Who Should Police the Internet?

Today is the first day of Infosec. In my article in the Guardian supplement, I refer to comparisons of the Internet with Railways and the Wild West. The first police force in England was created by the Stockton and Darlington Railway Company to protect their construction sites, then their tracks and later the goods they carried.


Law and order was brought to the West by the ex-soldiers hired by Allan Pinkerton to protect railways, banks and other businesses. At its peak the Pinkerton Agency employed more agents than the standing Army of the United States.


I then suggest that, because the Internet is international, a better analogy might be the role of the Royal Navy in suppressing piracy and slavery. But the stories of walking the plank and of marooning come from the practice of letting pirates “swim home” because it was “too complicated” to take them to court for trial.


Today the Chinese devote far more effort to policing the Internet than any other nation while the self-tasking groups of the US NCFTA (National Cyberforensics and Training Alliance) are probably the nearest there is to a global Internet police force.


Most current debate on Internet Crime is dominated by those wishing to frighten users into spending ever more on their often incomprehensible and nearly always semi-incompatible, security products and services. The most common counterpoint comes from those selling security retrofits to prevent the accidental data losses that are inevitable in a world where security by default appears to be an alien concept.


Meanwhile, according to a recent article in the Washington Post, a couple of dozen global syndicates are systematically looting corporate websites and databases of all that is needed to impersonate those who control what is worth stealing.  They are aided and abetted by barely a dozen registrars, whose services are used by those organising, for example, the fast flux hosting of child abuse websites.


My slide for this afternoon’s debate at Infosec on “Who should police the internet” lists:


•The Sheriff of Nottingham and Robin Hood

•The Stockton & Dar1lington Railway Police

•Wyatt Earp and his Brothers and Cousins

•The Pinkerton Men

•The Royal Navy

•ICANN and the Registrars

•Spamhaus and the NCTFA

•The United Nations

•None of the above


As yet there is little agreement over who should do and pay for what: Internet Service Providers, Banks and payment service providers, those wanting customers to trade with them on-line, Government (by far the largest single victim) …


Then there are the questions of governance and jurisdiction that have never been satisfactorily answered nationally, let alone internationally – witness the problems when criminals cross the county boundaries or state lines in the UK or US


There does appear to be agreement that the answer has to be a partnership. But partnerships require mutual understanding, commitment and resource. 


The discussion this afternoon between Superintendent Charlie McMurdie, (working to create the Police Central E-Crime Unit) and the Rt Hon Alun Michael MP, (championed Crime and Disorder Partnerships and presided over the deal to create the Internet Governance Forum) will hopefully flesh out the way forward.


But there will then be much to do to make the Internet as safe as the Wild West or High Seas – let alone a suburban shopping mall.Hence the focus of the Eurim E-Crime Group on making a reality of the proposals for a nno-geographic E-Crime Reduction Partnership