By Tom Espiner, 10 August 2007 09:10
NEWS
The government must act now or risk losing public confidence in the security of the internet, an influential House of Lords committee has found.
A wide-ranging inquiry into personal internet security conducted by the House of Lords Science and Technology Committee has "highlighted the threat to the future of the internet posed by e-crime".
The House of Lords said in a statement: "The government must do more to protect individual internet users."
The report said: "The internet, while still a powerful force for good, has increasingly become the playground for criminals. Today's e-criminals are highly skilled, organised and motivated by financial gain. Individual internet users are increasingly victimised."
The Science and Technology Committee criticised the "laissez-faire attitude" taken not only by the government but also by manufacturers of hardware and software, retailers, internet service providers (ISPs), businesses, such as banks, that operate online, the police and the criminal justice system.
The Lords report said: "The government has insisted in evidence to this inquiry that the responsibility for personal internet security ultimately rests with the individual. This is no longer realistic and compounds the perception that the internet is a lawless 'Wild West'. It is clear to us that many organisations with a stake in the internet could do more to promote personal internet security."
The IT industry caught flak in the report for not historically making security a priority. While this is gradually changing, more radical and rapid change is needed if the industry is to "keep pace with the ingenuity of criminals and avoid a disastrous loss of confidence in the internet".
As well as self-regulation, the committee recommended that the government explore, at the European level, the introduction of vendor liability within the IT industry.
Banks and online retailers are also not doing enough to protect customers, the report said.
On the law-enforcement end, the committee recommended the government increase the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals and establish a centralised and automated system, administered by law enforcement, for the reporting of e-crime.
Tom Espiner writes for ZDNet UK
Comments
There are 3 comments. Join the discussion
1. Nick Cole
The problem being two fold. One that there are times when state level resources are need to pursue things, and the other that individuals could (and would) do more if they had the means.
To solve the first some form of effective and knowledgable reporting point needs to be made available.
The second is perhaps easier. e-criminals hide behind the anonymity of non-geographic telephone numbers, refusal to provide contact information via companies house, or other agencies, and so on. The failure to provide geographic non contact-centre information allows people to get away with their abuses and act with impunity.
Regulations set up to protect the minority are abused by the criminal and allow them to affect the majority. Agencies such as BT who have access to information refuse to divulge it which means that they are actually condoning and effectively encouraging criminal activity.
People can help themselves if they are given the means to do so. If Government decides that people cannot or refuses to give them the means they take on full responsibility. But ultimately the first defence and protection is for the individual concerned. Only allowing them to contact the authorities and the inevitable hurdles after the event does not stop it happening in the first place.
2. Bart Patrick, SAS UK
Is it just me or is the recent report from the government about internet fraud going just one stage too far?
While the Lord’s committee is right to highlight the threat of organised crime and unchecked private usage of the internet, the onus of protection is perhaps a bit skewed.
The question for me is how can government or business protect individual users more when individual users seem to be happy to give their personal details to any tom, dick or harry just because they are on-line?
For the commission to say that an individual is currently responsible for their own internet security (which is ultimately true), and then imply that this should no longer be the case could set a dangerous precedent. We already see users have little or no regard for their own information once it is on the internet. Social networking is testimony to this. How can institutions take more responsibility than they currently do when the personal owners of information seem to have so little regard for their own security?
Throwing stones at government and business alike for not protecting the user is a poor solution to managing the problem of fraud. If the purpose of this report it to highlight the poor personal security of many individuals, I applaud it. If it is just to shift the blame to business, obfuscating the need for personal responsibility over your own identity and internet usage, that is something else.
3. misceng
Dealing with e-crime is in three parts.
1 The individual must behave sensibly to protect themselves.
2 ISPs must take some responsibility for spam by cutting off the service to the generators.
3 The government must do their best to push for action on 1 and 2 above. They must punish severely the criminals and also get together with other governments to persuade them to act on all three of these items.
Unfortunately I feel this is a forlorn hope.