Keep your PC clean - or we'll shut you down

UK and US users reject Oz supernanny model

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Analysis When it comes to protecting our personal and financial data online, the Australian solution – of cutting off users who fail to maintain their PC security - may have a lot of appeal.

But in the week when UK consumers are asked to turn their minds to questions of online safety, the real focus may need to be not so much on technological fixes, as on the underlying legal framework – and the lack of trust that most people have for financial institutions.

First up is that Australian solution. From December, ISPs will be encouraged to alert customers when their computers are taken over by hackers. So far, so good. The sting in the tail, however, is a parallel proposal that means ISPs may – or may even be encouraged to – limit access to the net if users fail to take prompt action.

The advantages of such a scheme are obvious: early and strict intervention would go a long way to disrupting botnets, which in turn are a major source for DDOS attacks elsewhere on the net. Since the Australian government has, itself, been the target of such attacks in the last year – most notably in protest over its internet filtering plans – it is clear that many would consider this scheme to be worth pursuing.

Other governments are also expressing an interest in this approach. Yahoo reports that Obama administration officials have been meeting with industry leaders and experts to address the issue of increasing online safety and securing the internet while balancing off individual privacy and civil liberties.

White House cyber-coordinator Howard Schmidt told the Associated Press that the US is looking at a number of voluntary ways to help the public and small businesses better protect themselves online. He told AP: "Without security you have no privacy. And many of us that (sic) care deeply about our privacy look to make sure our systems are secure".

Nonetheless, the Australian model is likely to run into fierce opposition from US critics, who continue to prefer a vision of the internet much closer to the Wild West than the tame shopping mall environment favoured by much US business.

A slightly different take on this issue is likely to emerge in the UK. Consumers want protection. However, in a report (pdf) released in support of the sixth National Identity Fraud Prevention Week, which started yesterday, the somewhat depressing finding for business is that less than 10 per cent of British citizens completely trust how companies handle their sensitive data.

There is also a deep-seated suspicion that "solutions" in this area are more about protecting the backs (and bottom lines) of corporate finance, than looking after consumer interests.

Consumers may have a point. One of the earliest instances of browser hijacking occurred in the years before broadband became widespread. A virus would download on to a user’s machine, log them off – and instantly re-log them to the internet through a premium rate call service.

Although a BT spokesman told us yesterday that BT eventually refunded some customers, the line at the time was one of strong resistance: customers were responsible for what happened on their home equipment – and therefore failure to block such an attack meant they were liable for any additional charges. This led to the ludicrous situation where BT was threatening to take court action against OAPs in the UK for failing to hand over money that was destined to fill the coffers of organised crime elsewhere in the world.

Similar issues arose with unauthorised cash machine withdrawals. According to the Banking Code of Practice, customers are indemnified against unauthorised use of their cards – providing they have not been negligent (by, for instance, writing down their PIN). In theory, it was up to banks to prove negligence: many simply took the view that a breach of their cash machine security was prima facie evidence of negligence – because their security was unbreakable! – and in some instances even prosecuted the victims for fraud.

Have matters improved? The BBC reports today that an increasing number of banks and retailers are obliging or requesting their customers to sign up for online security systems Verified by Visa or Mastercard SecureCode with customers on the grounds these will offer extra protection against fraud.

However, online security experts at Cambridge University criticise these systems on the ground that they encourage individuals to key confidential information into pages that they cannot be sure are genuine - and customers could end up liable for the loss.

Once again, there is evidence of individuals who have been defrauded by this route finding that banks are as likely to treat them as suspects as potential victims.

In the end, cutting off internet users and blaming victims for their plight may be a useful stick with which to beat the population into vigilance. But if ISPs and financial institutions rely only on the stick, they may find themselves running into increasing resistance from consumers who feel that responsibility should be shared – and not downloaded on to them. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.