The House of Lords Personal Internet Security report warns that the government and the IT industry are too casual about security. It is true. Security may be well managed in the enterprise, but it tends to be weak in small businesses and a basket case in many homes. The Lords have come up with some controversial proposals, daring to broach the question of liability for buggy software or hardware that puts others at risk. The Lords recommend "the introduction of the principle of vendor liability within the IT industry", adding that this should override end-user licence agreements ìin circumstances where negligence can be demonstratedî.
The Lords also focused on ISPs, which so far have evaded responsibility for the content that flows through their pipes by arguing that they are only providing infrastructure. The report said, "We recommend that the 'mere conduit' immunity should be removed once ISPs have detected or been notified of the fact that machines on their network are sending out spam or infected code."
There is also the matter of data protection. The Lords observed that the Data Protection Act is weakly enforced and want to see this improved.
Just as you would expect, the industry's reaction has been defensive. "The UK internet industry has an excellent track record of making the net safer through self-regulation," bleated the Internet Services Providers' Association in its press release, describing how its members strive to educate users. It is wilfully missing the point.
"The current assumption that end-users should be responsible for security is inefficient and unrealistic," said the Lords, and they are absolutely right. There is also plentiful evidence that the webís security problems are not going away, and may be getting worse. In the industry we have come to accept this as somehow normal.
However, it is easy to find reasons why new legislation would not work, or may do more harm than good - the freedom and openness that characterise the net are key to its success. The problems are global, not national, and the risk is that the good guys will suffer while the bad guys take no notice.
The best outcome is not new laws, but a renewed vigour behind efforts to improve security without pretending that education, bundled trialware and impenetrable warning dialogs form a realistic solution. That said, some new legislation probably is necessary. It is hard to find any good reason why one-sided licence agreements should protect vendors from responsibility for negligence.
Finally, if we are serious about trying to improve internet security, the ISPs must inevitably play a bigger role than they do now.
Recommendations include the introduction of data security breach notification law in the UK 10 Aug 2007
The House of Lords Science and Technology Committee is to examine how current IT security risks affect society 01 Aug 2006
Report claiming solar panels take over 100 years to recoup their value is just plain wrong, say manufacturers 05 Sep 2008
New hybrid hatchback designed to make dual-drive vehicles more affordable 05 Sep 2008
Republican attempts to highlight differences over energy policy as both candidates pledge to deliver US energy independence 05 Sep 2008
More news
Once your company has gathered up all the low-hanging fruit, what comes next? Sarah Fister Gale finds that the answer lies in everything from multi-million dollar energy efficiency programmes to printers powered by exercise bikes 03 Sep 2008
Slow journey times mean airships are highly unlikely to replace passenger jets, but, as Danny Bradbury discovers, a flotilla of new companies are convinced that low-fuel costs mean the old-fashioned aircraft could have huge appeal to freight operators 02 Sep 2008
Recent claims from the oil giant's chief executive suggesting tar sand extraction is required to slow the shift to coal may have caught the eye, but as BusinessGreen.com discovers they do not make much sense 28 Aug 2008 More in-depth
Post your comment
Send an email to the Business Green editor at feedback@businessgreen.com
