Cybercriminals will only fear the long arm of the law if governments, businesses and the public face up to responsibilities and work together on a co-ordinated response, says Simon Lavin.
When the world wide web was created, it was not a dangerous place. There were no risks and no criminals. Only when trading started, and valuable information was stored, shared and transferred, did it become an arena where profit and loss was possible. At that point, the criminals arrived.
So the risk has been created by the very organisations that use the internet to enable their business models and practices. Yet how much responsibility is placed on those organisations that create the risk of e-crime, and how much do they assume themselves?
Business losses
Conservative figures estimate that businesses alone lost out on almost £300m in Wales in 2009, and this a country that is seen to be leading the way in the fight against cybercrime in Europe.
The adoption of computers and the internet as a way of life and business has forever changed how our society works, yet little has been done to share the burden placed on the police.
Traditional police forces, methods and skills are no longer fit for purpose to deal with an army of invisible cybercriminals who are bound by no borders, little jurisdiction and ever-evolving organisation. Equally, the police are not availed of the additional resources required to protect against the increase in volume of such crimes.
Vicarious liability
If an employee is subject to harassment at the hands of another employee, the victim can sue their employer. Regardless of the company being directly to blame, it is vicariously liable because the harassment has happened at the place of employment. But who has accountability for the internet and whose jurisdiction is it?
It is convenient to answer 'no-one' or point the finger elsewhere. But in reality, we are all responsible. It is just a case of defining those responsibilities.
Eris@, a European network of regional governments that promote the safe implementation of IT and comms, witnesses the individual efforts that regions make to combat cybercrime. e-Crime Wales, for example, on behalf of the Welsh Assembly government, works towards promoting IT for the benefit of the Welsh economy.
Specialist police
Simultaneously, e-Crime Wales engages with the business community to promote safe use of the internet via appointed dedicated e-crime police officers in each of their individual forces. Eris@ also collaborates with many other organisations that see the need to take responsibility for making the internet a safer place.
Throughout Europe, governments and judiciaries are still failing to recognise the destructive nature of cybercrime and its effect on businesses. Criminals see e-crime as a low-risk endeavour, due to the ease with which it can be committed, the lack of protocol in its investigation and the lenient sentences handed out if prosecution is secured.
Read this
Comment: How security will look in 10 years
Tom Espiner surveys the security landscape for the shape of things to come
Governments across Europe must demand that a consistent approach is adopted for every country in the EU. Ideas to ensure that companies are doing their utmost to protect customers need to be discussed, as well as finding solutions for under-resourced, inadequate police forces.
Most importantly, governments should be calling for enforced, consistent, intimidating laws, coupled with a guarantee that judiciaries throughout Europe are up to speed on electronic crime-related issues.
Better practice and support
We must also persuade big traders to contribute to the solution — both through better practice and support to consumers and in direct support to the policing organisations. Such support can be provided through resource, knowledge, messaging and finance, but to be effective it must be significant, sustainable and available now.
Whether driven by corporate social responsibility or commercial imperative, if we do not accept this responsibility everyone will lose. First, through financial losses and eventually from a failure of confidence.
However the idea of vicarious liability is enforced, whether through a compulsory subsidy paid to develop a new kind of policing, or common standards developed to lessen the impact of e-crime, what is certain is that the time has come to work together towards change.
Significant change is needed to ensure that the internet does not become the Wild West of the technology world, where criminals operate with little fear of prohibition or prosecution.
Simon Lavin is vice president of the European Regional Information Society Association (Eris@), which is based in Brussels and represents over 40 European regions in the field of IT and comms. He was appointed to the position in June 2009 and also fulfils a role within the Welsh Assembly government as e-business planning and development manager.
Talkback
I wonder if there is a single case that gives guidance over the jurisdiction in law over a cybercrime dispute?