Leaders from Canada, France, Germany, Italy, Japan, the U.K., U.S. and EU have signed a declaration containing a series of shared principles on how to tackle the global challenge of online safety, including that online firms should have systems and processes in place to reduce illegal and harmful activity and prioritize the protection of children.
The principles say that any steps to improve online safety must support the values of open and democratic societies and respect human rights and fundamental freedoms.
The joint ministerial declaration was signed at a virtual meeting hosted by U.K. Digital Secretary Oliver Dowden to fire the starting gun on this year’s G7 Summit. The agreements are part of the first of seven ministerial declarations due to be signed this year.
Other measures include plans to turbocharge exports by digitizing the cumbersome and centuries-old paper-based system for key international trade transactions and improving the free flow of data.
In a sign of stronger cooperation to address concerns over the market power of big tech platforms, international regulators and policymakers will meet with the U.K.’s Competition and Markets Authority in the autumn to discuss long term coordination and enforcement.
Digital Secretary Oliver Dowden said: “As a coalition of the world’s leading democracies and technological powers, we want to forge a compelling vision of how tech should support and enhance open and democratic societies in the digital age.
Together we have agreed a number of priorities in areas ranging from internet safety to digital competition to make sure the digital revolution is a democratic one that enhances global prosperity for all.”
The G7 Digital and Tech ministerial meeting is the culmination of ongoing discussions and negotiations around a number of priority areas. The talks came after Dowden spoke with his U.S. counterparts on April 27 to emphasize the importance of global collaboration to protect people online and drive the international debate in this area.
In the ministerial declaration published on April 28, G7 member states have agreed to:
- Internet safety principles to guide work to improve online safety. G7 countries commit to protecting human rights online and agree that tech companies have a corporate responsibility for their users’ safety. This means they should have systems and processes in place to reduce illegal and harmful activity and prioritise the protection of children. These are based on underlying principles in the U.K. Government’s Online Harms White Paper.
- Develop a framework for the use of electronic transferable records, to address legal barriers and coordinate domestic reforms so companies can use digital solutions for the shipment of goods and trade finance – replacing slow and outdated paper transactions.
- A consensus that a more joined-up approach to regulation and promoting competition in digital markets is needed to better serve consumers and businesses. Regulators have agreed to meet later this year to discuss these issues further.
- Cooperation to seize the opportunities and benefits of data free flow with trust for people, businesses and economies. The G7 will build evidence on the impacts of data localization, promote regulatory cooperation and accelerate the development of best practice approaches for data sharing across a broader set of priority areas. These areas may include transportation, science and research, education and natural disaster mitigation.
- Collaboration on how democratic governments and stakeholders can support the development of digital technical standards that online tools, services and protocols should measure up to, and which, among other things, will guide the development of a free, open and secure Internet.
For the first time the G7 also discussed the importance of promoting security and resilience in critical digital infrastructure, in particular in telecommunications, including 5G and future communications technologies. In the declaration, G7 countries commit to developing their collaboration on this throughout the year.
Building on the momentum from this G7 Digital and Technology track, the U.K. will also host the Future Tech Forum this September. The Forum will convene like-minded democratic partners to discuss the role of technology in supporting open societies and tackling global challenges, in collaboration with industry, academia, and other key stakeholders.
The G7 announcement follows the British government’s announcement regarding new laws to protect smart devices amid a pandemic sales surge.
Under the new laws, makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks.
New figures commissioned by the British government show almost half (49%) of U.K. residents have purchased at least one smart device since the start of the coronavirus pandemic.
Just one vulnerable device can put a user’s network at risk. In 2017, attackers infamously succeeded in stealing data from a North American casino via an internet-connected fish tank. In extreme cases hostile groups have taken advantage of poor security features to access people’s webcams.
To counter this threat, the new law plans to make sure virtually all smart devices meet new requirements:
- Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates
- A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable
- Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
The government intends to introduce the new legislation as soon as parliamentary time allows. Smartphones are the latest product to be put in scope of the planned Secure By Design legislation, following a call for views on smart device cyber security.
It comes after research from consumer group Which? found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.
Security updates are a crucial tool for protecting people against cyber criminals trying to hack devices. Yet research from University College London found none of the 270 smart products it assessed displayed information setting out the length of time the device would receive security updates at the point of sale or in the accompanying product paperwork.
By forcing tech firms to be upfront about when devices will no longer be supported, the law will help prevent users from unwittingly leaving themselves open to cyber threats by using an older device whose security could be outdated.
Just one in five global manufacturers have a mechanism in place to allow security researchers – firms and individuals who find security flaws in devices – to report vulnerabilities.
These moves have been supported by important tech associations across the globe including the Internet of Secure Things (IoXT), whose members include some of the world’s biggest tech companies including Google, Amazon and Facebook.
Three new voluntary assurance schemes have also been launched recently to give shoppers confidence a smart product has been made cyber secure, thanks to a £400,000 government grant. The Internet of Toys Assurance Scheme will allow parents to know from the outset whether a smart toy they are buying their children has been tested and meets the minimum security requirements. The Smart TV Cybersecurity Certification program will provide third-party testing and give confidence to buyers of smart TV products by allowing approved devices to display a certification logo. And the IASME IoT Security Assured initiative will be open to start-ups and smaller companies to carry out verified cyber security self-assessment of their products to ensure they meet high standards.
