Skip to content.
|Networking government in New Zealand.
You are here: Home » Policies » Trust and Security » Trust and Security on the Internet » Conclusions

Conclusions

In his novel The Hitchhiker's Guide to the Galaxy, Douglas Adams suggested that an automatic translator which allowed you to instantly understand anything said to you in any form of language, would lead to more and bloodier wars than anything else in the history of creation.

The Internet enables communications between a wider range of individuals than any technology before it. This offers great benefits to people, businesses and governments. However, as the threats in this document show, it also exposes people to risks they do not understand.

The Internet's growth has been driven by people connecting because they see the benefits the Internet offers, and by firms and governments using the Internet to deliver services and information online. These benefits, and the growth of the Internet itself, have accrued because of:

  • The network effect - the way in which the value of the network increases as more connect.
  • The Internet's open architecture which allows anyone to offer innovative services.

The threats on the Internet are amplified by:

  • The network effect which ensures access to large numbers of victims.
  • Anonymity- it is relatively easy to conceal one's identity from most observers online.
  • Open architecture which allows innovative threats as well as benefits.
  • Software which is overly trusting, such as email programs which render HTML, or operating systems with inoperative firewalls.

Many strategies are suggested above to mitigate the various threats. They should be assessed against the extent to which they affect the factors driving threats, without damaging the factors causing the Internet's usefulness. This suggests that strategies aimed at dealing with two specific aspects of the Internet may work:

  • The ability of the malefactors to hide.
  • The installed base of trusting software.

Recommendations

Recommendation 1: Government should consider a central Internet gateway to provide a single Internet point of access for government agencies, especially small and medium agencies. All users of this gateway should be subject to an education programme and robust acceptable use policies.

Current status: EGU is bidding for GIF funding to create a Wellington network and a central Internet gateway.

Recommendation 2: Government should manage agency polices on Digital Rights Management (DRM) centrally.

Current status: EGU has advised agencies not to use DRM for the time being. EGU continues to investigate.

Recommendation 3: Government should introduce anti-spam legislation and allocate an adequate enforcement and education budget.

Current status: MED is working on legislation intended to be introduced during 2004.

Recommendation 4: Government should show leadership in securing online transactions by providing an authentication system which is resistant to current threats on the Internet.

Current status: EGU is working on a whole of government authentication programme which will take this into account.

Recommendation 5: Encourage banks to improve authentication.

Current status: The New Zealand Police has been encouraging banks to strengthen authentication procedures. To date one bank (ASB) has announced it will use text messaging to provide two-factor authentication. [Two-factor identification relies on more than just an item to be memorised - it involves access to some other physical token or the use of a biometric. Practical examples for Internet use include the user keying a password sent by text message when they try to log on, and using a smart card and portable reader to generate a password valid only at the moment the user logs on.]

Recommendation 6: Consider law change to clarify EULAs (End-User Licence Agreements) and make clear the effect of programs on user privacy.

Current status: None.

Recommendation 7: Encourage ISPs to take measures to watch for and manage compromised home broadband customers.

Current status: None. Seek comment from InternetNZ.

Recommendation 8: Participate in Internet governance at international and domestic level.

Current status: Patchy representation in the international field. While New Zealand has a representative on the Government Advisory Committee of ICANN, government does not normally fund this person to attend the meetings.

There are extensive informal contacts but little n the way of a direct formal relationship with the local body, InternetNZ.

Recommendation 9: Review government arrangements to protect the usefulness of and confidence in the Internet in New Zealand.

Current status: This report provides background.

Recommendation 10: Investigate New Zealand computer security incidents and provide a mechanism for anonymous reporting

Current status: Investigations are performed in some cases by the New Zealand Police when there is evidence of a crime.

Recommendation 11: Investigate and prosecute identity thieves and intermediaries.

Current status: New Zealand Police are doing this where there is evidence of criminal activity.

Recommendation 12: EGU, MED and the New Zealand Police to work together to establish where spyware fits into the New Zealand legal framework and recommend change if found necessary.

Current status: New Zealand Police have prosecuted at least one cracker since the enabling legislation was passed. There has been little publicity about it, however.

Recommendation 13: Assess extent of existing publicity and education for Internet users and consider whether more is needed. Key messages:

  • The importance of security software, firewalls, OS hardening.
  • Never respond to or buy anything from spam.
  • Protect passwords.
  • Ignore phishing attempts.
  • Copyright and risks of abusing it.
  • Importance of parental supervision.
  • The security issues in moving to broadband from dial-up.
  • Risks around public Internet terminals.
  • Risks around wireless connections.
  • Awareness of social engineering.
  • Where to get assistance in security maintenance such as spyware detection.
  • What the law in New Zealand is regarding electronic crime.

Current Status: The Ministry of Education supports the Internet Safety Group which does work in this area. CCIP has serving general New Zealand public as part of its mission. Publicity from vendors is sometimes self-serving.

Recommendation 14: Consider an ongoing programme of education for small and medium enterprises (SMEs) covering the same messages as recommendation 13.

Current Status: The Ministry of Economic Development is considering including such a programme as part of a revised Digital Strategy.


[ Previous | Next ]