Digg this story   Add to del.icio.us  
Thin Consensus veils Conflict at G8
Philippe Astor, SecurityFocus 2000-05-17

Government and industry delegates from around the world agree that cybercrime must be fought, disagree on how.

PARIS (SecurityFocus.com News) -- The dialogue may be under way between industry and government to combat cybercrime, but some technical and political drawbacks emerged openly during the last two days of the G8 conference here.

The G8 countries -- Britain, Canada, France, Germany, Italy, Japan, Russia and the United States -- emphasized the importance of creating "an environment that fosters the growth of electronic commerce by balancing economic, privacy, human rights, social and other concerns with the need to maintain public safety and confidence in cyberspace," reads a slim two-page public statement issued at 1:00 p.m. on Wednesday. "The ability to locate and identify Internet criminals... is critical to deterring, investigating and prosecuting crime that has an electronic component."

But this supposed consensus was not reflected in interviews with the industry and government delegates who occasionally broke with the closed- door arrangement of the conference.
One particularly controversial idea discussed at the conference would be to oblige ISPs to store day-to-day IP log data for a still undefined period (from 15 to 90 days). The 41-nation Council of Europe's draft treaty on cybercrime proposes the figure of 40 days. John Finnell, the British government's delegate in the G8 high-tech subgroup on criminal activities expressed support for such an action, saying "forty days would be a sufficient period of time," and the European association of ISPs EuroISPA supports a 3 month period.

But other delegates disagreed. "A totally ridiculous idea," said Austin Hill, president of Canadian cryptography firm Zero Knowledge, and an industry delegate to the conference. "This goes against one of the principles of democratic state, the presumption of innocence," he added.

According to Intel Corp representative David Aucsmith, who spoke at the conference on behalf of U.S. industry, the proposed mandatory scheme "is a dangerous thing at this time," he told SecurityFocus.com in an interview Tuesday. Aucsmith added that this represents "terabits of data" and the unresolved question asked in closed-door meetings is, "who will pay?"

U.S. guided Europe treaty
The Council of Europe treaty will not be finalized until the end of this year, and it may take several more years for various countries to adopt it in their national laws. The US was "very active in drafting this text," said Peter Csonka, head of the Council of Europe's criminal division. Department of Justice representative James K. Robinson confirmed the U.S. collaboration, but added that the draft treaty "was not the aim of this conference," and declined to elaborate on the U.S. role.

This slowness of the international process should be a great concern in the future, Robinson said during an informal interview with international reporters on Tuesday. "Speed is the rule of the game in high-tech crime."

Controversy also remains over exactly how the public and private sector should work together. Europe's "co-regulation" approach collides with the "self-regulation" idea supported by major firms. The G8 statement issued on Wednesday does nothing to resolve that tension.

A conclusion paper will be released in Japan next July for the G8 summit in Okinawa.

The only measure currently under way is a network of "contact points " already in place among G8 high-tech crime police officers and seven other nations, including Scandinavia and Brazil. The Interpol organization should also play a role, said Toshinori Kanemoto, president of the 178-nation law enforcement organization. But the ability of old-style Interpol to fight new high-tech menace was questioned by some security experts.

Privacy issues were not on the agenda, but many public and private officials expressed their will to respect user's integrity and liberties. Vladislav Selivanov, from Russia's Interior Ministry, stated publicly during Wednesday's press briefing that the threat of organized crime on the Internet is a reality, without giving any details. "I'm not against protecting privacy, but we should be aware it won't protect criminals."

    Digg this story   Add to del.icio.us  
Comments Mode:
who are they trying to catch? 2000-05-17
Tony Alagna <Tony (at) wholesecurity (dot) com [email concealed]>


Privacy Statement
Copyright 2010, SecurityFocus