Last monday the EURIM E-Crime Group, chaired by the Rt Hon Alun Michael MP, discussed progress and plans for the formation of the E-Crime Reduction Partnership and how the various communities of information systems and security professionals might contribute. Much of the discussion was predictable but a few eyebrows were raised at comments on industry complacency and gaps between perception and reality and the pace of change.
Thus there were sharp comments on credit card verification services that looked exactly like “man in the middle ” attacks or were so one-sided with regard to small traders that they had effectively been boycotted by most of those they were supposed to benefit.
We heard of the “semi-legal” scams being used to exploit those desperate for part-time work: such as those who pay commission for jobs or business supposedly achieved, which is then cancelled and they are told the fee was “for an advertising service”.
It was asked why so many of the worlds e-criminals wished to appear to be based in the UK.
The possible answers were left handing in the air – but include our domain name and payment clearing systems, our fragmented law enforcment and our failure to ratify the Council of Europe Convention on Cybercrime . Such answers raise the question of whether changing any of these would have sufficient impact on trust to justify the effort.
It was pointed out that Children and Teenagers are no longer troubled by spam because they no longer used e-mail – they had migrated to social networking sites. That raised the question, also unanswered, of how much of our current efforts are spent addressing yesterday’s problems
The good news was that the forty or so participants in the discussion not only agreed that partnership between government, law enforcement, industry (users as well as suppliers) and the vrious professional bodies, trade associations and interest groups was the way forward but many also volunteered to help make a reality of such partnership in specific areas (awareness, skills, intelligence sharing, forensics etc.) and for specific communities (small firms, charities etc.) working with and through existing channels (such as Get Safe On-line and CEOP) where practical.
Meanwhile the participants also agreed the need for a serious exercise to take a holistic view of the situation: the scoping exercise that is the start point of successful crime reduction partnerships in the physical world.
After the meeting I had some most interesting discussions on the rings and hierachies of trust with regard to, for example, intelligence sharing – and what it is realistic to try to achieve.
The discussions also caused me to take another look at the Oxford Internet Institute annual survey, the most authoritative annual snapshot that we have. Looking at the OII data (QC34 by QD15) one might think that 64% of internet users in employment are devotees of their bank’s on-line services. Then one notes that a “user” is some-one who has done something “more than never”. Thus “once or twice but never again” counts as a user. That fits rather better with the statement from one of the main Internet advertising services that less than 20% of small firms who advertise on-line are willing to transact on-line.
Picking up the survey always leads me astray into browsing and musing – for example the charts of “trust” on the part of Internet users. The respondents used a rating scale from 5, total trust, to 0, no trust at all.
Most doctors 4.0
Most scientists 3.7
Internet Services 3.5
TV News 3.5
Major Companies 3.1
Most people in the country 3.0
Most pople on the Internet 2.9
Most people 2.8 (persumably this includes Johnny Foreigners)
The Government 2.7
Non-users were marginally less trusting of everyone, except Doctors and Newspapers.
Then the analyses of QC 19 and 20 on social usage show how the Internet is used primarily to keep in touch with distant friends and relatives and to network with those who share interests and political and religious views: except among students.
I used to “joke” about “the internetties in their cyberghettoes reinforcing each othrs prejudices” in order to provoke debate on how to use on-line discussions to open up bridges across social and cultural divides. That debate is still not happening.
Even if one looks at the readership of leading political blogs such as Guido Fawkes (50,000 or so weekly readers out of a pool of about 180,000 who visit in the course of the year) which are usually more concerned with whether the scandal is interesting than whether it fits the bloggers prejudices, it is clear that they appeal to a defined community.
One of the problems with organising the E-Crime Reduction Partnership will be to get the various communities of security specialists and Internet enthusiasts to talk constructively with each other – instead of just shouting at each other across the walls of their cyberghettoes. Experience to date is that this is best done off-line, whether over real ale or a traditional chinese banquet.