A leading security expert has criticised the UK government for ignoring recommendations on tackling cybercrime from peers.

The House of Lords' Science and Technology Committee produced a five point plan for tackling cybercrime and safeguarding e-commerce after extensive consultations with experts in industry and academia.

Proposals in the committee's Personal Internet Security report included establishing a centralised and automated system for the reporting of e-crime and enacting US-style data breach notification disclosure laws.

More controversially, the committee argued for moves towards making suppliers legally liable for damage resulting from security flaws.

The government responded (http://www.official-documents.gov.uk/document/cm72/7234/7234.pdf) last week to the August report (http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/165i.pdf) of the committee that "turned down pretty much every recommendation", according to a security researcher who aided peers in their hearings.

Richard Clayton, a security researcher at Cambridge University and long-time contributor to UK security policy working groups, has expressed deep frustration at the government's lack of action. He accuses the government of complacency, or worse, in a strongly worded critique (http://www.lightbluetouchpaper.org/2007/10/29/government-ignores-personal-internet-security) posted on the University of Cambridge security blog.

Among the peers' key recommendations - after hearing testimony from experts from Microsoft, Cisco, Verisign, and others - were measures designed to collate information on the extent of cybercrime. Policies introduced last April mean the public is advised to report incidents of credit card fraud to the banks instead of to the police.

The peers, and experts such as Clayton, disagree with this policy. But the government officials turned down calls for a rethink. "They don't think that having the banks collate crime reports gets all the incentives wrong; and they 'do not accept that the incidence of loss of personal data by companies is on an upward path'," Clayton writes.

He argues that the government is burying its head in the sand through a combination of either ignorance or stupidity. "If the government was up-to-speed on what researchers are documenting, they wouldn't be arguing that there is more crime solely because there are more users - and they could not possibly say that they 'refute the suggestion... that lawlessness is rife'," Clayton laments.

He expresses frustration at the government's lack of action. "That's more than a little surprising, because the report made a great deal of sense, and their lordships aren't fools," Clayton writes.

Clayton's frustration is understandable, but the government's lack of action on the recommendation of a parliamentary committee looking at internet security issues is far from unprecedented.

When the All Party Internet Group of MPs looked at the nuisance of junk mail it heard testimony that criminal sanctions were necessary and that legislation ought to deal with spam emails sent to businesses as well as private individuals. The recommendations were ignored, leaving huge loopholes that have rendered UK anti-spam laws toothless. ®

Related stories

Peers call for cybercrime shakeup (again) (8 July 2008)
http://www.channelregister.co.uk/2008/07/08/peers_cybercrime_shakeup/
Breach disclosure laws have 'no effect' on identity theft (5 June 2008)
http://www.channelregister.co.uk/2008/06/05/breach_disclosure_effects/
Tories call for big changes to cybercrime offences (6 March 2008)
http://www.theregister.co.uk/2008/03/06/tory_report_cyber_crime/
Fraud cases breached £1bn level in 2007 (4 February 2008)
http://www.theregister.co.uk/2008/02/04/uk_fraud_cases_2007_government/
Mexico and Africa to become malware hotspots (18 January 2008)
http://www.channelregister.co.uk/2008/01/18/future_cybercrime_hotspots/
Two accused of selling counterfeit Cisco kit (28 December 2007)
http://www.channelregister.co.uk/2007/12/28/cisco_counterfeit_goods_texas/
Cybercrime fears over hi-tech cop job cull (5 December 2007)
http://www.channelregister.co.uk/2007/12/05/soca_job_cut_fears/
Darling could backtrack on capital gains (27 November 2007)
http://www.channelregister.co.uk/2007/11/27/darling_cbi_speech/
17 charged over multi-million card fraud racket (8 November 2007)
http://www.channelregister.co.uk/2007/11/08/id_fraud_indictment/
Government acts on Land Registry fears (6 November 2007)
http://www.theregister.co.uk/2007/11/06/landreg_website_downloads_stopped/
Hack database, change school grades, go to jail for 20 years (maybe) (5 November 2007)
http://www.channelregister.co.uk/2007/11/05/fresno_uni_database_hack_charges/
Vyatta does open source networking with a mean streak (30 October 2007)
http://www.channelregister.co.uk/2007/10/30/vyatta_open_source_networking/
'Wild West' internet needs a sheriff (10 August 2007)
http://www.channelregister.co.uk/2007/08/10/lords_net_security_report/
London police can't cope with cybercrime (1 February 2007)
http://www.theregister.co.uk/2007/02/01/london_police_cybercrime/
UK police 'not prioritising cybercrime', Microsoft says (26 January 2007)
http://www.theregister.co.uk/2007/01/26/uk_cybercrime_criticism/
Lords Committee to debate internet security (28 July 2006)
http://www.channelregister.co.uk/2006/07/28/lords_talk_internet_security/
MPs urged to reform cybercrime laws (30 April 2004)
http://www.theregister.co.uk/2004/04/30/apig_cma_hearing/
Big US ISPs set legal attack dogs on big, bad spammers (10 March 2004)
http://www.theregister.co.uk/2004/03/10/big_us_isps_set_legal/
The conspiracy against our in-boxes (31 October 2003)
http://www.theregister.co.uk/2003/10/31/the_conspiracy_against_our_inboxes/
MPs head to US on anti spam mission (22 September 2003)
http://www.theregister.co.uk/2003/09/22/mps_head_to_us/