iiNet trial clears way for 'zombie' code
The Internet Industry Association (IIA) will press ahead with its new internet service provider security code, with plans to launch a "quarantine" proposal for infected computers by around June this year.
The voluntary code for internet service providers (ISPs) will attempt to address the threat of computers that have been hijacked as part of a spam or phishing operation. That is, computers that have been lured into a botnet operation that has command and control functionality.
The decision on whether to proceed with the code was based on privacy questions.
One measure the IIA plans to introduce in its ISP code is that a customers' connection be "quarantined" if it becomes infected, otherwise known as "walled garden" approach to security. The technique allows the infection to be remediated in isolation from a botnet's command centre.
But to introduce the measure, the IIA wanted clarity over whether permission to carry this out could be granted by a customer in writing, for example, in an ISP's customer relationship agreement. The agreement would allow the ISP to use information gleaned from specific accounts for the purpose of identifying whether connected computers were zombie machines, and then take actions to resolve the issue.
IIA chief Peter Coroneos told ZDNet.com.au that the Federal Court ruling by Justice Cowdroy on the iiNet copyright case had settled the issue.
Australian Federation Against Copyright Theft (AFACT) had wanted iiNet to leverage usage information that it held to corroborate evidence of AFACT's that certain internet protocol addresses were being used to infringe copyright — an entirely different purpose to what the IIA has in mind.
Cowdroy had ruled that one of iiNet's defences — that privacy clauses in the Telecommunications Act would have prevented it from following AFACT's requests to match a customer's network activities to a specific account — was invalid.
"That was the sticking point. It was the lack of clarity around the ability to use customer information in the way that we had envisaged. But I think it can be covered by consent," Coroneos said. In effect, the customer would permit their information to be used for "network management" purposes.
"In this case it's for network management, so it's hardly controversial. We wanted to ensure that it was beyond any legal doubt, so that we can encourage members to adopt it when [the code] is complete," he said.
Coroneos said that the code would not propose that a computer be "cut off" if it had become part of a botnet, but rather that it be temporarily quarantined until the infection was remediated.
"There wasn't ever going to be disconnection. It will suggest a range of options — a possible escalation process — but as we see it, the highest measure that it would entail would be a temporary quarantining of PC on the network," he said.
A draft is expected to be released for industry feedback by the end of March, with a view to publish the actual code by June.