International laws for international crimes
One ring to bind them all
RSA Europe, 2005 Global cooperation on information security is still at the pipe-dream stage if a panel at the RSA Security conference this week is anything to go by.
The panel, chaired by Dame Pauline Neville-Jones, debated how the world can counter the international challenge of information security, but the panellists displayed little consensus on the issue.
Geoff Smith, a policy maker at the DTI, began by explaining the international action already under way. The UN World Summit on the Information Society met in Geneva two years ago and will meet again in December in Tunis. It is looking at funding and internet governance. Smith said the outcome was still uncertain.
The European Commission is also working towards common European policy or legislation. Smith also outlined recent OECD work focussed on: identity, critical infrastructure protection, malware and the regulation of internet content. He believes content regulation is inevitable even if it varies a lot from country to country.
Michael Colao, director of information management at Dresdner Kleinwort Wasserstein, was less convinced that regulators were on the right track.
Colao said: ”We’ve been hearing for a long time about convergence and unified laws – I just don’t see it. It is not being addressed at a pace which we can see.” He pointed to recent action taken by the French IT regulator against several US firms because their obedience to US laws, Sarbanes-Oxley, put them in conflict with French data laws. He said local laws effectively become international laws for multi-national companies. He said some legislation is so vague as to be useless and some, such as Italy’s insistence on eight letter rather than seven letter passwords, so specific as to quickly become redundant.
He said the real problem was a decline in personal responsibilty and that users had to take responsibility for their own machines.®