Govt stays ISP zombie laws
A peak Australian technology body has welcomed the Federal Government's decision to not force internet service providers (ISPs) to disconnect the infected computers of its customers as part of its response to a Senate committee report into online security threats.
(Books image, by Horia Varlan, CC 2.0)
The Internet Industry Association (IIA) said moves to force ISPs to take responsibility for infected customer machines, which included disconnecting some users, would backfire.
Instead, it suggested that such responsibility be left to industry self-regulation under the IIA's much lauded iCode.
"It would be like forcing car manufacturers to take responsibility for bad drivers," IIA chief Peter Coroneos said. Some 91 ISPs have signed on to the iCode to help users resolve computer infections and quarantine some if needed.
"Legislation can't be modified as quickly as an industry code, which can be regularly updated ... and is a dynamic response to a dynamic problem," he said.
"We feel confident a regulatory solution won't be necessary based on the support of the iCode."
The moves are part of the Attorney-General's broad acceptance (PDF) of 34 recommendations listed within a report into how agencies can better respond to online security threats.
The government has pledged to shore-up national coordination against cyber threats, including handing responsibility for building a common language for analysis of cyber threat statistics to the Australian Bureau of Statistics and the Australian Communications and Media Authority (ACMA).
By accepting the report's recommendations, ACMA is set to receive new powers to help identify infected user computers through bolstered access to online threat information from information security companies like Symantec and McAfee. It would also be charged with considering if legal protections for commercial, regulatory and privacy concerns are "desirable".
But ACMA will not direct ISPs to remove network security threats, as was originally recommended in the report. This will remain the responsibility of industry and the government's Computer Emergency Response Team better known as (CERT) Australia.
Requests for a national law enforcement training facility were accepted in principle by the government. The government referred to efforts by its National Cybercrime Working Group which is considering "how cybercrime capabilities could be improved across all jurisdictions, including technical capabilities and training", and said similarly that it is investigating a central crime reporting facility.
Moves to forge nationally consistent definitions of computer and identity crime offences is being considered by the Standing Committee of Attorneys-General.
The government accepted response to recommendations that federal, state and territory police forces establish an "e-crime managers group" to improve information-sharing and cross-jurisdiction cooperation, which would fall under the auspices of the Australia and New Zealand Policing Advisory Agency's e-Crime Committee.
Coroneos will head to Paris within a fortnight to pitch the iCode to the Organisation for Economic Co-operation (OECD) and push for its global adoption.