Preserving the digital crime scene poses one of the biggest challenges in the global fight against cybercrime, said participants at a major international conference on fighting internet-based crime.
The two-day conference, organised by the Council of Europe, was meant to encourage more countries to sign the council's convention on cybercrime, which aims to strengthen international co-operation in combating computer-based crime and to harmonise national legislation.
The conference drew more than 200 participants from governments and the private sector. Law enforcement officials attending the conference stressed the importance of rapid cross-border co-operation between agencies to bring cybercriminals to justice.
"Communications networks between law enforcement agencies have to be strong and rapid," said Andy Leatherby, of the National Hi-Tech Crime Unit (NHTCU).
Getting evidence before the tracks vanish is a major probelm, he said. Dealing with computer-based crime requires officers to trace back IPs over the internet, but few countries have legislation requiring internet service providers to retain data and some even have laws preventing them from keeping connection records, he said.
This is precisely the information investigators need, he argued. Normally, investigators are only interested in traffic data, not in information about content accessed, so there should be less concern about privacy protection, he said.
His view is shared by Bernhard Otupal of Interpol. Greater understanding of investigators' needs would make co-operation easier, he said. "Data protection would not be a big problem if people knew what law enforcement actually does with it. The huge problem is identifying people by IP or telephone number," he said.
There should not necessarily be a clash between effective enforcement and data protection, said Christopher Painter, deputy chief of computer crime at the US Department of Justice.
"There is an issue of security versus privacy but if we are doing our job properly we are protecting privacy by stopping personal information getting into the hands of people who will misuse it," he said.
The convention made a major contribution to this process by asking signatories to provide a round-the-clock point of access where other agencies can request data needed in an investigation, law enforcement officials said.
"It requires each country to set up a 24x7 point of contact so in case of an incident, a law enforcement office can phone a contact point in another country and preserve the digital crime scene," Leatherby said. There are 89 countries in the 24-hour network worldwide.
Participants stressed the need for as many countries as possible to sign up, emphasising that in fighting cybercrime it is important to avoid the mistakes made in the battle against money-laundering and to prevent the creation of places where criminals operate beyond the reach of the law.
"We don't want countries to have safe havens because it is easy for a hacker to route communication through third countries," Painter said.
While the business community is taking the problem more and more seriously because of the cost implications of failing to protect their systems, some participants said there is still work to be done raising awareness of the threat from cybercrime.
According to the NHTCU, cybercriminals caused more than £195m in financial impact on companies that said in a survey they were affected by such crimes last year, while an estimated 83% of UK businesses are reported to have been victims of computer-based attacks.
"In terms of security implications, [businesses] still don't understand the potential for attacks," Leatherby said. His agency is "looking at closer working relationships with industry so law enforcement can learn from them and they can learn from us so that they can build crime prevention into their methodology".
While public awareness of the problem is growing, there is the need for greater sensitivity among users to security issues, speakers agreed.
"You have to move away from a trusting society where you can be duped into going to a fake web site to one where individuals exercise their responsibilities. You can put hundreds of locks on a door, but if you leave it open it's not secure," Leatherby said.
The Convention agreement requires signatories to criminalise four types of offences: those against the confidentiality, integrity and availability of computer data and systems; computer-related offences, including forgery and fraud; content-related offences, including child pornography and racist and xenophobic material; and offences related to copyright infringements.
Simon Taylor writes for IDG News Service