South Africa adopts Australian iCode

South Africa will adopt its own version of Australia's iCode, which will aim to tackle problem users who are unaware that their computers have become part of a botnet system.
Written by Michael Lee, Contributor

South Africa will adopt its own version of Australia's iCode, which will aim to tackle problem users who are unaware that their computers have become part of a botnet system.


(Lego Zombie image by deven.laney, CC BY-SA 2.0)

The iCode is a set of guidelines that ISPs follow, to alert customers when their computer has been taken over by malware or is contributing to shady activities, such as spamming other users.

Internet Industry Association's (IIA) former chief executive, Peter Coroneos, has been championing the iCode, which was developed between industry and the IIA. He travelled to South Africa, earlier this week, to speak to senior government members and prominent members of the country's financial sector and discuss the voluntary code of practice.

Shortly after, South Africa's Internet Service Providers' Association (ISPA) announced that it would adopt the iCode and implement it by the year's end, as first spotted by SC Magazine.

"The problem we now face as an industry," said ISPA spokesperson Ant Brooks, "is the sophistication of attacks on end-user computers. Scanning at the network level, by ISPs, can provide an early warning to users when the user may be completely unaware there's a problem with their computer.

"An infected computer is not only bad for the end user; it's also a problem for the integrity of networks themselves, because it increases the amount of spam and other 'bad traffic'. This is why ISPs are telling us they will support the scheme."

Coroneos told ZDNet Australia that although South Africa is not as affected by the botnet issue as other countries, due to lower levels of broadband penetration, the country's government and industry bodies see the iCode as a proactive approach to a problem that will only become more prominent.

"There are cases of zombie botnet infections, and, to that extent, ISPs are already taking some remedial action. But they're doing this in anticipation of the country moving to broadband and they want to make sure they've got all the best protocols in place, before the nation is at the level of broadband penetration of some of the more developed countries."

South Africa's concerns also mirror those of Australia's, in terms of regulation.

"They're also mindful of the fact that, if they don't move forward with something, there is a potential risk of regulation [as a solution]," said Coroneos. "I think it's fair to say that both the government and the industry would both prefer to see a successful code scheme, in preference to a regulation solution. I think, for the same reasons that we found [in Australia], they understand that this is a rapidly evolving problem and it's not something that regulation can keep up with as well."

Likewise, South Africa had similar concerns as Australia did at the iCode's inception around issues of privacy, with the common misconception being that the iCode would result in spying on user habits.

"[A challenge is] to help users understand that this is not, in any way, going to impact on their privacy in any negative sense. There's always a concern that it will be perceived as something more along the lines of surveillance, but ... I explained how we managed that issue in Australia — by engaging with people like the privacy commissioner and the media, to explain that this is actually a very pro-privacy set of measures. I think we were able to overcome any initial fears."

Unfortunately, South Africa doesn't have an equivalent to the Office of the Information Commission (which houses the privacy commissioner's functions), but Coroneos has recommended that the ISPA engage with other consumer and privacy rights organisations, and is confident that combined with Australia's experience as a guiding example, these fears can be overcome.

The ISPA is already tackling the issue head on, stating up front that, "the network level scanning that allows ISPs to detect signs of infected machines, does not, in any way, involve looking at what users are, themselves, doing online".

Coroneos' next steps in promoting the iCode have taken him to India to talk to officials, where he hopes to put a proposal for the iCode to the nation in the near future. He will also be bringing the voluntary code to Berlin, next month, as he speaks to companies that have already expressed interest in using the code.

Unfortunately, not all nations have been as enthusiastic about the iCode. Coroneos has heard nothing back from China or Russia, two nations that are suspected of being, at least partly, responsible for the proliferation of large botnets.

Coroneos said that he has already made the suggestion that the issue be put before the G20, and that it would eventually have to be dealt with in one way or another.

"As we found with the nuclear experience, in the end, détente is probably a better contributor to stability than an arms race."

Editorial standards