In a world without borders, who’s responsible for prosecuting cyber-criminals?
The global nature of the Internet poses a challenge to governments and businesses alike – one that won’t be solved any time soon.
Security is no longer a function of IT departments alone. Governments, lobby groups and industry associations are working together to come up with a line of defence against cybercrime.
Internet crime runs the gamut from denial-of-service attacks, viruses, e-mail worms, hacking, theft of information, banking fraud, international and industrial sabotage, as well as racism and child pornography. Credit card fraud is thought to cost US$400 million every year, and virus attacks US$12 billion.
But in an unregulated environment, who comes up with the rules and who enforces them?
There are a number of international organizations trying to find an answer to this. The Council of Europe has been working on a recommendation for an international treaty on cybercrime since 1995. The G8 nations are trying to put the appropriate technology in place and develop mechanisms for the global tracing of communications.
Canada has an agreement in place with the U.K. to promote secure cross-border electronic commerce, and participates in a number of international organizations. And Canada’s Office of the Critical Infrastructure Protection and Emergency Preparedness with the Department of National Defence is designed to protect the country’s critical infrastructure.
These are all important efforts. But in a cyber-world that moves at warp speed, where an Internet crime can take place in a matter of minutes, we need to move faster. That means developing rules and regulations, but not becoming bogged down in them.
At the G8 conference on cybercrime, various industry lobbies such as the Internet Alliance and Business Software Alliance warned governments not to tie the Internet down with regulations. Some felt the public sector didn’t have enough expertise in this area to come up with an appropriate code of conduct.
Others continue to argue that by regulating the Web, it will destroy the very essence of what makes it so unique – an international exchange of knowledge in an unregulated environment.
I have my doubts as to whether it’s even possible to regulate the Web. Besides the obvious technological and legal challenges, there’s the issue of ethics. It’s virtually impossible to get everyone to agree on subjective matters – consider the current debate on copyright protection.
I’m not saying we shouldn’t do anything. But let’s keep it simple. There’s a limit to how much any international organization can regulate the Web. What we need to do is figure out how to investigate cybercrimes and how to prosecute criminals – and governments need to work together in order for this to be effective.
Consider that the time it’s taken you to read this editorial is as much time as a hacker needs to commit bank fraud. We can’t afford to waste the next five years drafting recommendations and developing codes of conduct – we have to adjust our watches to Internet firstname.lastname@example.org
Shane Schick is on holiday and will return next week.