After raising a hue and cry with its planned mandatory internet filter, the Australian government is pondering a law requiring ISPs to disconnect users who don’t have a firewall and anti-virus software installed on their computer.
A report from the House Standing Committee on Communications Inquiry into Cyber Crime entitled The Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime recommends a new mandatory ‘e-security code of practice’ for ISPs. This code of practice would make ISPs force their customers to install anti-virus and firewall software. If a customer’s computer is infected, the code would see ISPs forced to restrict that user’s access and ultimately disconnect the customer from the internet completely until that system has been cleared of the infection.
“Home users are most vulnerable to cyber crime, often unwittingly exposing themselves and others to e-security risks through a lack of online protections,” says the introduction to the report. “While prevention through education is important, on its own education is insufficient to combat sophisticated cyber crime techniques. The Committee believes that it is time to shift our thinking toward a model where consumers, industry and government accept greater shared responsibility for personal Internet security.”
The nature of cyber crime, the report says, has undergone a transformation. The cyber criminal is “more likely to be part of a loosely linked network of hackers, middlemen and organised crime who combine to commit large scale online crimes for significant profit”.
All true, and no one disagrees that users need to be more responsible. But forcing ISPs to monitor their customers is not only a breach of privacy; it’s bound to be expensive, and a cost that will be passed on to customers.
One Aussie tech blogger called it “a further step towards a police state”.
Local security experts contacted by NetGuide compared holding ISPs responsible for infected PCs with “holding the NZTA responsible for those speeding”.
Education would be part of any new legislation, but in the end, only getting hacked, their identity stolen and their personal data compromised seems to wake computer users up to the risks they run if they go online unprotected. If passing a law could stop people being stupid, we’d have wiped out cyber crime long ago.
Another point: more and more people are now using webcapable mobile phones. In the case of the iPhone, for instance, there is no anti-virus software or firewall available. The sheer scale of internet usage, and the variety of ways it can be accessed, frankly makes such legislation look unworkable.