The Science and Technology Committee of the House of Lords has published a report on Personal Internet Security which makes recommendations about the role of service providers versus individuals in ensuring the Internet remains a safe place for its users. Its key recommendation is that the responsibility for security cannot remain solely with the end user.
The report, which runs into over 100 pages (excluding additional evidence and background) reminds everyone that the Internet is becoming the 'playground of criminals' concludes that many organisations from hardware manufacturers, software publishers, retailers, Internet Service providers, police, judiciary and other stakeholders could all do more to help users protect themselves. It also acknowledges, that a "return to a world without the Internet is now hardly conceivable".
One of the key problems with the Internet is that when it was built and designed, it was not expected that it would grow to the extent that it has, or that it would be used for the applications that it is being used for today. The underlying protocols that make the Internet work are a product of an old era when it was used by the U.S. military and academics, not the entire population.
The committee recommends that ISPs should be encouraged to monitor and detect "bad" outgoing traffic (such as viruses or other attacks) from their network (originating from their customers) and that the "mere conduit" immunity (which allows ISPs to claim that they are not responsible for traffic passing through their network) should be restricted when they become aware of issues on their network. Whilst making service providers more responsible for content on their network once they become aware of it is commendable, there is also a problem with the lack of quality in many complaints directed to ISPs which could increase significantly. Who pays for the cost of processing a complaint to an ISP which relates to a service which that ISP has nothing to do with?
"The current assumption that end-users should be responsible for security is inefficient and unrealistic. We therefore urge the Government and Ofcom to engage with the network operators and Internet Service Providers to develop higher and more uniform standards of security within the industry. In particular we recommend the development of a BSI-approved kite mark for secure Internet services. We further recommend that this voluntary approach should be reinforced by an undertaking that in the longer term an obligation will be placed upon ISPs to provide a good standard of security as part of their regulated service.""Personal Internet Security" Report of the Science and Technology Committee, House of Lord.
Criticism is not limited to service providers, with the committee also recommending companies supplying software and hardware do more to ensure that the 'default' setup is more secure. It also suggests banks should be responsible for electronic fraud.
Security on the Internet is always a very difficult subject to approach because of the diverse range in IT skills that exist in our society. Whilst this is likely to improve over the generations, there will always be some who are technically less aware than others and this will give criminals the opportunity to exploit those who are less cautious. The real question is, to what extent should the government and the organisations supporting and using the Internet be required to supervise the individuals on their network who lack the technical knowledge to protect themselves?
A question for you to ponder.. Should Internet users be required to pass a test and get a license before being entitled to order a broadband connection?