Cybercrime code ready

[InfoSec News <isn () c4i org>]

http://www.news.com.au/common/story_page/0,4057,5153729%255E15306,00.html

Kate Mackenzie
24Sep02 

INTERNET service providers are preparing for a new cybercrime code of
conduct that will detail how much data they should keep on subscribers
in order to co-operate with police and other law enforcement agencies.

The Internet Industry Association (IIA) is about to release the draft
of its Cybercrime code of conduct, chairman Justin Milne said.  The
draft code is the result of more than a year of collaboration between
the internet industry and representatives from police and crime
authorities.

It represents an apparently successful attempt by the internet
industry to avoid specific new laws being introduced to specify
compliance with authorities.

"What the code does is it ties the legislation into the practicalities
of everyday life," Mr Milne said.

"The legislation is framed in general terms and doesn't get down to
the specifics.

"If we put that in place, I think we'll be the first country in the
world to do that."

Mr Milne, who is chief executive of second-ranked ISP OzEmail, said
the code tried to strike a balance between law enforcement agencies'
preference for indefinite archiving, and ISPs' desire to minimise
resources spent on archiving.

The length of time agreed on for ISPs to keep data would vary between
six and 12 months, depending the type of information.

"If we kept all of the information for all the time, we wouldn't be
able to build data centres fast enough to hold all the data," he said.

Mr Milne said he did not believe compliance with warranties placed an
undue burden on ISPs, although he said OzEmail employed a full-time
compliance person.

Electronic Frontiers Australia chairman Kim Heitman said he believed
most ISPs with more than 100,000 subscribers would employ a full-time
staff member to comply with requests by police and agencies for user
data and intercepts.

Much of the Cybercrime Code was developed to head off calls by law
enforcement agencies for a legislative approach to ensure ISPs keep
data on users and cooperated with investigations.

Law enforcement agencies appearing before a Joint Parliamentary
Committee on the National Crime Authority last year raised the issue
of record keeping by ISPs as one of the key issues it wanted addressed
in order to improve the ability of law enforcers to keep up with
changing technology.

The IIA's legal representative argued that a self-regulatory approach,
such as the Cybercrime task force, should be taken, rather than
legislating new compliance requirements for ISPs.

The code will also cover caller-line identification (CLI).

The launch of the code will come soon after it was revealed that
Australian intercept warrants had tripled in four years, and outranked
the US by 20 to 1 on a per capita basis.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.