Personal security forgotten in Rudd’s rush to broadband
July and August have seen a lot of activity around the new National Broadband Network (NBN). Three Tasmanian towns will be the first linked in the network that will eventually stretch all the way around Australia. The Prime Minister has likened the NBN project to the Snowy Mountains Scheme.
The plan is for the NBN to bring 100 megabits of data, per second, to 90% of Australian homes - right to the front door - which is very different to today’s broadband experience. Actually, it’s a bit like trading up from a ride-on lawn mower to a sports car.
Politics and the economic and technical hurdles of building such a national network aside, super-fast broadband will deliver economic and social benefits. And risks.
The Federal Government’s July 2009 report Australia’s Digital Economy: Future Directions heralds the benefits - the ability to sell goods and services to the world, and ‘cloud computing’ where software and data are stored on the internet and accessed as needed. The report also mentions telecommuting and education, medical advances and smart homes where household energy usage could be remotely monitored and altered.
But the report only makes passing reference to confidence, safety and security. This is a critical oversight - intentional or not. The number and scope of attacks against computers - and their users - is increasing exponentially. The risk to society is real not virtual.
In recent years online crime has evolved from a cottage craft to an industrialised process. Uptake of technologies has outpaced our capacity to deal with the unintended consequences: ranging from exposing our children to inappropriate content to relying upon insecure computers for sensitive transactions. An NBN will see more computer use, activity, and risk, in equal parts.
Criminals break into computers to steal information (like credit card details, email addresses, passwords, corporate secrets) and use or sell it. There are well developed markets trading in this information. And they can add the compromised computer to networks of other compromised computers called “botnets”. Botnets are controlled remotely, and can be used to shut down the internet activities of businesses and governments through distributed denial of service (DDOS) attacks, often demanding money for the attacks to stop.
We know only a fraction of the economic and social impact of internet crimes. Internet crime is incorrectly viewed as “virtual” and assigned a lower priority by police and consumer protection agencies. And it’s hard to report. Sometimes it is hard to get anyone to listen.
A victim may try to report a matter to the ACCC, but only if the complaint is about an Australian business - state Offices of Fair Trading are no more helpful. The Australian Communications and Media Authority will take a complaint about internet content, but is almost powerless to act. State and Federal police (with the exception of Queensland) are not keen on internet based crime reporting, only passively interested if the offender resides in their jurisdiction.
Should the onus be on victims to know the bureaucratic idiosyncrasies, the business registration status or the location of their attacker to report an incident? On the whole business and consumers have been left to protect themselves and to clean up the mess when things go wrong.
It is easy to see how problems keep occurring. The Australian Communications and Media Authority, Australia in the Digital Economy Report 1: Trust and Confidence (March 2009) highlights the complacency by the Australian internet population - less than 50 per cent of survey respondents installed anti-virus software, and even fewer had firewalls or other protective measures.
Government education efforts have been well intentioned but sporadic, failing to reach most homes and businesses, and certainly not changing user behaviour. The Australian Government needs to undertake a sustained “public health” style approach - in conjunction with responsible online businesses - to changing e-security habits.
A single online portal (and a clearinghouse) must be established for victims to report online incidents. This would help victims, while providing the government - for the first time - a true understanding of the threat and damage. Offenders who hide in jurisdictional and bureaucratic fragmentation are more likely to be outed.
Australia has a good legislative regime for fighting online crime. We need to avoid knee jerk legislation. Agencies need to re-double their cooperation with industry, as industry holds the key to much of this and will be critical for gaining ground back from criminals. If government wants to intervene, their focus should be on criminals who attack computer systems and the judiciary who grant them good behaviour bonds when caught. Virtual crime doesn’t have to mean virtual sentencing.
Agencies fighting online crime often take a narrow, demarcated, approach to jurisdiction. Some good capacities have been developed, but they lack scale and universal application. A comprehensive national strategy which brings consumer protection, law enforcement and security agencies together is essential. To then cooperate, aggressively, with international counterparts at least puts our regulators on a similar ‘borderless’ playing field as Internet criminals.
Peter Coroneos of the Internet Industry Association recently suggested that the government use 1 per cent of its planned $43 billion budget for the NBN to address network security issues. This is reasonable. But let’s take some of that $430 million to establish government structures to protect businesses and consumers in the information age. A change of attitude and a cohesive national strategy is free.
It would be a shame if the government pulls off this exercise but forgets a critical ingredient: the wellbeing of users. Like a Snowy Mountains Scheme without water.
- Alastair MacGibbon is founder of the Internet Safety Institute. Previously he was the founding Director of the Australian High Tech Crime Centre, and after that, head of Trust & Safety for eBay Asia Pacific
Read all about it
Up to the minute Twitter chatter
The latest and greatest
Good morning Punchers. After four years of excellent fun and great conversation, this is the final post…
I have had some close calls, one that involved what looked to me like an AK47 pointed my way, followed…
In a world in which there are still people who subscribe to the vile notion that certain victims of sexual…