The authors of the House of Lords Select Committee report on Personal Internet Safety are seeking comment on the Government Response with a view to doing a follow up exercise. The Earl of Erroll, explains why, in this “guest blog”.
"Our report was focussed on the threats to consumers and their children, not e-crime as a whole. The Government response was there was no hard evidence of a serious problem, they were supporting awareness campaigns, such as Get Safe On-line, it was all too difficult and they were planning to support a co-ordinating unit anyway. It is now nearly two years since the previous co-ordinating unit was disbanded and six months since the web-site for reporting "non-urgent" crime was taken off-air.
We didn't want more talk. There’s a lack of action in the government response to our report. If someone doesn’t take some leadership, the civil service won’t have the clout to say to their masters “we need some budget to sort this out”. We want to shake things up so we are not in the same position in a year’s time. If we don’t push, nothing will happen.
We were looking at the issues from the point of view of the individual. The Banks came to us and said they were only losing £33.5m last year to fraud, but they off-load all the liability for Card Not Present transactions onto the merchants, many of them small. Most individuals are only losing £500 or £1000 a month: too small to bother to report, let alone investigate. Nobody seemed to care and there was nobody to report it to. The police say it’s too small and we haven’t got time. But that might well be the family’s mortgage repayment and large volumes of small amounts can have a huge impact. It’s a major problem. A lot of people say the next generation will know how to avoid e-crime. But there’s always going to be greedy and gullible people in every generation. Technology is not going to provide the solution because of social engineering, ever more plausible reasons to click the button or contact your supposed “new friend”. We must educate the public - but “train and blame” is not enough.
The UK is effectively a safe haven for e-crime, as there’s no risk of prosecution because each crime is too small. We need to take a random ten per cent every year and prosecute them to encourage the younger generation not to get involved in it. Small-scale fraud added together becomes large scale.
More regulations won’t work – we need incentives. Greater liability might give the incentive for greater security. Liability needs to be shifted onto those who are in a position to take effective action – that means the banks and the communications providers. That was one of our main recommendations and Government has ignored it.
We also said that Information Commissioner needs proper teeth. The problem of having to wait to shut the stable door until after the horse has bolted is completely ridiculous.
But we also need a proper police crime unit. The National High Tech Crime Unit was providing some sort of training and resource to the local police forces – perhaps not enough but at least some. Police forces are organised on a local basis because most burglars live close by. One of the challenges of the Internet is that you can have low individual value burglaries even when the person lives a long way away.
Which police force deals with this? We need a national co-ordinating unit at the very least. The sums being asked for by the police are quite small, only £1.5m to get this thing off the ground, because then the private sector will join in to help protect their customers, as in the United States. But it does have to have a government paid police core.
So why the delay over such a small sum? I cannot see any valid reason. That is why I signed the petition on the Number 10 website calling for support for the proposed police e-crime co-ordinating unit
The launch of the Information Security Awareness Forum bringing together the work of the ICT professional bodies is this area is a great idea – but government also needs to get its act together and improved awareness is not enough.
As I said earlier we need to move from debate to action. Please read the Government response to our report and then send your comments to the Clerk to the Select Committee or post them to this blog for Philip Virgo to forward.”
Merlin Erroll
Comments (2)
I hope Lord Errol won't mind me disagreeing with him on one point - trying to saddle the communications providers with liability is the slippery slope to a lot of bad things. Once the "common carrier" status is broken, for whatever good reason, a whole can of worms is opened that would increase the providers' liability, push up their insurance premiums, force the smaller ones out of business and, eventually, be anti-competitive and counter-productive.
My view is that communications providers need more and clearer immunity, not less. It's not their fault (in the sense they don't originate it) and there's not really that much they can do about it. To attempt to do so would impose a huge administrative burden and cost. Look at Yahoo - big resources, much trumpeted smart Spam filtering and yet loads of it still gets through because the truth is the bad guys have more motivation and resources.
There are some things ISPs, etc, can do that don't interfere with their common carrier status but which do mitigate the impact of Spam and one of its most common origins, compromised client machines ("bots").
Spam could have been dramatically reduced ten or more years ago when the discussions about email sender authentication were going on but the industry conspicuously failed to agree on a common standard. The truth is industry wants Spam but they want it to be their Spam.
As for the bots, that's largely a problem caused by software and system providers supplying machines that are insecure by design or configuration. When I installed a standard Windows XP PC on a broadband modem (as opposed to a router/firewall) for a friend a few years ago, it was attacked and compromised within five minutes.
ISPs can do inbound port blocking although firewall/router boxes have largely made this unnecessary. Ultimately, the ISPs cannot be liable for users browsing carelessly or opening email attachments thoughtlessly. Maybe, the new version of Internet Explorer will help but neither ISPs, software vendors or system suppliers can prevent people being stupid.
Above all, we must not give in to the cries of "something should be done", fuelled by eye-catching headlines, and fall into the trap of legislating in haste. There is far too much bad publicity about the Internet and not enough good publicity - it's all too easy to forget the great good that it has brought about in its 30+ years of existence. Don't let a few crooks spoil all that.
Posted by Andrew Hardie | March 18, 2008 2:56 PM
Posted on March 18, 2008 14:56
BREAKING NEWS
CARROLL FOUNDATION TRUST ORGANISED CRIMINAL CONSPIRACY AND CORRUPTION CASE
HSBC - KROLL N Cooper - Queen's Bankers / COUTTS BANK / BAE SYSTEMS TAG AVIATION /
SLAUGHTER & MAY G James S Hall L Wylde - SALANS / L Rosenblatt A Gaines M Alexander
>>> GOODMAN DERRICK I MONTROSE
'Named Partner'
IN
- Primary Criminal Suspects / International Criminal Syndicate -
R Bray & Co / / HASLERS / DLA PIPER - R Lane - Smith N Pike - LG
-- The United Kingdom's Enron Case --
The Carroll Foundation Trust Criminal Case - Britain's Longest Running Largest Organised Criminal Conspiracy and Corruption Case - $ One Billion Dollars ( $ 1.000.000.000 ) Embezzlement of Funds Criminal Liquidation of Assets on a World Wide basis. GJH Carroll primary victim subject of personal protection security following violent attacks with the use of firearms other weapons.
Full and Complete Criminal Evidence in LOCKDOWN at Britain’s Scotland Yard - Sir Paul Stephenson Commissioner Metropolitan Police New Scotland Yard London UK - US State Department - FBI - within a major Cross-Border International Criminal Conspiracy and Corruption Case.
Notice: Kingston Smith / E Robinson / Trust Auditors / GJH Carroll Trust - Carroll House - Westminster London SW1 - Break - Ins / Theft Burglarys - Forged / Falsified Lease / Sale Profiles - LOCKDOWN - New Scotland Yard London UK - US State Department - FBI Washington Field Office USA
--------------------------------------------------------------------------------
Notice: Kingston Smith / E Robinson / Trust Auditors - Manches - 'The Criminal Syndicate Solicitors' - LOCKDOWN - Scotland Yard - Sir Paul Stephenson Commissioner Metropolitan Police New Scotland Yard London UK - US State Department - FBI - USA
--------------------------------------------------------------------------------
Notice: Salans / 'The Criminal Syndicate Solicitors' - Croydon Power House / Urban Finance Corp. - Embezzlement Fraud Case - LOCKDOWN - Scotland Yard - Sir Paul Stephenson Commissioner Metropolitan Police New Scotland Yard London UK - US State Department - FBI - USA
Notice: Grant Thornton / Scott Barnes - 'The Criminal Syndicate Receivers' - Galleria - Croydon Power House / Gill Rose Fennemores Grant Thornton - Carroll / Yorkshire Property Holdings
Embezzlement Fraud Case - LOCKDOWN - Scotland Yard - Sir Paul Stephenson Commissioner Metropolitan Police New Scotland Yard London UK - US State Department - FBI - USA
--------------------------------------------------------------------------------
Notice: Norton Rose / GJH Carroll Trust Solicitors - LOCKDOWN - Russian Invesment Corp. - Russian Federation - LOCKDOWN - FSB / Kremlin Moscow Russian Federation
--------------------------------------------------------------------------------
Notice: Carlton Baker Clarke - 'The Criminal Syndicate Accountants'- LOCKDOWN - Russian Federation - LOCKDOWN - FSB / Kremlin Moscow Russian Federation
--------------------------------------------------------------------------------
Notice: Loeb & Loeb / GJH Carroll Trust Solicitors / Carroll Hughes Estate Interests - USA - LOCKDOWN - Scotland Yard - Sir Paul Stephenson Commissioner Metropolitan Police New Scotland Yard London UK - US State Department - FBI - USA
--------------------------------------------------------------------------------
Notice: Faegre Benson / 'The Criminal Syndicate Solicitors' - LOCKDOWN - MOD Farnborough - Carroll Joint Ventures Corp. / Strategic Research Development Corp. - Carroll Aircraft Corp. - Carroll Hughes Estate Interests - USA - LOCKDOWN - Scotland Yard - Sir Paul Stephenson Commissioner Metropolitan Police New Scotland Yard London UK - US State Department - FBI - USA
--------------------------------------------------------------------------------
Notice: Edwards Duthie / GJH Carroll Solicitors - The London Residence - Eaton Square Belgravia London SW1 - Break - Ins / Theft Burglarys - Forged / Falsified Lease Profiles - LOCKDOWN -Vizards Wyeth / Boodle Hatfield / The Kent & Essex Police / New Scotland Yard London UK - US State Department - FBI Washington Field Office USA
--------------------------------------------------------------------------------
Roger Facer - HMG - MOD / Rand Corp. / Carroll Institute - Carroll Foundation Trust
Carroll Foundation Trust - Blog / SRA Fraud Case http://www.carrollfoundationtrust.blogspot.com
Carroll Foundation Trust - Blog / Most Wanted http://carrollfoundationtrustmostwanted.blogspot.com
CNN / Sky / BBC interview / Global News Services / The Global Website http://www.carrollfoundationtrust.org
Posted by Carroll Foundation Trust | December 24, 2008 5:01 PM
Posted on December 24, 2008 17:01