In an age when cybercriminals can reach across borders with the click of a mouse, the world's leaders are realizing they will have to work together to crack down on Internet attacks.
Starting Monday, leaders from Group of Eight countries will be in Paris for a three-day discussion of Internet crime. Separately, the 41-nation Council of Europe, working with the United States, Canada, Japan and South Africa, is drafting a treaty to standardize cyber crime laws.
Though their efforts preceded the appearance of the ''Love Bug'' virus, the attack that crippled corporate and government networks around the globe earlier this month may have boosted the sense of urgency among government leaders to implement Internet safeguards and create ways to fight crime in cyberspace, said Harris Miller, president of the Information Technology Association of America.
''The price of keeping the status quo is you're going to run into more and more incidents where it'll be difficult to track down and prosecute criminals,'' Miller said.
Computer attack, unlike murder or robbery, is still not universally recognized as a crime. Laws to fight it are typically found only in industrialized nations that depend on computers, said Stein Schjolberg, a Norwegian judge who tracks computer criminal laws around the globe
In the Love Bug case, investigators in the Philippines had to delay a raid for several days while prosecutors searched for laws that could apply.
During the early 1980s, hackers targeting U.S. government computers often routed attacks through the Netherlands to make tracing and prosecution difficult, said Tom Talleur, a KPMG analyst who was formerly NASA's top investigator for high-tech crimes.
''Some of them were very crafty back then and knew the Netherlands was a country that didn't have a cyber law,'' he said. ''It's easy to do that with other nation-states today.''
The Netherlands has since passed such a law.
The European treaty under discussion would require countries to pass laws against hacking, computer fraud and online child pornography, and set penalties, preserve evidence and cooperate in international investigations.
Several other countries, including India and Thailand, are independently considering laws against computer crimes.
Investigators faced with cybercrime are often hampered by a lack of resources, so criminals stealing vital information and destorying files can stay a few steps ahead of the police, said Susan Brenner, a computer crime expert at the University of Dayton Law School in Ohio.
And even if a suspect is caught, jurisdictional issues arise because of the global nature of such attacks. The European treaty addresses extradition but, as drafted, does not envision an international court.
The Internet's worldwide reach creates other legal challenges as well. While Germans prohibit spreading Nazi propaganda, for instance, such speech is protected in the United States. Copyright and trademark violations are also difficult to pursue across borders, as are cases of fraud involving e-commerce.
The United States has one of the world's strongest hacking laws, covering viruses, unauthorized access and computer fraud.
David Kennedy, director of research services at security firm ICSA.net Inc. in Reston, Va., said many countries without specific hacking laws are able to stretch existing statutes.
But even with such liberal interpretations, he said, delays are possible while nations negotiate details.
Even a short delay could allow enough time to delete evidence, experts say.
''We're no longer in the snail's pace age, but we're dealing with snail's pace proceedings when dealing with computer crime,'' said John F. Murphy, a Villanova University law professor who specializes in international terrorism.
Jonathan Fornaci, president of Internet consulting firm AtomicTangerine in Menlo Park, Calif., said private industry must ultimately take more responsibility for security. But he said governments still need better laws to make punishment clear.
Now, he said, ''people know it's wrong, but what's the repercussion?''
Comments
Use the comment form below to begin a discussion about this content.
Sign in to comment