Marleen Stikker: ‘Cyber security isn’t rocket science’

Foto: DUB

From the incomparable cyber attack at Maastricht University to the recent security leak in the software of remote-working system Citrix – now more than ever, the digital security of universities and universities of applied sciences is being tested.

That’s unfortunate, but still, we should be happy with these types of scandals, says internet pioneer Marleen Stikker. “They help people realise just how vulnerable we are. And that can lead to good things. Never waste a good crisis.”

Stikker is founder of The Digital City, the first free internet provider and virtual community on the internet. She also founded Waag, a research institute for creative technology and social innovation.

Earlier this month, she delivered the Privacy Address in TivoliVredenburg. “I was amazed: an audience of six hundred people for an address on privacy! The topic is really alive right now, I thought. People are starting to realise something’s at stake.”

And that’s a good thing, because in terms of online security, we tend to be rather complacent. “We trust that everything’s okay,” Stikker says. “Like you trust people to remove contaminated meat from stores, or recall unsafe toys. That same way, we trust there to be some type of monitoring of digital infrastructure.”

Duty of care
And there’s no monitoring now? “No,” Stikker responds. “Our government has gotten caught up in dependencies on the IT industry. That was proven once again recently with the Citrix leak. Things like that can only be solved by the company that created the software. And in the meantime, everyone just has to hope for the best.”

She’s not the only one who’s worried. In December, the rectors of Dutch universities sounded the alarm with an opinion piece (in Dutch, ed.) published in De Volkskrant. They say they’re too dependent on (American) commercial platform services, like giants Google and Microsoft, but also on companies like Blackboard, Coursera, and ResearchGate.

Now, Stikker says, it’s time for the institutions to practice what they preach. “In terms of technology, universities and universities of applied sciences have made themselves dependent on third parties in a rather opportunistic – read: cheap – manner. They’re basically handing whole new generations of people over to companies who violate our privacy. And that has to change. Because if you’re not offering your students a safe infrastructure, you’re not fulfilling your duty of care.”

Internet pioneer and privacy activist Marleen Stikker. Photo: Jimena Gauna/Waag

Being difficult
The solution, according to Stikker: switching to systems that are based on the principle of ‘privacy by design’. “It’s not rocket science. Don’t stick with a system that doesn’t work; instead, think about how you would like things to be. And then ensure your design team doesn’t consist of exclusively managers and supervisors, but that it also includes students and teachers.”

Because when it comes to online privacy, it’s all right to be a little difficult as a student or teacher, Stikker emphasises. “Speak up and say you don’t think it’s self-evident to have to join a WhatsApp group with your entire class, or that you have to work in a shared Google document. Turn it into a case, demand alternatives.”

Stikker recommends the website The site lists over forty socially responsible, privacy-supporting services, such as Nextcloud instead of Google Docs, and Signal instead of WhatsApp. “Universities and universities of applied sciences could really support these alternatives.”

Last year, Stikker published  her book, ‘The internet is broken’, with the optimistic subtitle: ‘But we can fix it’. “People often ask me whether I truly believe that,” she laughs. “But online privacy is no longer a neutral subject; people no longer assume things will turn out okay by themselves. So yes: we really can fix the internet.”

Tags: cyber crime