20 October 2011
Tim Berners-Lee, inventor of the world wide web, delivered the closing keynote at RSA Conference last week, outlining some of his ideas for a more secure web.
Berners-Lee spoke about software having what I would describe as “a conflict of interest”, for example an auction application which might represent his bids but also has access to everyone else’s and could easily cheat. The issue of trust is key, and Berners-Lee suggested we might use different parts of the screen or different colours to help identify the different sources of data and how trustworthy we should consider them to be. He also gave the example of software he uses to manage his tax return, and said he was “shocked and disturbed” when the software asked if it could sell him insurance. If he pays for software, he says, he wants to know it’s working on his behalf, and he was so annoyed by this that he gave up using the application and wrote his own instead. This is a problem that’s less of an issue with a website like a travel agent’s site, because Berners-Lee assumes the application is working on the travel agent’s behalf there, he said. As we move to the cloud, it strikes me that new types of advertising become technically possible but Berners-Lee insisted the cloud needs to be under the user’s control, with no backdoor for serving ads based on the data stored in it.
The key is that there needs to be a way for the user to control the resources every application gets, Berners-Lee said, including CPU, memory (local and in the cloud) and the disk and camera. He said he wants to be able to give particular apps, people and groups access to different pieces of data on all his devices, without any defaults that might result in data leaking and without having to set it up from scratch for each new app. And there needs to be a clear, colour-coded user interface, that makes it easy to see at a glance who has access to different types of data (such as family, work colleagues, everyone, and the user only). For example, he might use an exercise app which tells everyone he did 40 minutes of exercise, show friends and family the GPS trail of the path he took, and reserve details of his weight for his eyes only.
If it’s possible for apps and people to share data in a secure way, under the user’s control, there will be an explosion in apps that can talk to each other, which could lead to all kinds of new ways to share and process our data.