Feeds

UK.gov lambasted for ignoring peers' cybercrime report

Either stupid or ignorant, fumes security researcher

The essential guide to IT transformation

A leading security expert has criticised the UK government for ignoring recommendations on tackling cybercrime from peers.

The House of Lords' Science and Technology Committee produced a five point plan for tackling cybercrime and safeguarding e-commerce after extensive consultations with experts in industry and academia.

Proposals in the committee's Personal Internet Security report included establishing a centralised and automated system for the reporting of e-crime and enacting US-style data breach notification disclosure laws.

More controversially, the committee argued for moves towards making suppliers legally liable for damage resulting from security flaws.

The government responded last week to the August report of the committee that "turned down pretty much every recommendation", according to a security researcher who aided peers in their hearings.

Richard Clayton, a security researcher at Cambridge University and long-time contributor to UK security policy working groups, has expressed deep frustration at the government's lack of action. He accuses the government of complacency, or worse, in a strongly worded critique posted on the University of Cambridge security blog.

Among the peers' key recommendations - after hearing testimony from experts from Microsoft, Cisco, Verisign, and others - were measures designed to collate information on the extent of cybercrime. Policies introduced last April mean the public is advised to report incidents of credit card fraud to the banks instead of to the police.

The peers, and experts such as Clayton, disagree with this policy. But the government officials turned down calls for a rethink. "They don't think that having the banks collate crime reports gets all the incentives wrong; and they 'do not accept that the incidence of loss of personal data by companies is on an upward path'," Clayton writes.

He argues that the government is burying its head in the sand through a combination of either ignorance or stupidity. "If the government was up-to-speed on what researchers are documenting, they wouldn't be arguing that there is more crime solely because there are more users - and they could not possibly say that they 'refute the suggestion... that lawlessness is rife'," Clayton laments.

He expresses frustration at the government's lack of action. "That's more than a little surprising, because the report made a great deal of sense, and their lordships aren't fools," Clayton writes.

Clayton's frustration is understandable, but the government's lack of action on the recommendation of a parliamentary committee looking at internet security issues is far from unprecedented.

When the All Party Internet Group of MPs looked at the nuisance of junk mail it heard testimony that criminal sanctions were necessary and that legislation ought to deal with spam emails sent to businesses as well as private individuals. The recommendations were ignored, leaving huge loopholes that have rendered UK anti-spam laws toothless. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?