Should ISPs really be the Internet’s police force?Posted on February 20, 2008

Jim CredladnIt is nice to remember those heady, early days of the Internet, when corporations, politicians and users alike waxed lyrical about the freest flow of information humankind has ever seen. Fast forward 17 years and we are faced with yet another call for ISPs to do more to stop file-sharing – this time with a somewhat reactionary proposal that illegal file-sharers be booted off the Internet by their service providers.

These calls are, not surprisingly, coming from those with the most to lose from a truly free Internet, with the music and film industries leading the assault. Logically it seems they may have right on their side – they own the IP rights for the tunes and movies so why should they be robbed of their profits?

But then why should it be the ISP’s job to keep its users in check? Should manufacturers of tape-decks and CD players be required to monitor their devices and report back to the government every time a copy is made? Should car manufacturers be made to remotely shut down any vehicle they produce once its driver exceeds the speed limit? Of course not – it is absurd, and so is the idea that ISPs have any businesses policing their users.

Quite frankly, as a musician and owner of copyright material myself I welcome the Internet and all it brings. Sure there's been a revolution and I'm struggling to sell as much vinyl as I once did (DJs having joined the laptop party recently). However the cost of entry into the market has dropped and I can now release more interesting and experimental material more easily.

As an artist I do like to see people buying my music. However, whilst music piracy may be theft, I am aware that the majority of people with copies are not ripping me off. They are still copies - this isn't theft that necessarily deprives me of something I would otherwise have had! Many people who copy this material are not going to simply buy it instead, even if piracy was difficult.

The music and film industries should worry less about enforcement and more about how they are going to take advantage of what is a much cheaper and more effective means of distribution. Things will change massively and profits may be insecure for a while, but ultimately the Internet provides a wealth of opportunities for artists and distribution companies – they just need to recapture some of the initial excitement of the Internet and worry less about maintaining the status quo.

Jim Credland, security consultant, THUS

Don’t let the fraudsters ruin VoIP for the rest of usPosted on February 6, 2008

Matt CantwellThe technology press does seem to like a good scare story, and VoIP has seen more than its fair share. This month it was the turn of BT to get in the firing line as an ‘ethical hacking’ group claimed to have found a serious flaw in its Home Hub product which meant it could be used as a platform to launch nefarious VoIP frauds. It turns out that this was probably no more than a storm in a tea-cup as BT issued a strenuous denial and pointed out that they had spotted the flaw months ago and fixed it. Regardless, this incident did serve some value in once again raising the issue of Internet fraud.

Phishing and pharming attacks are almost old hat by now. I received two phishing attacks this week alone – one telling me I had won the lottery and the other from a ‘businessman’ asking me to partner with him in an exciting (undisclosed) project. Both would have involved me sending my bank details to the fraudsters and shortly after, no doubt, my account would have been cleaned out. Pharming can be a bit trickier to spot and involves fraudsters mimicking legitimate Internet sites (usually retail outlets or banks) to once again part their victims from their bank details.

Businesses, however, have not been slow to counter these threats, and with a combination of good firewalls, SPAM filters and employee education there is no reason for anyone to fall victim to these rather unsophisticated fraud threats.

Vishing, however, is a different kettle of fish and it is here that VoIP is getting an entirely undeserved reputation. Vishing is where a user is called, or makes a call to an automated system that asks them for personal information (bank details for example) and then records the answer. The recordings are then used by fraudsters to liberate money from the victims account. The victim doesn't have to actually have a VoIP system either - it's just that the VoIP technology reduces the costs to the fraudster.

Unfortunately the association between this particular use of VoIP for fraudulent purposes tends to tarnish the entire technology with the same dirty brush. It's a little like assuming all automobiles are evil simply because some of them are used as get-away cars after a robbery.

Sure, the VoIP system here has enabled this new type of crime. But there are reasons for this, the VoIP system is flexible, relatively cheap, quick to implement, based on standard IP components and provides a great set of customisable features. Bear in mind the entire crime is possible with older technology - it was just too much of a pain in the neck to carry out. Whatever we do, we must make sure that we reclaim VoIP from the fraudsters and let legitimate businesses and home users claim the benefits for themselves.


Matt Cantwell – Head of Product Portfolio