Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
On Friday, October 15, 2004, Jim Burnham wrote: While the Macintosh OS is not exactly a new technology (more a niche technology unfamiliar to the majority of computer users), I feel that the Mac OS is a valuable 'tool' for helping protect both businesses and individuals from the flood of cyber-attacks that they have to deal with every day. Perhaps the donors, rather than spending huge amounts of money on virus protection, training, and recovery of systems and networks once they are attacked, should help developing countries purchase Macintosh's. The initial up-front cost differential (Macs tend to be more expensive than PC's) will be more than made up for by the considerable savings in support. Both MacOS and GNU/Linux, unfamiliar through lack of hands-on exposure to the majority of computer users, are largely immune to cyber-attacks (I use MacOS myself, and am attempting to get savvy enough to use GNU/Linux) but this is (mostly) not because of superior technology. Arguably, the donors should spend more money promoting GNU/Linux, which is Open Source and mostly Free Software, thus reducing the cost of acquisition tremendously. Support for most users is also free (note the difference between capitalisations), and collaborative, which is good for society in general. Computers themselves are a niche technology, unfamiliar to and remote from the lives of the vast majority of humans on this planet (I can't ;-) speculate about the humans who live off-planet). Yet their influence is undeniable. It behooves us to seek ways to ensure that this impact is mostly good, rather than mostly bad or mostly unknown, for that matter. Creators of cyber-attacks follow the principle of low hanging fruit, and therefore over 90 per cent of personal computer users who run MS Windows are usually at risk from such attacks. Cyber-attacks are a societal problem, and creating laws and battalions of cyber-savvy law enforcement agencies is merely fire-fighting, not getting to the root of the problem. The Net itself is global, while different countries have different levels of openness and attitudes to law making and enforcement. No single rule will fit all, I fear. -- Vickram This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: [EMAIL PROTECTED] To subscribe or unsubscribe, send a message to: [EMAIL PROTECTED]. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear Colleagues, My name is Emmanuel Njenga and I am working with the Association for Progressive Communications (APC). I would like to respond to some of the questions raised and interesting comments especially the recent ones on definitions of cyber-crimes and cyber-terrorism. In this regard, I would like to highlight a few examples of what is going on in Africa where it seems some countries do not understand the issues well and hence are adopting a reactionary manner to address issues, as opposed to proper policies, strategies and legislation. In the case of Zambia a Cyber-crime (dubbed 'computer crimes') bill was recently passed (not sure if this has become law yet) and it seems that this was more of a government reaction (although government claims it was a follow up from the policy framework) after a particular situation in which a man who hacked a government website was not prosecuted, as there was no legislation to this effect. So in this case we see a government going forward to enact legislation to counter such a measure without a comprehensive understanding of the issues. In other countries, like South Africa, they seem to have taken a different approach, where they are soon to enact a new law targetting child pornography measures that will have implications for computer technicians, Internet service providers and cyber-cafes. The new law will be in the form of amendments to the Film and Publications Act. So in a nutsell, they are tightening existing laws to cover existing crimes that are futher facilitated by the Internet/computers. In Kenya, there seems to be major confusion on addressing some issues such as access of ponography by minors from the Internet. On one hand there are those who insist there exists legislation to counter these issues: The Act clearly stipulates a penalty under the Rights of Children and Protection section. It states that notwithstanding penalties contained in any other law, any person willfully infringing on the specified rights [of children] shall be liable upon summary conviction to a jail term or imprisonment not exceeding 12 months; or to a fine not exceeding Sh50,000 or to both. On the other hand, the police are not soo sure...and are now calling for new legislation: However, the police, who are supposed to enforce the law, do not seem to have any clue that it exists. Criminal Investigations Department spokesman Gideon Kibunja says: Since the Internet was introduced in Kenya, I cannot remember anybody being arrested because of browsing pornography sites or displaying obscene pictures as screen savers. Even if one is arrested, he/she cannot be charged in court under the law that makes it criminal to be in possession of a pornographic publication or videotape. The above are just a few cases of what is going on in Africa, a trend that seems mostly driven by lack of awareness and confusion of issues while some others like South Africa are making good progress in some areas. These are some of the areas that need to be addressed by the questions raised below - which I will try to answer in the coming days. In the meanwhile, you can view more details of the above cases and developments taking place in Africa from the Africa ICT Policy Monitor website...below.. Section on News Security and Privacy http://africa.rights.apc.org/en.shtml?apc=21875ne_1 Regards, Emmanuel Njenga -- Emmanuel Njenga Njuguna Africa Policy Monitor Project Association for Progressive Communications (APC) Email: [EMAIL PROTECTED] Web: http://africa.rights.apc.org Tel: 61 4 0151 7112 ~ On Monday, October 11, 2004, Global Knowledge Dev. Moderator asked: Key questions: 1) Do we need to think and operate differently to prevent cyber-crime and cyber-terrorism in the future? Who needs to change what? Please be specific. 2) What is the responsibility of donors and NGOs who are helping expand Internet access? Should they always ensure secure networks? Should they demand a proper balance between security and privacy protection? 3) What new threats come from new technologies, e.g., cell phones that access the Web? What, specifically, must be done -- and by whom -- to address these threats? 4) Are there new technologies that can help meet the cyber-security threats? 5) What policies and strategies do you recommend developing countries adopt to take advantage of new technologies while preventing cyber-crime and terrorism? 6) Can open source software help build cyber-security? What must donors, businesses, governments and NGOs do to make it happen? 7) Where should we draw the line between development of legal and illegal encryption? 8) Growing collaboration between regulatory and security agencies helps fight cyber-crime and cyber-terrorism, but simultaneously poses threats to privacy and human rights. What is the best approach to maximizing the
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
Dear GKD Colleagues, I work for a NGO that is fighting trafficking in women and girls in India and Bangladesh. I think the idea of law enforcement agencies collaborating to fight cyber-terrorism is a good one, and that NGOs should cooperate and share information with government. But there are two problems that we face in the field that noone has mentioned. One is a problem of corruption in the lower levels of police and government. The work we do is very dangerous and we are constantly threatened by the scoundrels and criminals who are making huge sums of money by trafficking women and girls. We have to protect information about our organization, our activities, our local staff, and the women and girls who are being trafficked. The government and police at the national level might be completely honest. But in some places the local authorities and police have been paid by the traffickers themselves. No matter what agreements are made to reduce suspicion of the police by the NGOs at the top level, it will not affect us here far away from the capital. I also think that most of the cyber-terrorism that we have been discussing is carried out by people who are in the field, not in the capital. Please do not think we are stubborn in refusing to share information with the police. We are not the only ones who fear corrupt officials. I went to a meeting on trafficking that brought together NGOs from around the world and met someone from the IOM (International Organisation for Migration) which is doing a lot of work on collecting data about trafficking and she was telling me that they have the same problem. They have a huge amount of information and there is a lot of pressure on them to share the information with governments. But they are afraid that some corrupt officials will pass that information on to traffickers. The result could be actual death of some people fighting traffickers. So in this kind of case, cyber-security means protecting the information from the police! So if we are going to talk in this discussion about working together to fight against cyber-security and cyber-terrorism, we have to find a solution to this problem of local corruption. I can not quite imagine how this could be done at a local level because it is such as huge problem. But unless you find a solution, we in NGOs will not be willing to work with the local police and share our information, which is often better than theirs. The other problem is that traffickers are using the internet to trap women and girls in their net. This is not a big problem for us in India and Bangladesh because women do not have a lot of ways to reach the internet. But the anti-trafficking NGOs in East Europe told us that it is a bigger problem for them because women have more chances to have an email account. The women are promised good jobs and then when they meet the person who has sent the email they are kidnapped and sold into slavery. Some way should be designed to track down these traffickers through their email. Sudha This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: [EMAIL PROTECTED] To subscribe or unsubscribe, send a message to: [EMAIL PROTECTED]. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
Re: [GKD-DOTCOM] What is the Future for Cyber-Security?
On a philosophical note I feel that the solution would be to stop doing things that create enemies. If a country does not have any enemies then their security concerns reduce radically. Crime is more a social issue. Terrorism is a political issue. I do not think that any amount of technology will address the problems caused by politicians. The right to privacy and security of the individual should be the driving motivation of cyber-security. The individual should decide whether technology provided by their government, their industry, or by like minded persons provide them with the security levels they desire. The same applies to industry. Governments are very different. They use the resources, usually military, available to them to protect their own, usually military and commercial, interests. It is usually also to protect their own interests that they prescribe to their citizens. I personally would rather use private encryption that civil rights groups use rather than encryption provided by my government, or worse, provided by some other government. I strongly feel that NGOs, etc. should provide the people that they are assisting with apropriate cyber protection. Not necessarily the protection preferred or prescribed by some other government. It is naive to expect bad persons to not use the technology available to them. This has never happened in the history of mankind and will definitely not happen in the cyber age. The same problem of the good guys versus the bad continues, albeit with different tools. This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: [EMAIL PROTECTED] To subscribe or unsubscribe, send a message to: [EMAIL PROTECTED]. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
[GKD-DOTCOM] What is the Future for Cyber-Security?
The Internet is becoming integral to every area of our lives -- education, economics, health, politics. As Internet access reaches throughout the globe, its benefits are expanding...along with growing threats. Take VOIP. It promises to make cheap communications accessible worldwide...and simultaneously to open a new era of cyber-fraud and human rights violations. Perhaps the most disquieting threat comes from cyber-terrorism. Terrorists can use the Internet to coordinate deadly attacks in multiple countries or to cripple international e-commerce. International agencies, governments, businesses, and civil society must collaborate to avert these threats. Open source software provides both a metaphor and a concrete model of the benefits that accrue when everyone can contribute and benefit. Yet for all stakeholders to cooperate, they must rise above mutual suspicion and distrust. Encryption is a case in point. It can help prevent fraud and protect information about NGOs fighting international crimes such as trafficking in persons. Yet some governments fear that it will give criminals and terrorists the means to evade detection. Key questions: 1) Do we need to think and operate differently to prevent cyber-crime and cyber-terrorism in the future? Who needs to change what? Please be specific. 2) What is the responsibility of donors and NGOs who are helping expand Internet access? Should they always ensure secure networks? Should they demand a proper balance between security and privacy protection? 3) What new threats come from new technologies, e.g., cell phones that access the Web? What, specifically, must be done -- and by whom -- to address these threats? 4) Are there new technologies that can help meet the cyber-security threats? 5) What policies and strategies do you recommend developing countries adopt to take advantage of new technologies while preventing cyber-crime and terrorism? 6) Can open source software help build cyber-security? What must donors, businesses, governments and NGOs do to make it happen? 7) Where should we draw the line between development of legal and illegal encryption? 8) Growing collaboration between regulatory and security agencies helps fight cyber-crime and cyber-terrorism, but simultaneously poses threats to privacy and human rights. What is the best approach to maximizing the benefits and reducing the threats? This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: [EMAIL PROTECTED] To subscribe or unsubscribe, send a message to: [EMAIL PROTECTED]. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
