WASHINGTON - The government is reviewing an Australian program that will allow Internet service providers to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem.
Obama administration officials have met with industry leaders and experts to find ways to increase online safety while trying to balance securing the Internet and guarding people's privacy and civil liberties.
Experts and U.S. officials are interested in portions of the plan, set to go into effect in Australia in December. But any move toward Internet regulation or monitoring by the U.S. government or industry could trigger fierce opposition from the public.
The discussions come as private, corporate and government computers across the U.S. are increasingly being taken over and exploited by hackers and other computer criminals.
White House cybercoordinator Howard Schmidt said that the U.S. is looking at a number of voluntary ways to help the public and small businesses better protect themselves online.
Possibilities include provisions in the Australia plan that enable customers to be warned by their Internet providers if their computer gets taken over by hackers via a botnet.
A botnet is a network of infected computers that can number in the thousands, and that network is usually controlled by hackers through a small number of scattered PCs. Computer owners are often unaware that their machine is linked to a botnet and is being used to shut down targeted websites, distribute malicious code or spread spam.
If a company is willing to give its customers better online security, the American public will go along with that, Schmidt said.
"Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said. Internet service providers, he added, can help "make sure our systems are cleaned up if they're infected and keep them clean."
But officials are stopping short of advocating an option in the Australian plan that allows Internet providers to wall off or limit online usage by customers who fail to clean their infected computers, saying this would be technically difficult and likely run into opposition.
"In my view, the United States is probably going to be well behind other nations in stepping into a lot of these new areas," said Prescott Winter, former chief technology officer for the National Security Agency, who is now at the California-based cybersecurity firm, ArcSight.
In the U.S., he said, the Internet is viewed as a technological wild west that should remain unfenced and unfettered. But he said this open range isn't secure, so "we need to take steps to make it safe, reliable and resilient."
"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better."
Cybersecurity expert James Lewis, a senior fellow at the Center for Strategic and International Studies, said that Internet providers are nervous about any increase in regulations, and they worry about consumer reaction to monitoring or other security controls.
Online customers, he said, may not want their service provider to cut off their Internet access if their computer is infected.
But they may be amenable to having their Internet provider warn them of cyberattacks and help them clear the malicious software off their computers by providing instructions, patches or anti-virus programs.
They may even be willing to pay a small price each month for the service - much like telephone customers used to pay a minimal monthly charge to cover repairs.
Lewis, who has been studying the issue for CSIS, said it is inevitable that one day carriers will play a role in defending online customers from computer attack.
Comcast Corp. is expanding a Denver pilot program that alerts customers whose computers are controlled through a botnet.
U.S. studying Australian anti-hacking program
