Friday, October 26, 2007

Govt rejects Lords Personal Internet Security Report

The government has produced an extremely disappointing response to the House of Lords Personal Internet Security report published in August.

The government has completely rejected the report's far-seeing recommendation that liability redistribution is the key to Internet security. The Lords were convinced that allocating some liability to financial services institutions, ISPs and software vendors would drive an increase in the security of Internet-related products and services. The government's response is to sniff that additional burdens cannot be imposed on business. This is short-sighted to say the least.

The government has also rejected advice that the Research Councils should fund significant new security work or a new centre of expertise between universities; that "kite marks" indicating a basic level of security in Internet-related products and services should be encouraged; or even that growing levels of fraud are significantly damaging people's trust in the Internet.

I've been doing quite a bit of work over the summer on e-crime. It is quite amazing just how quickly serious criminals are developing in their use of the Internet for fraud. I had high hopes the UK might lead the world in a long-term response to this problem. Instead it seems the government prefers to stick its head in the sand and hope the problem will go away of its own accord.

UPDATE: The Lords' special advisor isn't impressed.

4 comments:

Anonymous said...

The UK Government Technology strategy Board are condustin research into how to ensure privacy and consent in Indentity management systems and they have a blog!! http://networksecurityip.wordpress.com

Ian Brown said...

And happily I will be going to their week-long meeting mid-November :)

FishNChipPapers said...

"The government's response is to sniff that additional burdens cannot be imposed on business. This is short-sighted to say the least."
Indeed it is. At present those who suffer as a result of security flaws e.g. a consumer who is subject to identity fraud as a result of a data loss; a PC user whose data is stolen as a result of a security vulnerability in a software product are not in a position to mitigate the risk. The government's decision reflects a complete disregard for the economic aspects of personal internet security.

Did they actually except any substantive recommendations from the report?

Ian Brown said...

Basically, no!