Business Daily from THE HINDU group of publications
Monday, Nov 06, 2006
ePaper
Business Daily from THE HINDU group of publications Monday, Nov 06, 2006 ePaper |
|
|
|
|
|
|
|
eWorld
-
Security Columns - Security Musings Web Extras - Economic Offences The fight goes global R.K. Raghavan
Given the nature and complexity of cyber crime, which transcends political and geographic borders with remarkable ease, it is difficult to exaggerate the need for modern nations to cast aside narrow sovereign considerations and come together to fight this menace. There is hardly any other way online crime can be investigated thoroughly and taken to judicial cognisance, especially when such crime involves computer systems placed in two or more countries. Considering this scenario, it is surprising that a recent major development, which has strengthened international cooperation for fighting computer crime, has gone almost unnoticed.
Historic step
On September 22, 2006, President Bush signed the instrument of ratification for the Council of Europe convention on cyber crime to take his country into a strong alliance. Earlier, on August 3, the US Senate had given its own endorsement for this historic step. The well-conceived and comprehensive Convention had been adopted by the Council of Europe's Committee of Ministers as early as November 8, 2001, and came into force on July 1, 2004. This was the culmination of a process that began in the late 1980s, leading to two studies (1989 and 1995) and the formation (1997) of a Committee of Experts, which drafted the 2001 Convention. Although the US had taken an active part in the negotiations from early days and gone ahead to sign the document on November 23, 2001, ratification took enormous time because of some grave misgivings, political and psychological, leading to a drawn-out process of consultation and discussions. With the recent US decision to cast its lot with the Council of Europe members, 43 countries have become signatories and 15 mere parties to the Convention.
US reservations on 2 counts
The initial US reservations were on two counts. First, the Convention seemed to ignore the concept of `dual criminality'. This would mean that a country A will have to cooperate with country B when the latter demands assistance in respect of an occurrence that may not be an offence under A's law. Instances of countries not recognising either hacking or Denial of Service (DoS) attacks as criminal offences are not few. When this is the situation, not many would like to extend a helping hand to another when the latter seeks it. There can also be uncomfortable issues such the lack of faith in free speech of certain Communist countries such as Russia or China. Here, these governments may on occasions seek the assistance of either the US or any other democratic country to collect and study the evidence against individuals who are critical of them and had given open expression to it through cyberspace. Strict adherence to the Convention in such cases could be in violation of the right to free speech, which is sacrosanct to the US and is enshrined in its Constitution. (This is possibly one reason why the US will not even touch a suggested separate protocol that would require declaring Internet-based hate speech an offence.) There are, however, some legal pundits who would say that the principle of `dual criminality' applies mainly to cases of extradition and not to situations where what is demanded is only assistance in the collection of evidence, which is mostly the case in cyber offences. Extradition of cyber offenders is an infrequent occurrence, unless the incident in question is a major happening resulting in a huge loss of property or lives. Till now, we have had no colossal cyber terrorist attack leading to such an eventuality. Possibly this is the rationale that ultimately weighed in the minds of US policy makers in pushing through with the ratification. Another factor that was of some concern to the US was that the duty cast by the Convention could become a heavy burden on Internet providers. This will be when they are required to conduct electronic searches and seizures that are expensive and time consuming, and neither of which will be compensated financially. A third factor is the requirement to preserve electronic records for indefinite periods at the request of foreign investigators. Private businesses will bear an undue burden that could be difficult to justify in many cases.
More needs to be done
The Council of Europe Convention is no doubt a major step forward in forging understanding between nations on the need for hitting at cyber criminals with great vehemence. One must, however, remember that the Convention is not a law by itself. It only offers guidelines to signatories on how to formulate cyber laws in their respective countries. Hacking of computer systems, stealing or alteration of data with a dishonest motive and facilitating child pornography are all offences that the Convention refers to as areas where strong legislation is required. Countries such as the US and the UK (which is yet to ratify the Convention although it has signed it) have already adequate laws in place, and do not therefore have to draft new ones to fall in line with the stipulations of the Convention. This may not exactly be the case with India if and when it chooses to adopt the Convention. (Incidentally, one need not be a member of the Council of Europe to take part in the Convention. The US, Canada, Japan, Monte Negro and South Africa have come in by invitation.) Our law, viz., the Information Technology Act 2000, has still lots of loopholes. We keep hearing that amendments are on the anvil. I wonder when such noises will become a reality! Meanwhile, the Interpol continues to crib about lack of a legal infrastructure to bring semblance of a control over the expanding contours of cyber crime. One of its spokesmen recently referred to the need for a global legislative framework. He cites the phenomenon of Phishing that has become a major threat to financial institutions all over the world and individuals who invest in them. Fake Web sites and e-mails are the order of the day, and we need tough laws to handle them. This is no doubt an unexceptionable demand. But then, are nations willing to go the whole hog? Not really! This is because some small nations thrive on permissiveness on the financial front to sustain their economies, and would encourage the Net to be used from their shores to defraud those overseas. It will be for leading powers such as like the US to employ their might to discipline co-users of the cyberspace. As I sign off for the fortnight comes news of an e-mail from a cyber café in Kerala that carries a threat against the Prime Minister during his forthcoming visit to that State. The café and the originator have been quickly identified. This is a smart piece of work by the Kerala Police who deserve to be complimented. I presume this will inspire other police forces in the country to sharpen their cyber crime wings. (The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)
More Stories on : Security | Security Musings | Economic Offences
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |
Copyright © 2006, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|