Role of government in Internet security

There are several reasons for government involvement in Internet security matters.

Public confidence in using the Internet

To use a government service online, people need confidence in the Internet, in online services in general, and in government services online specifically. Surveys indicate that this confidence may not be very high:

• A 2003 New Zealand telephone survey showed that 35% of the population consider it safe to provide the government with personal information via the Internet. This sample was taken from the general population and included Internet users and non-users. In that same survey, only 45% of Internet users considered it safe. This suggests that the majority of the general population, and the majority of Internet users, may be reluctant to use e-government services that require them to provide personal information online.
• An online survey on spam held in the US and EU in late 2003 [Trans Atlantic Consumer Dialogue, This survey is the basis of the ongoing OECD Workshop on Spam.] found that 52% of respondents said that they had cut back on online shopping or stopped it altogether because they were worried about it leading to more unsolicited email. (All respondents were Internet users, as this was an online survey.)

If problems on the Internet affect people's willingness to use e-government, this may undermine the investments the government is making to put services online, as well the usefulness of the Internet itself.

In the first half of 2004 the E-government Unit commissioned a study on the use of e-government in New Zealand. This study consisted mainly of focus group interviews. In some of these groups, questions were asked to elicit the extent of trust or distrust of the use of the Internet to deliver government services and information. The findings were that people were largely able to distinguish between the activities of criminals and vandals on the Internet and government actions. The .govt.nz domain was seen as authoritative. Interviewees' trust or otherwise in government online derived from their view of government in general; they trusted government to solve any security issues associated with doing government business online. (This was a qualitative study done with a very small sample.)

In mid 2004, the E-government Unit commissioned a telephone survey on public attitudes to various aspects of e-government. Some of the questions were designed to explore the link between security and trust. Particular findings were:

• 62% of home computer owners had their machines hit by a virus, and of these 26% (i.e. 16% of computer owners) were less likely to use the Internet as a consequence
• 53% said that they had received spam, and of these 22% (i.e. 12% of those questioned) said that they were less likely to use email as a result of this.

Law enforcement

Many of the problems affecting people on the Internet result from criminal behaviour, which government addresses through its law enforcement function.

The New Zealand Police has a unit called the E-Crime Lab which investigates and prosecutes criminal activity involving the Internet. The unit prosecutes those committing offences such as cracking (attacking computers directly over the Internet) and phishing (a form of fraud involving deceptive emails in an attempt to obtain valuable personal information such as bank account passwords). International cooperation is highly necessary for these prosecutions.

The E-Crime Lab also works with other New Zealand parties to improve computer security. It works with the Centre for Critical Infrastructure Protection (the CCIP) [The CCIP is a unit of the Government Communications Security Bureau or GCSB. It has a web presence at www.ccip.govt.nz./] which aims to improve the security of New Zealand's critical infrastructure and key government departments from cyber threats, viruses and vulnerabilities. The E-Crime Lab deals directly with banks over the security of online banking, where criminal activity is indicated.

The New Zealand Police and the Ministry of Education jointly sponsor NetSafe, a programme of the Internet Safety Group. NetSafe educates Internet users about risks and strategies for safety on the Internet. It provides material through several channels including schools.

'Public health' on the Internet

An attacker may take advantage of a user's insecure machine to attack others, often without that user's knowledge. Therefore, individual users' computer security precautions can enhance the wider community of Internet users. This is a classic public policy issue similar to those in public health, where everyone is safer when all are vaccinated. [This argument is advanced by security expert Bruce Schneier ]

On the Internet, this is a global problem. Networks of compromised home computers overseas send spam to us, and New Zealand machines are used to send spam to users in other countries. [Trojan Horse behind German hate-mail spam flood Computerworld New Zealand, 14 June 2004.]