Personal security forgotten in Rudd’s rush to broadband

Will Pope Francis have the vision to tackle this?

by Hannah Harborow

110
Advocating risk management is not “victim blaming”

by Sarrah Le Marquand

210
Defeating bullying one child at a time

by Peter James

310
Why can’t I be pope?

by Xavier Toby

410
My democratic dilemma after the death of a despot

by Gabriel Pizani

510
Punch on: Open thread 14/03/2013

by The Punch Team

610
Atheist church’s faithless flock proves value of religion

by Sam Clench

710
There’s no such thing as a free bus ticket

by Jessica Irvine

810
Politicians can’t control the economy

by Albert Alla

910
How far do the National Rifle Association’s sights focus?

by Scott Limbrick

1010

by Alastair MacGibbon

18 Aug 05:45am

Must Reads

The Punch is moving house

385

Will Pope Francis have the vision to tackle this?

122

Advocating risk management is not “victim blaming”

251

Filed under: Broadband, Crime, Internet, Online

10 comments

July and August have seen a lot of activity around the new National Broadband Network (NBN). Three Tasmanian towns will be the first linked in the network that will eventually stretch all the way around Australia. The Prime Minister has likened the NBN project to the Snowy Mountains Scheme.

Mark Knight in The Herald-Sun: security the forgotten part of Rudd's nation-building broadband venture.

The plan is for the NBN to bring 100 megabits of data, per second, to 90% of Australian homes - right to the front door - which is very different to today’s broadband experience. Actually, it’s a bit like trading up from a ride-on lawn mower to a sports car.

Politics and the economic and technical hurdles of building such a national network aside, super-fast broadband will deliver economic and social benefits. And risks.

The Federal Government’s July 2009 report Australia’s Digital Economy: Future Directions heralds the benefits - the ability to sell goods and services to the world, and ‘cloud computing’ where software and data are stored on the internet and accessed as needed. The report also mentions telecommuting and education, medical advances and smart homes where household energy usage could be remotely monitored and altered.

But the report only makes passing reference to confidence, safety and security. This is a critical oversight - intentional or not. The number and scope of attacks against computers - and their users - is increasing exponentially. The risk to society is real not virtual.

In recent years online crime has evolved from a cottage craft to an industrialised process. Uptake of technologies has outpaced our capacity to deal with the unintended consequences: ranging from exposing our children to inappropriate content to relying upon insecure computers for sensitive transactions. An NBN will see more computer use, activity, and risk, in equal parts.

Criminals break into computers to steal information (like credit card details, email addresses, passwords, corporate secrets) and use or sell it. There are well developed markets trading in this information. And they can add the compromised computer to networks of other compromised computers called “botnets”. Botnets are controlled remotely, and can be used to shut down the internet activities of businesses and governments through distributed denial of service (DDOS) attacks, often demanding money for the attacks to stop.

We know only a fraction of the economic and social impact of internet crimes. Internet crime is incorrectly viewed as “virtual” and assigned a lower priority by police and consumer protection agencies. And it’s hard to report. Sometimes it is hard to get anyone to listen.

A victim may try to report a matter to the ACCC, but only if the complaint is about an Australian business - state Offices of Fair Trading are no more helpful. The Australian Communications and Media Authority will take a complaint about internet content, but is almost powerless to act. State and Federal police (with the exception of Queensland) are not keen on internet based crime reporting, only passively interested if the offender resides in their jurisdiction.

Should the onus be on victims to know the bureaucratic idiosyncrasies, the business registration status or the location of their attacker to report an incident? On the whole business and consumers have been left to protect themselves and to clean up the mess when things go wrong.

It is easy to see how problems keep occurring. The Australian Communications and Media Authority, Australia in the Digital Economy Report 1: Trust and Confidence (March 2009) highlights the complacency by the Australian internet population - less than 50 per cent of survey respondents installed anti-virus software, and even fewer had firewalls or other protective measures.

Government education efforts have been well intentioned but sporadic, failing to reach most homes and businesses, and certainly not changing user behaviour. The Australian Government needs to undertake a sustained “public health” style approach - in conjunction with responsible online businesses - to changing e-security habits.

A single online portal (and a clearinghouse) must be established for victims to report online incidents. This would help victims, while providing the government - for the first time - a true understanding of the threat and damage. Offenders who hide in jurisdictional and bureaucratic fragmentation are more likely to be outed.

Australia has a good legislative regime for fighting online crime. We need to avoid knee jerk legislation. Agencies need to re-double their cooperation with industry, as industry holds the key to much of this and will be critical for gaining ground back from criminals. If government wants to intervene, their focus should be on criminals who attack computer systems and the judiciary who grant them good behaviour bonds when caught. Virtual crime doesn’t have to mean virtual sentencing.

Agencies fighting online crime often take a narrow, demarcated, approach to jurisdiction. Some good capacities have been developed, but they lack scale and universal application. A comprehensive national strategy which brings consumer protection, law enforcement and security agencies together is essential. To then cooperate, aggressively, with international counterparts at least puts our regulators on a similar ‘borderless’ playing field as Internet criminals.

Peter Coroneos of the Internet Industry Association recently suggested that the government use 1 per cent of its planned $43 billion budget for the NBN to address network security issues. This is reasonable. But let’s take some of that $430 million to establish government structures to protect businesses and consumers in the information age. A change of attitude and a cohesive national strategy is free.

It would be a shame if the government pulls off this exercise but forgets a critical ingredient: the wellbeing of users. Like a Snowy Mountains Scheme without water.

- Alastair MacGibbon is founder of the Internet Safety Institute. Previously he was the founding Director of the Australian High Tech Crime Centre, and after that, head of Trust & Safety for eBay Asia Pacific

Share post:
Print page:
- Print Article

10 comments

Show oldest | newest first

- Reece says:
  
  08:38am | 18/08/09
  
  Larger pipes doesn’t mean more security vulnerabilities. Yes, there needs to be some form of uniform education across the board for online security - but this has nothing to do with better infrastucture.
  
  As for your clearinghouse idea for the whole of Australia to report ‘online incidents’ - are you kidding?! I can almost see the headlines, “GOVERNMENT SHAMED: BILLIONS WASTED ON IRRELEVANT SPAM REPORTING AUSTRALIA-WIDE”.
  
  Reply
- Hartog says:
  
  09:32am | 18/08/09
  
  “Agencies need to re-double their cooperation with industry” When did they last double it?
  
  Reply
- Zeta says:
  
  11:20am | 18/08/09
  
  I’m so sick of pundits and supposed experts throwing spanners into the works of my 100 megabit internet. You know what? I don’t care. I don’t care if Russian script kiddies steal all your credit card details. I want to be able to play Call of Duty 4 without lagging so bad I keep getting shot by the same 12 year old Korean kid who insits on yelling ‘kekekekeke’ into the microphone every damn time. I try to tell him that I’m lagging because Prime Minister Kevin Rudd hasn’t lived up to one of his core election promises yet, and he doesn’t care, in fact it just spurs him on; it’s like he just waits for me to get up from my couch to check my modem to stab me in the back. Do you, Mr. Internet Safety expert, have any idea how embarrasing it is to be stabed in the back while holding a machine gun in a game that lets you call down air strikes? Imagine how General Petraeus feels, with his multi billion Army in Iraq getting beaten every day by road side bombs and you don’t even get close, because George Bush never had pWnEdu69 yelling at him through XBox Live the whole time. But that wouldn’t happen in real life, it only happens to people like me on ridiculously slow connections. A slow connection I pay 99.95 per month for, because it’s supposedly the fastest one Telstra offers.
  
  So go buy BitLocker or something, or just don’t use your credit card on sites you don’t trust, and get some proxies. I use seven, but that’s mostly because I don’t want to the Government from knowing how often I visit The Punch each day. Because some of us want fast internet and we don’t care how we get it.
  
  Reply
- Al says:
  
  12:44pm | 18/08/09
  
  I agree with Reece. Having faster internet, or as it will be in reality, just basic developed world standard data transfer speed, does not inherently increase the risk and rate of internet crimes or vulnerability.
  
  It is unfair to try and link not having money for the NBN devoted to security as a flaw in the plan. Governments cannot be expected to legislate and take responsibility for every mistake or act of ignorance of the people they govern.
  
  If you are surfing the net with no firewalls or anti-virus software or you reply to an email from a “friendly Nigerian chap” who seeks your assistance in laundering his “inheritance” and needs your credit card details, then is it not fair to consider that you have to wear some of the blame and take responsibility for your own actions?
  
  There is no reason with the current levels of publicity and information provided by governments and their agencies that people should be able to claim they didn’t know. Surely even if people have somehow missed all media reports and warnings then they have heard of a friend of a friend who had their credit card details compromised or other online fraud. When hearing these stories through friends, isn’t it reasonable to expect people to independently ask the questions could that happen to me and how can I protect myself?
  
  When it comes to creating agencies that can “cooperate, aggressively, with international counterparts at least puts our regulators on a similar ‘borderless’ playing field as Internet criminals” I would suggest that attempting to do so inside the scope of the NBN package is fraught and indeed utterly pointless. That sort of internet policing and prosecution would have to be dealt with by international agreements through bodies like the UN or regional institutions as it ultimately comes down to a question of sovereignty and history demonstrates that States take sovereignty very seriously. What do you think the Chinese Governments reaction would be if Australian authorities attempted to charge the hackers who targeted the MIFF websites a few weeks ago?
  
  Reply
- jim says:
  
  01:08pm | 18/08/09
  
  The solution is simple. Implement Tarriffs for communications outside Australia. With the Money the Business pay for access/licences.
  
  If a hacker came through from overseas, using one of the licences. Then its a matter of revoking the licences, blocking access globally unless the licencee fixes the issue, get the police to lay charges on the hackers.
  
  If not, thats it, close down their business.
  
  Reply
- Julie Coker-Godson says:
  
  01:40pm | 18/08/09
  
  I’ve read recently that a quote of $20,000 per premises is quoted for this high speed broadband. If that is true, then I guess I won’t have to worry about security because I won’t be able to access it on a pension. Why do these developments always have to be available only to those who can afford it? It gives me the shites.
  
  Reply
- John says:
  
  09:01am | 19/08/09
  
  Great insights. The NBN is all about advancing the digital economy and without confidence in how your personal information - from your blood type to to bank accounts - will be transacted in this economy this investment will not pay off. What we need is a on-going whole-of-community education programme like we have done with speeding or sunscreen to ensure we empower citizens to be digitally smart on-line. A ‘Slip Slop Slap’ for the internet is not a lot to ask.
  
  Reply
- Ian Clarke says:
  
  06:11pm | 19/08/09
  
  Spot on Alastair. If this massive increase of bandwidth is provided to so many under informed individuals, the havoc wrecked and personal trauma caused by the right (wrong) industrial malware and other organized information gathering attacks could be truly crippling and cause many of the unintended consequences you outline and possibly more. While organizing a reporting mechanism for quick tactical targeting and the opportunity to take action on predators seems daunting, with the scale of this program it can certainly be done.
  An increase of speed of this magnitude is thrilling and can, and will, be truly transformational. It is critical safety and security is fully planned for and funded on an ongoing basis.
  Excellent supporting points John.
  
  Reply
- Stephen Wilson, Lockstep Technologies says:
  
  09:39am | 26/08/09
  
  Bravo!f If the NBN is critical infrastructure for the digital economy (nay, the economy full stop) then clearly it needs to be engineered with built-in security.
  
  However, I fear there is still too great a bias in the Australian policy environment towards education and information sharing in the response to cyber crime. The dominant laissez faire philosophy of Technology Neutrality has morphed into technology timidity and is a key factor that enables cybercrime to flourish. While regulators concentrate on policy, information sharing and awareness programs, organised crime gangs run amok online because so little is being done in prevention. You wouldn’t see the chief response to bank robbery being “information sharing”.
  
  The root cause of most identity theft—especially online credit card fraud—is the ridiculous ease with which personal information can be stolen and replayed. Yet even as we get ready in the health sector for new national Individual Health IDs, service providers are loathe to adopt more sophisticated authentication technologies. Convenience trumps security everytime.
  
  Paradoxically in certain sectors we embrace security technology. For instance, we take more care with car keys than we do with the digital keys to Internet banking, commerce and government services. So it’s not surprising that losses due to identity fraud in Australia, at well over a billion dollars p.a., exceeds the cost of car theft.
  
  Reply
- Stephen Wilson says:
  
  11:25am | 26/08/09
  
  Bravo! If the NBN is critical infrastructure for the digital economy (nay, the economy full stop) then clearly it needs to be engineered with built-in security.
  
  However, I fear there is still too great a bias in the Australian policy environment towards education and information sharing in the response to cyber crime. The dominant laissez faire philosophy of Technology Neutrality has morphed into technology timidity and is a key factor that enables cybercrime to flourish. While regulators concentrate on policy, information sharing and awareness programs, organised crime gangs run amok online because so little is being done in prevention. You wouldn’t see the chief response to bank robbery being “information sharing”.
  
  The root cause of most identity theft—especially online credit card fraud—is the ridiculous ease with which personal information can be stolen and replayed. Yet even as we get ready in the health sector for new national Individual Health IDs, service providers are loathe to adopt more sophisticated authentication technologies. Convenience trumps security everytime.
  
  Paradoxically in certain sectors we embrace security technology. For instance, we take more care with car keys than we do with the digital keys to Internet banking, commerce and government services. So it’s not surprising that losses due to identity fraud in Australia, at well over a billion dollars p.a., exceeds the cost of car theft.
  
  Reply

Sorry, comments are now closed for this article.

Facebook Recommendations

Read all about it

Punch live

Up to the minute Twitter chatter

drpiotrowski 24 May 13 06:19PM

@SquigglyRick likewise!

drpiotrowski 24 May 13 06:00PM

Hurray racism is fixed no protesters at anti-Islam demonstration http://t.co/hRFbZq8u9h

ToryShepherd 24 May 13 05:53PM

OI TWITTER! Need your best misheard lyrics pronto for @891adelaide's #thebuzz! Hit me, please!

drpiotrowski 24 May 13 05:51PM

@SquigglyRick I really meant without me writing any news

See all tweets

Nosebleed Section

choice ringside rantings

From: Hasbro, go straight to gaol, do not pass go

Tim says:

They should update other things in the game too. Instead of a get out of jail free card, they should have a Dodgy Lawyer card that not only gets you out of jail straight away but also gives you a fat payout in compensation for daring to arrest you in the first place. Instead of getting a hotel when you… [read more]

From: A guide to summer festivals especially if you wouldn’t go

Kel says:

If you want a festival for older people or for families alike, get amongst the respectable punters at Bluesfest. A truly amazing festival experience to be had of ALL AGES. And all the young "festivalgoers" usually write themselves off on the first night, only to never hear from them again the rest of… [read more]