1. What are the biggest issues in privacy and/or security facing Canadians today?
I think that one of the most important issues is the balance between personal privacy and national security. Given recent world events, there have been renewed calls for increased online surveillance, but we also need to protect our individual rights and freedoms. Encryption technologies are designed to protect us and backdoors fundamentally threaten everyone’s privacy and security. We’ve already seen examples of backdoors being exploited by malicious actors and I suspect we’re going to see a lot more over the next few years.
2. To what extent should the private sector be involved in the creation and/or management of online identities?
The reality is that the private sector currently dominates the creation and management of online identities. Consumers are much more familiar and comfortable with their Google and Microsoft accounts than they are with those created and maintained by the public sector. The biggest challenge we face is identity fragmentation; it’s unrealistic to continue to expect users to remember unique credentials for dozens of online identities. The increasingly common and simplistic password-recovery mechanisms makes the problem worse by creating new entry points for attackers. The public and private sectors need to work together to find better ways to federate online identities and increase the use of multi-factor authentication.
3. Are there any emerging technological advances that are particularly alarming to security?
The Internet of Things is definitely the biggest long-term threat to government, enterprise and consumer security. We have a huge number of new devices – from cars to wearables to appliances – connecting to the internet, often with little to no consideration for privacy or security. These are the same mistakes we made years ago with computers and mobile devices, and we’re still paying for those mistakes. If you want to read my full thoughts on the topic, check out this blog post from last year.
4. How should companies approach cyber security?
Companies need to treat cybersecurity as a core part of their business. While it usually doesn’t generate direct revenue, security mitigates the risk of hacks and data breaches, which are becoming very common and extremely costly. Investing in the right areas of cybersecurity can provide huge cost savings and ROI, especially for large companies that operate in regulated industries. Companies need to consider not only the short-term costs and regulatory ramifications of potential data breaches, but also the long-term impacts to reputation and customer confidence.
5. How will the increasing reliance on technology and all things digital affect Canadians?
I think that technology has greatly improved the lives of Canadians and will continue to do so for the foreseeable future. Consider that most of us now carry supercomputers in our pockets, capable of instantly connecting us to the people, places and things that matter most no matter where we are. Consider that our cars are becoming increasingly connected and automated, with self-driving technologies just around the corner. And finally, consider that I’m typing this all on my BlackBerry from the comfort and warmth of my living room. The digital future is very exciting, and we always need to remember how incredibly lucky we are to be a part of it.