A few years ago, the Budapest Convention on Cybercrime was signed within the Council of Europe. Since then it was ratified all across the globe by a lot of countries or at least used as the base for legislation. The Council of Europe is organising a conference on Cooperation against Cybercrime, called Octopus.
We actually had a very good first day and there are a few conclusions I can draw after the first day:
- Cloud Computing is mentioned very often by the government officials. Listening to the discussions so far (we did not specifically talk about the Cloud yet, this is to be done on Thursday morning) I am not clear whether all the involved parties have the same view on the Cloud and the impact of the Cloud on the legal and law enforcement landscapt. This is a big problem I guess as this would be the basis for the development of joint activities. There is a lot of education and knowledge transfer to be done.
- All across the board, there is a willingness to cooperate – at least on the working level. There are two challenges with that. If you talk to prosecutors and judges, there is still the challenge that they need to be neutral but on the other hand need to work with the private sector. A balance still to be figured out. Additionally, I am unclear how far the politicians really realise the need for international collaboration on such challenges. This is something we as citizens need to push – politicians are elected locally :-)
- There are a lot of great police officers, judges, prosecutors in the countries – I am often amazed seeing what they do and with which passion they do their work. We – as the industry – have to make sure we do our best to help them to get the right legislation in place and we have to help them to get the right partnerships in place.
- There was remarkable discussion today: A country asked how they could work with international police forces. Somebody then answered: Your problem is that there is no cybercrime is in your country. The answer: That’s not true, there is a lot. So basically the statement was that there is no law which makes it illegal to commit cybercrime – and therefore there is no cybercrime in this country. We need the countries to ratify (or at least follow the principles of the) Convention on Cybercrime as a basis to then train Law Enforcement and finally prosecutors and judges – to make cybercrime “a reality” in all the countries.
- There are different organisations in countries, which all play different roles and sometimes different organizations claim to be “the single point of contact” like police, CERT etc. The role of police, policy makers, CERT, critical infrastructure, private sector etc. have to be clear.
Probably the best thing for me I heard was that Microsoft was very often mentioned as a role model for collaboration between public and private companies! It seems that our work more and more has impact.
If you want to look into this live, there is a live stream from room 1 at least: http://tv.coe.int/webcast/ (there are two). On Thursday from 10:00-12:15 (GMT+1) there will be presentations and a panel then I am sitting on about Cloud Computing
Roger