This workshop was a useful one as it addressed emerging cyber security issues. Unfortunately, the question of PPPs was not addressed well, as most of the presentations were about importance of privacy and security.
One of the issues that most of the stakeholders agree is that child abuse needs to be prevented. Other issues are a subject to debate, among them phishing, malware and criminal money. There is also a danger of clashes of what to prevent. It is also a widespread perception of the Internet community based on real life approach (I agree with it) that laws rarely prevent what they prohibit. Finally, there is a need for in design strategies on cyber crime such as human rights protection, right proportion and balance. I would like to provide a summary of the most interesting presentations below.
Alexander Seger from Council of Europe provided a general overview about online privacy and data protection and relation of security to these issues.
He provided the arguments that can explain to the users (that usually do not care about their privacy) the importance of privacy. He also gave as an example of the development of the approach to privacy issues in Germany that in 1983 highlighted the right to informational self-determination and in 2008 the right to confidentiality and integrity of data. Further he enlisted the OECD principles on data protection and the implications of privacy other than just a right to be left alone.
Further, he enlisted the challenges to privacy among which I think the most crucial is the one about the trends in technology and threat of the new technology to data protection. He highlighted the most relevant stakeholders that want the users’ data:
Financial Services (e.g., Swift)
* search engines and related web services
* social networks
* data and marketing services
He also stressed that anonymity was a key issue within cyber security as there was lack of its regulation. Finally, Alexander highlighted major trends and implications of cyber crime (Budapest Convention on Cyber Crime) and the guidelines for cooperation b/w ISPs and law enforcement against cyber crime.
Michael Rotert from EuroISPA stressed dependency of cyber crime on new technology. The major issue addressed was blocking and filtering and the current approach to it. Although it is complex and expensive there are countries like China that still invest a lot in it (they have 15.000 employees that deal with blocking).
Some of the new technologies create new challenges for police and investigators. E.g., IP v.6 should not affect a normal user (but they will provide him/her with enhanced security), but the policy that tracks addresses will have to deal with 4 times longer and therefore more complicated addresses. Michael also stressed that encryption helps criminals to hide their problems. Finally, he pointed out that although some old issues like spam are decreasing now, but new issues like phishing emerge increase.
I agree that the scope of cyber crime should be more well defined and further issues should be addressed with emerge of new technology. I hope this workshop was a good step on the way of further discussions and implementation of the issues discussed. Overall, I hope that further developments in the legislation of cyber crime and cyber security will evolve and that they will not threaten online FOE.