Posted: 10th Aug, 2007 By: MarkJ
The House of Lords Science and Technology Committee have today released their report into Internet security, arguing that the Government and ISP's must do more to protect individual surfers.
The piece itself states that the "
laissez-faire" attitude taken to online security by Government and ISP's etc. contributes to a
wild west culture where the end user alone is responsible for ensuring they are protected from criminal attacks online:
The Internet, while still a powerful force for good, has increasingly become the playground for criminals. Todays e-criminals are highly skilled, organised, and motivated by financial gain. Individual Internet users are increasingly victimised yet instead of acting to protect individuals, or providing incentives for the private sector to act, Government continues to insist that individuals are ultimately responsible for their own security. The Committee describe this approach as inefficient and unrealistic.
The Committee recommends a range of measures that would:
Increase the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals
Establish a centralised and automated system, administered by law enforcement, for the reporting of e-crime.
Provide incentives to banks and other companies trading online to improve the data security by establishing a data security breach notification law.
Improve standards of new software and hardware by taking the first steps towards the establishment of legal liability for damage resulting from security flaws.
Encourage Internet service providers to improve the security offered to customers by establishing a kite mark for Internet services.
The Committee also recommend that the Government should review, as a matter of urgency, their decision to require online frauds to be reported to the banks rather than police in the first instance. Victims of e-crime should have acknowledgment from law enforcement bodies that a serious crime has taken place.
However the report does not recommend legislation and instead leans towards the more agreeable angle of "
incentives for the private sector to up their game". Whether those incentives are financial or forceful remains another matter.
Some of the ideas certainly have merit but also fail to recognise the simple reality that ISP's can only secure a connection so far, beyond a certain point it must become the users responsibility.
ISP's are not allowed to take control of a users PC (thankfully) and nor can they govern your own actions in running that system, as a result the most vulnerable part of any connection becomes the clients computer.
Naturally many providers will also be keen to learn precisely what the mooted
kite marks are supposed to be since there's very little substance in the text itself. It perhaps wouldnt be a bad thing if all ISPs offered anti-virus e-mail filtering, although outside of that things become more difficult.