[governance] Re: IG questions that are not ICANN [was: Irony]
Ian Peter
ian.peter at ianpeter.com
Sun Dec 2 14:41:22 EST 2007
Interpol properly funded would be able to handle the end of all of this –
international co-operation on arrests –
But that’s a small part of the picture
Crime prevention and surveillance are major activities. They need industry
co-operation, technical innovation and standards involvement in co-operation
with legislators and crime prevention authorities. Way beyond Interpol’s
brief. And surveillance (nasty word but a major part of crime prevention)
also needs the involvement of civil libertarians and privacy groups to
ensure some appropriate balance between rights and surveillance action.
So I think we come to some sort of multistakeholder structure not yet in
existence. I must say that in Rio I went to the cybercrime convention
organized by Council of Europe (the only session devoted entirely to
cybercrime) and left 45 minutes after the advertised starting time when the
session had not yet got underway.
This is such an important issue. Trust in the Internet is greatly reduced
because we are not handling cybercrime well. WE do need to be proactive in
this area.
Is this an area for another dynamic coalition to get things moving? The ITU
pamphlet on this is a nice glossy with a good high level strategy, but I
think some complementary action (with their involvement if possible) might
be productive.
Just to give a quick outline of the ITU goals here, they cover
Model cybercrime legislation
Organizational structures
Security criteria and accreditation of software applications and systems
Surveillance and incident response
Universal digital identity system
Capacity building
International co-operation.
Ian Peter
Ian Peter and Associates Pty Ltd
PO Box 10670 Adelaide St Brisbane 4000
Australia
Tel (+614) 1966 7772 or (+612) 6687 0773
www.ianpeter.com
www.internetmark2.org
www.nethistory.info
_____
From: Suresh Ramasubramanian [mailto:suresh at hserus.net]
Sent: 03 December 2007 02:07
To: 'George Sadowsky'; governance at lists.cpsr.org; 'Alejandro Pisanty';
'Jacqueline A. Morris'
Cc: 'Ian Peter'
Subject: RE: [governance] Re: IG questions that are not ICANN [was: Irony]
You would not see Interpol’s involvement. Nor would your average civ soc
igovernance type person who has a much broader interest in access / ICT,
ICANN governance etc issues rather than being focused on cybercrime. Even
then, you would have to look hard for them ..
Interpol isn’t set up to, or meant to interact with or engage with civil
society. They are purely set up to facilitate coordination between law
enforcement agencies, and to provide a mechanism for warrants from one
country to be propagated to other countries (Interpol’s “red corner”
notices). And of course, capacity building efforts to some extent.
They don’t have investigation and arrest powers and are not the global cops
… there are no global cops in the law enforcement sense.
That said, if you go to the right public private events on cybercrime you
would definitely get to talk to / interact with Interpol people, and those I
have met, I respect for their acumen and insight into this issue.
Given what I know of what Interpol does (and that barely scratches the
surface) – whatever funding they get is put to far better use than expense
paid junkets (the bane of many an international organization).
srs
From: George Sadowsky [mailto:george.sadowsky at attglobal.net]
Sent: Sunday, December 02, 2007 9:14 PM
To: Suresh Ramasubramanian; governance at lists.cpsr.org; 'Alejandro Pisanty';
'Jacqueline A. Morris'
Cc: 'Ian Peter'
Subject: RE: [governance] Re: IG questions that are not ICANN [was: Irony]
Suresh,
Thank you very much. This is quite interesting.
It's worth listening to Ron Noble's interview. He is the head of Interpol.
He pleads emotionally, to the point of breaking down and crying, for
governments to understand that he has a billion dollar program, not a
million dollar program. He cites budgets of comparable international
institutions and shows what a pittance Interpol gets compared to them.
If the world believes (whatever that means) that Interpol is part of the
solution against cybercrime and not part of the problem. it is certainly
not putting its money where its mouth is.
Is there any evidence that Interpol is not a worthwhile investment? I
haven't seen any.
George
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At 8:38 PM +0700 12/2/07, Suresh Ramasubramanian wrote:
Well, there is a multitude of organizations.
ITU is the UN agency that handles WSIS action line C5 - which covers
cybersecurity
Interpol certainly does quite a lot on coordinating between law enforcement
agencies on cybercrime issues. In fact, see this interview with their
secretary general Ronald Noble - on ABC 60 minutes.
HYPERLINK
"http://cosmos.bcst.yahoo.com/up/player/popup/?rn=3906861&cl=5007247&ch=4227
541&src=news"http://cosmos.bcst.yahoo.com/up/player/popup/?rn=3906861&cl=500
7247&ch=4227541&src=news
A lot of additional cooperation also goes on through MLATs - bilateral
"mutual legal assistance treaties" between national police agencies (such as
the US DoJ).
Other organizations that do work to some extent in this area are ENISA
(http://enisa.europa.eu) and the CoE (through their convention on
cybercrime, and a network of 24x7 hotline PoCs that works with / extends the
G8's similar hotline). The international organizations that deal
specifically with this are more than capable.
Then, there's international cooperation on child porn - public private, this
one - HYPERLINK
"http://www.virtualglobaltaskforce.com"http://www.virtualglobaltaskforce.com
As I said though, several individual countries' law enforcement agencies may
range all the way down the spectrum from "don't know" to "don't care". And
individual countries may not have extradiation treaties as well .. so that
issues of rather more significance than cybercrime (such as seeking the
arrest of someone who put plutonium in a guy's sushi not too long back) may
run into these very same issues.
srs
From: George Sadowsky [mailto:george.sadowsky at attglobal.net]
Sent: Sunday, December 02, 2007 8:24 PM
To: governance at lists.cpsr.org; Alejandro Pisanty; Jacqueline A. Morris
Cc: 'Ian Peter'; 'Suresh Ramasubramanian'
Subject: RE: [governance] Re: IG questions that are not ICANN [was: Irony]
So where is the international organization that claims (cyber)crime as its
target? IMHO the obvious target is Interpol. Yet I don't see strong
evidence of Interpol's involvement in cybercrime. why not? Some possible
reasons:
(1) It's happening, but I don't see it because I'm not looking in the right
places
(2) It's happening, but purposely being kept secret for the purposes of
effective operations
(3) It's not happening because Interpol doesn't see it as a high priority or
doesn't see it as a part of its mandate
(4) It's not happening because Interpol doesn't have the resources to
address the issue effectively -- technical, legal, or financial.
(5) None of the above.
Seriously, I would like to understand if our existing international
organizations are capable or could be made capable of really assisting in
this area, or not. This would give us some evidence regarding in which
directions it would be most effective to proceed.
What do we collectively know about Interpol, and possibly other similar
organizations that could provide a basis for a concerted attack on
cybercrime?
Regards,
George
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At 2:02 AM +0000 12/2/07, Alejandro Pisanty wrote:
Hi,
on the strand on cybercrime:
a useful way to approach this would be to make a quick list of stakeholders
(the four WSIS stakeholder groups, then a more fine-grained segmentation of
these), and their present and possible future roles.
Thus, you can recognize governments as you are already doing. Governments in
many countries (certainly the once you are mentioning here) have three main
branches, executive, legislative, and judiciary. Each plays or can play a
vital, differentiated role. Then e.g. within the executive you have
differentiated functions - crime prosecution is in the executive in many
countries, crime prevention, education, telecoms regulator (or other setting
and policing rules for ISP operation), and so on.
The cooperation described in previous emails in this strand is mainly among
law-enforcement agencies, which aid each other cross-border in investigating
crimes and prosecuting criminals.
Not much of this can be done with cooperation form other parts of the
governments. It is well known that a person that has committed a crime under
the laws of country A but is in country B cannot be captured in country B
and lawfully extradited to country A unless his actions are also a crime in
country B. And then of course you have to have compatible rules for
evidence, country A has to recognize the evidence obtained in country B, the
rules for the control of the custody of the chain of evidence in country B
have to satisfy country A, and so on.
Lawyers and other experts will be happy to dwell in the details.
The business (what we call the private sector outside the US and UK) to
business cooperation is often easier to meet. Phishing is recognized by
banks in most countries, and though competition issues (banks compete with
each other by being safer, among other factors) may make them want to not
cooperate, once the environment is toxic enough they will not only cooperate
with each other in-country but also cross-border. This gets complicated by
the huge level of consolidation among banks that exists transnationally.
Other private-sector victims or co-victims to cybercrime (strictly speaking
the bank is not the victim of phishing; the client is the victim; so I use
"co-victim" because banks are shouldering some of the burden for many
reasons) such as small and medium enterprises which are swindled by
criminals (e.g. in fake purchases) may find it more difficult to cooperate
with their peers cross-border directly, preferring their governments to act
on their behalf instead, unless they are very cyber-savvy.
(And, ah, many of us are of the opinion that there is actually no
cybercrime, only crime committed by cyber means.)
I'll stop here for a moment and ask, what is the role of civil society in
this picture? (exercise left to the readers.)
Yours,
Alejandro Pisanty
. . . . . . . . . . . . . . . . . . . . . . . . . .
Dr. Alejandro Pisanty
Director General de Servicios de Computo Academico
UNAM, Universidad Nacional Autonoma de Mexico
Av. Universidad 3000, 04510 Mexico DF Mexico
Tel. (+52-55) 5622-8541, 5622-8542 Fax 5622-8540
http://www.dgsca.unam.mx
*
---->> Unete a ISOC Mexico, www.isoc.org
Participa en ICANN, www.icann.org
. . . . . . . . . . . . . . . . . . . . . . . . . .
On Sat, 1 Dec 2007, Jacqueline A. Morris wrote:
Date: Sat, 1 Dec 2007 21:34:54 -0400
From: Jacqueline A. Morris <jam at jacquelinemorris.com>
Reply-To: governance at lists.cpsr.org,
Jacqueline A. Morris <jam at jacquelinemorris.com>
To: governance at lists.cpsr.org, 'Ian Peter' <ian.peter at ianpeter.com>,
'Suresh Ramasubramanian' <suresh at hserus.net>
Subject: RE: [governance] Re: IG questions that are not ICANN [was: Irony]
There is some cross-boundary cooperation, but it isn't easy. There are some
bilateral agreements (for example between Trinidad and Tobago and the UK and
also with the US ) that allow for co-ordination and cooperation in certain
instances, but some in the local Police complain that the processes are
unwieldy.
I do agree that there needs to be more than simple government to government
cooperation. But governments are vital, in that they are the ones who can
sign agreements that are binding, they can amend laws that allow for
cooperation (and that is important with regard to evidence, with regard to
what is allowed in different jurisdictions, such as methods of data
gathering).
Jacqueline
-----Original Message-----
From: Ian Peter [mailto:ian.peter at ianpeter.com]
Sent: Friday, November 30, 2007 23:03
To: governance at lists.cpsr.org; 'Suresh Ramasubramanian'
Subject: RE: [governance] Re: IG questions that are not ICANN [was:
Irony]
Nice concept Suresh, but at Rio a number of govt reps complained at the
almost total lack of international co-operation in this area and the
ineffectiveness of current efforts because there is no way to get
cross-boundary co-operation currently.
That's a structural problem IMHO. And one not likely to be solved
solely by
governments co-operating among themselves. In addition technical
co-operation is necessary as they readily admit - that takes two forms
at
least which I outlined. Finally the public policy issues are
substantial of
course.
.
Ian Peter
Ian Peter and Associates Pty Ltd
PO Box 10670 Adelaide St Brisbane 4000
Australia
Tel (+614) 1966 7772 or (+612) 6687 0773
www.ianpeter.com
www.internetmark2.org
www.nethistory.info
-----Original Message-----
From: Suresh Ramasubramanian [mailto:suresh at hserus.net]
Sent: 01 December 2007 14:00
To: governance at lists.cpsr.org; Ian Peter
Cc: 'Alejandro Pisanty'; 'Milton L Mueller'
Subject: Re: [governance] Re: IG questions that are not ICANN [was:
Irony]
Ian Peter [01/12/07 13:45 +1100]:
A structure for dealing with cybercrime would have the following
inputs
1. Governmental
2. Industry players (carriers, ISPs, etc)
3. Technical innovators and standards groups
4. Public interest groups
Each would need representation on a structure dealing with this issue.
Actually, the focus would not be on "governance" - it would be on
interoperability and cooperation across "stakeholder communities" (or
stakeholder silos, as I've heard them called .. civ soc talking to
other
civ soc, agency talking to agency etc)
Take a look at these three - they actually do a lot of what you ask
for.
CoE convention on cybercrime -
http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm
ITU botnet project - again, taking these concepts you cite and applying
them practically, instead of as a thought experiment -
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-botnet-mitigation-
toolki
t-background.pdf
And then this - a "self assessment" document to help a country assess
how
ready it is to deal with cybersecurity.
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html
Effective action would require the consent and involvement of each
group
At an international level? What you would get at that level is again
coordination and cooperation at a broad level, and awareness of each
others
initiatives. It is not like (say) governing a swiss canton where all
the
citizens can get together to decide where to build the next public
toilet
or how much to spend to improve a local park.
srs
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.12/1163 - Release Date: 01/12/2007
12:05
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.12/1163 - Release Date: 01/12/2007
12:05
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20071203/a6ea1316/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: message-footer.txt
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20071203/a6ea1316/attachment.txt>
More information about the Governance
mailing list