Personal Internet Security |
CHAPTER 1: Introduction
1.1. The Internet is a global network of millions
of interconnected computer networks linking hundreds of millions
of machines used by over a billion people. It transfers data between
these machines in such a way that the computers at each end of
a connection need not be aware of each other's physical location,
or the technical details of the many intervening data transmission
1.2. The origins of the Internet lie in the 1970s,
but it was opened to commercial traffic in 1985, began to be widely
used by individuals in the early 1990s and is now so important
that it is deemed to be part of the critical national infrastructure
of all developed nations.
1.3. The Internet underpins a considerable amount
of global economic activity, permitting huge changes in traditional
business models. It has also radically changed the way in which
individuals are able to access information, entertain themselves,
and even the way in which they meet their partners. It has undoubtedly
been, and continues to be, a powerful force for good.
1.4. It is also a complex phenomenon that continues
to evolve and grow at a rapid pace. In March 2007 the total number
of Internet users world-wide was put at 1.114 billion, or 16.9
percent of the world's population. Internet penetration continent
by continent varies from 3.6 percent in Africa to 69.7 percent
in North America. In the United Kingdom Internet penetration is
62.3 percent, among the highest in Europe, with growth from 2000-2007
put at 144.2 percent.
Some eastern European countries have seen growth over the same
period, albeit from very low levels, of well over 1,000 percent.
1.5. The fast-changing technology underpinning
this growth in Internet use is very poorly understood by the vast
majority of its users. Indeed, one reason for the prodigious success
of the Internet is that users can "surf the web" without
having to understand the technical means by which information
is accessed or communicated. The many layers of technology that
lie beneath the interface seen by the user, typically a software
application known as a web browser, are effectively hidden. But
just as the technology is for most users invisible, so are the
1.6. These risks are manifold. They threaten
personal securitythat is to say, they may undermine the
individual's ability to control the information that they have
entered into or stored on connective devices such as PCs, mobile
telephones, or databases operated by commercial organisations,
government agencies and others. Victims typically suffer financial
loss through fraud, though in cases of identity theft they may
also suffer loss of reputation, or, in extreme cases, may be accused
of crimes they did not commit.
1.7. Online risks may also impact upon personal
safetyby which we mean they may lead to direct physical
or psychological harm to the individual. One high-profile threat
is that posed to children by predatory paedophiles, who conceal
their true identity whilst using the Internet to "groom"
potential victims. Probably far more common is the online bullying
of children by their peers, while even adults who injudiciously
disclose personal information online have found that their personal
physical safety has been compromised.
1.8. The title of this Report is Personal
Internet Securitywe have considered primarily issues
pertaining to individual experiences of the Internet. We have
not generally considered business security issues, except insofar
as these affect the security of the data of individual customers.
Thus we have made recommendations around the theft of personal
data but not around industrial espionage. Nor have we considered
matters of business continuity, risks to services, or possible
failure of the critical national infrastructure as a result of
the Internet ceasing to operate for an extended period. These
are all important issuesbut outside the scope of this Report.
1.9. We have heard many analogies in the course
of our inquiry. None of these analogies is exactthe Internet
is not like any other technology or industry that has ever been
created before. Nevertheless, we have found analogies useful,
if not in developing conclusions and recommendations, then at
least in structuring our evidence and our arguments in a readily
comprehensible form. The analogy that underpins the structure
of this report derives from road transport. Within the road transport
system, the safety or security of the individual road user is
protected at several levels:
- The networkroads are designed
and engineered for safety, maintained, lit, sign-posted, and so
- The equipment that uses the networkcars
and other vehicles that use the network have safety features built
into their design.
- Individual users themselvesthey are taught
how to drive, subjected to testing; their behaviour may be monitored;
social pressures are also exerted.
- The policing of the networkthere is a
clearly defined legal framework for the use of the network; those
who breach the law risk prosecution.
1.10. These headings have helped us to establish
a clear and comprehensive analytical approach to Internet security,
embracing technical security (at both network and appliance level),
individual behaviour, and policing. The bulk of this report is
therefore structured around these main headings. First, however,
we describe the backgroundthe history of the Internet,
its major technical features, and the nature of the threat faced
by individual users.
Background and acknowledgments
1.11. The membership of the sub-committee is
set out in Appendix 1, and our call for evidence, published in
July 2006, in Appendix 3. Those who submitted written and oral
evidence are listed in Appendix 2. We would like to thank all
of our witnesses, as well as those who submitted articles, briefings
and other materials in the course of the inquiry.
1.12. We launched this inquiry with a seminar,
held at the Institution of Engineering and Technology, in November
2006, and a note of the seminar is given in Appendix 4. We are
very grateful to all participants in this event.
1.13. We would like to put on record our thanks
to the Deputy Ambassador in Washington, Alan Charlton, the Consul
General in San Francisco, Martin Uden, and all their staff, for
their help in organising a hugely valuable visit to the United
States in March 2007. We are also grateful to a number of people
who, while not appearing formally as witnesses, have been extremely
generous in offering assistance and advicein particular
Linda Criddle of Look Both Ways and Ed Gibson of Microsoft.
1.14. Finally, our Specialist Adviser for this
inquiry was Dr Richard Clayton, of the University of Cambridge
Computer Laboratory. His expertise in computer security has been
invaluable to us throughout the inquiry. However, our conclusions
are ours alone.
1 Source: Internet World Stats (http://www.internetworldstats.com/stats.htm).