Twitter's security chief called for greater regulation of Internet security in a Google-sponsored cybersecurity roundtable discussion hosted on Medium this week.
"Users should not have to petition companies to implement security or fix egregious vulnerabilities," wrote the microblogging platform's Trust and Security officer Michael Coates. "The protection of sensitive user data should be backed by regulation that has teeth."
Companies should be required to encrypt data in transmission and maintain apps and servers free of security holes, making sure to fix any vulnerabilities in a reasonable time period, he wrote, and he warned against legal attempts to undermine user privacy.
"Ten years from now, I predict that the largest risk to society will be attempts to criminalize or undermine privacy protecting technology," he wrote. "The existence of technologies such as Tor and encryption is crucial to protect individuals living in nations where free expression is not guaranteed and the expression of an idea can place an individual at risk."
Other participants in the discussion also urged Internet companies to bolster security protections: Sam Quigley, Square's head of information security, warned that some companies aren't doing enough to protect personal information beyond traditional targets like credit card numbers.
"This is a worrisome enough trend in a purely online context, but the rise of connected devices means that we're all carrying tons of sensors around with us all the time," Quigley wrote.
And tools that collect data need to be built from the ground up with data privacy in mind, wrote Joel De La Garza, chief security officer at Box.
"We must have the technical ability to enforce privacy and confidentiality while also enabling innovation that can have profound positive benefits for our lives," he wrote.
Building those secure systems will likely require a greater emphasis on security testing, and turning security research into marketable solutions, wrote Rebecca Bace, the CEO of security firm Infidel.
"For example, we all know we need to ensure that software is adequately tested — perhaps in the way Underwriters Laboratories certifies that new electrical devices are safe to use — yet we've made very little progress towards that goal," she wrote.