Saturday, April 5, 2008
Internet security :Debugging the Efforts To Tackle Cybercrime
Its time to depand on web so it the most necessary job to mantain the high level security of data and other related.
Officials weakened another provision that had rattled ISPs, which were concerned that companies could be asked to create an exhaustive list of data types that law enforcement authorities could seek. Instead, service providers are encouraged to spell out the data available but with the recognition that not all data is available for every investigation."
The Council of Europe settled on voluntary guidelines Wednesday to strengthen cooperation between the police and Internet service companies, starting a long process to build support for a common global system to combat cybercrime.
The ambition of the group is to build on its binding international treaty on cybercrime that has already been signed by 43 nations, including the United States, Japan and most Western European countries. Their aim is to help investigators obtain data quickly when tracking cybercrime that spreads across many national borders.
The guidelines -- adopted at a special conference in Strasbourg of more than 200 people representing law enforcement agencies, trade groups for Internet service providers and companies ranging from Microsoft to eBay -- are also a practical attempt to smooth uneasy confrontations that service providers complain are common when investigators seek information.
"Anybody can take them, use them if they like," said Alexander Seger, who heads the council's technical cooperation unit, which developed the guidelines over the past six months. "If service providers and law enforcement believe their cooperation is perfect, they may not need them," Seger said. "But if they want to improve their cooperation, this may be useful for them."
Seger noted that countries that signed the international treaty -- which dates back to 2001 and defines forms of cybercrime like child pornography and fraud -- wanted guidance for practical issues.
But trade industry groups sought to limit the pool of information that investigators could fish from, and expressed concern about the cost and liability of providing information to investigations that fail or go awry. Pavan Duggal, a lawyer and consultant on cybercrime legislation in India, recalled an incident where a service provider in India gave information in error to investigators, which resulted in the jailing of the wrong man.
The Council of Europe, based in Strasbourg, represents 50 states, including all the members of the European Union, and five nonvoting members, including the United States, Canada, Japan and Mexico. It seeks to promote global cooperation through binding treaties that harmonize international standards.
Seger, who presided over the evolution of the guidelines for law enforcement and private companies, said the suggestions would be presented to the council's cybercrime convention committee this week, with the goal of making them more formal recommendations.
The guidelines provide a standard format for the exchange of information between investigators and service providers, setting out a system for the police to approach a special 24-hour network with specific data requests that can link them to service providers in other countries
But the guidelines also take note of privacy considerations and existing human rights conventions, spelling out that legal authorities must proceed with "due diligence" to verify information given by service providers.
Michael Rotert, who is chairman of ECO, an association representing the German Internet industry, and vice president of the European trade industry for Internet service providers, had pushed hard for reimbursement for private companies that aid investigators, warning that small service providers could be bankrupted by sweeping, labor-intensive requests.
By the time the guidelines were completed, the Council of Europe added that the "issue of cost reimbursement should be considered by relevant parties."
Council officials weakened another provision that had rattled the ISP trade group, which was concerned that companies could be asked to create an exhaustive list of data types that law enforcement authorities could seek.
Instead, service providers are encouraged to spell out the data available but with the recognition, according to the guidelines, "that not all this data will be available for every criminal investigation."
"Now we have a very easy description of things that should be done," said Jean-Christophe Le Toquin, Internet safety director for Microsoft, which had supported the council's efforts to develop guidelines with a contribution of more than $500,000.
He said that bringing together officials from law enforcement and the Internet industry was "a topic very few people wanted to touch."
But Microsoft officials at the conference said that Internet service providers would benefit from improved cooperation with law enforcement authorities, which would aid them in their own efforts to track down people who were misusing the system through fraud, phishing schemes or their latest bane -- typosquatting.
Typosquatting is a form of cybersquatting that occurs when a Web site is created with the misspelled name of a common brand like Microsoft.
"It's going to be very useful document," Le Toquin said, "and we are definitely going to use it."