Feeds

UK.gov lambasted for ignoring peers' cybercrime report

Either stupid or ignorant, fumes security researcher

Top 5 reasons to deploy VMware with Tegile

A leading security expert has criticised the UK government for ignoring recommendations on tackling cybercrime from peers.

The House of Lords' Science and Technology Committee produced a five point plan for tackling cybercrime and safeguarding e-commerce after extensive consultations with experts in industry and academia.

Proposals in the committee's Personal Internet Security report included establishing a centralised and automated system for the reporting of e-crime and enacting US-style data breach notification disclosure laws.

More controversially, the committee argued for moves towards making suppliers legally liable for damage resulting from security flaws.

The government responded last week to the August report of the committee that "turned down pretty much every recommendation", according to a security researcher who aided peers in their hearings.

Richard Clayton, a security researcher at Cambridge University and long-time contributor to UK security policy working groups, has expressed deep frustration at the government's lack of action. He accuses the government of complacency, or worse, in a strongly worded critique posted on the University of Cambridge security blog.

Among the peers' key recommendations - after hearing testimony from experts from Microsoft, Cisco, Verisign, and others - were measures designed to collate information on the extent of cybercrime. Policies introduced last April mean the public is advised to report incidents of credit card fraud to the banks instead of to the police.

The peers, and experts such as Clayton, disagree with this policy. But the government officials turned down calls for a rethink. "They don't think that having the banks collate crime reports gets all the incentives wrong; and they 'do not accept that the incidence of loss of personal data by companies is on an upward path'," Clayton writes.

He argues that the government is burying its head in the sand through a combination of either ignorance or stupidity. "If the government was up-to-speed on what researchers are documenting, they wouldn't be arguing that there is more crime solely because there are more users - and they could not possibly say that they 'refute the suggestion... that lawlessness is rife'," Clayton laments.

He expresses frustration at the government's lack of action. "That's more than a little surprising, because the report made a great deal of sense, and their lordships aren't fools," Clayton writes.

Clayton's frustration is understandable, but the government's lack of action on the recommendation of a parliamentary committee looking at internet security issues is far from unprecedented.

When the All Party Internet Group of MPs looked at the nuisance of junk mail it heard testimony that criminal sanctions were necessary and that legislation ought to deal with spam emails sent to businesses as well as private individuals. The recommendations were ignored, leaving huge loopholes that have rendered UK anti-spam laws toothless. ®

Internet Security Threat Report 2014

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.