New cooperation in taming the wild Web
With fresh urgency, governments and internet execs at a g-8 meeting vow to work together to combat cybercrime.
PARIS — The global information superhighway is getting to be a dangerous place. Highway robbers such as credit-card fraudsters, crazy drivers like the inventors of the ILOVEYOU virus, and pot-holes deep enough to record all your personal information are making for risky travel on the Internet.
So who should set the rules to make the cybersurfer safe? And how strict should they be?
For the first time, law enforcement officials, techies, and executives from 130 top Internet companies joined forces to address these questions at a three-day conference organized by the Group of Eight leading industrialized countries. Participants agreed on one thing: They need to work together, and fast, if they are going to catch any of the cybercriminals prowling the Web.
But fundamental questions about the limits to freedom have to be considered along the way, conference participants say. Where will they strike the balance between a surfer's privacy, industry's distaste for regulation, and policemen's need for footprints as they track electronic criminals?
"Governments used to say they'd tell us what to do, and the industry said it was too new to be burdened" with regulation, says Jeff Richards, executive director of the Internet Alliance, a lobbying group that includes such major companies as IBM, Microsoft, AOL, and Deutsche Telekom."Today they are figuring out solutions together, and at the very least there is a new urgency."
"Pragmatism for the first time overcame ideology," he adds.
"The Mounties were founded in 1873 because the Wild West was just too wild," recalls Tim Killam, assistant commissioner of the Royal Canadian Mounted Police, who was at this week's conference. "I see the Internet as the Wild West today: We have to bring some level of order to it, but the question is what level of order. And how."
The key differences that separate players in cyberspace were all too evident at the meeting.
On the one hand, law-enforcement officers from around the world want the Web to be as transparent as it can be made: Police want to be able to find out who did what and when on the Internet.
"If you can't follow what happened in the paper trail, you are not going to be able to investigate the crime," says James Ledouceur, head of cryptography at the Canadian Department of Industry.
At the other end of the spectrum was Austin Hill, founder of Zero-Knowledge, who for $10 a year will rent you a pseudonym to use on his "Freedom" software that guarantees you - or a child pornographer - absolute anonymity on the Web through uncrackable cryptography.
In between were executives from Internet service providers who say the volume of Internet traffic would make it physically impossible for them to retain traffic logs and other data that governments want them to keep in case they were needed in a criminal investigation.
At another level, different countries have different laws - or sometimes no laws at all - to combat cybercrime. That makes investigating and prosecuting crimes committed across borders - as many cybercrimes are - hard to investigate and prosecute. The hackers suspected of having launched the ILOVEYOU virus, for example, cannot be prosecuted in the Philippines, where they live, for lack of appropriate laws against what they did.
The way that virus was tracked, conference participants say, was a rare and successful example of the sort of thing they are planning for the future: Internet geeks and law-enforcement agencies working together to identify and trace criminal activity. But ILOVEYOU was unusual because it left so many traces in its wake.
Normally, Internet experts say, cybercriminals cover their tracks before they can be found. "Speed is the name of the game here," says James Robinson, US assistant attorney general, who led the US delegation at the conference.
"If you are going to be effective, you have to act quickly. You can't waste time wondering who to call" in a foreign police force, "because by the time you figure it out the trail will be cold."
"Law enforcement needs to move at Internet speed, and it needs to follow a network model, like computers do," adds Philip Reitinger, deputy director of the computer-crimes section at the US Justice Department.
Industry executives say they are ready to help, by improving security, for example. (Microsoft announced this week that it would soon make available an upgrade to its software that would make its Outlook utility less vulnerable to attacks from viruses such as ILOVEYOU.)
They also offered to work closely with the police, an offer that governments accepted gladly. "Law enforcement in cyberspace is totally dependent on the architecture of global networks that the industrial sector has the primary responsibility for" says Toshinori Kanemoto, head of Interpol.
"An agent can get a warrant to seize a laptop," adds Mr. Robinson, "but he may need technical assistance to find out what's on it."
Industry executives also pledged to set up voluntary codes of practice, in what seemed to be an attempt to ward off government regulation that they fear could hamstring innovation.
The outcome of the meeting will be discussed at July's Group of Eight summit in Okinawa, Japan. But the most important results, participants say, were the contacts they made.
"I'm going home with lapel badges from the Mounties, the FBI, everybody," says Ron Moritz, chief technical officer for Symantec, the Cupertino, Calif.-based company that makes Norton and other computer-protection software. "I understand their needs better, and they understand what I'm up to. Now let's take it from there."
(c) Copyright 2000. The Christian Science Publishing Society