The web is 'like the wild wild west'

A MAJOR PARLIAMENTARY REPORT from the House of Lords warns that the Internet is becoming a playground for organised crime and calls for government and police action to improve online security. The House of Lords Science and Technology Select Committee blames both businesses and government for emergence of the Web as a 'wild west', with millions of Internet users unnecessarily exposed to crime.

"The Internet is now increasingly the playground of criminals," says the report, Personal Internet Security. "Where a decade ago the public perception of the e-criminal was of a lonely hacker searching for attention, today's bad guys belong to organised crime groups, are highly skilful, specialised and focused on profit. They want to stay invisible, and so far they have largely succeeded."

The six-month committee investigation demands radical solutions including a new Internet police department with a Website where members of the public could report cyber-crooks, together with an independent web regulator. The report criticises the complacency of government, banks and software firms towards the threat posed by the Internet and calls for those profiting from the Web to take responsibility for security.

"Hardware manufacturers, Internet service providers, banks, the police and government must take action to promote greater security for customers using the net" says the report. "Banks and software firms should be forced to pay up if their customers fall victim to e-criminals because of security flaws, instead of the risk being dumped on customers."

The report states that individual Web users should no longer have to be responsible for their online security. "You can't just rely on individuals to take responsibility for their own security. They will always be outfoxed by the bad guys," says committee chairman Lord Broers. "We feel many of the organisations profiting from Internet services now need to take their share of the responsibility.

The Lords also calls on the industry to endorse the following as best practice:

Increasing the provision of security advice to users when first booting up PCs or launching applications

Automatic downloading of security updates upon first connecting machines to the Internet

Ensuring that default security settings are as high as practicable, even if functionality is restricted while users are still learning about the risks they face

An industry-wide code of practice on the use of clear and simple language in security messages.

The report notes that efforts to promote such best practice are hampered by the current lack of commercial incentives for the industry to make products secure: companies are all too easily able to dump risks onto consumers through licensing agreements, so avoiding paying the costs of insecurity, adding 'This must change.'

"We are firm believers in the Internet. It is a huge force for good. But it relies on the confidence of millions of users. At the moment it seems that the Internet is increasingly perceived as a sort of 'wild west', outside the law. People are said to fear e-crime more than mugging. That needs to change, or else confidence in the Internet could be destroyed," adds Broers.

The report concludes: "You can't legislate for better Internet security. But the Government can put in place incentives for the private sector to up their game. And they can invest in better data protection and law enforcement. It's time to act now, before it's too late." µ

L'INQ
Full Parliamentary Report (PDF)