Lords report promotes security online

The House of Lords Science and Technology Committee have published their fifth report today, which makes a variety of recommendations to legislators, the police, businesses and citizens to improve personal security on the internet. The full report is now available to download.

Much of this morning’s media coverage is focussing on recommendations to create a dedicated e-crime unit, or to develop BSI kitemarks for security in internet services. But the report makes other recommendations too. For example, the Committee recommends introducing some kind of liability regime for software vendors, although it recognises the potential side effects this might have on innovation, or on open source software. The report sets up an interesting debate on this issue between some of the Committee’s expert witnesses – including Bruce Schneier, Jonathan Zittrain and Alan Cox – which is well worth reading (go to para 4.25).

The report also makes some radical recommendations for network level security, suggesting that Internet Service Providers’ traditional defence against liability for bad traffic on their networks – that they are “mere conduits” – should be looked at again. But any re-examination of ISP liability needs to be handled very carefully. As notice and takedown practices tied to suspected copyright infringement have shown, ISPs are not best placed to police the network, and can be expected to react to this kind of pressure by knocking users off the network without appropriate levels of investigation into those users’ actions.

Other recommendations include more research funding for computer security groups and a re-examination of the Computer Misuse Act. The Committee also adds its voice to the chorus of people calling for greater powers for the Information Commissioner’s Office. While such a detailed, considered and well-informed report should be welcomed, the digital rights community needs to pay close attention to how policy makers choose to interpret its recommendations.

More analysis of the report here and here.