A couple of stories in the news today caught my attention because they have very opposite perspectives on tackling cybercrime and Internet security.
First, the Australian government is thinking of making home computer users responsible for security1. They’re contemplating legislation to force users to install anti-virus programs and firewalls on their home computers before being allowed to connect to the Internet. And, if the computer becomes infected with malware, the owner could be summarily cut off from the Net until he can prove the computer is clean.
And then there’s KnujOn2, an independent Internet policy and security research group, that feels that the onus should be on ICANN to tighten its rules for Internet Registrars. They released a report this week that focuses on the illicit online pharmaceutical trade, and claim that, ‘Additional security threats like malware deployment, denial of service attacks, trademark hijacking, botnets, spam, WHOIS fraud, network intrusions, domain hijacking, Registrar corruption, and electronic money laundering are all tools of the global network of illicit drug traffic. Beyond the Internet this traffic impacts the health of the public while funding organized crime and terrorist groups.’
So who’s ultimately responsible for security the home owner or the System? I think the answer lies somewhere in between and beyond. Until there’s a global, consistent approach to tracking down and punishing the guys who abuse the Internet and its users, it will continue to be a money-making machine for some. So for now, while I really don’t agree with Australia’s legislated approach (and just how do they plan to enforce that?), I do think that it boils down to you and me: our best bet is to take matters into our own hands and learn about security. If we didn’t respond to phishing messages, if we didn’t click on questionable links or buy drugs from questionable sources, then the river of money would quickly dry up and criminals would have to find something else to do.
Thoughts?
References
1. http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490
2. http://www.knujon.com/knujon_audit0610.pdf
As much as Australia’s call makes me want to call for ‘mutinerie’, I do see some logic in it.
I’ll take an example to illustrate my thought..
To be able to drive a car SAFELY on the public roads, you need to learn and master a few basic skills and knowledge. You need a driving licence.
Why wouldn’t it be the same for the internet? Why would under-protected computers (and their owners) be less responsible/liable for the consequences than a drunk driver – both actions could have real life consequences (falling victim to a phishing of ID theft leading to personal bankrupcy, or being victim of a car crash accident and maimed for life)
Just thinking out loud here. I’m not saying Australia’s call is good (although they at least have the merit of doing *something*), but I am saying people should be at least in part responsbile for the devices they connect to the internet.