Feeds

Interview: Unisys on the cybercrime treaty

Why Australia should sign up

Boost IT visibility and business value

El Reg: The other side of this, that I mentioned at the beginning, is the impact on industry. How do we manage the load of data that ISPs will be required to retain?

Fisher: The time stated for data retention is arbitrary – it’s not based on any legal case study. Whether it’s 30 days, or 90 days, or two years is a function of how long it takes to bring criminals to justice.

A parallel is the UK laws on terrorism and holding suspects without charge – they [the government] wanted up to 90 days incarceration without charge. That was reduced down to 48, and recently, because it’s never ever been invoked, it has dropped back down to 28 days. So it’s about trial-and-error.

In the UK there’s a new bill going through called the Interception Modernisation Programme. The press and the privacy people went overboard. The imagined huge warehouses of data from the Internet – which did a great disservice, because the IMP an merely extension of the existing law.

What I would say is that you have to hold the data for a period of time, to have as evidence – you don’t want ISPs to destroy the evidence before you bring a criminal to justice.

Evans: In the Australian context, we have privacy laws evolving here. And in parallel with this, a lot of these issues will be examined as the Senate Committee reviews the proposal [to join the convention – El Reg].

We absolutely need frameworks for the perpetrators to be brought to justice – but it is also critical that there are these sorts of safeguards around this data.

A good example is the pedophile ring that’s recently been broken up around the world – that’s why we need international frameworks.

El Reg: But that also offers a counter-argument, doesn’t it? These pedophiles were arrested and the ring broken up without the help of the convention?

Fisher: They’ve only been arrested so far, and charged … 63 in the UK, and they’re trying to get the rest of the ring.

Child pornography is a pandemic – it’s worldwide. In this prosecution, you’re only touching the tip of the iceberg. It’s a good example of crime without borders that’s very difficult to police.

SOCA [the Serious Organised Crime Agency in the UK] and the Australian Federal Police worked together, and those agencies worked with agencies in other countries… it’s all bilateral – it’s extremely expensive, and very time consuming, and there’s no guarantee that these people would be brought to justice at the end of the day.

El Reg: What improvements or refinements do you think the convention needs?

Evans: We don’t think these things are a silver bullet. One of the things we would argue is continued educational awareness around these issues.

These things largely involve individual responses – how people choose to respond to these issues. And we also want to ensure that we don’t build technology obsolescence into the convention, because we’re in a fast-moving domain.

Fisher: One of the counters to the convention back in 2002-2004 was “just get Microsoft to make more secure software”. But technology continues to change.

We’re getting functionality online that is very easy to use, without the user having any real understanding of what happens to that data online. That also makes crime easier, because it’s more anonymous.

The public needs to be more aware about what is happening online – how they’re using the devices – what’s good behaviour and what is stupidity, which is not always obvious.

El Reg: People are more interested in getting their hands on the device than in reading the terms and conditions. It’s not easy to teach them what acts might be stupid!

Fisher: I agree. In the UK at Christmas we asked people, “if you had a must-buy item, would you think twice about the credit card without the security padlock?” – a surprising number of people said they would buy first, think later.

But that’s just human nature – it is part of this as well. How we behave outside the workplace in things like social networking, we unconsciously bring into the workplace. Employers have to address that – they have to foster better practice.

What the convention is trying to do internationally is to foster better legal practice in terms of cyber-crime.

Evans: People are starkly complex beings. They have concerns about ID theft and so on; but they’re not doing basic things like putting a password on an iPhone or an iPad. Human behaviour is really complex – a consistent result since we launched the index is that behaviour doesn’t correspond to the threat.

El Reg: Thank you. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?