An Australian Government committee has recommended the introduction of compulsory virus scanners on computers or users won’t be allowed on the internet as part of an alleged crackdown on “cyber crime.”
The Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime report from the House Standing Committee on Communications Inquiry into Cyber crime makes 34 different recommendations, with most shrieking of gross nanny state paternalism.
The headline proposal, if adopted by the Government, would force Australian internet users to install and keep up-to-date virus scanners on computers as a condition for internet access via the contractual obligations with their ISP. Users would also be forced to “take reasonable steps to remediate their computer(s) when notified of suspected malware compromise.”
In the event that the customer does not meet these contractual obligations, ISP’s must provide “a clear policy on graduated access restrictions and, if necessary, disconnection until the infected machine is remediated.”
What the report doesn’t state though is how such restrictions would be imposed; forcing ISP’s under law to enforce such rules may be possible, but the only way ISP’s will be able to do this is by spying on their customers.
If that isn’t scary enough, the report also notes that such data would go back to the Government. Recommendation 12 notes that the ” Australian Communications and Media Authority further increase its access to network data for the purpose of detecting malware compromised computers.” The compilation of the data even gets a name in Recommendation 13: the “Australian Internet Security Initiative network.”
But Government intervention doesn’t stop there. Recommendation 16 states that “The new scheme should involve the Australian Communications and Media Authority, Internet Service Providers, IT security specialists, and end users in a more tightly coordinated scheme to detect and clean malware infected computers,” suggesting that once malware was discovered on a users computer, the Australian Government would involve itself with that computer.
While much of the report deals with the interaction between ISP’s, Government and end users, the domain name industry also comes under fire. Recommendation 20 states that domain name registrars must filter applications, attempt to identify any fraudulent uses for domains, and take down any name deemed bad by the Government.
Recommendation 21 notes that this regulation would be enforced by law.
Cyber health warnings for mobile phones
The report suggests that education is an important part of the process, and regularly repeats the need for various industry participants to educate users. Recommendation 24 though goes into bizarre territory, stating that “manufacturers and distributors of personal computers, mobile phones and related IT devices such as modems and routers,” and that they must “address the e-security vulnerabilities of these products and the provision of e-security information to consumers at the point of sale; and require that the information is presented in a manner that is clear and accessible to a non-IT literate person.”
The report doesn’t state what form these cyber health warnings should take, but it’s not inconceivable that an iPhone purchased in Australia might soon come with a cigarette packet style health warning stating something like “this phone may be bad for your cyber health.”
Manufacturers though won’t just have to apply cyber health warnings, they will also have to meet Government guidelines dictating an appropriate level of cyber-security. Recommendation 25 notes that ” industry specific regulation under the Australian Consumer Law, including a scheme for the compulsory independent testing and evaluation of IT products and a product labeling scheme.”
If they release a product that doesn’t pass Government tests, the Government seeks to amend “Australian Consumer Law to provide a cause of action for compensation against a manufacturer who releases an IT product onto the Australian market with known vulnerabilities that causes losses that could not have reasonably been avoided.”
Yes: you read that right: the Australian Government wants to punish manufacturers when hackers find ways into their products. It would be like the Government fining the builder of a house because it was broken in to, even when the best efforts are made to prevent such an event occuring.
The report follows proposals by the Australian Government to track emails and browsing history of every internet user in the country, a massive undertaking of unprecedented scope.
The Government has not yet stated that they will be introducing all of the recommendations of the report, but likewise the report came from a Government dominated House Committee; it would be fair to suggest then that it would most likely have the support of the Government.
With the new proposals added to the list, Australia will soon censor the internet, track everything everyone does on it, and then dictate what software should be installed on your computer, with a kicker that if you don’t comply, you’ll lose internet access. If that doesn’t sound like the actions of a police state, I’m buggered if I know what would.