G8 jaw, jaw, jaw about Cyberspace law

2000-05-11

It's good to talk, agreed delegates at last week's computer crime conference in Paris. Attendees from G8 nations - the United Kingdom, France, Germany, Italy, Russia, Japan and the United States - spent three days discussing the issues surrounding computer and internet-related crime. Nothing concrete came out of the talks, apart from a general commitment to international co-operation to combat the growing threat. But that is already a good start, yes?

No. The agreement reached by the delegates was to co-operate more fully, a process that is long overdue in starting. What is missing is any concrete actions coming from the G8 concerning exactly how cybercrime is to be combatted. At the same time, chinks are already appearing in the international armour. As reported on Silicon.com, different countries favour different approaches: for example, the European nations have already signed up to a Council of Europe treaty that favours tighter laws and regulations. However the US prefers self-regulation to form the basis of the fight against cyber crime.

Of course, the problems faced are not easy ones to solve. The problem is that cybercrime, like everything else technology-related, is raising its ugly head in most unexpected ways. The "traditional" view of computer-related crime, immortalised in "The Cuckoo's Egg" by Clifford Stoll, involves seasoned hackers breaking into government computers and selling the uncovered secrets for drug money. The real world has moved on however. Consider, for example, the denial of service attacks on high profile eCommerce sites (eBay, CDNow and the like), or the students breaking copyright laws by exchanging MP3 versions of their favourite CD tracks. Consider the "I Love You" virus, purportedly the most expensive criminal act that the Internet has seen so far. It appears that the fragility of the Web is under far greater threat than the unauthorised access to company or personal data. The arrival of mobile and always-on, high bandwidth technologies will no doubt bring with them whole new weaknesses to be exploited. For example, there is a strong possibility that the convergence of PDAs and mobile phones will result in a new breeding ground for denial of service worms. What is more, the arrival of always-on Internet connections will open the threat of attack to PC owners across the globe. Personal firewall manufacturers will have a field day.

The main problem is one of catch-up for the institutions. Legal practices and international conventions are way behind the technology curve. With the current political set-ups, this looks unlikely to change. Let's face it, if it takes over a year for Strasbourg to draft new guidelines for the expenses claims of Members of the European Parliament, what chance do we have of getting the G8 nations to agree on a global cybercrime framework before technology has changed the landscape beyond recognition? In corporate law, too, the world is moving too fast - consider the Microsoft trial, where the anti-competitive acts committed a few years ago are now hopelessly old hat. We need an internationally agreed, slick, flexible process of communication and mitigation of the threats posed, as they start to become possible and not after the events which will undoubtedly occur. One thing is for sure: the time for talking is well and truly over.

(First published 11 May 2000)