Interpol has called on politicians to help law enforcement officers bring
cybercriminals to justice by making it easier for evidence to be transferred
The international police organization said Monday that a new global
legislative framework was needed to deal with cybercrime, which has evolved dramatically since the current
legislation was passed.
and pharming, new technologies are being dealt with by old laws," said
Bernhard Oputal, a crime intelligence officer with Interpol's financial and
high-tech crime division.
"We need an integrated legal framework to exchange data. A lot of legislation
doesn't consider a data stream as evidence, because the evidence is hidden
behind 0s and 1s. We have to rethink the legislative framework," Oputal told
Many organized-crime gangs have turned to the Internet in recent years, using
fake Web sites and e-mails to defraud users. According to experts, these gangs
are based in countries such as Russia, China and the U.S. but target Internet
users across the globe.
Interpol said it has experienced problems with the international transfer of
evidence and said some Internet service providers were unwilling to provide
data, a problem exacerbated by the speed with which phishing sites disappear
after capturing information.
"I need a legal basis to get the data out of the service providers. The
current system is protecting the offenders, not the victims," Otupal said.
"There are different types of service providers--some who are willing to tackle
the problem, and some who say, 'We are content providers; that's not our role.'"
A global framework for legislation should be provided by the Council of
Europe's Convention on Cybercrime, according to Otupal. The Convention, ratified
in 2001, is a European treaty designed to allow for a common criminal policy on
Following its announcement on Monday that it will bring prosecutions
against suspected cybercriminals, Microsoft agreed that current legislation
needed to be reformed in some countries. The software giant said it will
prosecute more than 100 phishers over the coming year and said it's involved in
lobbying for stronger antiphishing laws.
"There is basic legislation to enforce the law in most countries. Whether the
sanctions are proportionate to the damage caused remains to be seen,"
Jean-Christophe le Toquin, an attorney for Microsoft in Europe, told ZDNet UK.
"The Council of Europe Convention lets us use existing tools. We are pushing for
stronger laws if (those tools) are not sufficient," le Toquin added.
Interpol admitted that it was limited in its power to stop phishers because
of the lack of a cohesive global legal framework.
"Are these cybercriminals beyond the long arm of the law?" said Pat Cox, a
former president of the European Parliament, speaking at the launch of
Microsoft's Global Phishing Enforcement Initiative. "More or less, yes," Otupal
"There are still some places in the world criminals move to where ISPs still
permit phishing," Otupal later told ZDNet UK. "Criminals go to countries where
this use of technology and movement of money across borders isn't criminal.
Another big problem is that criminals (can operate in) many different
countries--25 countries in a recent case," he said.
Otupal also wants to see "more trust between parties" in divulging
information to their customers, and to the police. He said banking institutions
are afraid their reputations will be damaged if their customers know that other
customers have fallen victim to fake Web sites.
"Banks are not willing to admit they've been abused through cybercrime, and
internal investigation doesn't necessarily work," he told ZDNet UK.