http://www.washingtonpost.com/wp-dyn/articles/A17801-2002Aug14.html By Brian Krebs washingtonpost.com Staff Writer Wednesday, August 14, 2002; 3:12 PM U.S. law enforcement officials will meet with representatives from a host of Asia-Pacific countries this weekend as part of an international training program to help developing nations combat computer crime and cyberterrorism. The two-day event, to take place in Moscow in conjunction with the Asia Pacific Economic Cooperation (APEC) ministerial forum, is intended to provide expert advice and other assistance on how national laws and investigative techniques can be updated to address a range of traditional crimes that have migrated to the Internet. Topics on the agenda include overviews of the myriad technologies employed by cybercriminals and models for international cooperation in cybercrime investigations. "Our experience has been that these countries are always looking to see where the weaknesses in their legal system are, and whether their laws need to be rewritten to take into account new technologies," said one Justice Department official familiar with the program. The forum also will address methods for identifying computer viruses and cyber threats to vital national infrastructures. The outreach effort, led by the Justice Department and the FBI with support from the State Department and the U.S. Agency for International Development (USAID), is aimed at decision-makers and legal experts from nearly all 26 members of the APEC forum, including Brunei, China, Malaysia, the Philippines, Singapore, South Korea, Thailand and Vietnam. The program comes as the Bush administration is seeking increased cooperation from foreign nations in prosecuting cybercrime and steeling U.S-based infrastructures against potential cyberterrorists. Southeast Asian foreign ministers last month joined U.S. Secretary of State Colin Powell in signing a counter-terrorism declaration that included a promise to strengthen and harmonize laws against cybercrime. In September, the White House is expected to release its national strategy for protecting the nation's most critical computer systems from cyberattack. Following the U.S. Lead Many APEC nations lack laws to prosecute hackers within their borders, much less assist other nations in multinational cybercrime investigations. Yet, nearly 40 percent of all cyberattacks involve computers located in Asian nations, according to the latest statistics from DShield.org, a company that monitors network intrusions. In contrast, while the U.S. is also the origin of a large number of cyberattacks, it has some of the toughest computer crime laws in the world, some of which were put in place in the wake of last September's terrorist attacks on New York and Washington. The USA Patriot Act, signed into law in November, increased the maximum sentence for unauthorized hacking from 5 years to 10 years. And a bill passed last month by the House of Representatives would send hackers to jail for life if they cause someone serious injury or death in the process, either intentionally or by accident. Justice Department officials say their outreach program is less about encouraging nations to adopt U.S.-style cybercrime laws than using them as examples of ways to proceed in drafting their own computer crime statutes and mutual assistance agreements with other nations. A few Asian nations that have recently enacted cybercrime laws now levy civil - not criminal - penalties and fines for a broad range of hacking activity. In Vietnam, for example, using someone else's password to illegally access Internet services carries a fine ranging from $13 to $67. A person convicted of sending computer viruses faces a maximum penalty of $1,333 to $3,333, according to a survey by the Work-it Group, which specializes in information and infrastructure security issues from the legal and management perspective. "My experience is that the legal frameworks in many countries are woefully deficient," said Work-it Group President Jody Westby. "Many developing countries are not now working on an international level, and they need help on how to do that. Just having a 24-7 point of contact (on cybercrime issues) is probably something that hasn't occurred to most of them." Westby is also chair of the American Bar Association's International Cybercrime Project, which circulated a draft version of its "International Guide to Combating Cybercrime," at its annual meeting in Washington, D.C. this week. The 224-page report outlines the law enforcement challenges posed by cybercriminals, and offers a blueprint for countries struggling to overhaul their laws to include a range of common computer crimes. Balancing Privacy & Security The ABA report also provides guidance on more ethical considerations, such as balancing the need for acceptable search and seizure procedures with privacy and human rights concerns. Such considerations are especially important for developing nations in which the government still maintains a controlling stake in the telecommunications infrastructure, said James X. Dempsey, deputy director of the Center for Democracy and co-chair of the report's Electronic Search & Seizure Working Group. "The tradition in most developing countries has been zero controls on government surveillance because the telephone company is frequently a branch of government," Dempsey said. "What this report says is that as countries around the world grapple with cybercrime laws and necessarily address the question of government access to communications data, they need adopt legal standards that limit government surveillance to ensure a certain level of public trust in those networks." Without that trust, Dempsey said, developing nations risk alienating investors. "If countries are looking to attract foreign investment and compete globally in the information age, economically they need to address privacy and give assurances that the host government will not arbitrarily monitor the communications networks," he said. The ABA report represents an unusual collaboration among more than 60 industry, law enforcement and privacy groups. In fact, the search and seizure portion of the study was drafted with the help of some the most vocal critics of US privacy and surveillance laws, including the Electronic Privacy Information Center and the Electronic Frontier Foundation. "The fact is that for all the concerns that and other privacy advocates and I sometimes share about the Patriot Act and other U.S. surveillance laws, U.S. law is far and away the best system in the world in terms of privacy protection," Dempsey said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 07:32:26 PDT