The following is submitted in a personal capacity. I have 20+ years experience as the head of IT depts of biological research institutes. Currently I manage a network of over 1,000 computers with a few dozen servers, several Internet connections and one advanced research network link. At the moment I am leader of a World Bank funded project to improve the IT security and business continuity of 15 international agricultural research institutes of the CGIAR.[21]

  Much of what I could tell you I am sure you will discover anyway from other submissions (eg 95% of the world's email traffic is now spam coming from "zombie" computers) so I will focus mainly on one issue that may not otherwise get a hearing, what I will call the forgotten victims—those in the developing world. However, I recommend the cover story on 17 July 2006 issue of Business Week (The Plot to Hijack Your Computer) as essential and very accessible reading, though trust that this will have been drawn to your attention already.

  In the developed world much of the focus on Internet security is on identity theft and financial loss that may result. Notwithstanding the fact that the notorious ILOVEYOU virus originated in the Philippines, that so-called 419 scammers hail mostly from Nigeria and that a growing share of the world's spam originates in China, it is nevertheless true that people in developing countries connecting to the Internet today are the least able to address the consequences of IT insecurity, both in terms of paying for technical solutions where they may help and in having the knowhow to manage them.

  I have seen children in the developing world receive pornography by email as their reward for having an email address. I have read that the business of putting children in front of webcams and abusing them is a booming business in the Philippines, a sad but perhaps unsurprising result of the coincidence of poverty and technology.

  I ask only that some consideration be given to these issues, which are not simply technical matters but are at some level matters of national morality. There cannot fail to be negative repercussions for societies that tolerate the abuse of the dignity of others and most especially of children. Civilized countries hold child sex abuse overseas to be a crime. Any activities involving technology that corrupts children directly, or sexualises them prematurely by ramming advertisements for pornography, viagra and sex aids etc. down their throats should, in my view, also be a serious criminal offence and all children, worldwide, should be equally entitled to whatever legal protection is available.

  There are no technical solutions that would enable spammers to avoid emailing pornography to children but if that were an offence with serious sanctions I believe that this would help protect children and, as a side effect many would welcome, dramatically reduce the incidence of this kind of email.

  I believe that the appropriate yardstick for measuring sanctions for inflicting IT insecurity should be the impact on the most vulnerable. If a farmer in a developing country can show that an IT security problem inflicted on him has cost him a proportion of his income then that would be an appropriate cost to the perpetrator. Just as fake drugs have cost lives in the developing world I think it's likely that IT insecurity has also, eg in hospitals.

  I have been involved in connecting agricultural scientists in the developing world to improved communications for almost 20 years. I have been involved in the donation of hundreds of computers to schools in the Philippines every year for seven years. Happily most are not Internet connected—yet. Some of what the developing world is exposed to, forcibly, as it comes online churns my stomach.

  The United States has failed utterly to introduce workable legislation that would have an impact on the problems of IT insecurity originating in the US. Good legislation in the UK can have an impact far beyond the UK. Global norms will be necessary. The UK can lead the way. I commend the Committe for its interest.

  Speaking from the perspective only of an IT manager:

  The general public will never be technically adept and operating systems will never be secure. The public will, unavoidably, have to learn more, just as drivers must pass driving tests. However, what people can get away with in small print of software licence agreements will remain an issue. Today every computer user is accustomed to clicking "I Accept" routinely, just to be able to work. It's incontestable that nobody has time to read the small print of every agreement they must consent to in order to install software. Many of these are very bad agreements which should conflict with statutory rights. Imagine for a moment if people were offered 20 page legal agreements to sign every time they got on a bus and if their homes were burgled as result of something they'd signed; or which someone else using a borrowed Oyster card may have agreed to, without any signature. This would rightly be seen as intolerable and would be stoppped at once.

  I would welcome seeing Americans—and nationals of other countries with reciprocal agreements—extradited to the UK to stand trial for violating UK laws about deceptive software licence agreements that caused people's privacy to be violated, their identities to be stolen, their computers sabotaged, their bank accounts plundered, their bandwidth wasted etc.

  Finally, I can attest that the cost of fighting viruses, spyware, and spam as well as hackers and denial of service attacks is large and is a growing part of my job. It is a tax that nobody should have to pay. Any reduction will free resources for more productive use. In the case of my employer that is spending money, including British taxpayer's money, on fighting poverty, hunger and environmental degradation.