Part Three - How confident are New Zealanders with the Internet, and how we protect that

Measures that show what worries New Zealanders about the Internet, and the steps that are being taken to protect them

The Internet is an open network of networks. Of itself, it prioritises openness. It's up to us as the users and maintainers to confidently and securely use this new global commons, with a wide range of technological and behavioural ways to use the Internet in a secure way.

So how are we doing?

Part three: Cut to the chase

Security concerns don't appear to curtail our online activities too much. We still bank online, we use social media and government sites, but we do seem to be more worried about buying and selling online; not that that is changing our desire to do these things.

The threats are real, and we're protecting ourselves and our computers, if not necessarily putting security software on our tablets and smartphones.

We think that use of encryption will increase and, as the Internet of Things gets bigger, IPv6 uptake will increase.

Overview

Our insight

These graphs set out what Internet activities New Zealanders limit due to security concerns or fears. Unsurprising, Internet banking and using government sites are less affected by security concerns than social networking and buying or selling goods online, at least for European New Zealanders.

We do wonder the extent to which the reported limiting of social media use is a reported opinion that does not actually impact on behaviour.

For example, New Zealanders are prolific users of Facebook. In 2015 First Digital found that, on average, 2.5 million of us were using Facebook each month, with an average of 2 million New Zealanders accessing Facebook daily. Facebook is the third most popular website in New Zealand - behind only Google (.co.nz and .com).

So if almost half of the population is using Facebook every day - can we believe that New Zealanders actually limit their use of social media? Could it be that New Zealanders feel that they should say that they think social media is a security risk?

Fraud

Our insight

In 2012, four percent of home Internet users were victims of Internet fraud. That is double the 2009 rate and is something we would not want to see continuing to double every three years. We certainly hope that this isn’t the start of an exponential growth, but even if the 4% victimisation rate were to stay stable, then that would mean more than 185,000 victims (estimated) in 2016. That’s a lot of people being ripped off.

Netsafe’s Digital Challenge and New Zealanders report, released on Safer Internet Day 2016, highlights some of the Internet fraud challenges that New Zealanders and New Zealand businesses face.

Email compromise, invoice fraud and online trading fraud are common. Also ‘PC Doctor’ scams have become more and more sophisticated with scammers impersonating local organisations like Spark, Chorus, NZ Cyber Crime Centre (a real unit in NZ Police), the Department of Prime Minister and Cabinet (which runs ConnectsSmart) and the National Cyber Security Centre.

Sadly, we are confident that Internet fraud rates will have risen since 2012.

Security monitoring

Our insight

2015 was the first year that ‘other’ threats shot past botnets, phishing, trojans or pharming to be the largest threat category observed by ISPs. While it is useful to know that new threats are becoming more frequent - the lack of disaggregation makes it hard to take much from this figure.

We also see that New Zealanders are pretty good at installing and maintaining security software on their traditional devices (laptops, desktops). However, they are much less likely to have a full suite of anti-virus, firewall, anti-spyware tools and run updates on their tablets or mobile phones.

This could be due to a lack of familiarity with the systems (e.g. iOS is rather aggressive at prompting users to update), or a lack of understanding of inbuilt security systems. However, these categories have less relevance for phones or tablets. We should be cautious of any implication that the lower use of “traditional” security approaches on such devices is in of itself an indication of less security.

We may simply need more, easy to use advice and tools to help us secure our mobile, Internet-connected devices.

Our insight

This chart tracks the number of secure servers per thousand of population in New Zealand. Such data therefore corrects for population growth effects, and is intended to show the real trend in the degree to which servers are being encrypted in New Zealand.

The downturn from 2011 through to 2013 is mostly likely due to the population growing faster than the number of servers using encryption. We think that this is unlikely to have continued through 2014 and 2015. The Snowden documents, leaked in 2013, provoked a lot of Internet organisations to increase their use of encryption. It will be interesting to see what 2015 and 2016 data will show.

IPv6

The Internet Protocol, a core Internet technology, uses numbers to identify end points on a network. The number of address available in Version 4 of the Internet Protocol (IPv4) is 4,294,967,296. While that may seem a huge number, it is insufficient for the number of end points that are already on the Internet, let alone the number that that is expected to increase to. Version 6 of the Internet Protocol (IPv6) corrects this issue by increasing the number of addressable end points exponentially, and therefore providing (what is hoped to be) a virtually inexhaustible pool of addressing numbers.

IPv6 is important for the future of the Internet. But in order to look at the reasons for IPv6 it is sometimes easier to look at the alternative. What would the Internet be like if we fail to adopt IPv6?

Many network operators have focussed on the IPv4 runout aspect of a potential adoption of IPv6. While running out of IPv4 addresses is one reason to consider rolling out IPv6, many operators fall into the logical fallacy that if they have IPv4 reserves there is no reason for IPv6 at all.

There are a number of reasons that it is important for network operators to deploy IPv6.

  • End to End Connectivity allows for innovation. Forcing customer connections through an IP address sharing mechanism like Network Address Translation (NAT) decreases the flexibility and available features of the connection. Carrier Grade NAT creates further problems, it breaks end-to-end application visibility, transparency and introduces latency. It's like being on an old fashion party line instead of having your own phone number. This reduction in flexibility and features slows innovation of new services. IPv6 allows for every device to have their own IP address, no sharing is required. This allows for people to innovate new features and services in a much more open way than having to rely on NAT.
  • Internet of Things. As more and more embedded devices are deployed in homes and workplaces, we need not only a way to give these machines IP addresses, but also to allow them to be secured. IPv6 allows for many more options with regard to separating the network with your lightbulbs, from the network with your family photos and bank records. With the large amount of address space available to IPv6, it is possible to dedicate entire networks to different classes of Internet of Things devices, and all this could happen without the user being aware. It would be possible to have vendors agree on which IPv6 network range they would use for heating/ventilation, and keep this separate from the range used for security alarm sensors.
  • NAT isn't that different to a walled garden. When all of your traffic is brokered by a central NAT service, it is that service which decides what you can do. If this were to become the norm for ISPs, it would erode the open nature of the Internet as well as putting barriers in the way of the permissionless innovation culture which it allows.

So, if IPv6 is important for the future of New Zealand, how are we doing on IPv6 implementation?

Our insight

Of note is that 2014 was the first year that the majority of New Zealand ISPs offered IPv6 to their customers. While the lack of customer demand remains high, other barriers to IPv6 update such as cost, competing projects and business priorities, and concerns about interoperability and vendor support have slowed down further uptake.

These uptake rates, collected by Statistics NZ, are good. But they don't seem to match up with the technical uptake data from APNIC.

The APNIC data tells a very different story from the Statistics NZ survey, with a very low rate of IPv6 uptake across most ISPs. In fact, there are only two ISPs (2Degrees and Orcon) that have networks that are IPv6 capable, and also have considerable usage rates and numbers. We aren't sure as to why the Statistics NZ and APNIC data show such different results about New Zealand ISPs and IPv6. We are keen to explore this issue further and will share the insights we gain from this in future editions of this report.

We will also continue to work with ISPs and the Internet community to grow IPv6 adoption in NZ.