Reinventing the Internet: Here’s how to make online life more secure and trustworthy

[Commentary] Personal online security benefits everyone; well, almost everyone. Putting these measures in place wouldn’t be easy, and it would be unpopular in some quarters, but I think it would certainly be worth trying:

• Responsible disclosure: A neutral body such as the International Telecommunication Union should administer the disclosure scheme, monitoring compliance around the initial quiet-tap-on-the-shoulder stage and ensuring the transparency of subsequent public disclosures.
• Audit everything: This scheme should be funded by all countries and administered by the ITU or perhaps a standards-setting body like the IETF or the W3C. It should not be expensive, particularly when taking into consideration the public costs of dealing with attacks.
• Encrypt everything: The W3C’s HTTP Working Group is already trying to ensure that open web use will become encrypted by default. The IETF and others are also now focused on improving the usability of online security and on encouraging standards-setters to think about security from the start.
• Informed consent: The difference between opting in and out is vast. Shifting from an opt-out to an opt-in model would certainly add friction to sign-up and update processes, and it would require a standardized template that people broadly understand, but it’s the only honest way to process people’s data.
• Privacy-friendly principles and evolutionary rules: The core principles should ideally be enshrined in a global Internet bill of rights, respected by countries and translated into national law as closely as possible. And here’s the overarching principle that should set the tone for the rest: the rights people enjoy offline should apply just as much online