Is ISP Content Filtering just political point-scoring? Surely they can’t be serious!?

For those of you fortunate enough to be spared the current onslaught of political rhetoric in the lead-up to the Federal Election in Australia, you might be unaware of topical, technological hot potatoes like the state of broadband (aka “fraudband”), Telstra’s Next G vs CDMA and the sale of the incumbent telco.

Another issue with which political parties seem content to bamboozle us is child safety online; that is, how to protect children from inappropriate content, unmoderated chatrooms, messaging systems and predatory behaviour.

Minister for Communications, Technology and The Arts, Senator the Honorable Helen Coonan has recently launched a Government initiative called NetAlert, which “is part of the Australian Government’s ongoing commitment to providing a safe online environment for all families, especially children.” (Source: NetAlert website.)

Call me cynical but apart from the usual observations about wasting taxpayers’ money, and the fact that the launch coincides with a Federal Election only a few months away, content filters on home PCs are only really useful up to a certain age. Depending on the child, beyond 10 or 12 years old, these types of systems are easily bypassed as Adam Turner discovered when he recently put a NetAlert package through the hoops.

It’s also a case of too little, too late for the Australian Government especially since good content filters like Net Nanny have been around for years. Why would this issue have suddenly become a “priority commitment” for the Australian Government? Oh yes, now I remember….

Despite this shallow effort made by the Office of the Minister for Communications, Etc., Senator, The Honorable Etc., it was a comment made by the Family First party’s Steve Fielding that left me completely gob-smacked this week.

According to AustralianIT, Mr Fielding has become “downright angry” about what he perceives is the Government’s abandonment of an ISP-filter trial, and has sought technical advice on “how a ban on internet pornography could work” with ISP filtering.

Huh?

Is this just argument for the sake of argument? To quote the man in Monty Python’s infamous argument sketch, which does seem somehow apprioriate, What a Stupid Concept.

Mr Fielding, there is no future in ISP content filtering.  While such systems may filter-out particular words, internet addresses, email messages and services, it would have little or no effect on the transfer of images, audio, movie files and instant messaging.

Unfortunately what it would do is add to ISPs’ overheads, ultimately pushing prices up for consumers.  It would also have a direct impact on internet speed, usability and complexity.  False negatives would undoubtedly degrade browsing experience (if I tried to buy a pen, for example, from the popular online store PenIsland), and helpdesks would be inundated with perceived problems from confused subscribers.

In a Media Release on the 20th of August, Mr Fielding said, “Family First still wants mandatory filtering at the ISP level, which adults can opt out of if they want, so that all children have some protection against Internet pornography and violence regardless of whether their parents know about the free filters.”

Get a grip, Mr Fielding.  Everyone in IT is silently hoping that the Government’s trial of ISP-filtering is all but dead-and-buried.  Please don’t make nonsensical suggestions for the sake of a petty political point-scoring exercise.

Dr Ron.

Other References

• “Pressure builds for censorship” by James Riley, AustralianIT, 28/03/2007
• “Coonan denies cancelling filtering” by staff writers, itNews, 26/07/2007

Andrew McColm features in this week’s Green Guide

World-class high-speed broadband is the key to Australia’s future, community radio host Andrew McColm tells Adam Turner.

Read the article.

Educating the Public about Malware

The other major concern pointed out by Eugene Kaspersky is the need to better educate the public about threats and vulnerabilities surrounding this new digital age. 

Theoretically, this is a great idea; in reality this too, is problematic.
 
Those with the power to educate ordinary folk usually fall into one of two categories; the sensationalists and the defenders. 

Unfortunately, one drives the other.

The sensationalists are members of the media that use scare tactics to increase ratings/readers/viewers/listeners.  “Bomb Recipe available on the Internet,” Your identity: Stolen in seconds,” “Is your computer a zombie? News at 11.”  

The defenders spend much of their time protecting what technology and the Internet stand for.  “We had the same problems 50 years ago, just a different medium.”  This group is just sick of listening to the sensationalists.  I too, have been known to defend the Internet and technology.

Recently a great furor broke out when a group of boys attacked a girl in Melbourne’s western suburbs, videotaped the event, and then posted it to YouTube.  Suddenly the media was onto it.  “Look,” they said, “Look what the Internet has done!” and “YouTube removes offensive video but it finds its way back.” 

I was livid. 

The focus was purely on the technology.  It went on for weeks.  The young girl?  She was forgotten while the media reminded us, yet again, how evil the Internet is.

So, if the sensationalists are busy looking for their next great headline, and the defenders are always on the lookout for the next attack, who is left to walk ordinary folk out of the land of Internet confusion?

I would love to know your thoughts.

Resources:

Virus List: A comprehensive look at Internet Security

Subscribe to Kaspersky Lab News (rss, e-mail, or add it to your site)

Join the Kaspersky Lab Forum

Kaspersky’s Reading Room: reports and analysis

Virus Watch: see which malicious programs are detected by Kaspersky Labs – in real time

FBI Vishing Alert

Internet Interpol

Last night, Eugene Kaspersky of Kaspersky Labs told us his dream of Internet Interpol, a regulatory body with global policing/litigating powers. 

The idea brings to mind Professor Jonathan Zittrain’s (Professor of Internet Governance and Regulation at Oxford University) recommendation for a “21st Century International Manhattan Project,” a suggestion that we need a global taskforce to fully secure the Internet.  The original Manhattan Project was a global effort to find a way to make the atomic bomb.

In his book Code Version 2.0 Professor Lawrence Lessig, Professor of Law at Stanford University, describes his concern that a catalyst in the form of a major global malware attack will need to occur before governments around the world join forces in protecting this valuable and vulnerable asset.

Professor Lessig points to the U.S. Patriot Act, and how it was enacted only 45 days after the terrorist attacks of 9/11. 

The Patriot Act dramatically expanded the authority of American law enforcement to fight terrorism – both in the United States and abroad. 

The fact that it was enacted the month following the WTC attack suggests the original Patriot Act was ready to go – but – there was no will to implement it.  Sadly, September 11 provided the will.

Will we ever see Internet Interpol?  Who knows?  Some claim that the jurisdictional boundaries will never allow for Internet Interpol, others are optimistic; it’s happened before, why can it not happen again?

What do you think?

Professor Lawrence Lessig is the founder of the Stanford Center for Internet and Society , as well as the founder of Creative Commons, a non profit helping people reuse, remix, and share stuff legally.

Show 7 of 2007

Listen to it here

Digital rights management is back in the news again this week stirred up by Apple Boss Steve Jobs. In a speech to industry on February 6 he said some have called for Apple to “open” the digital rights management system that Apple uses to protect its music against theft, so that music purchased from iTunes can be played on digital devices purchased from other companies, and protected music purchased from other online music stores can play on iPod’s. For listeners unsure what Digital Rights Management is, simply it’s an electronic system designed to stop people sharing files – in this case music – files between computers, iPod’s and the like. In what seems to be an unrelated announcement MUSIC label EMI said last Friday that it is planning to release a large portion of its music catalogue for sale by download, without technological protection against piracy. Coincidental? I’m sure the conspiracy theorists amongst you are slightly suspect of all this, so we thought it time to revisit one of our pet hates – Digital Rights Management.

We also talk to Lidija Davis, our Silicon Valley connection about the RSA 2007 conference in San Francisco last week, and if you’ve ever bitched about your anti virus software, wait till you hear this! Lid’s recommendation – Kaspersky

Justin Dunlop joins the panel to tell us all about the new technological lineup from Apple. Vista spores yet another clone, this time we see the release of a Vista for mobile devices. Apple boss Steve Jobs urges the top 4 record companies to un protect their music. What’s in a password? Well plenty as we find out in a new study about weak passwords and Vista security found somewhat wanting… For more information visit www.techtalkradio.com.au

Rizvi takes Ellison’s Debut Spot at RSA 2007

It is 3:12 p.m. and I watch in hopeless fascination as Hasan Rizvi, Vice President, Identity Management and Security Products for Oracle, takes the stage at RSA 2007; he wasn’t meant to be here, everyone was waiting for Larry Ellison.

At 2.55 p.m., Rizvi appeared and explained Ellison couldn’t make his debut Keynote; turns out he has the flu and sent Rizvi in his place.

I must applaud Rizvi; we are witnessing the true meaning of exodus – yet he keeps soldiering on.

People are not happy and I can already see the headlines – I hope they stop and think about Larry; he’s a clever man, he would not blow this off on account of flu.  There is either something seriously wrong, or he is really a ratfink!

Symantec’s Smart Computing: Helping Consumers Make Smart Choices

Another keynote speaker at RSA 2007 is Symantec‘s Chairman and CEO John Thompson who today said fostering consumer confidence in the security of Internet transactions is the “one thing upon which the growth of this online world depends.”

Regardless of the name put to it, he tells us, the Information Age is here and we are in an era where the user is in charge. 

People want connectivity 24 hours a day to transfer money, renew memberships, collaborate, and buy essentials – but they also want the surety that their security systems will keep the bad guys out.

“How do we make sure that when we are logging onto a bank it is our bank?” he asks, “How do you verify confidentiality?”

He points to critical changes in security in the past year and explains it is no longer about the device – it’s about the information.

So how do we secure the information?

Many things according to Mr. Thompson need to change but in the main:

“Do not become complacent with new threats by using old tools; become more innovative in detecting new threats, both enterprise and personal, and start using a user centric approach instead of the technology or platform centric approach we are used to.”

Symantec is demonstrating Norton Internet Security 2007, and Norton Identity Client at the show; a portable solution for any device to help users tell is a site is legitimate by alerting them about the site’s security certificates; whether it is a phishing risk or if its business practices have not rated well.

RSA Conference 2007

So, what is RSA? 

In cryptology, RSA is an algorithm for public-key encryption.   It is important as it created the underpinning of electronic security as we know it today.  Named after its three inventors, Ron Rivest, Adi Shamir and Len Adelman, the RSA Public Key Cryptosystem was invented in 1977 at MIT.

RSA Security developed the RSA Conference in 1992 as a forum for cryptographers to gather and share knowledge and advancements in the area of Internet security. 

Each year, the conference is built around a theme which highlights a significant example of information security from history.  

This year, the RSA Conference celebrates the influence of 15th century Renaissance man Leon Battista Alberti, the creator of the polyalphabetic cipher.

The RSA Conference 2007 will be held at the Moscone Center, San Francisco, February 5 – 9

Bill Gates: “Anywhere Access” A Reality via IPSec and IPv6

Bill Gates and Microsoft’s Chief Research and Strategy Officer Craig Mundie shared the stage for the opening keynote this morning at RSA 2007. 

Gates has a vision of secure and easy “Anywhere Access,” where people can be assured of online security; on anything, from anywhere, at anytime. 

According to Mundie, once upon a time, companies knew who the people were that accessed their information.  Security was once really just a blocking thing – including some, excluding others – but now with the Internet, things are changing.  

Consultants are called in, employees work remotely; companies have more partners, more vendors.  With so many people accessing information, companies are faced with new vulnerabilities.

Now, companies need to provide employees/consultants with “health” certificates, granting access only to specific appropriate information.

“To make the vision real, we need to reevaluate our systems, networks, identity and data protection, look at certificates in general and smart cards as specific.” Gates said.

According to Microsoft, the key technologies that will enable this “Trustworthy Computing” environment are IPSec and the next generation of the Internet Protocol, IPv6.

Microsoft’s recently released Vista and upcoming Longhorn support hybrid IPv4/IPv6 environments as well as pure IPv6.