Who would have imagined that the seemingly arcane British House of Lords would emerge as the defender of the web-surfing common man?
A recent report by the Lords' Select Committee on Science and Technology on The Internet and Personal Security, suggests that the Peers of the Realm are not the doddery, gout-ridden septugenarians, we might have assumed them to be.
Indeed, the Lords and Ladies of the Upper House took on the unenviable task of getting up to speed with the problems associated with "personal internet security" — or lack thereof — with apparent gusto, hearing evidence from all the usual suspects with vested interests in maintaining the status quo, such as software and hardware vendors, ISPs, financial services, as well as senior UK government officials and regulators, consumer advocates, law enforcement, and a motley crew of independent security experts, keen to kick up some dust.
The peers also road-tripped to the U.S. to meet with the Federal Trade Commission, visited various computer labs where thrilling things were being done (with resources greatly in excess of those available in the UK); they had a 'one- on- one" conversation with Symantec CEO John Thompson. And, (not to be out-done by Symantec), they accepted an invite to visit Microsoft HQ in Redmond, where the Herculean security efforts underway at the mothership were undoubtedly explained at length.
What is clear from the report is that these forays into the geek wilderness did not befuddle the peers, but rather they ended up with an impressive grasp of the issues, that is nicely complimented with a solid dose of everyman common sense. Indeed, there is much in the report that the Canadian — and other governments — ought duly consider.
The peers fully comprehended that it might be in industry's best interest to "promote solutions from which they stood to profit," or to ignore those that might "create costs." Therefore, they indicated they had no choice but to treat evidence from industry with "a degree of scepticism."
However, they were more severe with the U.K. government for falling, as they saw it, hook, line and sinker for various devastating scenarios painted by the ISP industry, should they be forced to do more about end-user security. The ISPs sided with the U.K. government in its "end-user responsibility" argument, which the Lords plainly hated, and they went down in flames as a result.
The peers indicated that the success of the Internet is founded on the confidence of the users, and that lackluster government efforts to educate users may be having a negative effect in creating fear and panic, without provided any real guidance on how to solve the underlying issues.
They recommended that the ISPs lose some of their traditional immunity to lawsuits, by making them liable to third parties if they fail to sand-box or isolate virus infested computers or spammers, that they locate on their networks.
U.K. ISPs must be sobbing like infants as we speak — and gearing up for a more successful lobbying effort next time around.
Indeed, it is clear that the peers were a tough crowd, and several other lobbyists came a cropper at their hands. The U.K. payments association APACS, and the banks got a rough ride by inexplicably suggesting that it is not the banks that are having problem, but the consumers (i.e. we are not being hacked, it's the dumb users) — the peers indignantly reminded them that the money that banks invest belong not to them, but to these same dumb users, and they promptly proposed legislation to protect consumers from e-fraud (and the recalcitrant banks in question).
