Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
On Friday, October 15, 2004, Jim Burnham wrote: > While the Macintosh OS is not exactly a "new" technology (more a "niche" > technology unfamiliar to the majority of computer users), I feel that > the Mac OS is a valuable 'tool' for helping protect both businesses and > individuals from the flood of cyber-attacks that they have to deal with > every day. Perhaps the donors, rather than spending huge amounts of > money on virus protection, training, and recovery of systems and > networks once they are attacked, should help developing countries > purchase Macintosh's. The initial up-front cost differential (Macs tend > to be more expensive than PC's) will be more than made up for by the > considerable savings in support. Both MacOS and GNU/Linux, unfamiliar through lack of hands-on exposure to the majority of computer users, are largely immune to cyber-attacks (I use MacOS myself, and am attempting to get savvy enough to use GNU/Linux) but this is (mostly) not because of superior technology. Arguably, the donors should spend more money promoting GNU/Linux, which is Open Source and mostly Free Software, thus reducing the cost of acquisition tremendously. Support for most users is also free (note the difference between capitalisations), and collaborative, which is good for society in general. Computers themselves are a niche technology, unfamiliar to and remote from the lives of the vast majority of humans on this planet (I can't ;-) speculate about the humans who live off-planet). Yet their influence is undeniable. It behooves us to seek ways to ensure that this impact is mostly good, rather than mostly bad or mostly unknown, for that matter. Creators of cyber-attacks follow the principle of low hanging fruit, and therefore over 90 per cent of personal computer users who run MS Windows are usually at risk from such attacks. Cyber-attacks are a societal problem, and creating laws and battalions of cyber-savvy law enforcement agencies is merely fire-fighting, not getting to the root of the problem. The Net itself is global, while different countries have different levels of openness and attitudes to law making and enforcement. No single rule will fit all, I fear. -- Vickram This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear GKD Colleagues, I work for a NGO that is fighting trafficking in women and girls in India and Bangladesh. I think the idea of law enforcement agencies collaborating to fight cyber-terrorism is a good one, and that NGOs should cooperate and share information with government. But there are two problems that we face in the field that noone has mentioned. One is a problem of corruption in the lower levels of police and government. The work we do is very dangerous and we are constantly threatened by the scoundrels and criminals who are making huge sums of money by trafficking women and girls. We have to protect information about our organization, our activities, our local staff, and the women and girls who are being trafficked. The government and police at the national level might be completely honest. But in some places the local authorities and police have been paid by the traffickers themselves. No matter what agreements are made to reduce suspicion of the police by the NGOs at the top level, it will not affect us here far away from the capital. I also think that most of the cyber-terrorism that we have been discussing is carried out by people who are in the field, not in the capital. Please do not think we are stubborn in refusing to share information with the police. We are not the only ones who fear corrupt officials. I went to a meeting on trafficking that brought together NGOs from around the world and met someone from the IOM (International Organisation for Migration) which is doing a lot of work on collecting data about trafficking and she was telling me that they have the same problem. They have a huge amount of information and there is a lot of pressure on them to share the information with governments. But they are afraid that some corrupt officials will pass that information on to traffickers. The result could be actual death of some people fighting traffickers. So in this kind of case, cyber-security means protecting the information from the police! So if we are going to talk in this discussion about working together to fight against cyber-security and cyber-terrorism, we have to find a solution to this problem of local corruption. I can not quite imagine how this could be done at a local level because it is such as huge problem. But unless you find a solution, we in NGOs will not be willing to work with the local police and share our information, which is often better than theirs. The other problem is that traffickers are using the internet to trap women and girls in their net. This is not a big problem for us in India and Bangladesh because women do not have a lot of ways to reach the internet. But the anti-trafficking NGOs in East Europe told us that it is a bigger problem for them because women have more chances to have an email account. The women are promised good jobs and then when they meet the person who has sent the email they are kidnapped and sold into slavery. Some way should be designed to track down these traffickers through their email. Sudha This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
On Monday, October 11, 2004, Global Knowledge Dev. Moderator asked: > 4) Are there new technologies that can help meet the cyber-security > threats? During this cyber-security discussion I find it interesting that no one has addressed the topic of what effective technologies exist to combat the growing menace of attacks on personal as well as corporate systems. As all computer users know, Microsoft Windows (the world's most popular computer operating system) is especially vulnerable to attack from numerous kinds of viruses, trojans, worms and spyware. Recently I came across this article written by Paul Brislen, a reporter for The New Zealand Herald. He writes: "For the first half of the year, anti-virus research company Symantec reported 1237 new online security vulnerabilities - an average of 48 a week. Nearly all those vulnerabilities, about 97 per cent, were considered moderate or highly severe, and 70 per cent were considered easy to exploit. There is a growing online threat to businesses, their intellectual property and their good name if they don't take the appropriate security measures." Brislen then goes on to describe the problems of running a Windows PC and writes, "Users are spending more time taking care of their PCs instead of taking care of business... Firewalls and anti-virus protection are no longer enough to keep confidential information out of the hands of competitors or fraudsters." Brislen concludes, "Perhaps the final word should go to Richard Clarke, the cyber-security adviser appointed by former US President Bill Clinton. Clarke, who toured New Zealand recently, said he has managed to protect his computer from more than 99 per cent of all known viruses, worms, network attacks and spyware. He runs an Apple [Macintosh], not a Microsoft PC, and says that does the job nicely." While the Macintosh OS is not exactly a "new" technology (more a "niche" technology unfamiliar to the majority of computer users), I feel that the Mac OS is a valuable 'tool' for helping protect both businesses and individuals from the flood of cyber-attacks that they have to deal with every day. Perhaps the donors, rather than spending huge amounts of money on virus protection, training, and recovery of systems and networks once they are attacked, should help developing countries purchase Macintosh's. The initial up-front cost differential (Macs tend to be more expensive than PC's) will be more than made up for by the considerable savings in support. Jim Burnham This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear Colleagues, My name is Emmanuel Njenga and I am working with the Association for Progressive Communications (APC). I would like to respond to some of the questions raised and interesting comments especially the recent ones on definitions of cyber-crimes and cyber-terrorism. In this regard, I would like to highlight a few examples of what is going on in Africa where it seems some countries do not understand the issues well and hence are adopting a reactionary manner to address issues, as opposed to proper policies, strategies and legislation. In the case of Zambia a Cyber-crime (dubbed 'computer crimes') bill was recently passed (not sure if this has become law yet) and it seems that this was more of a government reaction (although government claims it was a follow up from the policy framework) after a particular situation in which a man who hacked a government website was not prosecuted, as there was no legislation to this effect. So in this case we see a government going forward to enact legislation to counter such a measure without a comprehensive understanding of the issues. In other countries, like South Africa, they seem to have taken a different approach, where they are soon to enact a new law targetting child pornography measures that will have implications for computer technicians, Internet service providers and cyber-cafes. The new law will be in the form of amendments to the Film and Publications Act. So in a nutsell, they are tightening existing laws to cover existing crimes that are futher facilitated by the Internet/computers. In Kenya, there seems to be major confusion on addressing some issues such as access of ponography by minors from the Internet. On one hand there are those who insist there exists legislation to counter these issues: "The Act clearly stipulates a penalty under the Rights of Children and Protection section. It states that notwithstanding penalties contained in any other law, any person willfully infringing on the specified rights [of children] shall be liable upon summary conviction to a jail term or imprisonment not exceeding 12 months; or to a fine not exceeding Sh50,000 or to both." On the other hand, the police are not soo sure...and are now calling for new legislation: "However, the police, who are supposed to enforce the law, do not seem to have any clue that it exists. Criminal Investigations Department spokesman Gideon Kibunja says: "Since the Internet was introduced in Kenya, I cannot remember anybody being arrested because of browsing pornography sites or displaying obscene pictures as screen savers. Even if one is arrested, he/she cannot be charged in court under the law that makes it criminal to be in possession of a pornographic publication or videotape." The above are just a few cases of what is going on in Africa, a trend that seems mostly driven by lack of awareness and confusion of issues while some others like South Africa are making good progress in some areas. These are some of the areas that need to be addressed by the questions raised below - which I will try to answer in the coming days. In the meanwhile, you can view more details of the above cases and developments taking place in Africa from the Africa ICT Policy Monitor website...below.. Section on News > Security and Privacy http://africa.rights.apc.org/en.shtml?apc=21875ne_1 Regards, Emmanuel Njenga -- Emmanuel Njenga Njuguna Africa Policy Monitor Project Association for Progressive Communications (APC) Email: [EMAIL PROTECTED] Web: http://africa.rights.apc.org Tel: 61 4 0151 7112 ~ On Monday, October 11, 2004, Global Knowledge Dev. Moderator asked: > Key questions: > > 1) Do we need to think and operate differently to prevent cyber-crime > and cyber-terrorism in the future? Who needs to change what? Please be > specific. > > 2) What is the responsibility of donors and NGOs who are helping expand > Internet access? Should they always ensure secure networks? Should they > demand a proper balance between security and privacy protection? > > 3) What new threats come from new technologies, e.g., cell phones that > access the Web? What, specifically, must be done -- and by whom -- to > address these threats? > > 4) Are there new technologies that can help meet the cyber-security > threats? > > 5) What policies and strategies do you recommend developing countries > adopt to take advantage of new technologies while preventing cyber-crime > and terrorism? > > 6) Can open source software help build cyber-security? What must > donors, businesses, governments and NGOs do to make it happen? > > 7) Where should we draw the line between development of legal and > illegal encryption? > > 8) Growing collaboration between regulatory and security agencies helps > fight cyber-crime and cyber-terrorism, but simultaneously poses threats > to privacy and human rights. What is th
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear Colleagues, On Monday, October 11, 2004, Global Knowledge Dev. Moderator asked: > 8) Growing collaboration between regulatory and security agencies helps > fight cyber-crime and cyber-terrorism, but simultaneously poses threats > to privacy and human rights. What is the best approach to maximizing the > benefits and reducing the threats? I wanted to respond specifically to the above question. Some of you may have heard about the seizure of Indymedia servers from the UK based Rackspace ISP this week in London. Several articles have been written analysing the incident, the most comprehensive by Statewatch in the UK, and they can be read here: http://www.efcr2004.net/imc_servers_seized http://www.statewatch.org/news/2004/oct/04uk-usa-indymedia.htm This incident has highlighted the dangers of international law enforcement cooperation dealing with transborder 'cyber-crime'. Many organisations including the National Union of Journalists, Reportier Sans Frontiers, AMARC, APC, the Global Liberties campaign, etc., have highlighted the violation of 'freedom of expression' rights this incident has underscored. However, it also presents other challenges which are poorly understood by many civil society organisations active in communication rights work. These include: - the trends in, and dangers of, international law enforcement cooperation--or 'trans-border' cooperation - ISP responsibility in these situations - accountability and due process As Gus Hosein from Privacy International noted: "This is a growing trend to use international co-operation regimes to obscure accountability and due process. Now we are in a position where we don't know who to complain to regarding these actions, and which laws were used, under who's jurisdiction - and such action will likely increase with international treaties such as the Council of Europe Convention on Cybercrime, and other such initiatives." For those of us following the WSIS Internet Governance process, we have seen the Council of Europe Cybercrime treaty promoted as a possible global governance model for dealing with trans-border 'cyber-crime'. The seizure of the IMC servers is indeed an 'interesting case' to monitor, but more so, it's an excellent opportunity to spotlight and scrutinise the cyber-crime treaty and similar bilateral treaties with a view to taking action to call for openness and clarity in international co-operation and to ensure due process and civil liberties are protected. Karen Banks This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
On a philosophical note I feel that the solution would be to stop doing things that create enemies. If a country does not have any enemies then their security concerns reduce radically. Crime is more a social issue. Terrorism is a political issue. I do not think that any amount of technology will address the problems caused by politicians. The right to privacy and security of the individual should be the driving motivation of cyber-security. The individual should decide whether technology provided by their government, their industry, or by like minded persons provide them with the security levels they desire. The same applies to industry. Governments are very different. They use the resources, usually military, available to them to protect their own, usually military and commercial, interests. It is usually also to protect their own interests that they prescribe to their citizens. I personally would rather use private encryption that civil rights groups use rather than encryption provided by my government, or worse, provided by some other government. I strongly feel that NGOs, etc. should provide the people that they are assisting with apropriate cyber protection. Not necessarily the protection preferred or prescribed by some other government. It is naive to expect "bad persons" to not use the technology available to them. This has never happened in the history of mankind and will definitely not happen in the cyber age. The same problem of the good guys versus the bad continues, albeit with different tools. This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
[GKD-DOTCOM] What is the Future for Cyber-Security?
The Internet is becoming integral to every area of our lives -- education, economics, health, politics. As Internet access reaches throughout the globe, its benefits are expanding...along with growing threats. Take VOIP. It promises to make cheap communications accessible worldwide...and simultaneously to open a new era of cyber-fraud and human rights violations. Perhaps the most disquieting threat comes from cyber-terrorism. Terrorists can use the Internet to coordinate deadly attacks in multiple countries or to cripple international e-commerce. International agencies, governments, businesses, and civil society must collaborate to avert these threats. Open source software provides both a metaphor and a concrete model of the benefits that accrue when everyone can contribute and benefit. Yet for all stakeholders to cooperate, they must rise above mutual suspicion and distrust. Encryption is a case in point. It can help prevent fraud and protect information about NGOs fighting international crimes such as trafficking in persons. Yet some governments fear that it will give criminals and terrorists the means to evade detection. Key questions: 1) Do we need to think and operate differently to prevent cyber-crime and cyber-terrorism in the future? Who needs to change what? Please be specific. 2) What is the responsibility of donors and NGOs who are helping expand Internet access? Should they always ensure secure networks? Should they demand a proper balance between security and privacy protection? 3) What new threats come from new technologies, e.g., cell phones that access the Web? What, specifically, must be done -- and by whom -- to address these threats? 4) Are there new technologies that can help meet the cyber-security threats? 5) What policies and strategies do you recommend developing countries adopt to take advantage of new technologies while preventing cyber-crime and terrorism? 6) Can open source software help build cyber-security? What must donors, businesses, governments and NGOs do to make it happen? 7) Where should we draw the line between development of legal and illegal encryption? 8) Growing collaboration between regulatory and security agencies helps fight cyber-crime and cyber-terrorism, but simultaneously poses threats to privacy and human rights. What is the best approach to maximizing the benefits and reducing the threats? This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org