Friday, December 12, 2008

Macafee Virtual Criminology Report 2008, and Predictions for 2009 in the IT Law World

Pangloss is back in town (well, Edinburgh) after her jaunts to Israel and London, which culminated in a brief and rather bronchitic appearance on the Today programme talking about cybercrime - the germ (contracted in Israel) was clearly genetically engineered by Mossad to take out the EC's top legal brains. Er, well, or something like that:)

The 2008 Macafee Virtual Criminology Report, which I was plugging on the aforesaid Today prog, is now available free online in a variety of languages, edited by myself and Dr Ian Brown of the OII, with this year an even wider selection of contributing international experts we interviewed - read and comment here should you wish!

Our top level findings this year included:

- the credit crunch will inspire greater investment in cybercrime by criminal gangs etc, especially in the financial phishing area where the confusion of mergers and bankruptcies in the financial sector has left the consumer confused and vulnerable
- difficult financial prioritising may also leave both the conmercial and public sectors vulnerable to further security and personal data breaches, and compliance action must take this into account
- local individuals may be pulled into international phishing as "money mules"; new e-payments and virtual world payments systems are also likely to be utlised to launder the profits of cybercrime
- cyber terrorism continues to be an issue, with more attacks from alleged sources in China and Russia, especially against the likes of Georgia in 2008
- however some excperts also suspect misdirection and obfuscation as to where the true sources of both cybercrime and cyberterrorists attacks are; it is easy to direct Internet traffic via "scapegoat" countries and some cybercrime overlords may be much more local than we think.
- creating "cybercops" is a tough job for nation states, especially in the non Western countries and we may need to look at the creation of a NATO-style transnational "standing cyber-police".


Meanwhile Pangloss was also one of a number of practitioners and academics asked to contribute ideas to the SCL's round up of predictions for what the IT law field may see happening in 2009. The results make interesting if relatively consistent reading (credit crunch will reduce IT and law spending, more out sourcing, more clampdowns on personal data breaches , more powers for ICO, more copyright maximalism by rightsholders, more attempted IP infringement by the bored/unemployed) which probably means something entirely different wil happen instead..

Israel was a remarkable experience, which I hope to write more about at some point. It is quite something for a privacy scholar, even of the non-fundamentalist variety, to see in action a society which so clearly thinks in the majority, that in its unique case, security simply demands substantial inroads into what we would see here as basic personal autonomy and privacy standards. As my niece, studying in Tel Aviv, put it; "It makes me feel safe".

There is a norm of having bags searched on entry to most public places; cars and travellers can be stopped for no reason; security alerts closing public transport and roads down are commonplace. On the other hand Tel Aviv is extremely Western and secular (it reminded me of a cross between LA and Barcelona) and the privacy and technology lawyers at Tel Aviv University who hosted me are as involved as any at Berkeley and Harvard in promoting human rights standards, anti racism, and running pro bono clinics etc. As I visited they had just been involved in condemning e-voting in Tel Aviv local elections which did not meet democratic standards, and they are helping Israel to apply for privacy "adequacy" certification under the EC Data Protection Directive. It was a fascinating time and I hope to go back and discover more in the not too distant future. Thanks to Michael Birnhack and Assaf Jacob especially for inviting me!