“The Internet is a lawless wild west”
The Science and Technology Committee of UK’s House of Lords has published a Report on Personal Internet Security. It is a very thorough piece of work with an impressive list of witnesses who gave evidence.
The Report warns that “the Internet is now increasingly the playground of criminals… When this is set against the rate of change and innovation, and the difficulty of keeping pace with the latest technology, the risk to public confidence is clear.”
It goes on to say that “The Government have insisted in evidence to this inquiry that the responsibility for personal Internet security ultimately rests with the individual. This is no longer realistic, and compounds the perception that the Internet is a lawless ‘wild west'”.
“You can’t just rely on individuals to take responsibility for their own security,” said committee chairman Alec Broers. “They will always be outfoxed by the bad guys.”
Many of the recommendations for the British Government are what you’d expect: better data, education, and policing.
One of the significant directions is to recommend moving away from end-users of the Internet being solely responsible for security to put greater liability and responsibility on a much wider range of stakeholders including the manufacturers of hardware and software; retailers; ISPs; and businesses, such as banks, that operate online.
Towards this end, the Report recommends introducing the principle of vendor liability for negligence by the IT industry. It also calls for the establishment of the principle that banks be held liable for losses incurred as a result of electronic fraud. This is diametrically opposite to what is unfortunately happening in New Zealand as noted in a previous post.
On the legal side, the Report recommends introducing of a data security breach notification law. Also, a law that criminalises sale or purchase of botnet services.
No doubt all of this amounts to a comprehensive response which will be far more effective if governments around the world take steps in the same direction.
Only then will the words “security” and “Internet” not be regarded as an oxymoron.