Print this article  |  E-mail this article  |  Comment on this article

EU proposal would task ISPs with blocking infected addresses

By Sharon Fisher, BetaNews

July 1, 2008, 6:47 PM

A paper will be published later this year with far-ranging recommendations for reducing cybercrime in Europe, including a statutory scale of damages against ISPs that do not respond promptly to requests to shut out compromised machines.

A subset of the paper, entitled "Security Economics and European Policy," was presented by one of its four authors, Tyler Moore, a researcher and Ph.D student at the University of Cambridge. Other authors included Ross Anderson and Richard Clayton, also of the University of Cambridge; and Rainer Bohme, TU Dresden.

The group offered a set of 15 recommendations, including a cybercrime equivalent to NATO, and improvements to security, as well as more publicity about security breaches.

The paper (PDF available here) is a follow-up to meetings in April and last fall by the Council of Europe, which called for ISPs to share information and respond to government data requests more quickly, and similar requests from the European Union.

"People who leave infected machines attached to the network, so that they can send spam, host phishing websites and distribute illegal content, are polluting the digital environment," the report's authors wrote, "and the options available are broadly similar to those with which governments fight environmental pollution (a tax on pollution, a cap-and-trade system, or private action). Rather than a heavyweight central scheme, we think that civil liability might be tried first."

EuroISPA, a pan-European association of nine European ISP associations that is composed of about 1,000 ISPs, is generally supportive of improving security but is unsure or even against some of the specific proposals made by the Council of Europe, as a recent review indicates (PDF available here). EuroISPA includes ISPs from Austria, Belgium, Czechoslovakia, Finland, France, Germany, Ireland, Italy, and the UK.

Many countries have agreed to support the Council of Europe's Conventions on Cybercrime, but a number of others -- including some thought to be harboring botnet herders and other criminals using technology for extortion and denial of service attacks --- have not yet agreed to it. These countries include Andorra, Azerbaijan, Georgia, Liechtenstein, Monaco, Russia, San Marino, and Turkey.

A number of European countries and organizations have faced cyberattacks in the past year or so, including Estonia, and gambling operations threatened with takedowns just before major sporting events.

The "Security Economics" paper as presented did not go into a great deal of detail about how the proposals would be implemented, such as how a machine would be blocked or what recourse an innocent person with a hijacked machine might have.

Add a Comment (15 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By NormWilson

edited Jul 2, 2008 - 10:25 AM

I find it ironic that a page devoted to overall Internet Security chooses to use PDF as a format.

Score: 0

By samjohnson

edited Jul 3, 2008 - 6:46 AM

> The EU is talking out of it's arse again.

Oh poor diddums! Did the big bad EU fine Microsoft? Booo! If you read the paper or even the article it's by some university researchers not the EU. Anyway, the more Americans hate the EU the more we're reminded of the merits of doing things peacefully. Carry on invading! You'll get the bill in the end.

Score: 0

By sagum

posted Jul 2, 2008 - 12:30 PM

The EU is talking out of its arse again. They may as well start issuing licenses after passing an approved intaweb test. Make the users learn how to protect their machines and fine the users who don't. of course this will lead to internet tax and a annual computer MOT to make sure its all running smooth and isn't bug ridden.

Score: 0

By robmanic44

posted Jul 2, 2008 - 11:53 AM

There's no way this is ever going to work. They must understand that they're shooting at a moving target and sometimes that target is invisible.

Score: 0

By CyberDoc999

posted Jul 2, 2008 - 2:58 AM

Everyone in the world should just refuse to do anything that the EU tells them to do!
The EU is way too powerfull, we need to stop the EU before they rule the world!

Score: 0

By Terracotta

posted Jul 2, 2008 - 12:25 PM

Nobody hates the EU as much as we so-called Europeans.

Score: 0

By Bouvier

posted Jul 2, 2008 - 12:29 PM

Exactly !!

95% of European citizens don't want Europe, because it's going to mimick the U.S.A.

We don't want the Europe that will going to mimick the U.S.A. and it's so called "freedom", we want to live in REAL freedom and no faked up freedom filled with billions of methods that are just anti-freedom.

Score: 0

By imafurby

posted Jul 2, 2008 - 4:16 PM

Europe loves to mimic the USA. There would be no Europe as you know it, if it were not for the USA.
Now tell me that you'd rather have had Uncle Adolph and his pals running things for the past 50 years.

Score: 0

By Galway

posted Jul 2, 2008 - 5:13 PM

Yea yea ... the USA won the war single handedly.
Their motives were not driven by the thought of buying oil from the Germans at all.

"There would be no Europe as you know it, if it were not for the USA."

There would not be no USA as you know it, if the Europeans hadn't populated it.

If your so good what happened in Vietnam ? run out of bullets ?

Score: 0

By imafurby

posted Jul 3, 2008 - 8:46 PM

For the record, is this a joke? "Buying oil from the Germans"???

Score: 0

By preinterpost

posted Jul 2, 2008 - 8:31 AM

Yeah, send in US troops. Let's join the land of the free!

Score: 0

By imafurby

posted Jul 2, 2008 - 4:18 PM

..and you'd be the first person screaming if they didn't get there in time.

Score: 0

By psycros

posted Jul 2, 2008 - 2:22 AM

"People who leave infected machines attached to the network, so that they can send spam, host phishing websites and distribute illegal content, are polluting the digital environment". Two outta three ain't bad, but how exactly is illegal content "polluting" the net? Other than the numerous trojans contained in illegal software, I can't see the analogy.

Score: 0

By alex_sporik

posted Jul 2, 2008 - 2:56 AM

In theory it will block botnets (spam, viruses etc) and p2p-based attacks. Hope it will work.....well

Score: 0

By BigBearDave

posted Jul 3, 2008 - 7:33 AM

Should be mandatory for any business to run their DNS requests through OPENDNS.com and register every single bad phishing or virus spam domain so we can get rid of this altogether.

OpenDns is the fastest DNS servers I have ever used and block everything I ask them to and more...Pitty we could not block stupid poeple, unfortunately its impossible...

Score: 0

Nov 21 - 9:29 PM ET Hurd's the word in Ballmer's e-mail nightmares

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update