Computer crime will be one of the major threats to e-business over the next few years, but laws in this area have a number of shortcomings.
Firstly, the global nature of the Internet means that national laws may be difficult to apply. A person physically in one country may commit crimes in another, which means that policing requires cross-border co-operation between law enforcement agencies, and perhaps improved extradition processes. As the slow and painful progress of European harmonisation has shown, such agreements may be difficult to achieve.
Secondly, in order to protect themselves from bad publicity many companies are still unwilling to report security breaches to the police. The efficient detection of computer crime is therefore being hindered by a lack of information from the victims.
At the moment, the two major European bodies that are attempting to legislate against online crime are the European Commission (EC), and the Council of Europe (CoE), an association of 40 member states. But these two organisations seem unable to agree a common policy. For example, the CoE proposed that firms should keep extensive records of data transfers for 60 days, while the EC has proposed a more draconian seven years. Both organisations presumably have companies' best interests at heart, but seem unable to find a common approach.
Last September the CoE announced that, after three years, it was close to releasing the final draft of an international treaty on computer crime. The proposal called for countries to accept uniform laws in the fight against criminal activities carried out using IT systems. It proposed that countries expand copyright laws, render certain hacking tools and software illegal and give governments more access to encrypted information. In November the treaty was redrafted after criticisms that the proposals could infringe human rights. A new version appeared in April this year.
Struan Robertson, a solicitor at law firm Masons, said the CoE's willingness to bend to meet its members' wishes was a good sign that the group wanted to create workable legislation. But the fact that the treaty will have to take the laws of all member countries into consideration creates complications that can only be resolved through further discussion.
In June, the European Commission announced that it was examining options for improving security on the Internet. The EC suggested new laws, prompting fears that they could clash with the CoE's proposals, creating more confusion for businesses.
Erkki Liikanen, the European commissioner responsible for Enterprise and Information Society, said a strategy at European level is needed to tackle security threats. Liikanen said the EC had taken care to ensure that its proposals covered different ground to that addressed by the CoE. While the CoE is trying to help member states fight back against online attacks, the EC is trying to 'encourage voluntary activities on the business side' to find a solution. 'Essentially,' he said, 'we are just trying to raise awareness.'
The EC is advocating collaborative work to create technical solutions for most security problems and is proposing the free circulation of encryption products to help.
The industry has welcomed the EC's suggestions, but most companies are calling for stronger laws to fight criminals. John Brooks, a sales and development manager at Nemesys Data Systems, said the best way to combat computer crime is to create laws that can be applied across all states. 'Hacking, virus creation, IT and communications-based fraud, and other related issues must be tackled by effective legislation and enforcement across the whole EU, so that the threats can be contained,' he said. 'Without a multitargeted approach, including preventing attacks in the first place, the result will be very great costs for the EC, EU governments and companies, in every EU member state, without any chance of a satisfactory result.'
