 |
|
Caslon's online guides
security |
the Web | governance | being digital | new economy | biz books | connecting | copyright | taxation | money | e-capital | security | censorship | who's dot who | media | news sources | design | accessibility | publishing | marketing | metrics | consumers | privacy | technologies What are digital certificates? Are businesses on the Web what they claim to be? Are hackers a danger to your organisation? What can you do to stop them? Where can you find information about disaster planning? Bookmark this guide or contact us to discuss access to Caslon's extensive research and assistance in developing strategies about opportunities online.
In April the Council of Europe released a draft CyberCrime Convention (C3), aimed at harmonising laws across the 41 Council states and open to other countries such as Australia and Japan. It has been widely criticised as draconian but has gained some support from the G8 (ie the major industrial powers) following advice from the Subcommittee on High Tech Crime (SCHTC) and the 1997 Carnegie Group report on Misuse of International Data Networks, reflected in last year's Ministerial Conference on Combating Transnational Organised Crime. G8 ministers issued the usual resounding statements: "the ability to locate and identify Internet criminals through different systems is critical to deterring, investigating, and prosecuting crime that has an electronic component," recommending the creation of "faster or novel solutions should be developed and that government and industry must work together to achieve them." Participants agreed to the following elements for any solution: ensuring the protection of individuals freedoms and private life; preserving governments' ability to fight high tech crime; facilitating appropriate training for all involved; defining a clear and transparent framework for addressing cybercriminality; ensuring free and fair activities, the sound development of industry; and supporting effective industry initiated voluntary codes of conduct and standards; and assessing effectiveness and consequences. The Commonwealth government has recently released a discussion paper on computer-related offences as part of the Model Criminal Code project, which seeks to encourage uniform treatment of offences across Australia's state, territory and national jurisdictions. Earlier this year the cybercrime unit in the US Department of Justice released a useful report on The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet. Like its 1997 report on The Availability of Bombmaking Information, the Frontier document provides a perspective on online v offline behaviour and enforcement. The Justice Department has also released a report on Cyberstalking: A New Challenge for Law Enforcement and Industry. Within Australia there are a number of bodies grappling with technology, commercial and government policy issues. Four worthy of notice are:
As noted in other guides on this site, the Web has been a marvellous opportunity for federal and state/territory bureaucrats to issue papers, develop guidelines and otherwise roll digital logs. The Commonwealth Department of Communications, Information Technology & the Arts (DCITA) - which embraces the National Office for the Information Economy (NOIE) - concerns itself with 'policy' questions, leaving much of the legislation and the mundane enforcement (bureaucrats are nothing if not conscious of status) to the Attorney-General's (A-G's) Department and specialist bodies such as the Australian Broadcasting Authority (ABA) and Australian Federal Police. The latter, understandably, have a strong ethos of digital 'stranger danger' - give us more money, more cars, more computers to catch the villains (tho their success hitherto is uncertain, to say the least). The Department of Industry, Science & Resources (DISR), a wet patch in a dry climate, somewhat ineffectively spruiks the local encryption hardware/software industry. The Australian Taxation Office (ATO), the Privacy Commissioner and Australian Customs Service are among other significant government agencies squabbling over bits of the digital pie. Comments on their role and operation appear in the Taxation and Privacy guides on this site. For a walk on the wild side we recommend the 1999 RAND study Countering the New Terrorism, one of the best of recent US reports on on information warfare and cyberterrorism. The Cold War is over, on to the war of bits and bytes? Infowar has a discussion forum and media service about infowar and security concerns, albeit with little critical evaluation. The Institute for the Advanced Study of Information Warfare (IASIW) includes an exhaustive online bibliography. Information Warfare: Can You Trust Your Toaster? is a short example of the rash of recent academic papers. George Smith, in An Electronic Pearl Harbour? Not Likely, an article for the Federation of American Scientists' Issues in Science & Technology, assesses political hype, financial self-interest and technological reality in recent US debate about 'cyberwar'. The FAS has an excellent collection of links on infowar, security and hacking. US guru Dorothy Denning's homepage has a large collection of papers and links. Her recent Information Warfare & Security (New York, Addison-Wesley 99) is a lucid introduction to computer security. Simson Garfinkel's Web Security & Commerce (Sebastopol, O'Reilly 97) is a useful starting point. The Forum on Risks to the Public in Computers & Related Systems (RISKS), under the auspices of the Association for Computing Machinery (ACM), has a wealth of information about dangers. The Commonwealth government has recently released a discussion paper on computer-related offences as part of the Model Criminal Code project, which seeks to encourage uniform treatment of offences across Australia's state, territory and national jurisdictions. Pointers to privacy are supplied in our Privacy guide. Information about encryption standards and the policy debate will be added shortly. In the US argument continues about government restrictions on the domestic use and export of 'strong' cryptography, uniting the libertarian left and right with software/hardware manufacturers. Examples of that alliance are the Americans for Computer Privacy (ACP) - a commercial lobby group - and the Global Internet Liberty Campaign (GILC). The Washington-based Electronic Privacy Information Centre (EPIC) has recently released its comprehensive annual global survey of cryptography policy. Locally, Electronic Frontiers Australia has published the suppressed 1996 Commonwealth government Walsh Report on encryption policy. The Certification Authority for the German Research Network has an outstanding 8 page list of Public Key Infrastructure links, along with pointers to SSL, SET, MIME and other security tools. In 1996 the US National Research Council produced an excellent report on Cryptography's Role in Securing the Information Society. David Kahn's The Code Breakers (London, Weidenfeld & Nicolson 67, rev ed 90) remains a valuable introduction to the nature and history of cryptography and cryptology. It's significantly better than the more recent The Code Book (New York, Doubleday 99) by Simon Singh. For those seeking more detailed information about the mechanics of encryption we recommend Bruce Schneier's Applied Cryptography: Protocols, Algoriths and Source Code in C (New York, Wiley 95). Schneier and David Banisar co-edited The Electronic Privacy Papers (New York, Wiley 97), a unique compilation of key US government and private sector documents about encryption, privacy policy, law enforcement and other matters. We will shortly be offering more information about authentication. In the meantime why not check out pointers in our Consumers guide to seals, indicators to whether ISPs and sites comply with voluntary guidelines regarding privacy and so forth. The OECD has recently released a report on its Inventory of Approaches to Authentication & Certification in a Global Networked Society and papers from the June 1999 OECD-Private Sector Workshop on Electronic Authentication. The Australian Electronic Transactions Act 1999 (ETA) is perhaps the major achievement of the national government's 'strategic framework for the information economy' under the coordination of the National Office for the Information Economy (NOIE), giving electronic transactions involving Commonwealth government agencies the same status as those using paper. Because most contract law is a state responsibility, the Act is to be 'mirrored' by complementary state legislation. As yet, similar acts have come into effect in Victoria and NSW; further progress is likely to be slow. In the US the Electronic Signatures In Global & National Commerce Act has just been signed by President Clinton and will come into effect in October this year. Censorship of the Web - along with associated issues such as freedom of speech and privacy - is among the most contentious questions about the regulation of cyberspace. We've added a separate guide on censorship. It covers recent Australian and overseas reports, legislation, lobby groups, industry studies and academic writing about principles and technologies. Governments, businesses, consumers and ISPs across the globe are struggling with the vexed question of how to manage junk email, aka spam. The US Coalition Against Unsolicited Bulk Email (CAUCE), Mail Abuse Prevention System (MAPS) and Australian Coalition Against Unsolicited Bulk Email (CAUBE.AU) are three organisations lobbying for improved regulation. More drastic action has been taken by the StopSpam organisation, which issues a 'Usenet Death Penalty' encouraging usenet systems administrators to delete usenet postings from ISPs such as Excite@Home ISP after alleged failure to address spamming concerns. The Junkbusters organisation, despite its clunky name and dot com domain, is a US-based citizens action group that offers a lengthy set of pointers to print and online publications on spam. Last year saw the release by industry group CommerceNet of a paper on Unsolicited Commercial E-mail: Legislative Solutions. It updates the more learned analysis in Jonathan Byrne's 1998 paper Squeezing Spam Off The Net: Federal Regulation of Unsolicited Commercial Email. Two useful books are
We'll be featuring more information about spam in coming weeks. Last year the US National Research Council released its report on Trust In Cyberspace, assessing strengths and vulnerabilities of the telephone network and Internet, directions in the development of hardware and software, the implications of the shift from mainframes to networks, and the heightened concern for data integrity and availability where formerly secrecy was a prime concern. There is a growing although generally superficial literature about 'cyber-crime' and the 'hackers from hell', much of it fed by the need to sell particular technology products or newspapers. From the range of material we have singled out a few of the more provocative or useful items:
|
|
|