, SecurityFocus 2000-05-17
Government and industry delegates from around the world agree that cybercrime must be fought, disagree on how.
I'm not against protecting privacy, but we should be aware it won't protect criminals.
The G8 countries -- Britain, Canada, France, Germany, Italy, Japan, Russia and the United States -- emphasized the importance of creating "an environment that fosters the growth of electronic commerce by balancing economic, privacy, human rights, social and other concerns with the need to maintain public safety and confidence in cyberspace," reads a slim two-page public statement issued at 1:00 p.m. on Wednesday. "The ability to locate and identify Internet criminals... is critical to deterring, investigating and prosecuting crime that has an electronic component."
But this supposed consensus was not reflected in interviews with the industry and government delegates who occasionally broke with the closed- door arrangement of the conference.
One particularly controversial idea discussed at the conference would be to oblige ISPs to store day-to-day IP log data for a still undefined period (from 15 to 90 days). The 41-nation Council of Europe's draft treaty on cybercrime proposes the figure of 40 days. John Finnell, the British government's delegate in the G8 high-tech subgroup on criminal activities expressed support for such an action, saying "forty days would be a sufficient period of time," and the European association of ISPs
But other delegates disagreed. "A totally ridiculous idea," said Austin Hill, president of Canadian cryptography firm Zero Knowledge, and an industry delegate to the conference. "This goes against one of the principles of democratic state, the presumption of innocence," he added.
According to Intel Corp representative David Aucsmith, who spoke at the conference on behalf of U.S. industry, the proposed mandatory scheme "is a dangerous thing at this time," he told SecurityFocus.com in an interview Tuesday. Aucsmith added that this represents "terabits of data" and the unresolved question asked in closed-door meetings is, "who will pay?"
The Council of Europe
This slowness of the international process should be a great concern in the future, Robinson said during an informal interview with international reporters on Tuesday. "Speed is the rule of the game in high-tech crime."
Controversy also remains over exactly how the public and private sector should work together. Europe's "co-regulation" approach collides with the "self-regulation" idea supported by major firms. The G8 statement issued on Wednesday does nothing to resolve that tension.
A conclusion paper will be released in Japan next July for the G8 summit in Okinawa.
The only measure currently under way is a network of "contact points " already in place among G8 high-tech crime police officers and seven other nations, including Scandinavia and Brazil. The Interpol organization should also play a role, said Toshinori Kanemoto, president of the 178-nation law enforcement organization. But the ability of old-style Interpol to fight new high-tech menace was questioned by some security experts.
Privacy issues were not on the agenda, but many public and private officials expressed their will to respect user's integrity and liberties. Vladislav Selivanov, from Russia's Interior Ministry, stated publicly during Wednesday's press briefing that the threat of organized crime on the Internet is a reality, without giving any details. "I'm not against protecting privacy, but we should be aware it won't protect criminals."