Feeds

Interview: Unisys on the cybercrime treaty

Why Australia should sign up

Choosing a cloud hosting partner with confidence

Australia is working through the long process of acceding to the European Convention on Cybercrime. It’s a process that causes significant angst. Privacy advocates are concerned at the convention’s intrusive nature; ISPs worry about how much data they’d have to carry.

Unisys is an advocate of the convention, both in Australia and overseas. In this interview, The Register tackles the company’s VP of global security solutions Neil Fisher, and Asia-Pacific security spokesperson Jane Evans, about the company’s support for the convention.

Evans: Unisys supports Australia acceding to the convention. We believe it is enabling a response to the problem of cybercrime, and it helps address the public’s confidence and trust issues.

Cybercrime is a growing global problem, and we think it needs a global response. This convention offers one of the first significant and binding ways to do that. But there are no silver bullets here.

El Reg: The convention is intrusive on individuals, and it’s onerous on ISPs. If we’re to accept those characteristics, it needs public debate. But there’s a lack of information to support that debate.

Fisher: I would say that what I’ve read and seen for Australia no different from other countries. It is hard, in this debate, as we try and get our heads around what rights we have on the internet – rights of access to information, not just for law enforcement but also ourselves.

The UK has been slow to sign up to the convention.

From a positive point of view, the convention is trying to harmonize law and legislation in a difficult area. It tries to articulate the recognition that cyber-crime is… borderless. So how do you try to control it?

[The convention] comes from a fairly noble background – but implementation is a domestic matter. Things that you and I might see as sensible, other countries see as an intrusion.

So there are some peculiarities about all this. We need to strike a balance between good law enforcement, harmonized across geographical boundaries, to stop the epidemic of cyber crime, while protecting the rights of individuals.

And we need to make sure that what’s a good idea today doesn’t become a bad idea tomorrow.

Evans: What we’ve seen in our public opinion polling – identity theft, financial fraud, these concern people more than any other [security] issue. And this makes people more willing to accept a degree of intrusion, if they’re going to get greater security.

El Reg: If I look at the Australian Bureau of Statistics data on personal fraud, I can see that the total fraud when the report was published [in 2008] topped a billion dollars, but Internet-based fraud was under $100 million. Aren’t people worrying about the wrong thing – giving all their attention to Internet fraud when other kinds of fraud are bigger?

Fisher: I understand those figures, but they’re dwarfed by the total figure of cyber-crime. In the UK four weeks ago, they published the cost of cybercrime in the UK for 2010, and it came to £27 billion pounds.

There’s a raft of criminal activity – not just ID fraud – about which the public says “I’m paying for that as a taxpayer and elsewhere as a victim”.

The privacy community seems to feel like these are victimless crimes. They’re not. The perpetrators of these crimes need to be brought to justice. And up until this last decade, there hasn’t been a harmonized legal framework to do that.

I think individuals will tolerate intrusions into their private lives – they’re more on side with this than they have been in the past.

There are privacy issues: they have to be addressed. But are these privacy issues as paramount, or onerous, as the privacy community would have us believe?

Evans: It is also an under-reported issue, by the nature of what it involves. It’s difficult to get statistics to reflect an accurate picture – people are embarrassed to admit that they’ve been caught out by the latest email scam.

Regardless of whether the fears are rational or irrational, they cause real problems of confidence and trust. If a fear exists in the community, and it’s sufficient to motivate behaviours, then that fear is significant.

And as we move to service delivery online, you want people to feel confident that they’re interacting with you in a secure way.

Fisher: And there are issues that we don’t even know about yet – as we bounce towards the cloud, there are going to be new crimes there that we’ve never even thought of. Having a harmonious framework of law … puts us in a better position to deal with those new crimes.

I think, also – getting back to checks and balances – in the UK, this issue put far more power into the information commissioner, which became the neutral policeman of the police, to make sure that peoples’ information wasn’t intruded unnecessarily, and wields very large fines if they were.

El Reg: Let’s look at the question of rational fears again. It’s far easier for journalists to find warnings from the security industry against a threat than it is for us to find truly independent assessments of the severity of the threat. If someone says “there are a million PCs on botnets in Australia”, whether it’s true or not, it’s almost impossible to refute. So there’s a feedback loop here: we’re responding to fears that we’re helping to create.

Fisher: That works both ways. The privacy people shout from the rooftops saying “your privacy is being eroded” by what are often reasonable or rational laws.

Look at EPIC [the Electronic Privacy Information Center] in the US – they oppose the convention in principle, but found a loophole for online porn under the First Amendment.

Our security index shows that the majority of people are reasonable, that they do expect checks and balances, but also expect law enforcement to act against fraud wherever it is.

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.