The Office of the eSafety Commissioner has published a set of assessment tools that it hopes will be used by tech companies to ensure they are building safety into their products and services.
While eSafety is an Australian agency, the “safety by design” assessment tools are available globally, as the majority of tech industry innovation occurs far away from Australia’s shores.
Released today are two interactive assessment tools: The startup edition for early-stage technology companies and the enterprise edition for mid-tier or enterprise companies.
“For tech companies developing platforms that enable social interaction, safety risks should be assessed upfront. Protective measures need to be put in at the start of the product design and development process. We call this ‘safety by design’,” eSafety said.
The tools are aimed at helping organisations develop safe products, and assist them to embed safety into the culture, ethos, and operations of their business.
The tools and accompanying guidance materials steps participants through five interactive and modules, each with a specific set of questions addressing core safety topics and issues: Structure and leadership; internal policies and procedures; moderation, escalation, and enforcement; user empowerment; and transparency and accountability.
The user is served a report at the end of each module, which acts as a safety health check, but also, eSafety said, as a learning resource that can be drawn upon and used to help make refinements or innovations in the future.
The online tool is around a seven-hour commitment. eSafety said it receives no personal or corporate information or data from those using the tools and it is completely voluntary.
“Our entire mission is about helping Australians have safer and more positive experiences online, one of the ways we achieve that is by helping the industry lift their standards and achieve better levels of safety,” eSafety Commissioner Julie Inman Grant told ZDNet.
The safety by design initiative kicked off in 2018 with the major tech platforms. In April, eSafety said it was engaged with about 180 different technology companies and activists through the initiative. 40 companies took part in the preview of the toolkit.
Inman Grant previously called it a “cultural change issue“; that is, tweaking the industry-wide ethos that moving fast and breaking things gets results.
The solution, she said, isn’t the government prescribing technology fixes, rather a duty of care should be reinforced when companies aren’t doing the right thing, such as through initiatives like safety by design.
In a former life, Inman Grant was the director of public policy for Twitter in Australia and Southeast Asia; she was also Microsoft’s global director of privacy and internet safety.
Speaking with media on the launch of safety by design, Inman Grant said she raised the idea during her time with the Windows-maker.
“While I was there, I tried to introduce safety by design as an initiative for Microsoft to take on, they were doing security by design, privacy by design really well and I just wanted them to slip safety in,” she said.
“But they felt like they were becoming an enterprise company and were never going to be a social media company, even when I pointed out that Xbox at the time was a bit toxic and Skype was a primary vector for child sexual abuse material, wasn’t something that was taken up.”
It was a similar story at Twitter, she disclosed.
While the ideal scenario would be to prevent the harms from happening in the first place, behavioural change takes a long time, so eSafety is hopeful initiatives like safety by design can “move the needle and minimise the threat surface for the future”.
“Safety by design is fundamental because online safety is a shared responsibility and we needed to find a way to shift the responsibility back onto platforms themselves, just as product liability serves to do around toy and goods manufacturing, or food safety standards,” Inman Grant said.
“None of these standards exist in the technology world and I also believe, philosophically, that mandating protections and innovations that companies should take is not going to achieve the right end.
“We had to do this with the industry rather than to the industry.
“We’d love to see a race to the top in terms of online safety standards and this is precisely what this tool is meant to do.”
eSafety is also working with universities on how to insert a safety by design ideal into studies.
“Creating that next generation of engineers and computer scientists … to code with conscience or to think ethically and responsibly about what they’re doing,” she said. “We’re working with four different universities right now in embedding elements of this curriculum into multi-disciplinary programs … safety by design won’t just be this tool, it will grow and evolve.”
MORE FROM ESAFETY
The eSafety Commissioner has defended the Online Safety Act, saying it’s about protecting the vulnerable and holding the social media platforms accountable for offering a safe product, much the same way as car manufacturers and food producers are in the offline world.
The eSafety Commissioner has only been able to action 72 of the 3,600 adult cyber abuse complaints it has received, and it’s hopeful the new Online Safety Act will allow it to do more.