Internet service providers need to work harder to prevent
hacks, data theft and other fraud, including contacting
customers whose infected computers have been hijacked by
organized crime and helping them clean out viruses, the head
of the Federal Communications Commission said on Wednesday.
FCC Chairman Julius Genachowski addressed how the FCC and its
federal partners are working with broadband providers and
other stakeholders to develop smart, practical, voluntary
solutions to tackle key threats to cybersecurity. He called
Internet stakeholders "to take concrete steps to address three
significant cyber threats ? botnets, domain name fraud, and IP
hijacking."
"The potential harm of cyber attacks is so great because the
Internet has become such a key platform for innovation,
economic growth, and opportunity -- delivering more and more
value to people everywhere, every day," Genachowski said.
However, he noted that as stakeholders address the challenge
of cybersecurity, it's vital that we preserve the ingredients
that have and will fuel the Internet's growth and success.
"Specifically, it's critical that we preserve Internet freedom
and the open architecture of the Internet, which have been
essential to the Internet?s success as an engine of innovation
and economic growth."
Genachowski said that privacy should be not compromised to
enhance online security, as both are essential to consumer
confidence and adoption of broadband. "We can and must improve
online security while protecting individuals' privacy," he
said.
Regarding "Botnets" - robot networks created by cyber
criminals who distribute a virus, better known nowadays as
malware over the Internet - Genachowski believes that
consumer education is a key piece of the solution. ISPs can
also play a significant role in the battle against botnets, by
increasing customer awareness so that users can look for signs
that their computers are being used as bots, detect infections
in customers' computers, notifying customers when their
computers have become infected, and offer remediation support.
He called on all ISPs, working with other stakeholders, "to
develop and adopt an industry-wide Code of Conduct to combat
the botnet threat and protect the public."
Regarding Internet route hijacking, Genachowski said that
network operators need to adopt secure routing standards, and
engineers - including leading engineers involved in the
development of the Internet - are making real progress on
developing these technical standards in a way that will
protect individual privacy and secure Internet routing.
He also talked about domain name fraud - a attacking internet
DNS servers and misdirect users to fraudulent websites. He
said that the Internet Engineering Task Force has already
developed a series of security extensions to the DNS, which
are designed to address these vulnerabilities. Their solution
is called DNSSEC, and it's been endorsed by Internet pioneers,
including Rodney Joffe, Vint Cerf, and Steve Crocker, as well
as Internet organizations like the Internet Society.
"DNSSEC was designed with privacy in mind and it can and must
be implemented in a way that protects individual privacy,"
Genachowski added. "I urge all broadband providers to begin
implementing DNSSEC as soon as possible."
Plan to protect online privacy
In related news, the White House on Thursday proposed a "bill of rights" that would give consumers greater online privacy protection.
President Barack Obama said it was part of a broader plan to give Americans more control over how their personal data was used on the Internet.
"American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," said Obama. "As the Internet evolves, consumer trust is essential for the continued growth of the digital economy. That's why an online privacy Bill of Rights is so important."
Internet giants such as Google and Facebook have been accused of tracking their customers' online activities and then using that data to generate advertising revenue.
The U.S. Commerce Department will work with companies and privacy advocates to develop "enforceable" privacy policies based on the bill of rights, said the White House.
Advertising networks associated with Internet firms including Google, Yahoo! and Microsoft have agreed to act on "Do Not Track" technology on web browsers that make it easier for consumers to control tracking.
The Digital Advertising Alliance said on Thursday it would immediately begin work to add these browser-based choices to the set of tools consumers can use to express their preferences for data collection.
According to the planned privacy bill, consumers would have control over the kind of data companies collect, companies must be transparent about data usage plans and respect the context in which it is provided and disclosed. Companies would have to ensure secure and responsible handling of the data and be accountable for strong privacy measures.
The bill of rights also calls for reasonable limits on the personal data that online companies can try to collect and retain and the ability of consumers to access and ensure the accuracy of their own data.
While companies can voluntarily choose whether to adopt these principles, those that do commit could face enforcement action for straying from the principles.
California's attorney general also said on Wednesday that
Amazon, Apple, Google, Microsoft, Research In Motion, and Hewlett-Packard agreed to disclose how they use private data before any of their app for mobile devices may be downloaded.