Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear Colleagues, My name is Emmanuel Njenga and I am working with the Association for Progressive Communications (APC). I would like to respond to some of the questions raised and interesting comments especially the recent ones on definitions of cyber-crimes and cyber-terrorism. In this regard, I would like to highlight a few examples of what is going on in Africa where it seems some countries do not understand the issues well and hence are adopting a reactionary manner to address issues, as opposed to proper policies, strategies and legislation. In the case of Zambia a Cyber-crime (dubbed 'computer crimes') bill was recently passed (not sure if this has become law yet) and it seems that this was more of a government reaction (although government claims it was a follow up from the policy framework) after a particular situation in which a man who hacked a government website was not prosecuted, as there was no legislation to this effect. So in this case we see a government going forward to enact legislation to counter such a measure without a comprehensive understanding of the issues. In other countries, like South Africa, they seem to have taken a different approach, where they are soon to enact a new law targetting child pornography measures that will have implications for computer technicians, Internet service providers and cyber-cafes. The new law will be in the form of amendments to the Film and Publications Act. So in a nutsell, they are tightening existing laws to cover existing crimes that are futher facilitated by the Internet/computers. In Kenya, there seems to be major confusion on addressing some issues such as access of ponography by minors from the Internet. On one hand there are those who insist there exists legislation to counter these issues: "The Act clearly stipulates a penalty under the Rights of Children and Protection section. It states that notwithstanding penalties contained in any other law, any person willfully infringing on the specified rights [of children] shall be liable upon summary conviction to a jail term or imprisonment not exceeding 12 months; or to a fine not exceeding Sh50,000 or to both." On the other hand, the police are not soo sure...and are now calling for new legislation: "However, the police, who are supposed to enforce the law, do not seem to have any clue that it exists. Criminal Investigations Department spokesman Gideon Kibunja says: "Since the Internet was introduced in Kenya, I cannot remember anybody being arrested because of browsing pornography sites or displaying obscene pictures as screen savers. Even if one is arrested, he/she cannot be charged in court under the law that makes it criminal to be in possession of a pornographic publication or videotape." The above are just a few cases of what is going on in Africa, a trend that seems mostly driven by lack of awareness and confusion of issues while some others like South Africa are making good progress in some areas. These are some of the areas that need to be addressed by the questions raised below - which I will try to answer in the coming days. In the meanwhile, you can view more details of the above cases and developments taking place in Africa from the Africa ICT Policy Monitor website...below.. Section on News > Security and Privacy http://africa.rights.apc.org/en.shtml?apc=21875ne_1 Regards, Emmanuel Njenga -- Emmanuel Njenga Njuguna Africa Policy Monitor Project Association for Progressive Communications (APC) Email: [EMAIL PROTECTED] Web: http://africa.rights.apc.org Tel: 61 4 0151 7112 ~ On Monday, October 11, 2004, Global Knowledge Dev. Moderator asked: > Key questions: > > 1) Do we need to think and operate differently to prevent cyber-crime > and cyber-terrorism in the future? Who needs to change what? Please be > specific. > > 2) What is the responsibility of donors and NGOs who are helping expand > Internet access? Should they always ensure secure networks? Should they > demand a proper balance between security and privacy protection? > > 3) What new threats come from new technologies, e.g., cell phones that > access the Web? What, specifically, must be done -- and by whom -- to > address these threats? > > 4) Are there new technologies that can help meet the cyber-security > threats? > > 5) What policies and strategies do you recommend developing countries > adopt to take advantage of new technologies while preventing cyber-crime > and terrorism? > > 6) Can open source software help build cyber-security? What must > donors, businesses, governments and NGOs do to make it happen? > > 7) Where should we draw the line between development of legal and > illegal encryption? > > 8) Growing collaboration between regulatory and security agencies helps > fight cyber-crime and cyber-terrorism, but simultaneously poses threats > to privacy and human rights. What is th
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
On Monday, October 11, 2004, Global Knowledge Dev. Moderator asked: > 4) Are there new technologies that can help meet the cyber-security > threats? During this cyber-security discussion I find it interesting that no one has addressed the topic of what effective technologies exist to combat the growing menace of attacks on personal as well as corporate systems. As all computer users know, Microsoft Windows (the world's most popular computer operating system) is especially vulnerable to attack from numerous kinds of viruses, trojans, worms and spyware. Recently I came across this article written by Paul Brislen, a reporter for The New Zealand Herald. He writes: "For the first half of the year, anti-virus research company Symantec reported 1237 new online security vulnerabilities - an average of 48 a week. Nearly all those vulnerabilities, about 97 per cent, were considered moderate or highly severe, and 70 per cent were considered easy to exploit. There is a growing online threat to businesses, their intellectual property and their good name if they don't take the appropriate security measures." Brislen then goes on to describe the problems of running a Windows PC and writes, "Users are spending more time taking care of their PCs instead of taking care of business... Firewalls and anti-virus protection are no longer enough to keep confidential information out of the hands of competitors or fraudsters." Brislen concludes, "Perhaps the final word should go to Richard Clarke, the cyber-security adviser appointed by former US President Bill Clinton. Clarke, who toured New Zealand recently, said he has managed to protect his computer from more than 99 per cent of all known viruses, worms, network attacks and spyware. He runs an Apple [Macintosh], not a Microsoft PC, and says that does the job nicely." While the Macintosh OS is not exactly a "new" technology (more a "niche" technology unfamiliar to the majority of computer users), I feel that the Mac OS is a valuable 'tool' for helping protect both businesses and individuals from the flood of cyber-attacks that they have to deal with every day. Perhaps the donors, rather than spending huge amounts of money on virus protection, training, and recovery of systems and networks once they are attacked, should help developing countries purchase Macintosh's. The initial up-front cost differential (Macs tend to be more expensive than PC's) will be more than made up for by the considerable savings in support. Jim Burnham This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear GKD Colleagues, I work for a NGO that is fighting trafficking in women and girls in India and Bangladesh. I think the idea of law enforcement agencies collaborating to fight cyber-terrorism is a good one, and that NGOs should cooperate and share information with government. But there are two problems that we face in the field that noone has mentioned. One is a problem of corruption in the lower levels of police and government. The work we do is very dangerous and we are constantly threatened by the scoundrels and criminals who are making huge sums of money by trafficking women and girls. We have to protect information about our organization, our activities, our local staff, and the women and girls who are being trafficked. The government and police at the national level might be completely honest. But in some places the local authorities and police have been paid by the traffickers themselves. No matter what agreements are made to reduce suspicion of the police by the NGOs at the top level, it will not affect us here far away from the capital. I also think that most of the cyber-terrorism that we have been discussing is carried out by people who are in the field, not in the capital. Please do not think we are stubborn in refusing to share information with the police. We are not the only ones who fear corrupt officials. I went to a meeting on trafficking that brought together NGOs from around the world and met someone from the IOM (International Organisation for Migration) which is doing a lot of work on collecting data about trafficking and she was telling me that they have the same problem. They have a huge amount of information and there is a lot of pressure on them to share the information with governments. But they are afraid that some corrupt officials will pass that information on to traffickers. The result could be actual death of some people fighting traffickers. So in this kind of case, cyber-security means protecting the information from the police! So if we are going to talk in this discussion about working together to fight against cyber-security and cyber-terrorism, we have to find a solution to this problem of local corruption. I can not quite imagine how this could be done at a local level because it is such as huge problem. But unless you find a solution, we in NGOs will not be willing to work with the local police and share our information, which is often better than theirs. The other problem is that traffickers are using the internet to trap women and girls in their net. This is not a big problem for us in India and Bangladesh because women do not have a lot of ways to reach the internet. But the anti-trafficking NGOs in East Europe told us that it is a bigger problem for them because women have more chances to have an email account. The women are promised good jobs and then when they meet the person who has sent the email they are kidnapped and sold into slavery. Some way should be designed to track down these traffickers through their email. Sudha This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org