Crime expert backs calls for 'licence to compute'

By Ben Grubb on Aug 27, 2009 4:03 PM
Filed under Security

But education should take back seat to product safety.

Australia's leading criminologist thinks online scams have escalated to such a point that first-time users of computers should have to earn a licence to surf the web.

Russel Smith, principal criminologist at the Australian Institute of Criminology said the concept of a "computer drivers licence" should be taken seriously as an option for combating internet-related crime.

"There's been some discussion in Europe about the use of what's called a computer drivers licence - where you have a standard set of skills people should learn before they start using computers," Dr Smith told iTnews.

"At the moment we have drivers licences for cars, and cars are very dangerous machines. Computers are also quite dangerous in the way that they can make people vulnerable to fraud.

"In the future we might want to think about whether it's necessary there be some sort of compulsory education of people before they start using computers," he said.

The Australian Computer Society launched computer driver's licences in 1999. It aimed to give users a basic level of competency before they started using PCs. But the growth in cybercrime has led to IT security experts such as Eugene Kaspersky to call for more formalised recognition of a user's identity so they can travel the net safely.

Last week Dr Smith sat in front of a Federal Government Inquiry into cyber crime and advised Australia's senior politicians on initiatives in train to fight cybercrime.

He said that education was secondary to better technology solutions.

"I think at the starting point of it you need manufacturers of both hardware and software to devise technology that makes it difficult or impossible for people to be defrauded," Dr Smith said.

"And the main development in that area, I suppose, is the use of biometrics where you have fingerprint scanners or some biometric linked in with the authentication processes on computers".

Dr Smith said that the use of chip and pin credit cards had been a "very effective development" in Europe.

"I think when that happens in Australia we will be much better off," he said.

The banks are "being kind"

Dr Smith also said that Australia's banks were "being kind" when they bore the costs of cyber crime.

"There's a code of conduct for electronic transactions and under that code if people suffer a loss through an electronic transaction and there's no evidence that they've been implicated in anyway, then the banks undertake to compensate that individual," he said. "Some people probably are partially responsible to what happens to them if they've done something very silly or negligent.

"What that really means is that the banks are suffering a loss and eventually that money will be put on the cost of running the banking system. Consumers probably end up paying at the end of the day."

Crime expert backs calls for 'licence to compute'

13 comments in this discussion

"I nice comedy piece...I thought. But then I realised, it's NOT the 1st of April! Initiatives like Open ID (openid.net) may be helpful with regard to web-site logins, but it's very difficult to ..."

By Ace

Tags

crime, expert, backs, calls, license, compute

Facebook details custom data centre risks

Melbourne IT hit with DDoS legal threat

Superannuation fraud on the rise

ANZ takes down online statements

Breaking Stories

New NZ IT minister accused of 'extraordinary secrecy'

Govt spies early exit from Telstra contract

Suncorp rules out outsourced IT as customers go online

Accenture wins Health data warehouse deal

Comments: 13

HyRax Aug 27, 2009 4:36 PM	Considering that the existance of DRIVERS licences doesn't stop people committing crimes using vehicles, how exactly will a computer licence stop people committing online crime? At least Mr. Smith recommends education, which is what is needed everywhere in any situation. This education starts in schools, however many victims of online fraud are the older generation of users who did not have computer education back in their school days. At the end of the day, if you're going to teach anything, teach people about COMMON SENSE. This applies to every facet of life, not just computers. Teach people that if they are not sure about something, then DON'T DO IT. How difficult is that?
Sams Aug 27, 2009 5:31 PM	A duo of breathtakingly stupid statements: (1) "devise technology that makes it difficult or impossible for people to be defrauded" Oh right. So some sort of mind control/constraint device for people then? (2) "At the moment we have drivers licences for cars, and cars are very dangerous machines. Computers are also quite dangerous" Haven't seen anyone run over by a computer recently. What exactly is the death toll caused by poor "driving" of a computer these days?
MerariSchroeder Aug 28, 2009 9:18 AM	I think this is a good idea. Clearly it sounds silly to most IT literate people, but there are simply too many people out there who don't know how to be secure. HyRax, if no one was required to have a drivers license there would be anarchy on the roads. Yes there's still fatalities but these are greatly diminished. The same could apply to computer use, misuse is rampant, it would still occur but to a much lesser degree. Sams, the writer then went on to say that the danger with computers is in fraud not physical harm. You could reverse you're statement - What is the financial cost to dangerous driving these days? I'd say it's not as much as found with computer fraud, security systems, prevention etc...
Stephen Wilson (Lockstep) Aug 28, 2009 2:55 PM	I couldn't agree more that "education should take back seat to product safety". Education has reached its use by date. For one thing, because credit card data is stolen en masse from department store databases and payments processors, the best cyber-shopping advice in the world does nothing to stop hapless users being robbed. Of course you must look out for the SSL padlock and keep your A/V up to date, but it's not sufficient to prevent identity theft and subsequent fraud losses. 'Sams' is being way too tough when s/he says it's "breathtakingly stupid" to try and devise technology that makes it difficult to be defrauded. The sarcasm about mind control is totally misplaced, as the dominant M.O. of cybercriminals now is to steal credit card numbers from backend processors (or buy them on the black market) and replay them in CNP fraud. Careful, scrupulous, expert Internet users are helpless if their credit card numbers are stolen from a database. 'Hyrax': common sense is not the point. Like most digital ID theft, CNP fraud is enabled by the replayability of digital ID data. It is not fanciful to call for the wider use technology like asymmetric cryptography to make identity replay much more difficult. Stephen Wilson, Lockstep Technologies.
troff Aug 29, 2009 11:40 AM	Smith's proposition 1: better technology solutions are preferred to user education. Smith's proposition 2: when a bank's technology fails to function properly, the banks are being "most kind" in absorbing the cost which is a result of their failure. ... and this is Australia's leading criminologist? ... doomed.
yossarianuk Aug 29, 2009 7:46 PM	The proposed test will it deal with all OS's. i.e will there be a separate Windows, Mac and Linux test ? I'd imagine there would just concentrate on Winblows thus making all other OS's illegal to use. If we want to protect the Internet just ban Windows users its simple.
Ferretman Aug 30, 2009 12:11 AM	What an incredibly FOOLISH idea. Breathtaking in its unworkable scope and infringement on individual rights all in one go! People will do dumb, silly things. Whether it's responding to that email from Nigeria in your Inbox or driving the wrong way down a one-way street, you can't stop that.
yedoc Aug 30, 2009 7:48 AM	Haven't you guys heard, we live in a different world now.. 1. It's a police state, soon you'll need a license to have children, play sports, go shopping, step outside your door etc etc. It's for your own protection don't you see? oh and the protection of our corporate masters, but they are one and the same!! 2. This is all being driven by these corporates behind the scenes. This "Dr Smith" guy has probably got funding from the very same banks that he feels so deeply about protecting, to the detriment of everyone else, the same banks who are currently ripping the world ecconomy to peices and consolidating their own position in the control grid. 3. Talking about mindless people who should be protected from their own ingorance, Dr Smith, do you really want to live in this world you are "calling" to create? Have you even thought about the implications? I know I have, and it's definately you who needs protecting when the revolution comes. It's sooner than you think.
yedoc Aug 30, 2009 8:06 AM	@MerariSchroeder It doesn't sound like a "silly" idea to me, it sounds like a dangerous idea. Imagine a crime unit going around to houses arresting people for the unlicenced browsing of the internet? The reason they are calling for license is about control and power more than it is about anything else, these things bring in money for the people high up the chain and to a complete loss of freedoms for everyone else.
govinda Aug 30, 2009 8:49 AM	Mr Russel Smith principal Criminologist is going down a path of "preparing the way" for introduction of yet more controls on the citizen. Mr Smith get a life and quit interfering in other people's lives. I am sick and tired with the litany of controls and regulations on Australians as it stands today. Time to axe the insane nanny government George Orwell non-thinking, the overblown authority and advisory bodies with solutions to all matters of living as less liberty and greater "do it this way" interference. The Australian Institute of Criminology is a statutory authority that reports to the Minister for Home Affairs Brendan O'Connor, a man that was dumped from pre-selection by the ALP. Is someone working to help O'Connor look good in his new post of Home Affairs?
ScentTree Aug 31, 2009 10:39 PM	They should be concentrating on high-speed internet, not useless regulations
snaidamast Sep 1, 2009 1:02 AM	As a senior software engineer this has to be one of the dumbest ideas I have ever heard of. To begin, "experts" for the most part are nothing more than corporate shills promoting their benefactor's bottom-line. In this case, we have another suggestion as to how some organization can reap monies out of people; by charging them fees to become licensed to use the Internet. Overwhelmingly, the people who use the Internet have no intention of harming anyone else in terms of cyber-mischievousness or crime. The most dangerous threats come from sophisticated, expert hackers, organized crime, and counter-intelligence agencies, all of whom are looking to raise all sorts of problems for both people, companies, and governments. Next, the axiom in the software engineering industry has always been that "low-tech" can always defeat "hi-tech". You don't want the government snooping into your private correspondence? Send a hand written letter... However, what follows is that many invasions of corporate cyber-security comes from the theft by employees of passwords, which are then used by that individual, sold or simply handed over for another to use it. I don't see how licensing will thwart any of this... The Internet was never designed for such open usage and as such never had the proper security mechanisms built into it to protect its users. It was designed as a closed-loop system, the technology of which was not changed once it was released for public use. Yet, companies could not wait to get on the Net for more profits once the most basic of technologies were developed for application engineering on it. Many engineers, including myself, advised against developing for the Net without understanding the dangers imposed by such an open environment. Now that we are passed this point, no amount of security implementation can fully protect anyone or any organization from the prevarications of those who have criminal or less than honorable intentions. That being said, the best protection is simple common-sense when setting up security... And users on individual, home workstations have a better advantage than most companies for doing this since most attackers have little interest in attacking the individual user. However, companies especially have no capability to defend against the most determined of hackers. They simply do not have the focus, the resources, nor the budgets to do so. So they use the Internet to some degree at their own risk. On the other end of the spectrum, education, no matter what the issue has proven to be primarily useless except to ratchet up more sales of items and training criteria that "education" makes use of. This is primarily because people are for the most part simply stupid... they lack common sense. I give the example of the use of the cell-phone and its many documented dangers of low level radiation bursts every time such a device is turned on. You would think that with the well known dangers of radiation exposure that people would stop using them? This is not the case as most simply accept the contention, "that no conclusive links have been made to brain cancer". That such links have been conclusively made seems to fall on deaf ears. If every idiot "expert" had their way with the Internet, it would become simply unusable. That may be a good thing in the long run for societies as whole. However, currently this is what we have and companies and people will simply have to use their best judgment when using it and stop trying so hard to put up so many barriers to its use. As they say, "Deal with it!!!"
Ace Sep 10, 2009 2:35 PM	I nice comedy piece...I thought. But then I realised, it's NOT the 1st of April! Initiatives like Open ID (openid.net) may be helpful with regard to web-site logins, but it's very difficult to defend against peoples greed and/or stupidity. Check out Bank Of America/Citibank/Barings/Lehmanns/etc for some fine examples of enterprise level greed/stupidity. Forcing these guys to comply with banking regulations, SOX and the likes seems to have had little effect. Would driving on the roads be more dangerous if people didn't need licenses? I seriously doubt it. The rules are still there.