Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybercrime Conference Jakarta 19/20 March 2003 Joe McNamee European Perspective.

Similar presentations

Presentation on theme: "Cybercrime Conference Jakarta 19/20 March 2003 Joe McNamee European Perspective."— Presentation transcript:

1 Cybercrime Conference Jakarta 19/20 March 2003 Joe McNamee European Perspective

2 Developments to date (EU) Directives on protection of personal data 1995/2002 Directive on certain legal aspects of electronic commerce Directive on copyright in the information society Creation of the EU Cybercrime Forum Establishment of the Information Security Agency Framework Decision on attacks against computer systems Electronic Singatures Directive

3 Data Protection Abuse of personal data is the most frequent abuse on Internet Damages trust in online activity and therefore whole industry Two Directives in the EU, one general, one telecoms-specific Establish rules regarding appropriate use of personal data Establish rules regarding export of data

4 Electronic Commerce Directive Limits liability of ISPs: Establishes the principle of mere conduit Prohibits requirements for general monitoring of online activity Removes liability for temporary technical copies of illegal material Removes liability from hosting providers who do not have actual knowledge of illegal activity

5 Directive Copyright in the Information Society Establishes the copyright status of temporary technical copies Establishes rules regarding copyright exemptions for private copying Gives rightsholders injunction rights Reinforces the WIPO 3 step test for exemptions (special cases, no conflict with normal exploitation, not unreasonably prejudice legitimate interests of rightsholder New Directive published on enforcement of intellectual property rights

6 Cybercrime Forum Established 2001 to involve all stakeholders in cybercrime discussions Two plenary meetings and one expert meeting since then Crucial to involve industry, data protection authorities, civil liberties groups, etc Conflict between need for openness and need for substantive discussions

7 Network Security Agency Proposals published Feb. 2003 Currently going through EU legislative process Aims to collect and analyse information regarding emerging risks Aims to identify, assess and support emerging security standards Aims to promote best practice

8 Decision on attacks against information systems Aims to harmonise EU approach to malicious attacks Unauthorised access (hacking) Disruption of information systems (Denial of Service attacks) Execution of malicious software (viruses) Interception of communications Malicious misrepresentation No safeguards for free speech (was the virtual march on Washington illegal interference?)

9 Electronic Signatures Directive Electronic signatures must be treated as equivalent of physical signature if it meets certain technical requirements Establishes rules concerning certification service providers E-signatures important for e-government Irish e-tax system allows filing and paying of tax online Calculated (with 60 employees) to have replaced 40,000 phone calls Target to have 75% of tax returns online by 2005

10 Data Retention/Preservation Data Preservation is targeted and implemented on case-by-case basis Mandated by the Council of Europe Cybercrime Convention Data Retention is general retention of data on all citizens No international agreement or legal basis

11 Problems of data retention No agreement on what data should be retained Costs proportionately higher for smaller service providers Huge stores of data create a security risk Differing legislation in different countries makes cross-border service provision difficult No compelling case for data retention has been made

12 Points to consider for data retention Can weak competition in telecoms support a further disadvantage for small service providers? If small providers shouldn't be asked to pay, are public funds available? No data retention in, for example, USA. What's different in Indonesia? Will mandatory retention provide a further disincentive for foreign investment in the telecoms market? What problems exist that cannot be solved with cooperation with service providers?

13 European inconsistency Some countries don't want it at all The countries that do want it have varying definitions Case study Ireland: Will introduce data retention rules this year Minster admits he does not know what data he wants to have retained Minister admits he does not know how long he wants the data to be retained Ministry says that the lack of data retention does not cause problems

14 Need for data retention Five out of fifteen EU Member States have indicated that they have no current problems due to lack of data retention The UK has had to re-write their surveillance laws Denmark has data retention, but has not signed the Cybercrime Convention An attempt to agree a simple text calling for introduction of EU data retention failed last year

15 Current data retention in EU No unified approach to data retention in the near future Those countries with data retention have different definitions, different timescales, different objectives, different funding and different data sets Countries with data retention created laws without clear objectives or plans for funding and implementation

16 Other EU initiatives Convention on mutual legal assistance Multiannual action plan on promoting safer use of the Internet Council Recommendation on contact points for high-tech crime Directive on a Community framework for electronic signatures Council decision to combat child pornography on the Internet

17 G8 Excellent document produced in Tokyo, May 2001 - potential consequence for data retention Lists key aspects of data retention Creates basic guidelines Lists traffic data types Did not have the deserved impact or follow up, either within our outside the G8

18 Council of Europe Convention Huge potential, due to global aspect, but an opportunity lost Unclear definitions an invitation to uneven implementation – article on content data with no definition! Too much influence from vested interests (spam described in one draft as a normal business practice) A more focussed approach could have achieved much more – WIPO and the UN could have dealt with copyright and paedophilia separately)

19 Lessons learnt Dialogue is essential with all stakeholders, including consumers Clear objectives needed before legislation in drafted (not as obvious at it seems!) Legislation must have a clear focus (surveillance, copyright, attacks on computer systems, etc.) The solutions must be proportionate to the problems

20 Thank you for your attention Joe McNamee

Download ppt "Cybercrime Conference Jakarta 19/20 March 2003 Joe McNamee European Perspective."

Similar presentations

Ads by Google