[ISN] U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts

From: InfoSec News (isnat_private)
Date: Thu Aug 15 2002 - 04:10:31 PDT

  • Next message: InfoSec News: "Re: [ISN] Slim pickings for an IT gourmet"

    http://www.washingtonpost.com/wp-dyn/articles/A17801-2002Aug14.html
    
    By Brian Krebs
    washingtonpost.com Staff Writer
    Wednesday, August 14, 2002; 3:12 PM 
    
    U.S. law enforcement officials will meet with representatives from a
    host of Asia-Pacific countries this weekend as part of an
    international training program to help developing nations combat
    computer crime and cyberterrorism.
    
    The two-day event, to take place in Moscow in conjunction with the
    Asia Pacific Economic Cooperation (APEC) ministerial forum, is
    intended to provide expert advice and other assistance on how national
    laws and investigative techniques can be updated to address a range of
    traditional crimes that have migrated to the Internet. Topics on the
    agenda include overviews of the myriad technologies employed by
    cybercriminals and models for international cooperation in cybercrime
    investigations.
    
    "Our experience has been that these countries are always looking to
    see where the weaknesses in their legal system are, and whether their
    laws need to be rewritten to take into account new technologies," said
    one Justice Department official familiar with the program.
    
    The forum also will address methods for identifying computer viruses
    and cyber threats to vital national infrastructures.
    
    The outreach effort, led by the Justice Department and the FBI with
    support from the State Department and the U.S. Agency for
    International Development (USAID), is aimed at decision-makers and
    legal experts from nearly all 26 members of the APEC forum, including
    Brunei, China, Malaysia, the Philippines, Singapore, South Korea,
    Thailand and Vietnam.
    
    The program comes as the Bush administration is seeking increased
    cooperation from foreign nations in prosecuting cybercrime and
    steeling U.S-based infrastructures against potential cyberterrorists.
    
    Southeast Asian foreign ministers last month joined U.S. Secretary of
    State Colin Powell in signing a counter-terrorism declaration that
    included a promise to strengthen and harmonize laws against
    cybercrime. In September, the White House is expected to release its
    national strategy for protecting the nation's most critical computer
    systems from cyberattack.
    
    Following the U.S. Lead
    
    Many APEC nations lack laws to prosecute hackers within their borders,
    much less assist other nations in multinational cybercrime
    investigations. Yet, nearly 40 percent of all cyberattacks involve
    computers located in Asian nations, according to the latest statistics
    from DShield.org, a company that monitors network intrusions.
    
    In contrast, while the U.S. is also the origin of a large number of
    cyberattacks, it has some of the toughest computer crime laws in the
    world, some of which were put in place in the wake of last September's
    terrorist attacks on New York and Washington.
    
    The USA Patriot Act, signed into law in November, increased the
    maximum sentence for unauthorized hacking from 5 years to 10 years.  
    And a bill passed last month by the House of Representatives would
    send hackers to jail for life if they cause someone serious injury or
    death in the process, either intentionally or by accident.
    
    Justice Department officials say their outreach program is less about
    encouraging nations to adopt U.S.-style cybercrime laws than using
    them as examples of ways to proceed in drafting their own computer
    crime statutes and mutual assistance agreements with other nations.
    
    A few Asian nations that have recently enacted cybercrime laws now
    levy civil - not criminal - penalties and fines for a broad range of
    hacking activity.
    
    In Vietnam, for example, using someone else's password to illegally
    access Internet services carries a fine ranging from $13 to $67. A
    person convicted of sending computer viruses faces a maximum penalty
    of $1,333 to $3,333, according to a survey by the Work-it Group, which
    specializes in information and infrastructure security issues from the
    legal and management perspective.
    
    "My experience is that the legal frameworks in many countries are
    woefully deficient," said Work-it Group President Jody Westby. "Many
    developing countries are not now working on an international level,
    and they need help on how to do that. Just having a 24-7 point of
    contact (on cybercrime issues) is probably something that hasn't
    occurred to most of them."
    
    Westby is also chair of the American Bar Association's International
    Cybercrime Project, which circulated a draft version of its
    "International Guide to Combating Cybercrime," at its annual meeting
    in Washington, D.C. this week.
    
    The 224-page report outlines the law enforcement challenges posed by
    cybercriminals, and offers a blueprint for countries struggling to
    overhaul their laws to include a range of common computer crimes.
    
    Balancing Privacy & Security
    
    The ABA report also provides guidance on more ethical considerations,
    such as balancing the need for acceptable search and seizure
    procedures with privacy and human rights concerns.
    
    Such considerations are especially important for developing nations in
    which the government still maintains a controlling stake in the
    telecommunications infrastructure, said James X. Dempsey, deputy
    director of the Center for Democracy and co-chair of the report's
    Electronic Search & Seizure Working Group.
    
    "The tradition in most developing countries has been zero controls on
    government surveillance because the telephone company is frequently a
    branch of government," Dempsey said. "What this report says is that as
    countries around the world grapple with cybercrime laws and
    necessarily address the question of government access to
    communications data, they need adopt legal standards that limit
    government surveillance to ensure a certain level of public trust in
    those networks."
    
    Without that trust, Dempsey said, developing nations risk alienating
    investors.
    
    "If countries are looking to attract foreign investment and compete
    globally in the information age, economically they need to address
    privacy and give assurances that the host government will not
    arbitrarily monitor the communications networks," he said.
    
    The ABA report represents an unusual collaboration among more than 60
    industry, law enforcement and privacy groups. In fact, the search and
    seizure portion of the study was drafted with the help of some the
    most vocal critics of US privacy and surveillance laws, including the
    Electronic Privacy Information Center and the Electronic Frontier
    Foundation.
    
    "The fact is that for all the concerns that and other privacy
    advocates and I sometimes share about the Patriot Act and other U.S.  
    surveillance laws, U.S. law is far and away the best system in the
    world in terms of privacy protection," Dempsey said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 07:32:26 PDT