September 9, 2007

How Much Protecting Do ISPs Need?


The recent report of the House of Lords Science and Technology Committee (HL Paper 165) is not likely to have the ISP moguls at NTL or BT reaching for their security blankets but it might well be a useful weathervane. I sense a change in wind direction. In a wide-ranging and carefully considered report, the most interesting part for me was a couple of key recommendations which would have the effect of forcing ISPs to take greater responsibility and a partially removing the mere conduit ‘immunity’. This development chimes well with the (highly controversial) decision of a court in Belgium which effectively imposes responsibility on an ISP for copyright breaches by file-sharers. It also has to be seen in the light of the latest figures on Internet access – 15 million UK households (61%) are said to have access.


We are a long way from an end to the special protection that shelters ISPs. No shift in this area can be achieved without an EU consensus and the EU’s top speed in any IT-related matter is very slow – with long pit-stops. Moreover, even EU consensus is of questionable value as, of course, influences from the USA and every other part of the world will matter too. There are other complexities too, some touched on by Ian Walden and Ben Allgrove in their article on p 10 and by Simon Deane-Johns (see the Web site coverage of the HofL report), but I personally believe that it is time for some change.


I am mainly influenced by the figures for Internet access. It would be tricky to round up 15 people who can ensure that a system connected to a wide range of Internet sites is secure – there is no way that there are 15 million people who are competent to create even minimal levels of security. While I entirely agree that the view that the Internet is like the Wild West is just plain silly, there are some Internet sites that resemble Wild West saloons – and not merely because of the prostitutes. These are sites where only those equipped with the computer security equivalent of body armour and carrying a big gun can safely enter – most households will never be so equipped. The responsibility for online safety cannot be entirely transferred to ISPs (nor should it be) but the absence of state-of-the-art protection should become legally and commercially unacceptable. We may well find that simple negligence actions, in a field where losses can be very considerable, are a speedier route to ensure that ISPs come up to the mark than any EU action.


But it is not just about security, the technology has moved on and the capacity for ISPs to monitor and obstruct all kinds of illegal activities is growing rapidly. Their special protection stemmed from a real inability to control what was done through their systems. Does that really stand up in 2007? If protection was removed with a fair period of advance notice, I feel sure that the wrinkles in the currently available control software would be removed – the iron would immediately be set to steam. Moreover the ISPs resources, in terms of money and personnel, have increased dramatically in recent years and it would now be within their capacity to do much more.


Can we leave it to the market? That should be the answer. Sadly the ISP that cuts corners and costs will always take a disproportionate share of the lower end of the market. The people who can least afford to lose money to scams, are most likely to illegally download to save a £1 and who do not renew their ‘free’ security subscription are the people who are most likely to go with the cheap ISP. The net effect (in both senses) is that the rest of us will be left funding cyberpolice and underwriting losses via insurance premiums or through some ISP-funded compensation scheme. It needs a change in the law or its interpretation.


Alan Brakefield


SCL was especially blessed to have had an Hon Treasurer like Alan Brakefield, who sadly passed away in July. There can be few members who attended events in the period before his retirement who were not greeted by him and his influence on the Society was a major factor in its success. Ruth Baker has written a short tribute to Alan (see p 40); many members will feel a sense of loss. SCL hopes to find a fitting way to mark his contribution in due course.


Laurence Eastham