Known as the icode, and developed in conjunction with Australia’s Internet Industry Association, which pioneered the approach in 2010, the code will provide a consistent approach for South African ISPs to help inform, educate and protect their customers in relation to cyber security. South Africa would become the second country in the world to implement network level protection of vulnerable end users under the icode banner.

By following the code, ISPs will contribute to reducing the number of compromised computers in South Africa and enhance the overall security of the South African and international Internet.

“The increasing threat of zombied computers – computers which have been essentially hijacked and are under the control of criminals or other third parties – presents a real risk to users. Identity theft, fraud, and increases in spam are all possible consequences of compromised computers.”

“The problem we now face as an industry,” said ISPA spokesperson Ant Brooks, “is the sophistication of attacks on end-user computers. Scanning at the network level by ISPs can provide an early warning to users when the user may be completely unaware there’s a problem with their computer.”

“An infected computer is not only bad for the end-user, it’s also a problem for the integrity of networks themselves because it increases the amount of spam and other “bad traffic”. This is why ISPs are telling us they will support the scheme.”

Australia’s Internet Industry Association chairman Bruce Linn welcomed the announcement. “The Australian experience has shown that end-users appreciate knowing that their ISP is watching for signs of infection on the network.

Most users are initially very surprised to find out that their machine may be infected by ‘malware’ such as viruses. But they are relieved when they are given the information and tools to restore their computer’s security.”

The initiative was also welcomed by the banking sector. “South Africa’s banks are committed to educating consumers about online security, and constantly review security measures to offer South African Internet users as safe an online banking experience as possible,” says Mrs Kalyani Pillay, CEO of the South African Banking Risk Information Centre (SABRIC).

“SABRIC welcomes the launch of the icode project, and is encouraged by the commitment of ISPs towards assisting their customers with the security of their computers and their personal information.”

Privacy a paramount concern

ISPA spokesperson Ant Brooks emphasised that the new code was designed to protect the privacy of end-users. “The network level scanning that allows ISPs to detect signs of infected machines does not in any way involve looking at what users are themselves doing online. On the contrary, the scheme is designed to reduce the incidence of the single biggest threat to end-user privacy — the presence of malware which can steal personal information and relay it to criminals overseas.”

The code is designed to respond to this challenge by providing a consistent approach for South African ISPs to help inform, educate and protect their customers in relation to cyber security. ISPA believes a uniform national (and international) approach is warranted. The code will deliver a standard set of best practices for ISPs to follow to preserve the integrity of their networks.

The icode is expected to contain four main elements:

• A notification/management system for compromised computers
• A standardised information resource for end users
• A comprehensive resource for ISPs to access the latest threat information
• A reporting mechanism in cases of extreme threat back to national security agencies to facilitate a national high level view of attack status.

Please contact ISPA at queries at ispa dot org dot za if you require any further information about icode.

Taking place in September 2012, the industry’s annual get together that attracts speakers and delegates from several countries worldwide, will this year be hosted in Century City, Cape Town.

The Call for Papers specifies that the initial proposal to be considered as a speaker for iWeek should be submitted to ISPA by the end of May, with the final deadline for submission of the speaker’s profile and presentation content being 30 June 2012.

Presentations should be no longer than 30 minutes and should cater for a few questions afterwards. Most talks will be streamed live via the web and all presentations will be posted on the iWeek website subsequent to the event.

“Potential speakers should note they will be speaking to an interesting mix of the most competent individuals from the greater Internet industry. Furthermore, iWeek is in its 11th incarnation which by itself implies high standards,” said Jaap Scholten, co-Chair of ISPA.

There is always tremendous competition for speaking slots at iWeek and several proposals have already been received.

ISPA plans to offer three content streams at iWeek 2012. Potential speakers should be cognisant of the fact that their presentations should address: business trends, legislation & governance or technical advances in the Internet industry. Examples of topics up that would be considered for discussion include the pointers below.

The business trends track is focused on what lies ahead for ISPs: Where is the business case for an ISP these days and where will it be in the near future? Who are the up-and-coming examples of planning for the future? Build or sell? Financing equipment through investment or leasing? Diversify or focus? Where will the “un-capped” frenzy end? Is there space for multiple VoIP providers, or will we consolidate into three or four major players? How to provide a CDN at globally competitive rates? How do you market SaaS to SMBs?

The legislation & governance track is there to help ISPs figure out how to capitalise on markets that are opening up from a governance point of view such as Whitespace and Local Spectrum. Where are we going with Privacy, Copyright and Spam? How do ISPs remain compliant on a budget? 10 Regulatory issues you can’t ignore.

The technical advances track will be delving into the new technologies that are busy defining the tasks and efficiencies of today’s ISPs. Ranging from the much-hyped Cloud to Billing Systems, IPv6 to High-speed Fibre, these talks have to provide ISPs’ technical staff with information on subjects that will make their customers happier and their engineering lives easier. Topics such as Building the Cloud, turning it into Off-site Storage, or even a Content Delivery Network. What to do with the insatiable P2P network demands. How can we provision more cost-effective National Bandwidth?

Please visit http://www.iweek.org.za/iweek-2012-speakers/ for further information.

“ISPA notes that ICASA has worked incredibly hard to realise this reduction which is a good first step towards more affordable broadband in South Africa. As with all things worthwhile the first step is the hardest. However, the difficulty in getting this far should not detract from the necessity of going even further, even faster,” said Marc Furman, co-Chair of ISPA.

Effective from 1 April 2012, the development is a positive outcome for ISPA’s members. “The costs associated with providing broadband services have remained stubbornly high for several years. The 30% IPC reduction by ICASA means that ISPs now have greater flexibility in setting prices for broadband services. This is good for the industry and for consumers. ISPA is very happy with ICASA’s good work on the IPC pricing regime,” concluded Mr Furman.

“ISPA wishes to congratulate ICASA on the implementation of the new framework for spectrum licence fees,” says Dominic Cull, ISPA’s regulatory advisor. “The new regulations are designed to provide an economic incentive to encourage licence-holders to use spectrum efficiently and will dramatically lower the costs of frequency for point-to-point links, particularly in rural areas.”

The new pricing model moves away from a fixed price of R770 per MHz per link per annum to one that takes into account different uses of spectrum and the need to ensure that licensees occupy appropriate spectrum for these uses.

For example: spectrum below 3GHz is regarded as being the most suitable for the provision of wireless access services – using this spectrum for backhaul links prevents it from being used for access services at a cost to the South African economy. The licence fees for a point-to-point (PtP) link in bands below 3GHz are therefore higher than for those in ranges such as 8 and 23GHz.

Similarly, licence fees payable for spectrum usage outside of Gauteng, Cape Town and EThekwini Metro will cost one-tenth of spectrum usage within those areas, incentivising rural network roll-out.

“The annual licence fees payable for a PtP link will fall from tens of thousands of Rands to, in some cases, hundreds of Rands per annum. An example is an existing link in the 23GHz band between two rural educational facilities which cost R43 000 in licence fees in 2011/2012 – the licence fee for 2012/2013 will be R560.”

Access to communications is one component in bridging the digital divide while the other is making that access affordable. These regulations will play a role in both respects.

“By rewarding those licence holders who use spectrum efficiently, the new regulations will help to ensure better service for consumers. And by lowering the price of connectivity, they are helping to increase competition and introduce more and more South Africans to affordable broadband services,” Cull notes.

Connectivity, particularly broadband connectivity, forms a keystone of the government’s drive to create more jobs and stimulate the economy, particularly in the small to medium-sized enterprise sector.

The Department of Communications and the ICT industry signed a contract to ensure 100% broadband penetration by 2020.

“While some implementation issues remain, ISPA believes that these regulations are one of the most constructive regulatory interventions that ICASA has made to date,” Cull concludes.

Marc Furman, co-chair of ISPA, comments: “As an industry representative body recognised by the Minister, ISPA must monitor and enforce compliance, and I’m pleased to say that we made great progress during 2011. One of the key success factors was ISPA’s code of conduct wizard, which we launched late in 2008.”

The wizard provides a Web-based interface that ISPA members can use to verify their compliance with the code. ISPA offers training and other assistance to help non-compliant members become compliant.

As part of its drive to keep compliance levels high, ISPA introduced a new category of provisional membership during 2011. New members are placed in this category until they achieve full compliance. During this period, they are not eligible to receive any of the benefits ISPA provides to its members, other than the support needed to become compliant.

“This strategy has reduced the number of applicants who apply for ISPA membership, but who are unwilling to invest the time necessary to comply with ISPA’s Code of Conduct,” says Furman.

ISPA dealt with 103 complaints related to its members during 2011, of which 85 were accepted. Of these, 39 related to member compliance with the code of conduct, while the rest related to service levels and customer support (14), billing disputes (14), spam (8), domain names (8), copyright (1) and security (1).

Fifty-one complaints were resolved amicably, while a further 12 appear to have been informally resolved. Ten complaints went to independent adjudication, and 11 were withdrawn (nine of them because the ISP’s membership of ISPA was cancelled). One complaint is still in process.

“Consumers should ensure that they use Internet service providers that are members of ISPA—this way they will deal with companies that are bound by a code of conduct and that subscribe to a clear dispute-resolution process,” Furman adds.

In its report to the Minister, ISPA also noted that it dealt with 98 take-down notifications with respect to content on sites hosted by ISPA members. Of these, 29 were disallowed while the remaining 69 were passed on to the relevant members. In respect of 54 notices, the content was removed while the ISP in question rejected seven. Four notices were withdrawn by the complainant. The ISP was unable to comply with the take-down request in only four instances owing to the content provider changing to a hosting provider that was not a member of ISPA.

“We believe the record shows that ISPA provides an effective way for consumers to escalate disputes with ISPA members, and that the take-down notice process can resolve the problem of unlawful content. We are also engaging with the Independent Communications Authority of South Africa (ICASA) to create a coordinated approach to dealing with consumer complaints,” concluded Furman.