Cybercrime response a win for self-regulation

The Federal Government has broadly accepted all 34 recommendations of the House of Representatives Standing Committee on Communications’ report on Cybercrime.  

In its response  [PDF] to recommendations tabled in June, the Government stressed a broad and flexible approach to managing the growing menace posed by internationally-driven botnets. 

It agreed on the need for more public education and awareness raising of the threats along with better partnering with industry such as the forthcoming ISP Code (known as the icode) to promote monitoring of malicious botnet activity and notifying account holders with compromised systems.

“We are very pleased that the Government has endorsed the value of our work in its response to the report,” said Internet Industry chief executive, Peter Coroneos.

“This is further evidence and the Government’s recognition that solving these problems are not necessarily within the control of Government. The infrastructure is now privately held, Government’s role must move more to a coordinating role,” he said.

 He said the IIA remained committed to self-regulatory efforts and the icode was evidence that industry will rally around initiatives that provide win-win outcomes for users and the industry.

Several of the recommendations that had concerned the industry were qualified as being accepted “in part” or “in principle”.

These included Recommendation 14 which proposed a mandatory version of the icode under the Telecommunications Act. This would compel ISPs to require all users install anti-virus software and firewall before their connection could be activated.

The Government accepted this “in principle” in that it will review the effectiveness of the icode and consider additional legal measures after 12 months of its operation.

“Because there is an element of self-interest within the industry to make the voluntary code work, a more regulatory perspective would seem premature at this point,” Coroneos said.

Similar softening of recommendations for increased industry regulation can be found in the acceptance “in principle” of a new system for reporting and detecting compromised web pages in recommendation 18.

The Cybercrime report argued for increased powers for the Australian Communications and Media Authority to direct service providers to remove malicious content. The Government responded that this should be the responsibility of its new agency CERT Australia and that “any further regulation” should await “a holistic approach” for Australian individuals and businesses.

Likewise Recommendations 20 and 21 that envisages more reviews and regulation of the Australian Domain Name Authority (AuDA) are agreed “in principle” noting the importance of the Australian system of “industry self-regulation”.

The Government highlighted in its response several initiatives it had already undertaken to tackle some of the issues raised, and offered no new funding programs.