“It’s cruel what you do to these people,” complains blogger Gutjahr about IT security requirements for online banking. Digital education should do the trick.
It’s a crux with IT security: According to the current security index of the Germany Safe Online Initiative (DsiN), the situation has worsened. However, requirements that could make online applications more secure are quickly perceived as patronizing. One reason, according to the participants in a debate about the possibly necessary “change in era for more digital skills” at the DsiN annual congress in Berlin on Tuesday, was that people are not being picked up and taken along.
A book with seven seals”
Digitization is sweeping over the heads of many “like a mighty storm,” explained journalist and blogger Richard Gutjahr, who was connected from Silicon Valley. Networking is being ramped up at a speed that is leaving entire sections of the population outside. As an example, he cited 2-factor authentication, which is required for online banking due to the payment services directive PSD2: “It’s cruel what you do to these people.”
Especially for older users, the login procedure is a “book with seven seals,” explained the reporter. Relevant systems are often so complicated that a pensioner, for example, doesn’t even know “that she needs a second device to activate a code”. The fact that there is a digital social divide here is also shown by the fact that shortly before he left, his 82-year-old neighbor asked him to set up her iPad: she couldn’t cook anymore and was therefore dependent on delivery services.
Gutjahr believes that politicians who promise more digital media lessons in schools in Sunday speeches are not solving the problem. The grandchildren could then set up WhatsApp for grandma. But they don’t know what constitutes credible sources on the Internet. The kids have “no idea what’s going on behind the algorithms of TikTok and YouTube”. The fact that the rate of depression among young people has doubled at a time when they are online up to 7 hours a day is no coincidence: “There must be some connection.”
Easier-to-use devices
Anna Christmann, representative of the Federal Minister for Economic Affairs for the digital economy and start-ups, summarized the experiences of many users as follows: So far, they have not been hit directly by a cyber attack, so things will continue to be fine. In addition, there is the perception: “It’s all terribly complicated” with IT security. A common concern is that the company will be idle for two weeks, “because they all have to do the updates first.” If it was necessary to put an extra card in the laptop, people would no longer want to use the devices. For the Green Party, one thing is certain: products that are easy to use and yet safe are needed. IT medium-sized companies in this country could develop this.
DsiN Managing Director Michael Littger pointed out that cyber attacks are capable of shaking the foundations of democracy and undermining electoral systems and the trust of users. “We need a culture for digital enlightenment,” he said. There is no shortage of relevant information such as the digital driver’s license. However, these would not reach people so easily. Above all, the cooperation of all those involved can be improved.
“More than 60 percent of people in Germany need digital assistance,” reported DsiN chairman Thomas Tschersich. “Here, the floodgates are open to attacks from the Internet. We must therefore now actively develop successful structures for the transfer of skills and make them accessible to everyone: in schools, training companies and companies, as well as in voluntary work and clubs.”
Data protection has an image problem
“Why not open city libraries and offer such courses?” Gutjahr made a suggestion. Young and old could get a forum there. The human factor is always the target, so education is necessary here. At the same time, platform operators should not only see users as click cattle, but also recognize their right to privacy. The “impact and scope of the phrase data protection” can best be visualized by using the term human protection.
“We need products that make data protection-compliant action possible in the first place and are secure,” said Tobias Stadler, head of department at the Federal Data Protection Authority, in the same vein. “Data protection should empower, not patronize.” But there is an image problem, since many only see it as a cost factor. With the General Data Protection Regulation (GDPR), EU companies could take privacy by design into account and thus set themselves apart from the competition.
In theory, that’s correct, agreed Susanne Dehmel from the management of the digital association Bitkom Stadler. However, companies also need the leeway to be able to make sensible data protection settings. However, the GDPR is often interpreted in such a way that it causes a huge bureaucratic effort. If no one can apply the rules correctly, this is a problem in itself. However, the industry must become better at realizing “Security by Design” stories.
Backlog in the fight against cybercrime
Cyber ​​resilience now affects all areas of life in the networked world, the parliamentary Secretary of State for the Interior, Johann Saathoff (SPD), also warned to take action. The federal government will therefore give “high priority” to the implementation of the almost completed amendment to the Network and Information Security Directive (NIS2) and revise its cyber security agenda. The Federal Office for Information Security (BSI) is already actively involved in the planned Cyber ​​Resilience Act with minimum requirements for all networked products. There is still room for improvement in the fight against cybercrime.
(mho)
