 | |
| |
TechnologyDaily Mobile
Momentum For Cyber Security Is High
by William New
The recent terrorist strikes in the United States have raised consciousness about such threats and increased the political will domestically and in key partner countries to institute cyber-security measures.
Before Sept. 11, many countries were developing stronger security for critical infrastructure, including government and private-sector computer networks. But the events have dramatically raised these and other anti-terrorist measures as priorities.
The Internet Corporation for Assigned Names and Numbers (ICANN), the coordinating body for the Internet, shifted the focus of its annual meeting in November away from improving competition to ensuring security. The shift happened despite the Internet's strong performance during and after the attacks, and despite intense pressure for ICANN to move forward on projects such as board elections and adding domain-name suffixes such as .com to the Internet.
Tolerance for disruptive computer viruses also appears to be lower. Several government and private-sector sources noted that "Code Red" and "Nimda," two computer viruses that ravaged e-mail networks in recent weeks, are cause for stronger action on security. And in the United States, the Bush administration and Congress are pondering ways to tighten security on computer systems and e-mail traffic, reopening and in some ways moving forward an intense debate over civil liberties and law enforcement.
"There is a need to recalculate the balance between civil liberties and law enforcement" in the United States after Sept. 11, said James Lewis of the Center for Strategic and International Studies. While we "should not throw civil liberties out the window," there should be a strengthening of law enforcement access and an acceleration of efforts to protect critical infrastructure, he said. "There is a need to pick up the pace."
But under no circumstances should the debate about giving law enforcement officials "keys" to encrypted data be reopened, argued Lewis, a former government encryption expert. "We just finished going through a five-year process and nothing has changed, so we don't need to go through it again," he said.
Europe Hears The Call
Law enforcement agencies worldwide regularly share information on criminals, but the process is being updated. Now, several countries, such as those in Europe, are speeding up domestic and international cyber-security efforts begun before Sept. 11.
Belgian Prime Minister Guy Verhofstadt said after his Sept. 27 meeting with President Bush that broad anti-terrorism efforts percolating for two years in the European Union are moving swiftly to conclusion. The European Union held a special session on anti-terrorism Sept. 21. This momentum has carried over to technology areas such as data protection, EU officials said.
"Things that were being discussed to hammer out the finer points have such momentum [that] now they have gone up to the ministers and will go through fairly quickly," said Matthew King, first secretary at the European Commission delegation in Washington.
For instance, the telecommunications ministers of the 15-member European Union are likely to debate at their Oct. 15 meeting on how long telecom records should be kept for law enforcement purposes, King said. The EU council of ministers is nearing agreement on a directive to protect telecom data.
"It's fair to say that getting a hold of data on suspected terrorists is so important, people are reviewing existing provisions," King said. "Then the question arises on how to share data with the United States."
A Full Plate Of Security Issues
The data directive and the European Convention for the Protection of Human Rights and Fundamental Freedoms, which covers individual rights and freedoms, will be reviewed, King said. The Council of Europe (COE) Convention on the Suppression of Terrorism, which dates back to 1977, probably will, too. The COE held an emergency meeting last week to discuss updating its terrorism treaty.
The Conference of European Justice Ministers, organized by the COE, will meet in Moscow on Oct. 4-5 to discuss possible measures to fight international terrorism. In addition, the European Commission will hold a forum in November in Brussels on cyber crime, according to King. And the Organization for Economic Cooperation and Development will hold a meeting on privacy-enhancing techniques later this month.
European countries, especially France and the United Kingdom, have dealt with terrorist attacks for years. "In terms of anti-terrorism, it is not a particularly unusual scenario for Europeans to have thought through government intervention," King noted. "We've already framed the limits and boundaries."
Surveillance technologies, under debate in the United States, already are in place in Europe, according to Lewis. In general, there is less constraint on domestic security forces in Europe, and countries there are ahead of the United States in protecting critical infrastructure, in providing law enforcement access to the Internet and in wiretapping capabilities, he said.
Policymaking on cyber crime in Europe is moving from the national capitals to the European Commission headquarters in Brussels, King added.
There may be a greater willingness now among Americans to let government into their private lives. A Washington Post-ABC News poll taken last week showed that a majority of Americans trust the federal government to "do what is right," more than double the number in a similar poll taken in April 2000.
New Zealand, Australia and South Africa also have bills pending on cyber crime, sources said. The United Kingdom is proposing changes to its cyber-crime laws. Canada and others are working on changes to copyright laws to reflect digital content.
Global Cyber-Crime Treaty Forms Framework
A global framework for handling cyber crime is near completion at the COE, the 43-nation body formed in 1949 and based in Strasbourg, France. The final step for the treaty will be a November gathering of the foreign ministers of the COE countries, plus observer nations involved in the treaty negotiations, including the United States, Japan and Canada.
Confidential treaty negotiations began in 1997. On Sept. 19, the permanent representatives to the COE overcame final differences and approved the text.
The cyber-crime treaty takes aim at computer-related fraud, illegal computer access or interception of data, child pornography and copyright infringement. It contains requirements on the preservation of data, the search and seizure of stored computer data, real-time collection of traffic data and interception of content data. It also addresses jurisdiction, extradition and international cooperation.
A signing ceremony will be held in late November, after which countries will begin the process of ratifying the treaty at home. Bush administration officials have not firmly stated whether they will sign the treaty, but they said during negotiations they were working to negotiate a treaty that would not require significant changes to existing U.S. law.
Some observers feel that the treaty's broad wording in some areas might mean that it requires legal changes, however. That would make implementing legislation -- changes to U.S. law -- necessary for congressional approval.
While copyright holders praised the treaty as helpful against terrorism and piracy, U.S. Internet service providers and consumer advocates see it as burdensome and costly, and are setting their sights on killing or changing it at the national level.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
