1. Page 1 Battling Botnets: Implications for a Cybercrime Strategy July 8, 2010

2. Page 2 Is it a game, or is it real?

3. Page 3 Times have changed!

4. Page 4 The botnets

5. Page 5 The threat is real 1.5 million infected machines/ day 21 million botnet connections per month 44 billion bad e ‐ mails/month 200 Petabytes of malicious traffic / year

6. Page 6 Victims are clueless

7. Page 7 Agenda the nature of cybercrime different regulatory modalities examples from the Canadian Criminal Code implications for a cybercrime strategy

8. Page 8 Question: Can we apply general rules of law, and specifically, criminal law, to the Internet context?

9. Page 9 Take one “…the best way to learn the law applicable to specialized endeavors is to study general rules.... Any effort to collect these strands into a course on "The Law of the Horse" is doomed to be shallow and to miss unifying principles.” - F. Easterbrook “Cyberspace and the Law of the Horse” (1996)

10. Page 10 Take two “… there is an important general point that comes from thinking in particular about how the law and cyberspace connect. This general point is about the limits on law as a regulator and about the techniques for escaping those limits. This escape in both real space and in cyberspace comes from recognizing the collection of tools that society has at hand for affecting constraints upon behavior.” - Lawrence Lessig, “The Law of the Horse: What Cyberlaw Might Teach” (1999)

11. Page 11 Cybercrimes In the Canadian Criminal Code

12. Page 12 Section 342.1(2) “computer system” means a device that, or a group of interconnected or related devices one or more of which, (a)contains computer programs or other data, and (b)pursuant to computer programs, (i)performs logic and control, and (ii)may perform any other function;

13. Page 13 Categories of cybercrimes 1. child exploitation 2. hate crimes 3. fraud 4. identity theft

14. Page 14 The headlines

15. Page 15 Regulatory modalities: an example

16. Page 16 Legal

17. Page 17 Social

18. Page 18 Market forces

19. Page 19 Architecture

20. Page 20 Modal Interplay recognizing the interplay of all four modalities will enhance our ability to contend with cybercrimes

21. Page 21 “thou shall not use the Internet to prey on minors” The law is clear

22. Page 22 Ok, but is the same true online? Are other constraints we have on predators in real space effective in cyberspace?

23. Page 23 A chatroom isn’t like a classroom

24. Page 24 Social modality is different victims are aware they are conversing online with adults only 5% of offenders pretended to be teens when they met potential victims online rarely deceive victims about their sexual interests Source: Wolak et al., 2004

25. Page 25 Market forces seemingly absent some child friendly sites some emphasizing parental controls

26. Page 26 Architecture modality is largely untouched physical layers (cable, wireline, etc) logical layers (software and standards) content layer (text, images, etc.)

27. Page 27 The challenge of cyberspace the regulatory modalities change changes need to be noted

28. Page 28 Proactive defence discover, infiltrate and disrupt activity before an attack involves a multi-pronged approach that leverages technology

29. Page 29 Bill C-28 Fighting Internet and Wireless Spam Act (FISA) considers the technology promotes a holistic reflecting the regulatory modalities

30. Page 30 FISA law recognizes nature of the technology facilitates consultation, referral and information sharing implicates foreign states

31. Page 31 FISA social recognizes impact on the individual and privacy issues promotes the transparency and openness of practices

32. Page 32 FISA architecture prohibits the altering of a data transmission exempts service providers for the purposes of “network management” promotes the use of systems to help identify and intercept activities

33. Page 33 FISA market forces part of a general Canadian trend service provider intervention is permissible if not necessary

34. Page 34 What does this mean? Implications for a cybercrime strategy

35. Page 35 Law: strategic implications recognize the different modalities and how they work in cyberspace design with technology in mind

36. Page 36 Social: strategic implications public awareness campaign individuals need to know about the risks associated with these crimes and how to mitigate these risks.

37. Page 37 Market forces: strategic implications incent players to participate better risk management capabilities should provide competitive advantage law enforcement agencies should outsource functions where more efficient to do so

38. Page 38 Architecture: strategic implications consider all layers of the technology form “sector networks” or “associations” to promote strategic partnerships among relevant players in cyber security establish standards for infrastructure protocols and procedures.

39. Page 39 Conclusion cybercrimes are substantively different from real space crimes - regulatory modalities may not function the same way no longer be a case of using old laws to adapt to new technology bolster proactive defences and take into account all regulatory modalities