Opinion: UK needs cybercrime strategy

One way to help prevent online fraud and protect all of our PCs from viruses, worms and the like is for the UK government to come up with a national plan to fight cybercrime. But so far, says Simon Moores, there's been little progress towards such as goal.

Where, I wonder, is the UK government's e-crime strategy?

A year ago, many of us were asking the same question and at the 2004 eCrime Congress were given every reason to expect it would appear 'soon'. But 'soon' became the autumn and that in turn became 2005 and still not a sign, not a word of any strategy appearing from the Home Office. I doubt now we'll see one this side of the general election.

Should we bothered by this? I certainly think so. Confidence and trust in the internet as a safe environment is at an all-time low and hardly a day passes without some news appearing on phishing or viruses, identity theft or fraud.

In fact, the latter has become so prevalent that it's a game everyone can play, with the arrival of 'scambaiting', an exciting new sport for those who might be tempted to have their own back on the people who regularly send us emails from Africa and elsewhere begging for help in moving large amounts of stolen money out of a country via your bank account.

Next week, the Parliamentary group EURIM will release its report called Partnership Policing for the Information Society in which it will claim: "The cost to industry and individuals of electronically assisted crime is said to have already far outstripped that of physical crime."

In a matter of weeks we will see the official launch of Project Endurance, a joint initiative between government, law enforcement and business to increase awareness and modify behaviour around internet security amongst the greater population. The campaign is chaired by the National Hi-Tech Crime Unit and is supported by Dell, eBay, HSBC, Lloyds TSB, Microsoft, the CSIA (Central Sponsor for Information Assurance) within the Cabinet Office and the NISCC (National Infrastructure Security Co-ordination Centre).

Project Endurance, although a step in the right direction, has only relatively modest funding and in national terms does not replace the need for a fully joined-up strategy to deal with an environment that endangers a significant proportion of the UK population.

After all, government is reported to have more staff and consultants working on the national ID card proposals than there are police officers in post in all the UK computer crime units added together. Government was warned two years ago that the headlong rush towards a broadband society would bring dangers as well as benefits. However, the politicians chose to sit on their hands and hope the IT industry and principally Microsoft would sort out the problem and relieve it of the burden of making decisions and spending money.

What happens, I wonder, if one of the large clearing banks decides it can no longer relieve its customers of any indemnity from online fraud, as a consequence of phishing, identity theft frauds and software exploits?

As explained to me recently, the banks are now increasingly worried by the scale of losses they are now experiencing. They have pursued an online model over the last five years, closing thousand of branches. How could they possibly manage a large scale rejection of virtual banking, if the problem of online fraud continues to rise?

I gather there is serious discussion of a two-tier online banking system. Tier one simply allows a customer to monitor an account over the internet and nothing else, with no risk to security. Tier two is a premium service which the customer would pay for, which would charge for the provision of transactional services online, clawing back the risk of fraud through the levy of a charge. Add such ideas as the continued elimination or rationalisation of high street branches and charging for withdrawals of money from ATM machines, and the future of retail banking from a consumer perspective looks rather less than rosy.

Perhaps the best way of understanding the scale of the present online security problem in the UK is to describe it as an epidemic that has run out of control. If 18 months ago, as broadband became available to consumers for £25 per month, government had responded to the dangers with a recommended national awareness campaign, we might have been able to inoculate thousands of PCs and educate many of their owners about the dangers from 'bots', viruses, worms, Trojans and other online dangers.

It didn't. It preferred to spend millions on e-government and encourage the population to achieve a critical mass, a fairy tale virtual world where the public sector and the population met to share the prime minister's vision of 'UK Online'.

Today the strategy appears to have become lost in some Whitehall office or gone 'tits up'. There's a stunning absence of leadership from Westminster. Meanwhile, the Britain that was supposed to be the best possible environment for ecommerce is looking decidedly like Europe's best online mugging opportunity.