August 10, 2007 | Becky Hogge

Lords report promotes security online

The House of Lords Science and Technology Committee have published their fifth report today, which makes a variety of recommendations to legislators, the police, businesses and citizens to improve personal security on the internet. The full report is now available to download.

Much of this morning's media coverage is focussing on recommendations to create a dedicated e-crime unit, or to develop BSI kitemarks for security in internet services. But the report makes other recommendations too. For example, the Committee recommends introducing some kind of liability regime for software vendors, although it recognises the potential side effects this might have on innovation, or on open source software. The report sets up an interesting debate on this issue between some of the Committee's expert witnesses - including Bruce Schneier, Jonathan Zittrain and Alan Cox - which is well worth reading (go to para 4.25).

The report also makes some radical recommendations for network level security, suggesting that Internet Service Providers' traditional defence against liability for bad traffic on their networks - that they are "mere conduits" - should be looked at again. But any re-examination of ISP liability needs to be handled very carefully. As notice and takedown practices tied to suspected copyright infringement have shown, ISPs are not best placed to police the network, and can be expected to react to this kind of pressure by knocking users off the network without appropriate levels of investigation into those users' actions.

Other recommendations include more research funding for computer security groups and a re-examination of the Computer Misuse Act. The Committee also adds its voice to the chorus of people calling for greater powers for the Information Commissioner's Office. While such a detailed, considered and well-informed report should be welcomed, the digital rights community needs to pay close attention to how policy makers choose to interpret its recommendations.

More analysis of the report here and here.

Comments (3)

  1. Don’t shoot the messenger at machine-envy:
    Aug 16, 2007 at 04:26 PM

    [...] The day after I wrote it, the House of Lords Science and Technology Committee released an altogether more sensible critique of personal security online. It’s well worth a read, just for the amazing expert evidence their Lordships collected. Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages. [...]

  2. The Open Rights Group : Blog Archive » MPs call for tougher data protection regime:
    Jan 03, 2008 at 03:40 PM

    [...] recommendations echo those made by the House of Lords Science and Technology Committee in August 2007, recommendations that the Government rejected almost entirely. Perhaps the public outcry following [...]

  3. Steve:
    Dec 29, 2007 at 10:50 PM

    I'm quite unsure on a 'liability regime for software vendors', I feel this would impact the smaller companies with the bigger companies just wrapping the courts up in legal arguements costing lots of money. I look at microsofts tactics vs the eu and their general buggy os releases and feel something needs to be done, but it needs to be done without hurting the small players.

This thread has been closed from taking new comments.