When a company issues a prospectus as it seeks new funds from would-be investors e.g. through an IPO, in several jurisdictions it is obliged to name and warn everyone of specific factors which might put their money at risk. Not airy generalisations. Specifics.
They normally also say what steps they are taking to mitigate the risks and all this must be done in documents which have to be lodged with the financial/stock exchange regulator before the appeal for funds begins. Typically these documents are made public. Nobody should be able to say, subsequently, they had no idea….. you get the picture.
Sauce for the goose is sauce for the gander
Shouldn’t the same kind of rule apply to Apps, sites and services? Developers and marketeers tend to focus on the upsides. The buzz. The excitement of the new. This would force them to consider the downsides as well, and before the get go.
The bad guys will quickly set to work discovering the weaknesses in a system, the ones which ultimately could destroy the viability of the product. They will do that because that’s what bad guys do and in all probability they will share that information with likeminded individuals. Thus, at the moment, the only people knowingly kept in the dark are future victims and the rest of us.
Publish risk assessments
In several jurisdictions companies working in the online space are already or soon will be obliged by law to carry out risk assessments.
Shouldn’t these risk assessments also be lodged with a regulator and made public? Published in an appropriate form on a home page and at sign on?
Otherwise I fear many smaller outfits will calculate that the chances of them being looked at any time soon by an overworked/understaffed regulator are slim and if they are put on notice of a possible investigation they could hurriedly put something together and maybe even backdate it? (Yes. I know you are shocked by that suggestion but….). Or maybe they think (do I mean hope?) any problems they already know about or which emerge can be dealt with, perhaps even before they are bought out and enriched by a tech colossus.
While, for example in the EU, it appears only larger platforms are likely to be the subject of closer regulatory scrutiny, and one can understand why they are a priority, it is often the case that a lot of terrible stuff can happen on smaller platforms flying under the radar. As they get bigger they may attract attention but in the meantime a lot of damage could have been done to a lot of children. Who knows how quickly the regulator may be able to move to target a new App, site or service?
Would my suggestion change everything? No it would not but it is another step which would help ensure the “move fast and break things” culture becomes a thing of the past.
Freedom to try new ways of making money
I am not in favour of any barriers or obstacles to technical innovation or scientific research to advance new technologies.
The much vaunted “freedom to innovate”, however, is often really no more than granting a licence to someone to try out new ways of making money from tech where, generally, building market share in order to benefit from network effects is the overriding objective. That’s where the trouble starts. “Put it out Monday. Fix it Tuesday. Maybe.” to paraphrase Professor Ross Anderson.
I am emphatically not suggesting we look forward to a Soviet-style central planning system where everybody needs permission from the state to do anything. I get the free market idea but let’s not glorify it by pretending it is something it is not.
Nobody needs any “evidence” before they launch something at the public. They make calculations and give it a shot then rely on unique legal immunities to protect them. They defend their turf and we have to find the evidence to persuade them to make a change.
Not good. We should be able to do better.
Education is always good and necessary, but not always sufficient
Following the first grooming cases in the UK, the industry was very resistant to the idea they had any responsbility to act. “These could be isolated examples. Where is your evidence this is anything more than that?”
In the end, with the notable exception of Microsoft, who simply closed down their chat service in the UK, at that time, all most of the tech companies undertook to do was produce more information to help educate children, parents and teachers about how to avoid becoming a victim of grooming.
Education is always a good start but, certainly with the kind of internet we have today, it will not always be sufficient.