The announcement by the Centre for Secure Information Technologies (CSIT) of hardware filters to screen vast quantities of internet traffic for online nasties will be welcomed by anyone who has experienced cybercrime.
The system suggested could be used by ISPs to protect individual web users with “cloud-level” scanning, obviating the need for conventional anti-virus and firewall products. It could identify and quarantine PCs recruited to botnets.
Equally, it could be used by large companies and government organisations to protect against assaults, such as a denial of service attacks. The system would be able to identify and manage an attack before it became a security crisis.
Indeed, it is the proposed ability of the system to predict and act quickly to prevent damage from cyber attacks which makes it so attractive.
But will it, for example, be permitted to shut down the internet connection of someone who it detects is attempting to commit a fraudulent online transaction? Or someone who is sharing copyrighted material without authorisation? The latter scenario has already sparked widespread debate as copyright owners struggle with how best to tackle file-sharing, while legislators seek to preserve individual rights.
Of course, automated software to predict and prevent fraudulent transactions is already in widespread use by credit card companies. And many of us have experienced the frustration of having a legitimate transaction blocked because the system decides the transaction is “suspicious” given “normal” patterns of spending.
So that puts enormous responsibility on those who write the rules by which the filter operates: to define what is illegal activity, to determine its automated responses, and to ensure any erroneous actions taken by the system are rectified quickly.
Hollywood has come up with numerous dark visions of a world where automated systems run out of control, from War Games to Minority Report. CSIT’s system may be a far cry from such deadly consequences, but with government agencies already showing a keen interest in the technology, there needs to be close scrutiny of the rule writers.
