TCS Daily

Can The Rule of Law Corral Cyber Crime and Corruption?

By Keith Henderson - December 11, 2000 12:00 AM

At an international conference last month organized by American University's Transnational Crime and Corruption Center in Washington, D.C., Michael Vatis, the director of the National Infrastructure Protection Center and point man for U.S. law enforcement dealing with cyber attacks, reiterated what Attorney General Janet Reno has previously testified -- that cyber crime presents the most fundamental challenge for law enforcement in the 21st Century.

Experts estimate that cyber crime and corruption may amount to more than a trillion dollars a year, almost 97 percent of it unreported.

Credit card fraud at $400 million a year is only the tip of this huge iceberg. Damage from hacking computers, such as the Philippine Love Bug virus, tops $12 billion. Only in the last year has the Pentagon with its vast resources come to know how many electronic attacks (22,000) have occurred on its various computer systems, and the Pentagon cannot categorically state that its systems are secure from invasive cyber attacks. Meanwhile, software piracy in the United States alone exceeds over $1 billion, and estimates are that by the year 2005 more than $112 billion in software, music, video and text will be pirated over the Internet.

Bigger still are the myriad worldwide political, economic and multi-billion dollar corruption scandals, such as those that led Indonesian President Suharto and Peruvian President Fujimori to resign and the $7 billion Bank of New York Russian money laundering case. Global money laundering and capital flight are estimated to amount to a gargantuan $500 billion.

At the conference, business representatives and academics, including Vic Winkler from Sun Microsystems and Benjamin Ladner, president of American University, all recognized that cyber crime and corruption threaten the full utilization of the Internet, be it for distance learning or E-commerce, and that issues related to privacy and security loomed large.

But what can be done about it? In an attempt to get a handle on real solutions to the problem, participants at the conference naturally looked at the fundamental causes of this phenomenon. Corrupt law enforcement officials, who use new speed-of-light technologies to capitalize on outdated laws and weak institutions, commit much of the crime and corruption. As important, participants also explored how to balance some of the most contentious and important issues of our time -- free speech, E-commerce, privacy, security, access to information and technology controls in a global marketplace.

Tracking the policy debates on these issues, along with the rule of law, international development and democracy, is a Herculean task. Yet, at the conference, participating law enforcement officials, business representatives and academics were able for the first time to publicly acknowledge that these issues are equally important and inextricably and globally linked.

European officials and academics have led an effort to build the legal infrastructure and establish global rules for privacy, security and fighting cyber crime through the Council of Europe's just completed Convention on Cyber Crime. The United States has led the discussion on free speech and corruption. The heated U.S. debate over the potential threat to privacy posed by the government's "Carnivore" program to monitor the Internet was emblematic of the contentious nature of these issues.

Participants at the conference - all of whom have been involved in the sometimes acrimonious discussion about E-commerce, privacy and free speech -- recognized that technology is driving the most fundamental and historic policy question of all: How to globalize the rule of law in the Information Age.

No one at the conference questioned the need for global solutions to global problems. Moreover, the consensus was that a range of cyber threats needed to be criminalized and globally harmonized, including specific kinds of malicious activities undertaken by insiders, hackers, virus writers and criminal groups.

Perhaps the most significant acknowledgement was that organized crime and internal corruption within the international law enforcement and business communities presents the most difficult challenge. The best laws mean little, and can be counterproductive and dangerous, if they are not going to be enforced fairly and effectively because of corruption.

A recent survey of 50 countries by McConnell International revealed a majority does not have adequate laws to address the panoply of cyber crimes. Most of those nations' laws do not include sufficient deterrence penalties and most only seek to protect public -- not private -- sector computers. The survey results suggest that even those countries with the most comprehensive set of cyber laws, such as the Philippines, have had serious legal implementation and enforcement problems overall. In short, because corruption is systemic in many countries, the rule of law is still more theoretical than real.

This only makes it more imperative, though, for honest businesses and governments alike to build and integrate defensive information hardware and software systems as well as adopt effective internal corruption policies. They need to put in place and maintain policies, procedures and training to assess the risks of cyber crime, detect it and then forewarn others about it, through information sharing agreements with industry trade associations and law enforcement officials.

As the Washington conference found, the financial cost of global cyber crime and corruption amounts to trillions, not billions, of dollars. It poses significant political, human rights and societal costs, particularly in developing nations. This global problem demands additional academic research along with greater business and government cooperation. The solutions must be global, addressing systemic corruption and criminalizing the cyber activities that pose the greatest dangers to the rest of the cyber community.

To achieve the full promise of the Internet, conference participants agreed, the nations of the world need to build upon such agreements as the Council of Europe's Convention on Cyber Crime and evolving international anti-corruption laws within the framework of privacy concerns raised in debates over the U.S. governments' Carnivore program.

Ultimately, cyber space must establish the rule of law so it does not become a haven for criminality that diminishes its use by honest citizens the world over.

Keith Henderson, B.A., J.D., LL.M, teaches "Global Corruption and the Rule of Law Through a Technological Lens" at American University in Washington, D.C., and is an international business and legal development consultant.

TCS Daily Archives