By Angela Huang, Principal Lecturer & Consultant, Digital Strategy & Leadership Practice, NUS-ISS
When a single maintenance error triggered a worldwide outage of Facebook’s suite of services on 4 October 2021, the impact was at an unprecedented scale. Facebook, Instagram and WhatsApp – used by billions of users – were taken down collectively. As the apps blinked out, lives and businesses were disrupted. In those six hours, many described feeling as though they were “cut off from the world.” The devastating outage highlighted the rapidly growing reliance of a digital world on a select few, centralised enterprises.
The web as we know it today, Web 2.0, is characterised as the age of Google, Facebook and Amazon [1]. An Internet defined by tech giants, Web 2.0 is all about connecting people – it is here that social media sites were born. Over the years, Big Tech companies have created massive ecosystems, owning so many of the internet’s key services that it’s practically impossible for people to avoid them if they want to stay online.
The problems that a centralised web poses is not news. Privacy concerns, misuse of user information, and data monopolies have been at the forefront of discourse in recent years. Governments around the world are attempting to rein in the tech giants with new regulations, while companies themselves are also starting to take steps to protect data to regain consumer trust.
But as the policy makers scramble to regulate away the flaws of Web 2.0, the next revolution is coming. In some ways, it is already here – an organic movement for Web 3.0 has started gaining traction.
What is Web 3.0?
Web 3.0 typically refers to the decentralised Web.
Avivah Litan, vice president of Gartner, defines Web 3.0 as a decentralised web in which users can control their own data and identity. It seeks to eliminate platform-intermediated interactions – that is, replace centralisation institutions such as Amazon, Facebook, and Google. Web 3.0 will be built on blockchain-based technology for trust verification, and will include privacy protection, decentralised infrastructure and application platforms, and decentralised identities [2].
Web 3.0 related standard initiatives by organisations such as Web3 Foundation and ISO are nascent. This makes it an opportune time to ensure that security issues are also addressed by the standards.
Reimagining cybersecurity in the age of Web 3.0
“If it’s free, you’re a product” has been an inconvenient truth that many social media users have realised and had to accept. A key advantage of Web 3.0 is that it reverses the way Web 2.0 has made the user a commodity. By handing data back into the hands of the entities that own it, a decentralised web empowers users to determine how it can be shared [3].
But does that mean data security concerns are eliminated completely with the Web 3.0? Hardly so.
The transition is a paradigm shift, and a change of this magnitude would challenge old models as we know them. Security issues on the next Internet phase go beyond data. For example, transacting anonymously on distributed ledgers currently come with risks such as smart contract logic hacks and the lack of legal protection when things go wrong.
From the privacy legislation perspective, decentralisation makes it difficult to identify the personally identifiable information (PII) controller and the PII processor.
Due to its lack of central control and access to data, Web 3.0 could make it even more difficult to police cybercrime, including online harassment, hate speech and child abuse images [4]. Moreover, if content were to be hosted all around the world, it could pose regulatory challenges as to which country’s laws apply to a particular website.
There is no doubt we need to be ready for change. A decentralised web will reshape how we organise information on the web, with blockchain technology having the potential to remake organisations. As Web 2.0 gives way to Web 3.0, entire industries could be transformed.
Regulators, businesses, and even consumers alike have to start rethinking about how we handle cybersecurity and privacy issues through the lens of Web 3.0 - to keep pace with the evolving landscape.
__________________________________________________________________________________________
¹Howell David. “What Web 3.0 Means for data collection and security” itpro.uk.com. Nov 2018. Web. Oct 2021
²Litan Avivah. “Blockchain’s Big Bang: Web 3.0” blogs.gartner.com Aug 2019. Web. Oct 2021
³Affinidi. “Web 2.0 vs Web 3.0 – A Bridge Between the Past and the Future” academy.affinidi.com July 2021. Web. Oct 2021
⁴Harbinja Edina and Karagiannopoulos Vasileios. “Web 3.0: the decentralised web promises to make the internet free again” theconversation.com Mar 2019. Web. Oct 2021