Naavi.org has raised certain issues connected with the International Conference on Cyber Crimes organized by CBI in Delhi. While the conference concluded yesterday, here are some reflections. 

Some of  the issues which we thought were importnat were raised earlier through our article of september 10th.  A suggestion was also made on the need for setting up a Cyber Crime Help Desk at CBI. Suggestions were also made on the need for definitions of new Cyber Crimes.

The conference has now ended and let us review the published reports about what transpired in the conference.

The three day International Cyber Crime conference in Delhi is over. Officials of CBI must be patting each other’s back for a conference well organized. According to the press reports, the conference called for a global cyber crime fighting agency for electronic crime, as well as the standardization of international laws.

This is fine but unlikely to materialize into any concrete step. At present we lack cooperation between different cyber crime police stations in India, between the Cyber crime police stations and the CBI. If we cannot first sort these out, it is unlikely that the existing mechanism of CBI-Interpol cooperation which on paper may provide for all assistance when required will be superseded by any alternate mechanism.

The biggest achievement of the conference was that CBI extracted a promise for Rs 3.5 crore assistance from the Ministry of Communications and Information Technology. This may be great news for CBI but one wing of the Government getting money form another is no great achievement. Hopefully this would be put to good use.

The least that the conference could have attempted to do is to create a national cyber crime authority integrating the Cyber Crime Cell of CBI and Cyber Crime related activities of CERT-In, as well as the State Cyber Crime Police Stations, so that neither the vested commercial interests that influence MCIT nor the vested political interests that influence CBI will have a free reign to interfere in “Law Taking Its own Course”. It appears that no action towards establishment of an Indian Cyber Crime Coordination Agency has been discussed in the conference.

Another area where the Conference appears to have failed to have taken any action, was in responding to the expose of Dan Egarsted who demonstrated the weaknesses in the Government communication system. The Swedish security professional has since posted the security threat which was exploited by him to capture the passwords (www.derangedsecurity.com). A responsible security conscious community would have dedicated at least part of the conference towards discussion of this expose and what would be the impact of such security breach when information reaches the hands of terrorists and criminals. The allegation of Dan Egarstad that there was an attempt to block his site by the US authorities also required a broader discussion. The conference appears to have failed miserably in discussing this issue.

Yet another area of discussion was the “Protection of Privacy rights Vs National Interests”. An interesting incident has recently been reported from US where a University refused information about a missing student to their parents and eventually the boy was found dead. The parents in this case had to get court summons for viewing the e-mails. The hurdles faced by the parents are indicative of what the law enforcement would also face when dealing with a Cyber Crime case. Naavi.org had already indicated one such incident in its previous article Cyber Crime Help Desk Required at CBI where an ISP from Hong Kong refused information to State Police investigating a case of Cyber Crime and the procedure of routing the request through Interpol and CBI was too long for the investigation to proceed.

The conference appears to have ignored some of these simple but practically important procedural issues which need to be sorted out before we can address other global issues.

Naavi

September 16 2007

Be Sociable, Share!