Privacy Commissioner delays zombie code

The finishing touches to an e-security code of conduct which will prevent compromised computers, also called "zombies", from accessing the internet is being delayed following concerns flagged by the Privacy Commissioner.

The finishing touches to an e-security code of conduct which will prevent compromised computers, also called "zombies", from accessing the internet is being delayed following concerns flagged by the Privacy Commissioner.

It aims to make formal existing voluntary security arrangements that internet service providers (ISPs) currently follow under a scheme run by the Australian Communications and Media Authority (ACMA), according to Internet Industry Association (IIA) CEO Peter Coroneos. The scheme sees ISPs receive daily reports from the ACMA which the providers can then, voluntarily, use to alert customers.

However, this formalisation was slowed by privacy concerns that were flagged in a public consultation of the draft code, a process which began in September.

A number of submissions were received by the IIA, Coroneos said, but none were made publicly available by the association. Though one was available on the Privacy Commissioner's website (PDF). It recommended measures the IIA should take to expand the code to explain exactly how ISPs will monitor computer networks, recommendations Coroneos said the IIA had taken on board in an updated version. The Privacy Commissioner wanted to make sure that the public understood how and why their activity was being watched.

"There's been a couple of technical issues that came up during the public consultation process and because everyone has been on leave — the industry is not really back until probably next week — we're going to pick it up then and make the announcement at the appropriate time," Coroneos said.

Actual implementation of the code by service providers would commence shortly. "We're talking about implementation this year some time," Coroneos said. The ISPs will follow the instructions of the code voluntarily.

The new code would not "raise the bar" on the old scheme administered by the ACMA, according to Coroneos, reiterating that its formation was only to ensure that what was already in place was "codified". It would be "entirely up to the ISP" in how they implemented the code, if they decided to do so.