Singapore's telecommunications regulator Infocomm Development Authority (IDA) has told local ISPs (Internet service providers) not to scan their subscribers' computers without their knowledge, even if they are only trying to pinpoint network security weaknesses.
IDA has clarified its guidelines in the wake of an incident in May last year when ISP SingNet Pte. scanned 200,000 subscribers' computers without informing them, but was caught out by an alert subscriber who had fitted intrusion detection software to her system.
ISPs may scan their subscribers' systems for viruses and trojan horses, but must obtain explicit customer consent beforehand, carry out the scanning in a non-intrusive manner, and at at no time capture, store or record information pertaining to the sites or data that the user is currently accessing or has accessed in the past, according to the IDA guidelines released Friday.
Computer scanning, together with effective end-user education, can help to reduce the incidence of viruses travelling over the Internet, according to IDA.
In the guidelines, IDA stated: "Being connected to the Internet also exposes one's computer to the risk of malicious attacks and viruses. Computer scanning, while unpopular with Internet subscribers, is effective in exposing potential vulnerabilities to malicious attacks. In this regard, the guidelines encourage ISPs to raise their subscribers' awareness of IT security issues."
At the time of the SingNet snooping episode, rival ISPs tried to make capital out of SingNet's embarrassment -- to little effect, as SingNet continues to have the largest subscriber base in the country.