2. Demand companies to take extensive measures to protect security and privacy of your data and communications. Some companies have taken basic steps of say implementing SSL in their web server connections. But so much more is needed. Some firms have started to implement encryption more widely — it’s a good start, but they must do so as openly as possible. So you make a good point about closed-source software. Open review of code is absolutely necessary to ensure that it can be trusted.
3. We need to take ownership of the ‘cybersecurity’ agenda created by governments to spy on more communications and interactions; and make it about protecting our devices, our networks, and our information.