overview
perspectives
bodies
encryption
authentication
texts
spam
vandals
|
perspectives
This page
offers perspectives from government, business and academia, along with
Australian/international standards.
introductions
The collection of essays in Cybercrime:
Law Enforcement, Security & Surveillance In The Information Age
(London, Routledge 00) edited by Douglas Thomas & Brian Loader offer
a concise, thoughtful introduction to issues and technologies, including
privacy, encryption, hacking, anonymity and infowar.
In April the Council of Europe released
a draft CyberCrime Convention (C3),
aimed at harmonising laws across the 41 Council states and open to other
countries such as Australia and Japan.
It has been widely
criticised as draconian but has gained some support from the G8 (ie the
major industrial powers) following advice from the Subcommittee on High
Tech Crime (SCHTC) and the
1997 Carnegie Group report
on Misuse of International Data Networks, reflected in last
year's Ministerial Conference
on Combating Transnational Organised Crime.
G8 ministers issued the
usual resounding statements: "the ability to locate and identify
Internet criminals through different systems is critical to deterring,
investigating, and prosecuting crime that has an electronic
component," recommending the creation of "faster or novel
solutions should be developed and that government and industry must work
together to achieve them."
Participants agreed to the following
elements for any solution: ensuring the protection of individuals
freedoms and private life; preserving governments' ability to fight high
tech crime; facilitating appropriate training for all involved; defining
a clear and transparent framework for addressing cybercriminality;
ensuring free and fair activities, the sound development of industry;
and supporting effective industry initiated voluntary codes of conduct
and standards; and assessing effectiveness and consequences.
cybercrime
The Commonwealth government has recently released a
discussion paper on computer-related offences as part of the Model Criminal
Code project that seeks to encourage uniform treatment of offences
across Australia's state, territory and national jurisdictions.
Earlier this year the cybercrime
unit in the US Department of Justice released a useful report
on The Electronic Frontier: The Challenge of Unlawful Conduct
Involving the Use of the Internet.
Like its 1997 report
on The Availability of Bombmaking Information, the Frontier
document provides a perspective on online v offline behaviour and enforcement.
The Justice Department has also released a report
on Cyberstalking: A New Challenge for Law Enforcement and
Industry.
digital dangers
For a walk on the wild side we recommend the 1999 RAND
Countering The New Terrorism
study, one of the best of recent US reports on
information warfare and cyberterrorism. The Cold War is over, on to the
war of bits and bytes? Jean Guisnel's Cyberwars: Espionage on
the Internet (Cambridge, Perseus 99) is more alarmist.
Infowar
has
a discussion forum and media service about infowar and security
concerns, albeit with little critical evaluation.
The Institute
for the Advanced Study of Information Warfare (IASIW) includes
an exhaustive online bibliography. Mathew Devost's paper
Information Warfare: Can You Trust Your Toaster? is a short example of the
rash of recent academic publications. (Our fridge is the device we
worry about and of course we won't be connecting it to the web)
George Smith, in An
Electronic Pearl Harbour? Not Likely, a more solid article
for the
Federation of American Scientists' Issues in Science &
Technology,
assesses political hype, financial self-interest and technological
reality in recent US debate about 'cyberwar'. The FAS has an excellent collection
of links on infowar, security and hacking.
US guru Dorothy Denning's homepage has a large collection of papers and links.
Her recent Information
Warfare & Security (New York, Addison-Wesley 99) is a
lucid introduction to computer security.
Simson Garfinkel's Web Security & Commerce (Sebastopol, O'Reilly 97)
and Secrets & Lies: Digital Security In A Networked World
(New York, Wiley 00) by Bruce Schneier are useful starting points.
The Forum on Risks to the Public in
Computers & Related Systems (RISKS),
under the auspices of the Association for Computing Machinery (ACM), has
a wealth of information about dangers.
Australia’s National Electronic
Authentication Council (NEAC)
has released two reports - Legal liability and e-transactions and
E-commerce security - that include recommendations for developing
B2B ecommerce.
NEAC was established in 1999 by the Commonwealth
Government to oversee the development of a national framework for the
electronic authentication of online transactions-providing advice to
government, industry and consumers on authentication issues and
encouraging the development of relevant standards.
Legal liability & e-transactions
is a scoping study about the legal liability of electronic
authentication transactions. It identifies and assesses liability issues
in the use of various electronic authentication systems, particularly
public key infrastructure (PKI).
E-commerce security
is a scoping study covering the standards and authentication
technologies used to secure electronic transactions.
standards
The OECD's 1992 Guidelines For The
Security of Information Systems (GSIS),
aimed at raising awareness and underpinning a policy framework.
In
Australia the guidelines have been reflected in Australian/New Zealand
Standard AS/NZS 4444.1:1999 on Code of Practice For Security
Management and AS/NZS 4444.2:2000 on Specifications For Security
Management Systems issued by Standards Australia (SA).
The Australian
Communications Electronic Security Instructions 33 (ACSI33)
issued by the spooks at the Defence Signals Directorate (DSD)
is aimed at the federal bureaucracy but is of general interest.
next page
(bodies)
|
