Government dismisses e-crime recommendations

Recommendations on Internet security that included increasing the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals have been rejected by the Government.

The measures were called for by the House of Lords Science and Technology Committee in its report on Personal Internet Security, which appeared in August, and it has expressed disappointment with the Government’s response.

The committee’s report said the Internet had embraced a ‘Wild West’ culture where the end user alone is responsible for ensuring they are protected from criminal attacks online.

But the Government denied that “the public has lost confidence in the Internet and that lawlessness is rife” and dismissed every recommendation out of hand, making no commitment to accept any of them.

Ministers did not see the need for a classification system to record e-crimes because “prosecution should be based on the offence, and not on the tools used in committing that offence”.

The Earl of Erroll, a member of the committee that undertook the inquiry, said: “The Government’s response is a huge disappointment. We heard compelling evidence of substantial amounts of e-crime and we were entirely persuaded that individuals were unable, on their own, to continue to keep themselves secure.

“The Internet relies on the confidence of millions of users, and that confidence is in danger of being undermined unless we can reverse the trends that our witnesses told us about.

“We don’t know quite how bad things have become today – there are no reliable figures for e-crime. We recommended that the Government sets up a group to develop a scheme for recording all forms of e-crime.

“The reply just says that the Government ‘does not see that there is a need’ for this. If you have no idea of the scale of the problem, how can you design solutions?

“Throughout our inquiry we tried to think outside the box, to look ahead ten years at what the Internet might be like, taking into account the emerging risks and challenges today. That’s why our recommendations concentrated on incentives – we must ensure that everyone is motivated to improve security. Unfortunately, the Government dismissed every recommendation out of hand, and its approach seems to solely consist of putting its head in the sand.”

Apart from the policing initiative, the range of measures recommended included:

• Establishing a centralised and automated system, administered by law enforcement, for the reporting of e-crime.
• Providing incentives to banks and other companies trading online to improve the data security by establishing a data security breach notification law.
• Improving standards of new software and hardware by taking the first steps towards the establishment of legal liability for damage resulting from security flaws.
• Encouraging Internet service providers to improve the security offered to customers by establishing a ‘kite mark’ for Internet services.

A US survey recently identified the global cost of e-crime as $1 trillion annually, while online banking fraud in the UK cost $44.5 million in 2006, up from $30.8 million in 2005 and $16.2 million in 2004, according to the Association for Payment Clearing Services, a payments trade group.

A report on e-crime issued earlier this year by the Metropolitan Policesays: “It is widely recognised that e-crime is the most rapidly expanding form of criminality, encompassing both new criminal offences in relation to computers (viruses and hacking, etc.) and ‘old’ crimes (fraud, harassment, etc.), committed using digital or computer technology. The MPS [Metropolitan Police Service] assessment is that specialist e-crime units can no longer cope with all e-crime.”

The report, written by Det Chief Insp Charlie McMurdie, of the Met’s computer crime unit, concludes: “The ability of law enforcement to investigate all types of e-crime locally and globally must be `mainstreamed`