PayPal's Michael Barrett, Andy Steingruebl and Bill Smith have collaborated to produce a terrificly insightful White Paper on CyberCrime. The authors lament the sad and worsening problem of cybercrime and suggest that should current trends continue, it is possible that users may conclude that the Internet is unsafe at any speed and therefore unsuitable for everyday use, and state, "Should this perception become widespread, crowd psychology could take hold and as with the recent world financial crisis, result in a loss of faith in 'the system'."
Unlike many papers of this kind, Barrett, Steingruebl and Smith dive headlong into the set of problems that confound the Internet community in its efforts to confront and mitigate cybercrime. They offer informed perspectives on the obstacles that hamper law enforcement. They explain how privacy laws and policies "can also prove an unintentional hurdle to effective private action" when they prevent organizations from voluntarily sharing information to prevent further criminal activity. The authors assert that "Law and regulations need to make it easy for companies to do the right thing to protect themselves and their customers without fear of repercussions".
The authors call attention to what I agree is a critical flaw in where we focus our anticrime activities in cyberspace, saying "...cybercrime has largely been dominated by concerns about theft of intellectual property, rather than direct theft of actual money" and make the point that we really don't measure the cost of cybercrime well at all. Barrett, et. al. call for an NTSB style database of incidents, causes, and direct losses from cybercrime and claim that by collecting better data on cybercrime, a case can be made to justify increased investments in law enforcement.
I could continue praising the paper for some time. Instead, I'll quote some of the other stimulating comments and hope these will further incent you to read the entire paper.
"The FCC should ensure that transit providers are incented, if not mandated, to screen criminal traffic such as botnet activity."
"The FCC should ensure that networks do not allow traffic to exit their networks which perform IP Spoofing."
"Create an international law enforcement model that allows for prosecution without requiring extradition."
"Have SLAs for hosting companies to remove phish/malware sites."
"Ensure that ICANN properly enforces the ecosystem safety initiatives that it is contractually obligated to do."
Comments