Co-regulating Internet Security: The London Action Plan
Abstract
Although the Internet with its associated information infrastructure is robust, it retains security vulnerabilities in: Content (software vulnerabilities, security breaches in important organisations) Physical structure (fibre optic infrastructures, availability of communication links and vulnerability of major elements to man-made or natural disasters). Distributed Denial of Service (DDoS) attacks, beginning in 2001 against Yahoo! and eBay Corporate responses to the increasing financial returns for attackers (for example the growth of phishing, malware and extortion attacks against gambling websites) The general public, ICT specialists, industry and government perceive security threats differently. For instance, consumers participation and behaviour on-line are distorted by concerns about identity theft, spam and denial of service. Industry has tended to focus more on the problem of sustaining infrastructure integrity in the face of increasing openness in the technical architecture and rapidly rising levels of use. Concerns belonging to (though not always embraced by) the public sector include both principled and pragmatic consequences for trust and confidence of malicious and damaging activities. The relative neglect by private parties of the consequences of e.g. privacy breaches and phishing can threaten public goods from the rule of law to international economic competitiveness. New approaches to this problem require public, private and civil society organisations to collaborate in new institutions of Internet governance. In addition to overlapping interests, they have complementary competences: the state has power to regulate many areas of civic and business life; business has the technical and organisational scope to change products, services and processes; and citizens can take detailed personal or community responsibility, implementing precautions that would be oppressive at national or market level and acting as trip-wires for emergent threats. International bodies can also encourage shared approaches and solutions that markets cannot or will not provide unaided. The London Action Plan (LAP) on Spam is one such group, established in 2005 and comprising over forty government agencies (typically the consumer protection agency) from Europe, North America and Asia, and over twenty multinational companies involved in supplying security hardware,software and services. The LAP is a loose coordination mechanism sitting above bilateral, multilateral and standards-based initiatives, providing coordination and exchange of best practice. In this article we have used existing literature, a large-scale electronic survey of stakeholder participants, an expert workshop and interviews with a range of LAP stakeholders to answer the following research questions: Where should action on Internet security sit in the continuous spectrum from self to co-regulation to full regulation? How are divergent national approaches accommodated, with shifting alliances between government, industry groups and users? How well does the London Action Plan framework include all stakeholders, including civil society? What lessons can we learn from the London Action Plan for the development of other self/co-regulatory organisations?
Sign up today - FREE
Mendeley saves you time finding and organizing research. Learn more
- All your research in one place
- Add and import papers easily
- Access it anywhere, anytime
