Twitter security chief calls for industry regulation 'that has teeth' and the embrace of Tor

Twitter's security chief Michael Coates has called for increased regulation online in order to force firms into adopting a 'security-first' attitude towards protecting sensitive user data.

Coates, who made the comments in a cybersecurity roundtable event hosted on blogging platform Medium, added that any future regulation needs 'to have teeth' to be truly effective.

"It is unfathomable that an application or device can be created and adopted by millions that fails to encrypt communications with TLS, has rampant vulnerabilities in the application or lacks fundamental security controls on backend servers. Yet this behaviour is commonplace," he said. "Users should not have to petition companies to implement security or fix egregious vulnerabilities. The protection of sensitive user data should be backed by regulation that has teeth."

Indeed, major data breaches over the past 12 months targeting firms such as Ashley Madison, JD Wetherspoon and TalkTalk have impacted millions of unwitting internet users caught in the crossfire. Most recently, hacked toy manufacturer VTech was publicly criticised for its stance on data security after essentially shifting the burden of any future attacks directly onto users of its services.

Now, according to Coates, legislation should enforce a "basic set of user rights" to help bolster the security of user data. However he did note that future regulation should not be used to dictate technical choices. His vision for how the rules would take shape include making sure all sensitive data is encrypted in transmission and ensuring that vulnerabilities are detected and patched in a reasonable time period.

"The root cause [for weak data security] is the absence of a uniform requirement for basic security controls to protect user data. This does not have to be complex," he asserted.

Encryption is crucial

With the rapid evolution of technology and the Internet of Things (IoT), it is more important than ever for firms to take privacy and data protection seriously, Coates maintained. "If we wish for the internet to continue to flourish, the protection of user data must be a non-negotiable requirement for all applications," he said. "Ten years from now, I predict that the largest risk to society will be attempts to criminalise or undermine privacy protecting technology."

Looking ahead, he explained that the embrace of cryptography is also a crucial factor in the future of the internet. "The existence of technologies such as Tor and encryption is crucial to protect individuals living in nations where free expression is not guaranteed and the expression of an idea can place an individual at risk," he said.

"Technology has empowered many to share views on topics that would otherwise be hidden from worldwide awareness. To ensure such technologies continue to operate we need a concerted effort from industry to welcome users from Tor and similar technologies."