[LINK] Consumer computer security
Roger.Clarke at xamax.com.au
Tue Jan 23 09:22:47 AEDT 2007
At 6:50 +1100 14/1/07, Alan L Tyree wrote:
>I'm looking for some help here. I'm writing a submission to ASIC on the
>review of the EFT Code of Conduct. One of the things that Industry has
>been pushing for is to make consumers liable for losses caused by
>computers infected with malware.
>The argument I wish to make is that consumers are hopelessly ill
>equipped to secure their (Windows) computers. ...
[Just as I'm nearing finalisation of a draft paper on the topic -
I'll post an RFC shortly - up bobs this useful article. Comments
Banks look at liability for internet con losses
The Sydney Morning Herald, Business Section
Date: January 23 2007
REPORTS claiming banks had lobbied to make customers liable for money
lost to internet fraud have been denied by both bankers and their
The Australian Bankers' Association said neither it nor any of its
members had yet made submissions to a review of the existing code of
conduct for the electronic funds transfer system of payment announced
earlier this month by the Australian Securities and Investments
['Plausible deniability' usually hinges on setting up a straw man
accusation and then denying the straw man. 'We haven't made any such
submission' = 'we've lobbied for it, we've even made the mistake of
mentioning it in writing a couple of times, but we've not [yet] made
a 'submission' to that effect, at least not to ASIC']
The code applies to transactions made via EFTPOS, ATM and internet
and telephone banking.
At present, banks voluntarily reimburse customers for money lost
while banking online. The review will determine whether the current
system should remain unchanged or if customers ought to bear some of
the responsibility for keeping their personal computers secure.
[Isn't pseudo-regulation gloriously amenable? While it suits your
purposes as a shield, you call it 'self-regulation', and as soon as
you want to get rid of it, you refer to it as 'voluntary'. Expect
next: 'uneconomic', 'red tape', 'impost on small business',
'subsidy' and 'disincentive to consumer self-responsibility']
"There's going to be a lot of discussion about who is responsible for
internet fraud," said the Australian Consumers Association's finance
spokesman, Nick Coates. "I suspect there will be a vigorous argument
presented to consumers that if you don't update your virus software
or don't have the latest firewall in place that you have not
fulfilled your duties under the EFT code."
A spokesman for the Australian Bankers' Association said neither the
peak body nor any of its members nor any of its members' lawyers had
been "specifically lobbying ASIC to have some changes made".
['have not been specifically lobbying' = 'have been generally lobbying']
ASIC's executive director of consumer protection, Greg Tanzer, said
the regulator had consulted industry, and liability for internet
fraud losses had been discussed as a topic of review, but the
discussions had not "extended to lobbying" and no individual banks
had been involved.
[oh better still: if the lobbying is conducted at the invitation of
the regulator, then it's not 'lobbying' but 'discussion']
Mr Tanzer said it might be reasonable to require users to keep
up-to-date virus protection on their computers, or to provide them
with some incentive to do so, particularly if they have been
defrauded more than once without protecting themselves.
However, he said, there were also strong arguments against putting
the responsibility on consumers to keep often complex technology in a
"It's important to have a debate about it but the debate should be in
the context of: 'This is the issue that has been raised'. It's not a
question of just shoving liability for fraud, including credit card
fraud or anything else, on to consumers."
AACA's Mr Coates applauded the review but said consumer advocates
were preparing for a stoush with some companies that might try to
force a heavier burden on to their customers than was reasonable.
[AACA? A mis-print? Or has ACA - which now thinks and acts like a
business and prefers to project the Choice branding - changed its
"The EFT code is old," Mr Coates said. "It's ageing and it's
struggling to stay up with the developments in modern banking
technology. There's no question it needs upgrading."
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link