Look what I started!
(or, the law of unintended consequences strikes again)

Since I put this website together and last updated it (back in June 2008) two amazing things happened: 

1) Australia had a federal election and one of the topics being debated was filtering the Internet. Now given that to the best of my knowledge I've been the only one talking about that idea in the industry and political circles, I can only conclude that the current line of thinking is partly my fault.

2) The Australian telecommunication industry and the federal government started talking about something they called the NBN (for "National Broadband Network"). 

So now I'm in this weird situation where my acronym (NBN) has been swiped, and my core idea (filtering the Internet) has been completely twisted by Australia's fringe Senators. Outstanding!

Let me be clear - my idea for filtering the Internet is ONLY for filtering out malware and spam. No one has any need or interest in downloading viruses to their home computer. This is called IT security. I am completely against filtering out "inappropriate content"; because this is not security, it is censorship. I agree that there is truly offensive and illegal material online, but technology to stop us seeing this is simply poorly thought through. Most of the content we would hope to block with an Internet filter will instead be encrypted and transmitted via P2P systems (to name just one possible channel).

I think the government would be must better advised to put its money into the AFP and let them get on with what they do best. Maybe I'm old fashioned, but I think that sticking our national head in the sand and pretending that nothing bad is out there does nothing to protect the children who are already being abused! Let's not forget that there is more than one issue here. One issue is that most right-minded people don't want to see that stuff. The second issues is that we have an obligation to protect the vulnerable from exploitation. Personally, I think the second issue is much more important.

We need strong intervention, and that means international law enforcement. Detect, identify, arrest, prosecute.

History of Nothing But Net - How it started 

Nothing But Net started in April 2007. I was sitting in a seminar and the instructor was challenging us to think outside the box. We're so used to just taking care of ourselves, our family, and close friends that we can forget that we live in communities, countries, and a very connected world. 

Working as an industry analyst in IT, I live and breath technology and the Internet. It was sitting there in that room that I realised that I had been focusing solely on how my clients - companies and government organisations - should go about protecting their corporate information. 

I had forgotten about the people themselves.

Then I started to think about my family and friends. The issues they had with computers and the Internet. The phone calls I'd had, asking for advice on how to protect themselves from viruses and identity theft.

What was possible?

Corporations often have dedicated teams of IT security specialists to protect their digital assets. In fact, some pretty large companies like IBM, Cybertrust (now owned by Verizon), BT, and others, all make a fair bit of money from providing managed security services to corporate clients. 

So why couldn't home users get the same level of service?

Hey, Google bought Postini in 2007, and having used Postini at my last company I know it's great to have that anti-spam/anti-virus technology sitting out there in the Internet protecting my inbound email. (I used to only get about one spam email in my inbox every few months).

At the end of 2007, Australia was having a Federal election. For a month or so there was a flurry of conversation about a government initiative called NetAlert. I thought it was a truly foolish idea, and said so. 

Two of the main problems with NetAlert were that it was:

1) a censorship tool

2) presuming that adults were better at using a computer than their kids! 

So the government was asking home users to be security experts. Not the best idea. I'm all for parents supervising their kids while the kids are on the Internet (it's a great opportunity for the parents to learn!). 

A better idea

So the better idea is to provide managed security services for the home users, not expect them to be on the leading edge of threat mitigation!  

(As an aside, I was talking to a friend of mine last year - he's a professional white hat hacker - and he was saying that even he struggles to keep up with the developments in IT security and this guy is considered  to be in the elite of IT securit experts. So what chance to everyday home users have).

Threat mitigation tactics

In a large company, IT security teams fight malware at various points in the networ: on purpose-built network equipment, on servers, and on workstations and laptops. They put anti-virus applications on laptops because the laptops getting physically taken out of the protected network and into the wild. But the wild is where all the home users are, all the time. 

So why not create a protected network for the home users? We should all keep running security tools like anti-virus products on our home machines, but there is no good reason why the Internet Service Providers could not be scanning for malicious activity before it comes down the broadband to our homes. This is already available to large companies!

So what am I doing about this?

Well, I'm an industry analyst. I know a lot of people in the security industry here in Australia. So I've been talking to some of the vendors about this idea. I know it's possible, I want to make it happen, but I'd love a bit of support!