[LINK] Consumer computer security

Roger Clarke Roger.Clarke at xamax.com.au
Tue Jan 23 09:22:47 AEDT 2007

At 6:50 +1100 14/1/07, Alan L Tyree wrote:
>I'm looking for some help here. I'm writing a submission to ASIC on the
>review of the EFT Code of Conduct. One of the things that Industry has
>been pushing for is to make consumers liable for losses caused by
>computers infected with malware.
>The argument I wish to make is that consumers are hopelessly ill
>equipped to secure their (Windows) computers. ...

[Just as I'm nearing finalisation of a draft paper on the topic - 
I'll post an RFC shortly - up bobs this useful article.  Comments 

Banks look at liability for internet con losses
The Sydney Morning Herald, Business Section
Date: January 23 2007
Marc Moncrief

REPORTS claiming banks had lobbied to make customers liable for money 
lost to internet fraud have been denied by both bankers and their 

The Australian Bankers' Association said neither it nor any of its 
members had yet made submissions to a review of the existing code of 
conduct for the electronic funds transfer system of payment announced 
earlier this month by the Australian Securities and Investments 

['Plausible deniability' usually hinges on setting up a straw man 
accusation and then denying the straw man.  'We haven't made any such 
submission' = 'we've lobbied for it, we've even made the mistake of 
mentioning it in writing a couple of times, but we've not [yet] made 
a 'submission' to that effect, at least not to ASIC']

The code applies to transactions made via EFTPOS, ATM and internet 
and telephone banking.

At present, banks voluntarily reimburse customers for money lost 
while banking online. The review will determine whether the current 
system should remain unchanged or if customers ought to bear some of 
the responsibility for keeping their personal computers secure.

[Isn't pseudo-regulation gloriously amenable?  While it suits your 
purposes as a shield, you call it 'self-regulation', and as soon as 
you want to get rid of it, you refer to it as 'voluntary'.  Expect 
next:  'uneconomic', 'red tape', 'impost on small business', 
'subsidy' and 'disincentive to consumer self-responsibility']

"There's going to be a lot of discussion about who is responsible for 
internet fraud," said the Australian Consumers Association's finance 
spokesman, Nick Coates. "I suspect there will be a vigorous argument 
presented to consumers that if you don't update your virus software 
or don't have the latest firewall in place that you have not 
fulfilled your duties under the EFT code."

A spokesman for the Australian Bankers' Association said neither the 
peak body nor any of its members nor any of its members' lawyers had 
been "specifically lobbying ASIC to have some changes made".

['have not been specifically lobbying' = 'have been generally lobbying']

ASIC's executive director of consumer protection, Greg Tanzer, said 
the regulator had consulted industry, and liability for internet 
fraud losses had been discussed as a topic of review, but the 
discussions had not "extended to lobbying" and no individual banks 
had been involved.

[oh better still:  if the lobbying is conducted at the invitation of 
the regulator, then it's not 'lobbying' but 'discussion']

Mr Tanzer said it might be reasonable to require users to keep 
up-to-date virus protection on their computers, or to provide them 
with some incentive to do so, particularly if they have been 
defrauded more than once without protecting themselves.

However, he said, there were also strong arguments against putting 
the responsibility on consumers to keep often complex technology in a 
particular state.

"It's important to have a debate about it but the debate should be in 
the context of: 'This is the issue that has been raised'. It's not a 
question of just shoving liability for fraud, including credit card 
fraud or anything else, on to consumers."

AACA's Mr Coates applauded the review but said consumer advocates 
were preparing for a stoush with some companies that might try to 
force a heavier burden on to their customers than was reasonable.

[AACA?  A mis-print?  Or has ACA - which now thinks and acts like a 
business and prefers to project the Choice branding - changed its 

"The EFT code is old," Mr Coates said. "It's ageing and it's 
struggling to stay up with the developments in modern banking 
technology. There's no question it needs upgrading."

Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list