The August report of the House of Lords Science and Technology Committee on internet security has accused the government of failing to take action on personal internet security. It has proposed a number of radical changes, including:
- Introducing software and hardware vendor liability for security – this would be introduced at European level. Liability would be imposed where the vendor has been negligent in failing to take steps to make the hardware or software more secure for consumers.
There are already moves at a European level to extend consumer protection laws to software. In early September the European Parliament passed a Resolution endorsing the earlier Green Paper issued by the EU Commission. The Green Paper had recommended extending existing consumer protection laws to software. Although both documents are only policy statements and so do not change the current law they are a clear indication that the EU spotlight is now firmly focused on this issue. Changes are likely to be introduced as part of the ongoing EU review of the complete suite of consumer protection laws.
- Increasing ISP responsibility for security - the existing "mere conduit" immunity for ISPs would be removed once the ISP detects or is notified that machines on that ISP's network are sending out spam or infected code.
- Introducing mandatory notification of data leaks – this would include the establishment of a central reporting body and also clear rules on the content of notifications to the individuals affected.