Friday, August 10, 2007

Government 'must act on e-crime'

House of Lords reports ...

“Government 'must act on e-crime' The government must do more to protect internet users from the threat of e-crime ... ”



The Lords Science and Technology Committee said the internet was now "the playground of criminals" The report criticised the government's current "Wild West" approach of leaving internet security up to the individual as "inefficient and unrealistic".

A Home Office spokesperson said the government was examining the report and would respond shortly. "We are firm believers in the internet. It is a huge force for good. But it relies on the confidence of millions of users," said Lord Broers, chairman of the committee that published the Personal Internet Security report.

"You can't just rely on individuals to take responsibility for their own security. They will always be out-foxed by the bad guys."

'True picture'

Responsibility for protecting users also fell to "the IT industry and the software vendors, the banks and internet traders, and the internet service providers", he said.

But, speaking later on the BBC's Today programme, he conceded it was hard to contain the problems of the internet.

"Because of the way it's been set up, without a security level, so that people could talk to each other and have access to everybody else's data, it's become almost unrealistic at this stage, because criminals are moving-in in a big way," he said.

"And they're not the sad hacker in their back room - this is organised crime."

The House of Lords report acknowledged that there were no accurate statistics on e-crimes, but said that it was "not surprising" that public anxiety was growing.

The report cited a government survey that suggested more Britons feared internet crime than burglary.

The Get Safe Online study found 21% of respondents felt most at risk from net crime, while 16% worried most about being burgled.

Internet crimes can include malicious hackers taking control of a PC, or online phishing scams where bogus websites are used to try to trick people into handing over confidential information, such as bank details.

Commenting on the government survey, the House of Lords committee said: "This raises the question whether the government needs to do more to help establish a true picture of the scale of the problem, the risks to individuals and the cost to the economy. We believe the answer is yes."

The Lords' report recommended a number of measures to help boost the confidence of internet users.

"The state also needs to do more to protect the public, not only the government itself, but regulators like Ofcom, the police and the court system," said Lord Broers.

Specifically, the report called for a central system for reporting of e-crime.

In addition, it said there should be an increase in the resources available to the police and criminal justice system to catch and prosecute e-criminals.

David Emm, of security firm Kaspersky Lab, agreed that a central unit could help.

"A wider agency can only be of benefit, if only to gauge the size of the problem," he told the BBC News website. "You can't manage something if you don't know the scale of the problem."

But, he said, there had been a central law enforcement agency to tackle e-crime in the past.

The National High Tech Crime Unit was merged with the Serious Organised Crime Agency (Soca) in April 2006.

"I've had concerns since then that there wasn't as much of a focus on high-tech crime," he said.

Card abuse

The committee recognised that the responsibility for UK net users - around 63% of the population - did not rest solely with the government.

"You can't legislate for better internet security. But the government can put in place incentives for the private sector to up their game. And they can invest in better data protection and law enforcement," said Lord Broers.

The committee suggested that a kite-mark should be set up that would identify internet service providers that guaranteed a secure service.

In addition it said that government should encourage banks and other companies trading online to improve data security by establishing a law that would require them to notify a central authority when there was a breach.

This was important in cases, such as happened in March this year, when hackers stole the credit card details of 45 million TK Maxx customers.

"Potentially any one of these cards, belonging to innocent individuals, could be used online for illegal purposes in transactions relating to terrorism, or to purchase child abuse images," the committee said.

It also said that steps should be taken to establish legal liability for damage resulting from security flaws found in hardware or software.

Responding to the report, a Home Office spokesperson said: "The key to tackling online crime is prevention, which is why across government we are working closely with industry and law enforcement agencies to improve safety while also seeking to raise awareness to improve people's ability to protect themselves.

"We are in discussions with the police about effectively policing the internet and looking at what measures can be taken.

"We are grateful for the House of Lords Science and Technology Select Committee's contribution and work in investigating this important area and will look at the report carefully and respond to the committee shortly."

No comments: