A war of words has broken out between the UK Government and the House of Lords Science and Technology Committee over a report in August that heavily criticised official inaction over Internet security.
In an official response [PDF] , the Government more or less dismissed the majority of the committee’s recommendations on improving Internet security, disagreeing with the committee’s contention that public confidence in online technology was in crisis. E-security was, for the most part, an individual responsibility, not that of government of the authorities.
The government said it saw no need to legislate further, and elsewhere appears to do little more than paying lip service to the spirit of some recommendations by saying it would set up working groups to investigate the ideas.
One by one the committee’s ideas were rejected or damned with faint accommodation.
On setting up a central repository for e-crime data and developing a classification system, the government reckons that a “small, high-level” working group will be enough. As to introducing some form of vendor liability for security deficiencies in software, the government recommends “further discussion,” which will be interpreted to mean ‘do not very much.’
One of the most controversial proposals of the original report was that of making data breach notification compulsory, as is the case in some US states.
“We are, however, clearly not so convinced as the Committee that this would immediately lead to an improvement in performance by business in regard to protecting personal information and we do not see that it would have any significant impact on other elements of personal internet safety,” the Government response said.
“The experience in the United States has yet to be fully analysed but there is a strong body of opinion that doubts whether there has been significant differences to corporate behaviour and may, in fact, have desensitised consumers to security issues and undermined confidence in the internet as a business medium,” it continued.
No mention that it might be the poor use of technology by companies that is the real problem, but at least the industry now has an official government line on what has become a major issue.
“The Government’s response is a huge disappointment. We heard compelling evidence of substantial amounts of e-crime and we were entirely persuaded that individuals were unable, on their own, to continue to keep themselves secure,” said The Earl of Erroll, a member of the House of Lords Committee.
“Government dismissed every recommendation out of hand, and their approach seems to solely consist of putting their head in the sand,” he said.