                        

The following is Part One of a two part series on quotes from key personnel at companies that I visited this year, regarding their take on the state of cybersecurity currently, and what their companies are focused on regarding mitigation of threats within their specialty area.

 

Gurucul

“You can steal an identity, but you can’t steal behavior. The key to predicting threats, especially unknown threats, is to monitor user and entity behavior – to recognize when that behavior starts being anomalous. Rules don’t catch changes in behavior patterns. Gurucul’s Behavior Based Security Analytics and Intelligence powered by machine learning on big data detects and stops malicious behavior before cyber criminals or rogue insiders can do harm.”

Jane Grafton, Vice President of Marketing – Gurucul
____________________________________________________________________________________

Keyfactor

“Crypto agility is absolutely critical to the enterprise in 2019. From rising concerns around data privacy, to the compliance challenges associated with legislation like GDPR, to the rise of connected devices – InfoSec teams have a lot to be accountable for. Companies clearly embrace encryption technology, but there’s an increasing need to handle encryption keys in a scalable and agile way. In fact, Keyfactor research shows that 71% of companies don’t even know how many keys or digital certs they have, which can result in massive outages, misuse and security holes. The need to manage keys in a seamless and automated way is evident in our findings. Threat vectors, such as advances in quantum computing, move the need for crypto agility to a priority for any organization.”

Chris Hickman, Chief Security Officer – Keyfactor
____________________________________________________________________________________

Sumo Logic

“There were over 700 exhibitors at RSA 2019, up from about 650 in 2018. With so many organizations moving to the cloud, it is surprising how many of these vendors are still taking a premise-based approach. Even many of the “cloud” solutions are just hosted versions of their appliances. Many of the visitors to our booth expressed frustration that these legacy solutions are blind to cloud applications and do not scale to meet their growing data requirements. Sumo Logic’s ability to provide visibility across local and cloud-based assets has made it invaluable as not only a development and operational tool, but also as an efficient investigation and alerting tool for security teams.”

—Roger Shepard, Head of Global Security Partner Sales- Sumo Logic

——————————————————————————————————————————————–

OneLogin

“The growth and application of artificial intelligence and machine learning were major trending topics throughout the conference, which coincided perfectly with our recent study on Dynamic Marketplaces. With more organizations making their move to the cloud, the modern workplace grows increasingly complex. This means the role of the CIO will continue to evolve; 97% of CIOs we interviewed said the most successful professionals in their role will have made the transition from delivering technology to driving business value across their organizations. We shared these insights — and what this means for the future of work — from our booth, bringing OneLogin’s industry-leading access management solutions to the forefront.”

—Miles Kelly, Chief Marketing Officer- OneLogin
____________________________________________________________________________________

Carbon Black

“Cybersecurity continues to be a work in progress. Organizations need to invest in the people, processes and technology to truly remain secure long term. Attackers will continue to change tactics and techniques to thwart and bypass traditional defensive tools deployed across the globe. Organizations need to become more proactive by ensuring they have the right technology to see the behaviors behind these ever shifting attacks and move to disrupt them.”

—Rick McElroy, Head of Security Strategy – Carbon Black
____________________________________________________________________________________

McAfee

“Cybersecurity is a challenge for organizations of all sizes today. The threat landscape continues to grow in scope and sophistication while security operations centers (SOC) struggle to keep up with staffing requirements to manage alerts. In order to overcome these obstacles, organizations need to augment their SOCs with forward looking security tools that embrace human machine teaming through the combination of data, threat behavior and human analysis. By combining data with the right analysts, organizations can begin to get the upper hand on attackers.”

—Grant Bourzikas, CISO and VP, Data Science Applied Research, McAfee
____________________________________________________________________________________

Bitdefender

“Ransomware has become one of the most important threats to business in the past 5 years, and over 70 percent of CIOs fear their businesses are vulnerable to it. Crypto-ransomware operators are now moving away from the consumer space and into business-critical systems. Hospitals, managed service providers, education and telecommunications providers are now the top target for ransomware. GandCrab, which is the most prevalent ransomware family in the wild to date, asks for payment of up to $7000,000 per compromised server. Layered technologies to defend against ransomware, fast patching cycles and network isolation are key to business continuity in the new threat landscape.”

—Bogdan “Bob” BOTEZATU, Director of Threat Research & Reporting – Bitdefender
____________________________________________________________________________________

Utimaco

Key Management and Identity Management are a dramatic concern for CISOs. Key Management and securing the Root-of-Trust is their biggest headache as Phishing and Identity-related attacks are the biggest attack vector in enterprises today. Time and time again people fall victim to these attacks without adequate security mechanisms in place, relying on security Band-Aids for issues that dedicated hardware-based security can solve. You don’t leave your car keys in your car, which is why you shouldn’t leave your secrets and private keys next to your encrypted data, but rather store them in tamper-evident and intrusion-resistant Hardware Security Module (HSM). Providing the highest level of physical security for your most valuable data assets is at the heart of what we do at Utimaco.

—Malte Pollmann, Chief Strategy Officer– Utimaco
___________________________________________________________________________________

Arctic Wolf Networks

“Mid-market enterprises continue to struggle to locate and retain talent needed for security operations. CIOs and CISOs recognize that having a security operations center (SOC) is a best practice, but the eight to 12 analysts that Gartner estimates you need for 24×7 coverage is beyond the means of most enterprises. You are seeing a move towards services that combine people, process and technology in a concierge way to achieve better security outcomes using fewer resources.  For managed detection and response, Arctic Wolf recently added vulnerability assessment to our portfolio so we can now identify vulnerabilities in addition to our SOC-as-a-service for detecting and responding to threats.”

—Brian NeSmith, President & CEO– Arctic Wolf Networks
____________________________________________________________________________________

Fidelis Cybersecurity 

“The current state of cybersecurity is weakened by too many bolt on tools addressing one-off issues – the result is a cumbersome stack of technologies that don’t talk to each other, causing operational fatigue, lack of data visibility and correlation and ultimately real threats being missed.

Fidelis helps organizations mitigate known and unknown threats with Network, Endpoint, and Deception solutions that are tightly integrated into a unified platform, as well as with external vendor solutions. Services are also available on top of point products, including Managed Detection and Response, customized/tailored threat intelligence, and data science. The result is deep visibility across the entire cyber terrain to facilitate fast and efficient threat hunting and detection and response capabilities.”

—Tim Roddy, Vice President, Product Management and Product Marketing – Fidelis Cybersecurity

===============

Note: Here is a link to an article authored by Brian NeSmith, President & CEO of Arctic Wolf Networks (quote above) back on Dec. 28, 2018 for Forbes: Cybersecurity Predictions For 2019 that I noted in a previous blog on Feb. 1, 2019: Cybersecurity, What Is It And What Does It Mean To Me?  His article offers clarity on areas of cybersecurity and the implications that need to be considered.

How Bird plans to blanket the world with electric scooters without going bankrupt


Photo by Justin Sullivan/Getty Images
By

 

Operating an electric scooter-sharing service is expensive and hard. The scooters break down, or they get vandalized or impounded by local law enforcement. Scaling that business globally, like Bird and Lime are trying to do, is even harder. Every scooter company today is operating at a loss, but Bird in particular has an interesting plan to spread the gospel of the scooter without going completely bankrupt.

It involves selling e-scooters to local entrepreneurs, providing them with advice and technical support to get started, letting them incur all the costs associated with maintenance and operations, and then taking a small percentage of each scooter trip. It’s called “Bird Platform,” which the company originally unveiled last November.

But what the Santa Monica-based startup didn’t say at the time was that Bird Platform would be targeted at aspiring scooter entrepreneurs who live in countries outside the US and Europe, where Bird operates its own branded scooter-sharing service. In this way Bird can inspire the creation of new scooter companies that won’t directly compete with its own service, as well as orchestrate the spread of e-scooters in cities around the world, without losing more money than it already is.

“It came out of a brainstorm around how do we take the mission to the world,” Bird CEO Travis VanderZanden told The Verge. “And so, we’re excited about that. We’re also excited because it… allows us to grow faster.”

San Francisco Battles New Electric Scooter Rentals
Photo by Justin Sullivan/Getty Images

Bird is planning to rollout Bird Platform in three initial markets: New Zealand, Canada, and Latin America. Local entrepreneurs can buy Bird’s e-scooters at cost, as well as access the company’s tools, products, and technology needed to manage a fleet of shared e-scooters. Bird will even fly in its own operations experts to help launch the business. And in exchange, the company will take 20 percent of each trip fare. Bird typically charges $1 to unlock a scooter, and then 15 cents per minute of riding. The average trip generates around $3.75 in revenue for the company — though assumedly Bird Platform users would set their own prices.

The scooters, which are manufactured by Bird’s partners in China, will come preinstalled with all the firmware and GPS technology, called the “Bird Brain,” that allows them to be deployed as part of a shared fleet. “It’s capital intensive,” VanderZanden said. “What we’ve really tried to do is keep the upfront costs as low as possible.”

It’s an interesting move by Bird, especially considering how wildly unsustainable the scooter-sharing business is turning out to be. Recently, Quartz’s Alison Griswold crunched the numbers from Louisville, Kentucky, and found that the median scooter took 70 trips over 85 miles, and had a lifespan of 23 days. Lifespan is a big deal for scooter companies: the longer the scooters can stay in operation, the more money they can make for the company. And right now, these scooters aren’t living long enough to earn a profit.

VanderZanden has been staving off the winter doldrums (colder weather, fewer scooter trips) by mulling over the unit economics conundrum. Most of the solution rests in the company’s ability to roll out its new, longer-lasting, more rugged scooter, the Bird Zero. He wouldn’t say what percentage of Bird’s fleet is now comprised of the more rugged scooter. But he did say that in order for Bird to eventually break even, the scooters will need to increase their lifespan to six months.

“We’ve been hard at work on future hardware as well, with even bigger batteries and more ruggedized [scooters], which will circle back on at some point in the future,” he said. “We’re looking at every technology you could imagine. If it makes sense from an economic standpoint, and ideally improves the rider experience, then it’s a no-brainer.”

Microsoft and Kroger are taking on Amazon with a futuristic grocery store pilot

Microsoft CEO Satya Nadella smiles during the question and answer portion of the Microsoft Annual Shareholders Meeting in Bellevue, Wash., on Nov. 28, 2018.
Stephen Brashear | Getty Images

Published Mon, Jan 7 2019 • 11:04 AM EST
By Sara Salinas
@sarasalinas

Key Points
  • The two outfitted Kroger locations, in Monroe, Ohio and Redmond, Wash., will feature digital shelving displays with real-time price updates and product information.
  • The displays will also feature digital advertisements personalized to the individual shopper.
  • The pilot is reminiscent of Amazon’s new age shopping software.

Microsoft and Kroger are taking on Amazon’s cashierless stores with their own futuristic grocery store pilot.

The move deepens the partnership between the two companies, which is partly a response to Amazon’s move into grocery stories with its 2017 acquisition of Whole Foods. As Amazon’s retail business pushes into more industries, Amazon Web Services is starting to experience a backlash. Kroger is joining the likes of Wal-Mart and Target in finding other vendors to handle their massive workloads for their digital and e-commerce offerings.

The two outfitted Kroger locations, in Monroe, Ohio and Redmond, Wash., will feature digital shelving displays with real-time price updates and product information, as well as digital advertisements personalized to each shopper.

Video analytics systems will alert store associates to low inventories. Location-specific data will be stored and processed on Microsoft’s Azure cloud infrastructure.

Microsoft and Kroger will jointly market the technology to other retailers, the companies said.

“Our partnership brings together Kroger’s world-class expertise in the grocery industry with the power of Azure and Azure AI,” Microsoft CEO Satya Nadella said in a statement. “Together, we will redefine the shopping experience for millions of customers at both Kroger and other retailers around the world, setting a new standard for innovation in the industry.”

The pilot is reminiscent of Amazon’s new age Amazon Go pilot, which detects the items a shopper has picked up and scans them automatically as the shopper leaves, eliminating the need for traditional cashiers. Amazon is reportedly planning a broad expansion of Go, including in Whole Foods stores, putting pressure on traditional grocers to offer similarly innovative shopping experiences.

WATCH: Amazon’s cashier-free store opens to the public

New Formjacking Technique Used to Skim Payment Details Off Websites

Conor Reynolds, News Reporter at Computer Business Review – 10th December 2018

“In recent months, we have seen a major uptick in formjacking attacks against high-profile websites across the globe”

 

Researchers at cybersecurity company Symantec have identified a new formjacking campaign targeting a French ecommerce site that is prominently featured in global shopping aggregator listings.

Over 30 online retail websites from all over the world were redirecting traffic to the compromised site.

Formjacking is a term used to describe the injection of JavaScript code into the payment section of a website. This code then skims the payment details of unaware customers sending it onto to threat actors to abuse.

The online-store in Paris was injected with a formjacking script which collects the payment information entered onto the website and then sends it to the domain google-analyitics.org; a “typo-squatted” version of the genuine url google-analytics.com.

Another piece of injected code on the same web page looks for the presence of debugging tools, such as Firebug, to thwart security researchers analysing the malicious script; a trend security researchers have increasingly noticed.

See also: Magecart’s 7 Groups: Hackers Dropping Counter-Intelligence Code in JavaScript Skimmers

Siddhesh Chandrayan Threat Analysis Engineer at Symantec wrote: “This latest formjacking campaign highlights the fact that attackers are continuously altering and improving their malicious code and exploring new delivery mechanisms to infect more users.”

Symantec researchers say they have identified more than one million formjacking attempts on over 10,000 websites in the last three months alone.

Formjacking

Symantec told Computer Business Review that the scammers had also hacked other ecommerce websites to redirect visitors to the compromised site.

He believes that the Paris site was selected as a target because it is listed in several shopping aggregators.

Formjacking

Traditionally attackers have targeted retail websites through the software provided by third-parties, as these often contain the weak link in the security chain.

Last summer it was disclosed that Ticketmaster was the subject to a serious cyberattack in which threat actors made off with the payment details of over 40,00 UK customers. A chat-bot designed by third-party supplier Inbenta was identified as the source of the vulnerability.

A report from cybersecurity enterprise RiskIQ identified Magecart tactics and script in the attack, which saw a massive credit card skimming operation that affected over 800 e-commerce websites.

In their report RiskIQ noted that: “Magecart actors breached their systems (Ticketmaster) and, in separate instances, either added to or completely replaced a custom JavaScript module Ibenta made for Ticketmaster with their digital skimmer code.”

See Also: The Ticketmaster Hack is Worse Than First Thought

Unfortunately one of the key factors in formjacking or script payment skimming attacks is that retailers and customers may not be aware that their website and details are compromised. Websites and payment forms operate as normal if the attackers have done their job right.

One way enterprise can protect themselves is to test any new software updates in small test environments. Doing so gives you a chance to spot any unusual behaviour in the script.Software distributors who supplier major retailers with products should have monitoring systems in place that detect any changes in their code or in the updating process itself. Symantec is currently working with the websites involved in this new formjacking attack and so they have not named the websites affected.

Behold the IoT Invasion: Eight Reasons to Plug In (Slideshow)


John McDonald, CEO, ClearObject | Mar 12, 2019 for IndustryWeek

An IoT integrator shares what big trends to capitalize on in the next few years

 

By 2021 consumer spending on digital products and services is predicted to double, and the Internet of Things (IoT) space grew just as fast in 2018. Every industry is looking for new, advanced ways to meet production and consumer demands in a world of instant gratification. These trends are some of the things we see as an IoT systems integrator that will continue in the forefront of 2019 and beyond.

IoT and data are critical for today’s operations in any industry. It’s no longer feasible to ignore the benefits for efficiency, productivity and customer satisfaction that are results of using advancements in IoT and data. Each and every industry must adopt new and inventive methods like IoT and machine learning to analyze transactions and data in any form whether it’s a car that can detect driver fatigue, preventive maintenance sensors, or nanotechnology to monitor food sources.

Click on Start Slideshow for eight areas that should see serious growth in the next few years:

Start Slideshow

John McDonald is the CEO of Fishers-based ClearObject and chair of the Indiana Technology and Innovation Policy Committee.

When Digital Transformation Does Not Happen: Big Box Retailers That Closed Their Doors In 2018


DANIEL LEAL-OLIVAS/AFP/Getty Images Getty

Jan 22, 2019  02:42pm

By Blake Morgan, Contributor – CMO Network (Forbes), Customer Experience Futurist, Author, Keynote Speaker

 

When it comes to retail, the only constant is change. Today news broke that Starbucks will be trying delivery to customers, as the in-store experience has lost some traffic. As you will find out below, not everything that Starbucks touches turns to gold, such as Teavana. Those who compete on customer experience today are doing so by competing on logistics. A digital transformation that includes logistics and supply chain prove to be the power of companies that remain relevant to customers. Target is an example of a company that struggled to get a hold on the digital aspect of its business, and outsourced its digital side and website to Amazon from 2003 – 2011. They saw digital as ancillary but eventually woke up. They focused on supply chain combining digital and in-store inventories enabling them to get customer’s their orders faster. Target became a company that used technology to improve its supply chain and offer curbside pick-up for customers. Not to mention the success of its many Target-only brands. Target has triumphed seeing a twenty nine percent growth in online sales in 2018 and a growth in retail sales as well (almost six percent). But for those who refuse to go through a digital transformation fast enough, the risk is real.

In 2018 when some iconic retailers shuttered their doors by either completely going out of business or closing a portion of their stores. Retail is incredibly competitive, and specialty stores or brands that can’t innovate and compete often fall by the wayside. Thanks to Amazon and an explosion of direct to consumer companies like Casper, Dollar Shave Club and Away, more big box retailers are closing their doors.

Here are the top 9 biggest retail closures of 2018:

1. Toys R Us

Iconic toy store Toys R Us closed the doors of all of its 735 stores in June after months of liquidation sales. It marked the end of an era for brick-and-mortar shopping in standalone toy stores. Even with a loyal customer base and strong rewards program, Toys R Us had problems keeping up with online toy retailers and big box stores.

2. Sears Holdings

Sears has been battling to survive since it filed for bankruptcy in October. As a result, the company is restructuring and focusing on a smaller core of profitable stores. Sears Holdings announced in late 2018 that it will close more than 140 Sears and Kmart stores. Sears used to be a prominent retail store, but both Sears and Kmart have faced difficulties in recent years with increased competition and the growth of e-commerce. When given the choice to shop more modern brands online or go to an older Kmart store, customers are choosing the former.

3. Lowe’s

Home improvement store Lowe’s closed 51 stores across the U.S. and Canada. Nearly half of the under-performing stores are within 10 miles of another Lowe’s store, which has allowed employees to transfer to new locations. Closing less profitable stores will allow the company to focus on stores with big earnings.

4. Mattress Firm

Also on the list of retailers that filed for Chapter 11 bankruptcy is Mattress Firm. As a result, the company closed 700 of its more than 3,300 stores. Stores closed quickly after the announcement, some within a few days and others within a few weeks. Most of the stores that closed were in markets that already had numerous other Mattress Firm locations. In recent years, many customers have moved to ordering mattresses online.

5. Brookstone

Mall and airport staple Brookstone filed for bankruptcy in August after a long period of slumping sales. Brookstone closed or is in the process of closing all 102 of its mall stores. However, it is adding 35 new stores in airports to help meet revenue goals. Airport stores tend to be smaller but gain lots of traffic from tired travelers wanting to test the famous massage chairs. Brookstone’s mall locations simply couldn’t compete with online retailers, and most consumers found it easier and more enjoyable to find their quirky gadgets online.

6. GNC

Vitamin store GNC closed 200 stores across the U.S. and Canada after slumping sales. The company said it was trying to renegotiate leases to lower the number of stores it closed, but that didn’t turn out. There are still more than 9,000 GNC stores around the world, but more locations could close if the company can’t turn things around. With its specialty products, GNC is in competition with other vitamin retailers and online stores.

7. Foot Locker

A fixture of many malls, Foot Locker closed 110 stores in 2018, mostly in malls that the company said were “starting to deteriorate.” As it closed underperforming stores, Foot Locker starting putting a bigger emphasis online. However, brick and mortar isn’t completely dead for Foot Locker: it also opened 40 new stores in 2018, including a Champs Sports flagship store in Times Square.

8. Teavana

Starbucks shut the door on its retail tea chain, Teavana. Most of the stores hadn’t been performing well, and Starbucks wanted to move the company in a different direction. In recent years Starbucks tried to spice things up with improved store designs and creative packaging, but it wasn’t enough. All 379 Teavana stores closed in 2018.

9. Claire’s

Home to tween girl accessories, Claire’s filed for Chapter 11 bankruptcy in March 2018 and announced it was closing more than 90 stores. It’s the perfect storm for Claire’s: aging customers, dying malls with slowing foot traffic and a move to online shopping. The store has also faced more competition from big box chains like Target and Walmart.

Nothing in retail is ever certain, especially as e-commerce continues to boom. Stores need to find ways to adapt or they might follow in the doomed footsteps of these retail stores.

Blake Morgan is a keynote speaker, futurist and author of “More Is More.” Sign up for her weekly customer experience newsletter here

=========================

Note: The following link is not part of this article from Blake Morgan, but provides further details on additional bankruptcies experienced from 2015 through early 2019. It is quite extensive, but a very good review (Infographic with commentary) of the “Retail Apocalypse” and the impact of big-box retailers falling behind the technology curve and not shifting to e-commerce and establishing an online presence early enough:  Here’s A List Of 68 Bankruptcies In The Retail Apocalypse And Why They Failed from CBInsights (March 12, 2019).

The World Wide Web Turns 30. Where Does It Go From Here?

Sir Tim Berners-Lee invented the World Wide Web in 1989.- Tristan Gregory/Redux

By Tim Berners-Lee, Inventor of the World Wide Web – Opinion – 03.11.19  05:00 PM for Wired

 

Today, 30 years on from my original proposal for an information management system, half the world is online. It’s a moment to celebrate how far we’ve come, but also an opportunity to reflect on how far we have yet to go.

The web has become a public square, a library, a doctor’s office, a shop, a school, a design studio, an office, a cinema, a bank, and so much more. Of course with every new feature, every new website, the divide between those who are online and those who are not increases, making it all the more imperative to make the web available for everyone.

And while the web has created opportunity, given marginalized groups a voice, and made our daily lives easier, it has also created opportunity for scammers, given a voice to those who spread hatred, and made all kinds of crime easier to commit.

Against the backdrop of news stories about how the web is misused, it’s understandable that many people feel afraid and unsure if the web is really a force for good. But given how much the web has changed in the past 30 years, it would be defeatist and unimaginative to assume that the web as we know it can’t be changed for the better in the next 30. If we give up on building a better web now, then the web will not have failed us. We will have failed the web.

To tackle any problem, we must clearly outline and understand it. I broadly see three sources of dysfunction affecting today’s web:

  • Deliberate, malicious intent, such as state-sponsored hacking and attacks, criminal behavior, and online harassment.
  • System design that creates perverse incentives where user value is sacrificed, such as ad-based revenue models that commercially reward clickbait and the viral spread of misinformation.
  • Unintended negative consequences of benevolent design, such as the outraged and polarized tone and quality of online discourse.

While the first category is impossible to eradicate completely, we can create both laws and code to minimize this behavior, just as we have always done offline. The second category requires us to redesign systems in a way that changes incentives. And the final category calls for research to understand existing systems and model possible new ones or tweak those we already have.

You can’t just blame one government, one social network, or the human spirit. Simplistic narratives risk exhausting our energy as we chase the symptoms of these problems instead of focusing on their root causes. To get this right, we will need to come together as a global web community.

At pivotal moments, generations before us have stepped up to work together for a better future. With the Universal Declaration of Human Rights, diverse groups of people have been able to agree on essential principles. With the Law of Sea and the Outer Space Treaty, we have preserved new frontiers for the common good. Now too, as the web reshapes our world, we have a responsibility to make sure it is recognized as a human right and built for the public good. This is why the Web Foundation is working with governments, companies, and citizens to build a new Contract for the Web.

This contract was launched in Lisbon at Web Summit, bringing together a group of people who agree we need to establish clear norms, laws, and standards that underpin the web. Those who support it endorse its starting principles and together are working out the specific commitments in each area. No one group should do this alone, and all input will be appreciated. Governments, companies, and citizens are all contributing, and we aim to have a result later this year.

Governments must translate laws and regulations for the digital age. They must ensure markets remain competitive, innovative, and open. And they have a responsibility to protect people’s rights and freedoms online. We need open web champions within government—civil servants and elected officials who will take action when private sector interests threaten the public good and who will stand up to protect the open web.

Companies must do more to ensure that their pursuit of short-term profit is not at the expense of human rights, democracy, scientific fact, or public safety. Platforms and products must be designed with privacy, diversity, and security in mind. This year, we’ve seen a number of tech employees stand up and demand better business practices. We need to encourage that spirit.

And most important of all, citizens must hold companies and governments accountable for the commitments they make, and demand that both respect the web as a global community with citizens at its heart. If we don’t elect politicians who defend a free and open web, if we don’t do our part to foster constructive, healthy conversations online, if we continue to click consent without demanding our data rights be respected, we walk away from our responsibility to put these issues on the priority agenda of our governments.

The fight for the web is one of the most important causes of our time. Today, half of the world is online. It is more urgent than ever to ensure that the other half is not left behind offline, and that everyone contributes to a web that drives equality, opportunity, and creativity.

The Contract for the Web must be not a list of quick fixes but a process that signals a shift in how we understand our relationship with our online community. It must be clear enough to act as a guiding star for the way forward but flexible enough to adapt to the rapid pace of change in technology. It’s our journey from digital adolescence to a more mature, responsible, and inclusive future.

The web is for everyone, and collectively we hold the power to change it. It won’t be easy. But if we dream a little and work a lot, we can get the web we want.

This story was co-published with the World Wide Web Foundation.

« Older Entries