<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>RE: [governance] Re: IG questions that are not
ICANN [was:</title></head><body>
<div>Suresh,</div>
<div><br></div>
<div>Thank you very much. This is quite interesting.</div>
<div><br></div>
<div>It's worth listening to Ron Noble's interview. He is the
head of Interpol. He pleads emotionally, to the point of breaking down
and crying, for governments to understand that he has a billion dollar
program, not a million dollar program. He cites budgets of
comparable international institutions and shows what a pittance
Interpol gets compared to them.</div>
<div><br></div>
<div>If the world believes (whatever that means) that Interpol is part
of the solution against cybercrime and not part of the problem.
it is certainly not putting its money where its mouth is.</div>
<div><br></div>
<div>Is there any evidence that Interpol is not a worthwhile
investment? I haven't seen any.</div>
<div><br></div>
<div>George</div>
<div><br></div>
<div
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<span
></span>~~~~~</div>
<div><br></div>
<div>At 8:38 PM +0700 12/2/07, Suresh Ramasubramanian wrote:</div>
<blockquote type="cite" cite>Well, there is a multitude of
organizations.</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>ITU is the UN agency that handles WSIS
action line C5 - which covers cybersecurity</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>Interpol certainly does quite a lot on
coordinating between law enforcement agencies on cybercrime issues.
In fact, see this interview with their secretary general Ronald Noble
- on ABC 60 minutes.</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite><a
href=
"http://cosmos.bcst.yahoo.com/up/player/popup/?rn=3906861&cl=5007247&ch=4227541&src=news"><span
></span
>http://cosmos.bcst.yahoo.com/up/player/popup/?rn=3906861&cl=5007<span
></span>247&ch=4227541&src=news</a></blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>A lot of additional cooperation also goes
on through MLATs - bilateral "mutual legal assistance treaties"
between national police agencies (such as the US DoJ).</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>Other organizations that do work to some
extent in this area are ENISA (http://enisa.europa.eu) and the
CoE (through their convention on cybercrime, and a network of 24x7
hotline PoCs that works with / extends the G8's similar hotline).
The international organizations that deal specifically with this are
more than capable.</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>Then, there's international cooperation
on child porn - public private, this one - <a
href="http://www.virtualglobaltaskforce.com"
>http://www.virtualglobaltaskforce.com</a> </blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>As I said though, several individual
countries' law enforcement agencies may range all the way down the
spectrum from "don't know" to "don't care".
And individual countries may not have extradiation treaties as
well .. so that issues of rather more significance than cybercrime
(such as seeking the arrest of someone who put plutonium in a guy's
sushi not too long back) may run into these very same
issues.</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite"
cite
> <span
></span> srs</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite><b>From:</b> George Sadowsky
[mailto:george.sadowsky@attglobal.net]<br>
<b>Sent:</b> Sunday, December 02, 2007 8:24 PM<br>
<b>To:</b> governance@lists.cpsr.org; Alejandro Pisanty; Jacqueline A.
Morris<br>
<b>Cc:</b> 'Ian Peter'; 'Suresh Ramasubramanian'<br>
<b>Subject:</b> RE: [governance] Re: IG questions that are not ICANN
[was: Irony]</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>So where is the international
organization that claims (cyber)crime as its target? IMHO the
obvious target is Interpol. Yet I don't see strong evidence of
Interpol's involvement in cybercrime. why not? Some
possible reasons:</blockquote>
<blockquote type="cite" cite> <br>
<blockquote>(1) It's happening, but I don't see it because I'm not
looking in the right places<br>
</blockquote>
<blockquote>(2) It's happening, but purposely being kept secret for
the purposes of effective operations<br>
</blockquote>
<blockquote>(3) It's not happening because Interpol doesn't see it as
a high priority or doesn't see it as a part of its mandate<br>
</blockquote>
<blockquote>(4) It's not happening because Interpol doesn't have the
resources to address the issue effectively -- technical,
legal, or financial.<br>
</blockquote>
<blockquote>(5) None of the above.<br>
</blockquote>
<blockquote> <br>
</blockquote>
</blockquote>
<blockquote type="cite" cite>Seriously, I would like to understand if
our existing international organizations are capable or could be made
capable of really assisting in this area, or not. This would
give us some evidence regarding in which directions it would be most
effective to proceed.</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>What do we collectively know about
Interpol, and possibly other similar organizations that could provide
a basis for a concerted attack on cybercrime?</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>Regards,</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>George</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite"
cite
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<span
></span>~~~~~~~~</blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite> </blockquote>
<blockquote type="cite" cite>At 2:02 AM +0000 12/2/07, Alejandro
Pisanty wrote:<br>
<blockquote>Hi,<br>
<br>
on the strand on cybercrime:<br>
<br>
a useful way to approach this would be to make a quick list of
stakeholders (the four WSIS stakeholder groups, then a more
fine-grained segmentation of these), and their present and possible
future roles.<br>
<br>
Thus, you can recognize governments as you are already doing.
Governments in many countries (certainly the once you are mentioning
here) have three main branches, executive, legislative, and judiciary.
Each plays or can play a vital, differentiated role. Then e.g. within
the executive you have differentiated functions - crime prosecution is
in the executive in many countries, crime prevention, education,
telecoms regulator (or other setting and policing rules for ISP
operation), and so on.<br>
<br>
The cooperation described in previous emails in this strand is mainly
among law-enforcement agencies, which aid each other cross-border in
investigating crimes and prosecuting criminals.<br>
<br>
Not much of this can be done with cooperation form other parts of the
governments. It is well known that a person that has committed a crime
under the laws of country A but is in country B cannot be captured in
country B and lawfully extradited to country A unless his actions are
also a crime in country B. And then of course you have to have
compatible rules for evidence, country A has to recognize the evidence
obtained in country B, the rules for the control of the custody of the
chain of evidence in country B have to satisfy country A, and so
on.<br>
<br>
Lawyers and other experts will be happy to dwell in the details.<br>
</blockquote>
<blockquote>The business (what we call the private sector outside the
US and UK) to business cooperation is often easier to meet. Phishing
is recognized by banks in most countries, and though competition
issues (banks compete with each other by being safer, among other
factors) may make them want to not cooperate, once the environment is
toxic enough they will not only cooperate with each other in-country
but also cross-border. This gets complicated by the huge level of
consolidation among banks that exists transnationally.<br>
<br>
Other private-sector victims or co-victims to cybercrime (strictly
speaking the bank is not the victim of phishing; the client is the
victim; so I use "co-victim" because banks are shouldering
some of the burden for many reasons) such as small and medium
enterprises which are swindled by criminals (e.g. in fake purchases)
may find it more difficult to cooperate with their peers cross-border
directly, preferring their governments to act on their behalf instead,
unless they are very cyber-savvy.<br>
<br>
(And, ah, many of us are of the opinion that there is actually no
cybercrime, only crime committed by cyber means.)<br>
<br>
I'll stop here for a moment and ask, what is the role of civil society
in this picture? (exercise left to the readers.)<br>
<br>
Yours,<br>
<br>
Alejandro Pisanty<br>
<br>
<br>
. . . . . . . . .
. . . . . . . . .
. . . . . . . .<br>
Dr. Alejandro Pisanty<br>
Director General de Servicios de Computo Academico<br>
UNAM, Universidad Nacional Autonoma de Mexico<br>
Av. Universidad 3000, 04510 Mexico DF Mexico<br>
Tel. (+52-55) 5622-8541, 5622-8542 Fax 5622-8540<br>
http://www.dgsca.unam.mx<br>
*<br>
---->> Unete a ISOC Mexico, www.isoc.org<br>
Participa en ICANN, www.icann.org<br>
. . . . . . . . .
. . . . . . . . .
. . . . . . . .<br>
<br>
<br>
On Sat, 1 Dec 2007, Jacqueline A. Morris wrote:<br>
</blockquote>
<blockquote>Date: Sat, 1 Dec 2007 21:34:54 -0400<br>
From: Jacqueline A. Morris <jam@jacquelinemorris.com><br>
Reply-To: governance@lists.cpsr.org,<br>
Jacqueline A. Morris
<jam@jacquelinemorris.com><br>
To: governance@lists.cpsr.org, 'Ian Peter'
<ian.peter@ianpeter.com>,<br>
'Suresh Ramasubramanian'
<suresh@hserus.net><br>
Subject: RE: [governance] Re: IG questions that are not ICANN [was:
Irony]<br>
<br>
There is some cross-boundary cooperation, but it isn't easy. There are
some<br>
bilateral agreements (for example between Trinidad and Tobago and the
UK and<br>
also with the US ) that allow for co-ordination and cooperation in
certain</blockquote>
<blockquote>instances, but some in the local Police complain that the
processes are<br>
unwieldy.<br>
I do agree that there needs to be more than simple government to
government<br>
cooperation. But governments are vital, in that they are the ones who
can<br>
sign agreements that are binding, they can amend laws that allow
for<br>
cooperation (and that is important with regard to evidence, with
regard to<br>
what is allowed in different jurisdictions, such as methods of
data<br>
gathering).<br>
Jacqueline<br>
</blockquote>
<blockquote>-----Original Message-----<br>
From: Ian Peter [mailto:ian.peter@ianpeter.com]<br>
Sent: Friday, November 30, 2007 23:03<br>
To: governance@lists.cpsr.org; 'Suresh Ramasubramanian'<br>
Subject: RE: [governance] Re: IG questions that are not ICANN
[was:<br>
Irony]<br>
<br>
Nice concept Suresh, but at Rio a number of govt reps complained at
the<br>
almost total lack of international co-operation in this area and
the<br>
ineffectiveness of current efforts because there is no way to get<br>
cross-boundary co-operation currently.<br>
<br>
That's a structural problem IMHO. And one not likely to be solved<br>
solely by<br>
governments co-operating among themselves. In addition technical<br>
co-operation is necessary as they readily admit - that takes two
forms<br>
at<br>
least which I outlined. Finally the public policy issues are<br>
substantial of<br>
course.<br>
.<br>
<br>
Ian Peter<br>
Ian Peter and Associates Pty Ltd<br>
PO Box 10670 Adelaide St Brisbane 4000<br>
Australia<br>
Tel (+614) 1966 7772 or (+612) 6687 0773<br>
www.ianpeter.com<br>
www.internetmark2.org<br>
www.nethistory.info<br>
<br>
<br>
-----Original Message-----<br>
From: Suresh Ramasubramanian [mailto:suresh@hserus.net]<br>
Sent: 01 December 2007 14:00<br>
To: governance@lists.cpsr.org; Ian Peter<br>
Cc: 'Alejandro Pisanty'; 'Milton L Mueller'<br>
Subject: Re: [governance] Re: IG questions that are not ICANN
[was:<br>
<blockquote>Irony]<br>
<br>
Ian Peter [01/12/07 13:45 +1100]:<br>
</blockquote>
<blockquote>A structure for dealing with cybercrime would have the
following<br>
</blockquote>
<blockquote>inputs</blockquote>
<blockquote>1. Governmental<br>
2. Industry players (carriers, ISPs, etc)<br>
3. Technical innovators and standards groups<br>
4. Public interest groups<br>
Each would need representation on a structure dealing with this
issue.<br>
</blockquote>
<blockquote><br>
Actually, the focus would not be on "governance" - it would
be on<br>
interoperability and cooperation across "stakeholder communities"
(or<br>
stakeholder silos, as I've heard them called .. civ soc talking to<br>
other<br>
civ soc, agency talking to agency etc)<br>
<br>
Take a look at these three - they actually do a lot of what you
ask<br>
for.<br>
<br>
CoE convention on cybercrime -<br>
http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm<br>
<br>
ITU botnet project - again, taking these concepts you cite and
applying<br>
them practically, instead of as a thought experiment -<br>
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html<br>
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-botnet-mitigation-<br
>
toolki<br>
t-background.pdf<br>
<br>
And then this - a "self assessment" document to help a
country assess<br>
how<br>
ready it is to deal with cybersecurity.<br>
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html<br>
</blockquote>
<blockquote>Effective action would require the consent and involvement
of each<br>
</blockquote>
<blockquote>group<br>
<br>
At an international level? What you would get at that level is
again<br>
coordination and cooperation at a broad level, and awareness of
each<br>
others<br>
initiatives. It is not like (say) governing a swiss canton where
all<br>
the<br>
citizens can get together to decide where to build the next public<br>
toilet<br>
or how much to spend to improve a local park.<br>
</blockquote>
<blockquote>
srs</blockquote>
</blockquote>
</blockquote>
<div><br></div>
</body>
</html>