- By Bruce McConnell
- Nov 12, 2000
International cybercrime — attacks on mission-critical government or private
computers from across national boundaries — is an increasing threat. Can
Self-protection through strong secur-ity tools and practices remains
the principal defense. Ultimately, however, governments must address the
investigation of cybercrimes and the prosecution of criminals. Most countries
recognize the need to update their laws to fight crimes committed in cyberspace.
But countries today mostly are in the same boat that the Philippines was
in after the "love bug" struck in May — they have no effective legal tools
to prosecute cybercriminals. As with many issues, it often takes a crisis
to precipitate action. In June, the Philippines outlawed most computer crimes
as part of a comprehensive e-commerce statute.
To prosecute crimes across national borders, an act must be a crime
in both jurisdictions. Thus, though local legal traditions must be respected,
nations must define cybercrimes similarly. One approach to encourage such
harmony is to develop a model law that can be adapted to local conditions.
Such an effort is underway in the Council of Europe (COE).
The COE, Europe's oldest political organization, has created model laws
and treaties covering human rights, education and the environment. Its Draft
Convention on Cyber Crime was crafted by law enforcement officials from
Europe, the United States and Japan.
The convention will address a range of cybercrimes, including illegal
access, illegal interception, data interference, system interference, computer-related
forgery, computer-related fraud, and the aiding and abetting of these crimes.
It also tackles investigational matters related to jurisdiction, extradition,
the interception of communications, and the production and preservation
of data. And it sets minimum standards for penalties.
As with most cybersecurity initiatives, the COE's framework is controversial.
The computer industry argues that it had little meaningful input in the
draft convention. The COE accepts comments on its draft, then releases a
revision. The latest version is at www.coe.int.
Industry believes requiring service providers to monitor communications
and provide assistance to investigators would be burdensome and costly.
It also objects to a provision criminalizing the use of hacking programs,
which may have been designed for legitimate security testing purposes.
The Global Internet Liberty Campaign (www.gilc.org) has joined the opposition,
objecting to a lack of procedural safeguards and due process to protect
individuals' rights. It believes ensuing national laws might place restrictions
on privacy, anonymity and encryption.
The council wants to finish its work by the end of the year, after which
member nations and others could sign on to the convention and implement
the provisions in their own laws. In the meantime, government and industry
should engage the COE process at all levels to ensure a workable outcome.
McConnell, former chief of information policy and technology at the Office
of Management and Budget, is president of McConnell International LLC (www.