Isn't a big part of the problem found in the idea that law enforcement doesn't have the time, money or manpower to effectively pursue cyberthreats?
Resources are certainly an issue. But again, with the Council of Europe's Convention, we've seen that with the laws in place, people can be effectively prosecuted. In other words, if the convention is ratified, with the new reach in US law, we could see people prosecuted overseas.
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia — where a lot of this stuff is coming from — to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
But it would seem that we'd still need help on the ground in those countries — and here — to really deter this behaviour.
The Convention would at least help to level the playing field. Prosecutors in the US still do not have a reasonable expectation of successfully prosecuting people in these regions. The US cannot stand on a soapbox and advocate that we're serious about fighting cybercrime in a global fashion until we ratify the Convention. Once we do that, we can turn to other countries to follow suit and actually pass the laws in order to pursue these criminals.
Not to harp on the matter, but people seem discouraged that even when the criminals are found, it's very hard to prosecute them.
I wouldn't dispute that. Having the laws is not a panacea, it's a first step. And it will help to add more law enforcement resources — and that's another step. No matter what, you're still going to see these attacks. That's where we'll still need technology to help us protect ourselves.
One of the important things about this organisation is to look across the scope from the simple awareness of cybersecurity as a safety issue to building up education in cybersecurity, to looking at the policy implications of what the executive and legislative branches are considering, to looking at criminal behaviour and increasing penalties. We have to look at the whole picture.
The rise of online fraud seems to stand as one of the larger technological threats to national security, as it could enable terrorists to raise funds. Will there be more federal action around cybercrime if homeland security is factored into discussions?
I think there is some value in that concept. For one thing, we've seen a change in hacking behaviour over the last year-and-a-half, where the activity is now being conducted for a profit. There's a lot of money being raked in. Some numbers I've seen indicate that 5 percent of all phishing attacks are successful, which is scary when you consider the volume in these attacks that we're seeing.
Talkback
There's one thing to consider too. Many of the newer software products have a small clasue in the user agreement where it tells the user that it will install spyware, or "monitoring software" as they seem to call it.
I realize that one can choose to simply click no and refrain from installing the program, but is it not wrong that one has paid money to a company, for a product that you cant use? Especialy if it is a program that ahs no subscription fees. This means that the firms get theyre cash but people can use what they payed for.