Barack Obama announced last week that there will be a new Cybercrime Czar in the US reporting directly to the president.
We wonder what, if any good that will do. Can he/she be more than a figurehead when the crimes they want to stop originate in the Ukraine or Bulgaria or Indonesia? Will they attempt to burden us with more ineffective regulation? Will they prescribe government
ordained solutions that deal with the problems of 6-12 months ago, rather than let the free market respond with solutions in real time? We don't know, but the fact that
Obama's servers were hacked during his much-touted social media-driven campaign gives some insight into
why he believes this is so important.
Cyber-banditry long ago outgrew the notion of the solo, acned, 17 year-old hacker in his parents' basement, and is now recognized as being a truly global criminal enterprise. And while international cooperation is important, depending on governments to
protect data privacy and security will only go so far. Critical differences in national laws for investigation, prosecution and conviction stand as ready-made barriers to effective international cooperation. Attaching penalties to mishandling of sensitive
data makes sense, but depending on governments for comprehensive oversight is a flawed strategy. And this presumes that all jurisdictions care enough about cybercrime to have laws on the books.
For example, in some jurisdictions, data can be used to make a case, but not prosecute. An article at mondaq.com authored by Prokauer Rose LLP,
EU Data Privacy Agency Adopts Recommendations On Reconciling EU Data Privacy Requirements With U.S.
Rules', highlights how differences in jurisdictions' data privacy laws between the EU and US can heavily constrain prosecutors. Commerce is global, and crime is global - but anti-crime laws remain national and sometimes even more localized, with state
and provincial laws able to hamstring international investigations and prosecutions.
To understand just how global and insidious cybercrime has become, every CIO, CFO and every executive of companies doing business on the internet should read Kimberly Kiefer Peretti's
detailed review of carding's hidden world. The extensive professional organizations carding networks now operate have long range implications
for national and international security well beyond the financial/commercial world.
As a recent Gartner study and other 2009 reports from the
Identity Theft Resource Center make clear, data breaches have wide implications in
direct fraud, delayed, multi-pattern fraud, and the scope and scale of breaches, with accompanying frauds clearly on the rise. The Gartner study also makes clear that the prosecution track records are abysmal. In this era of exploding government debt we
can't expect more resources to come the prosecutors' way.
With jurisdictional, legal, and economic issues preventing an effective government response, companies and organizations must take greater responsibility for data security and defending against criminal activity themselves, no matter what laws say. There
is no government bailout for cybercrime.