Saturday, 11 June 2011

Cybercrime - a byte-sized guide

Image - parliament.uk
The Tories have announced the National Crime Agency. A new name, more moeny and built to effectively deal with cybercrime. This is hardly innovate and past strategies by Labout failed to deliver a coherent vision.  The reporting of cybercrime, the perception of the police lacking focus and poor collaboration between departments need to be addressed. Criminals may aspire to commit virtual terrorism but the less glamourous aspects, such as fraud, are also important. The risk is that the patchy and fragmented nature would shift to another aspect of crime. There have already been concern over the effectiveness of dealing with fraud if the Serious Fraud Office is not part of the plans.Why can't there just be better communication and information flow rather than a new agency? Organisations like Serious Organised Crime Agency (SOCA) have been effective and the previous attempt at connecting the dots was the Office of the e-Envoy (closed in 2004).


Image - Search Clinic
Cybercrime, virtual, computer, technology related or e-crime has increased with the development of technology. Cyberspace has transformed from a basic network of computers to a medium now shaped by its users and integral to modern society. There is some overlap with existing crimes, such as fraud, which utilise new technology but have already been defined. It seems fitting that cybercrime is, somewhat, undefined as it reflects the scope of the Web and crimes will not necessarily be neatly categorised. You can have a crime which is technology specific, (keylogging) or where the software facilitates the unlawful act (fraud). Legislation is in place but its effectiveness has been questioned, in particular the Computer Misuse Act 1990 which couldn't foresee the growth of the Web. There is the risk that you will either end up with something too vague to be put into legislation or too precise and inflexible. The law is not lacking but the application is and the Government realise there is not a 'one size fits all' solution.

While it's not perfect, the Web is not a wild west (laws do apply and people don't run riot) but it makes for a nice generalisaton and, along with Peter Mandelson's belief that half of Web traffic is piracy, it puts the  blame on the technology and users rather than misunderstanding and poor application of the law. Technology is not out of control - the law has been slow to adapt and evolve. Different jurisdictions, annonymity and social media have highlghted the weakenesss. The current law is not defunct but the effectiveness has been questioned and it needs an updating.  Crime is crime, surely? Yes and no, we call it cybercrime because it sounds cool and there are still areas which aren't dealt with properly. The distinction is made because there may not be a real world equivalent or some virtual crime is seen to be less serious.  You need the right tools to address the problem, not keep applying the traditional methods. Harassment is an example which casts a wide net when applied online and is not clearly defined in regards to social media.


Image - Mitch Kezar/ Getty
Cybercrime has been estimated to cost £27 billion a year according to a government report. Precise statistics are considered to be elusive and the reason for this may be the different classifications by the Government and lack of dedicated units to compile data - there have been some attempts to do so.

There was a 2009 Cyber Securtity Report which sought to set up the Office of Cyber Security (OCS) and a Cyber Security Operations Centre (CSOC) to provide 'strategic leadership' and to monitor cyberspace. Collaboration, knowledge and regulation was at the heart of the report. This sounds familiar to the current proposals. Europe have frequently stressed the importance of co-operation, international efforts have shown to work but information flow will not be limited because of national security concerns. Even if the barriers are broken down, the risk is that you end up with virtual territories and access would be restricted to minimise potential threats and this runs contrary to the idea of an open Web. The practicalities of monitoring web traffic appear to be a huge hurdle and technologies implemented to maintain security may restrict how individuals access the Web in the future.

Educating users to be more aware and responsible may help with certain crimes, such as fraud - this is more important as social engineering is a popular method to obtain information.The Government should protect users from threats beyond their control, hackers and cyber-terrorists are examples of what an individual, no matter how talented, cannot prevent. However, checking bank details is something which should be encouraged and greater vigilance can reduce the likelihood of fraud. Taking precautions and educating oneself is necessary and may require a change in the perception of what the Web is and taking ownership of one's own time in cyberspace.


Image - The Digerati Life
The psychology of criminal behaviour is a vital factor when it comes to dealing with cybercrime. It's not just about passing legislation but effective enforcement and understanding the motivations behind the crime. The Digital Economy Act 2010 is an example of when revisions are necessary after a poorly thought out and rushed approach is adopted. Making an example of those who commit minor instances of fraud, in addition to large scale operations, would send a message that crime, virtual or otherwise, is not tolerated. Having a direct telephone number to a dedicated group who would investigate and provide information may be necessary - instead of being told to file a report or contacting your bank which may go ignored.

The Tories are not breaking new ground, it is all a step in the right direction but not quite a roadmap, more like a compass and vague sketching of the destination and the rest should, with the help of a hopeful Government, fit into place. We've seen it before and before that - so it's a struggle to fight the cynicism. Niall Ferguson has stolen my idea of using the phrase 'killer app' so I'll end with this. Web 1.0 was the beginning, 2.0 is the current version of user driven content, 3.0 may be the turn of the Governments to shape the Web.

No comments:

Post a Comment