Users fear venturing too far online

At the annual Information Security Solutions Europe (ISSE) event in Rome this month, some experts warned that the growth of e-commerce and online banking is being undermined by a lack of awareness and fear of transacting via the internet.

In a panel debate, Peter Keller of telecoms firm Swisscom argued that as many as a third of consumers may be limiting themselves to browsing and email because they are afraid to attempt more complex procedures online.

He blamed scaremongering by the mass media and poorly engineered, difficult-to-use products as the main causes of user insecurity.

Security expert Bruce Schneier agreed, arguing that internet service providers (ISPs) could play a vital role in providing support and protection for consumers.

"Computers are too hard to use," he said. "Home users don't have an [IT department] to be their trusted security adviser, but ISPs could fulfil that role."

He added that vendors should be held liable for flaws in products and services that can result in enterprise customers suffering financial loss, bad publicity or non-compliance with regulations.

"If you don't [enforce vendor liability] the problem will never be fixed, but if you do, the technologies will come out of the woodwork to fix the problem because there will be money to be made from it," Schneier argued.

Keller said vendors must inform customers about the "true risks rather than confusing them with too many security messages". He added that regulation may be required to enforce quality and reliability of some products.

Michael Howard, a senior Microsoft security manager, admitted that Microsoft has been guilty of bombarding users with overly technical information.

"Users don't make good trust decisions partly because they don't know what's going on," he said. "No one would understand some of the dialogue boxes we've given."
He added that technology vendors cannot assume the end-user is educated, so security measures should be built in as standard.

"We're going to provide these baseline defences in the operating system to protect you and then provide the functionality to unlock things if you are an alpha geek and want to do this," he said.

The Italian minister of communications Paolo Gentiloni urged the European Commission to regulate in matters of "standardisation, interoperability and security certification" to create a minimum standard for security. "It would be worth achieving a common position within the European Community," he said.

Gentiloni also warned that IP-based applications such as IP TV and VoIP need "new standards and models in order to guarantee communication security".

The European Commissioner for Information Society and Media, Viviane Reding, acknowledged in her keynote the importance of diversity in IT to reduce the risks of depending on one type of technology. The Commission "expects the private sector to be proactive in areas [such as] usability and interoperability ", she added.