Columns

Good Lords! Having slated several Government misadventures in computing, I was pleasantly surprised by the masterful report on personal Internet security from the House of Lords Science and Technology Committee, available from publications.parliament.uk/pa/ld/ldsctech.htm.

In the course of little more than a hundred pages, it succinctly summarises most of the key issues, and relates how the many key players - from operating system vendors, to ISPs, to enforcement agencies and watchdogs - have found excuses for doing as little as possible to address those issues.

My only slight disappointment is that it did not take a more robust view of the economic realities. Thus Group, owners of the original Demon ISP and more broadly purveyors of IP-based services to business, reported £18.9 million profit in the year ended in 2007, on revenues of £95 million. Cisco Systems, which supplies much of the Internet's hardware, reported about $2 billion net income on sales revenues of nearly $35 billion for the same year. Microsoft, whose operating systems are involved in the vast majority of security failures, reported more than $14 billion net income on sales revenues of $51 billion. eBay, whose business is reliant on the Internet and includes PayPal and Skype, reported over $1 billion net income on net revenues of nearly $6 billion for last year.

Despite these prodigious profits, and the vast global industry that is generating

ADVERTISEMENT

them, expenditure on tackling Internet crime is risible. After years of prevarication, the intended new UK Police Central ecrime Unit is projected to have a budget of just £4.5 million. There is still no international agency that is getting a grip on gangs operating from less responsible jurisdictions, and the UK has yet to ratify the Council of Europe's 2001 Convention on Cybercrime. No-one has the slightest idea of how much crime takes place over the Internet in the UK, and even finding the wherewithall to run an efficient Internet fraud reporting system seems beyond the budgetary capacity of this country. The Internet remains as lawless as the Wild West.

The reality is that most companies that reap richly from the Internet will only re-invest the absolute minimum that they feel obliged to, in order to defend security. It is as though every car vendor has agreed that fitting locks and alarms to cars is unnecessarily burdensome, so they will just leave it to owners to buy their own padlocks. Thankfully market forces would put pay to that with physical security, but too few individual purchasers of computer products understand even the basics of computer security, and too many corporate purchasing decisions appear irrational when viewed in the context of security.

The report's recommendations look eminently joined up, but I doubt that in a year or two many will have been paid up. Big businesses will only invest where they see returns, and devote their resources to reducing their burden of taxation. Until security becomes a key selling point, or taxation imposes the cost of public security on their overheads, it will not enter the balance sheet or boardroom. No-one wants to impede innovation or development, but so long as the industry has to be dragged along, always a year or two behind the criminals, we, the users, will continue to be insecure. Rather than mulling over ideas such as taxing email, our legislators should be enacting measures to funnel some of those profits towards publicly-accountable organisations that will fight on our behalf to improve our Internet security.