WEB PIONEER Tim Berners-Lee painted a bleak picture of internet security in his closing speech at the RSA Security Conference in London yesterday.
According to Berners-Lee, there is nothing much good about existing internet security, and a lot of work needs to be done. Talking to a room full of security workers, he called on the industry to make improvements and adopt the sorts of measures and systems that consumers use individually.
Berners-Lee started his talk by explaining that security was not his thing, and in his experience is often used badly.
"I'm sorry to have missed this conference," he said. "I'm not one of you. I don't know about security."
Where he does encounter security then, it is as a user, and here he does not have a great experience. "We have tools," he explained, "but we are not set up socially to use them."
Communicating with a bank, he explained, is an arduous task that involves trusted email suppliers and messages back and forth. It's a complicated process, he said, that could be solved through PGP.
Berners-Lee said that it is up to security professionals to improve security and work with the W3C to make what they do widely accepted and easier to use.
Citing the cloud as an example, he said that he would "want control" over what he was using rather than have it be a "backdoor for advertising". Without that, he said, "I am not going to be happy as a user."
One area where he saw something positive is the move towards Do Not Track, which is a "potential solution" to some of the privacy and personal control concerns about internet use. "Its worth a shot," he said. "It's really positive."
"The security industry must do more," he added. "Users have to make informed security decisions and they need information to make them. I would like to see the security community come to the W3C and join the groups building that environment." µ