Dugie Standeford

The U.K. is “not winning the war on online criminal activity,” said Parliament Home Affairs Committee Chairman Keith Vaz on Tuesday. The panel’s first report on e-crime criticized the government’s refusal to help fund Europol’s CyberCrime Center (C3) and other EU countries’ failure to prevent cyberattacks from inside their borders against the U.K. The U.K. is too complacent about Internet crime because the “victims are hidden in cyberspace,” Vaz said. “The threat of a cyber attack to the UK is so serious it is marked as a higher threat than a nuclear attack,” he said in a media statement. One key area of concern is international cooperation, the report said (http://xrl.us/bpjvu7). Law enforcement witnesses told the panel that most cybercriminals operate outside U.K. jurisdiction, hampering identification and prosecution, and that it’s difficult for police e-crime units to obtain evidence from countries with which Britain has no established relationship, the report said. Government plans for its cybersecurity program involve better cooperation between the U.K. and international law enforcement agencies, including more joint operations, it said. Another problem is acquiring digital evidence held outside the U.K. Obtaining the evidence though multilateral assistance treaties was described as “extremely slow” and resource-heavy, it said. Lawmakers said they're “alarmed” that retrieving data from sites based abroad is difficult. “We hope that such companies will adopt a more constructive attitude going forward and be willing to engage with public authorities,” the report said. Businesses that reap huge financial rewards from being entrusted with people’s data “should be willing to be open and accountable for the actions they take with it,” it said. It’s disturbing that the government intends to opt out of all or some EU police and criminal justice measures, the committee said. Some of the instruments the U.K. might reject could affect its ability to tackle e-crime, it said. The global scope of cybercrime provides a strong argument that the U.K. should focus on better cooperation among police forces in other nations, the report said. “We cannot understand why the UK has refused to support funding for the new Europol CyberCrime Centre C3 which facilitates vital cross-Europe information sharing.” Members of Parliament also said they're “deeply concerned” that EU partner countries aren’t doing enough to prevent cyberattacks from criminals in their borders on the U.K. Other recommendations included: (1) Allocating more funds and resources to law enforcement agencies to fight e-crime. (2) Improving the way e-crime is reported. (3) Making online services “secure by design” by having new account settings set by default to private. (4) Requiring providers of Web services to explain to users when they set up accounts how to keep their data secure. (5) Requiring the government to draw up a mandatory code of conduct requiring Internet companies to take down material that breaches acceptable behavioral standards. “We welcome the creation of Europol’s C3 cyber crime centre but believe it should be funded from the existing Europol budget,” said a Home Office spokesman by email. “Crime is at record low levels and this government is taking action to tackle the cyber threat” by investing in the development of cutting-edge capabilities, he said. The National Crime Agency will have a new, elite cybercrime unit to target the most serious offenders, he said. “But we know we need to keep pace with criminals as they target the web and so we continue to consider ways to ensure the police and security services have access to communications data.”

EU antitrust officials carried out unannounced inspections Tuesday at several telecom companies that provide Internet connectivity services in Europe, the European Commission said Thursday (http://bit.ly/18b5pLw). The EC is concerned that the telcos may have breached antitrust rules that prohibit the abuse of a dominant market position, it said. Internet players interconnect with each other through a combination of wholesale services to cover all possible Internet destinations, the EC said. Connectivity allows market players such as content providers to connect to the Internet in order to provide their retail services or products, it said. That service is “crucial for the functioning of the Internet” as well as for end-users’ ability to reach online content with the necessary quality of service, regardless of where the provider is located, it said. Unannounced inspections are a preliminary step toward determining if certain activities are anticompetitive, it said. The fact that such raids are carried out doesn’t mean the companies are guilty of antitrust behavior or prejudge the outcome of the investigation, it said. The EC won’t publish the names of the companies at this point, it said. The European Telecommunications Network Operators’ Association had no comment. ISPs under investigation include Orange, Deutsche Telekom and Telefonica, wrote independent telecom consultant Innocenzo Genna Thursday on his radiobruxelleslibera blog (http://bit.ly/12p0UbP). The EC “intend[s] to verify the peering policies of such dominant operators because there are suspects [sic] that they may refuse peering (i.e. exchange of Internet traffic with other ISPs, normally for free) for anticompetitive purposes,” said Genna, who’s also council officer of the European Internet Services Providers’ Association. The case has a “strong connection with the net neutrality debate,” because the refusal of peering may cause artificial scarcity of Internet bandwidth, since the interconnection between the various ISPs is kept at a level that’s insufficient for the quantity of Internet traffic, he said. That results in congestion, interruptions and delays affecting users, he said. The possible goals of such alleged anticompetitive behaviour are questionable, he said. Dominant ISPs could be trying to force other operators such as carriers or rival ISPs to pay a potentially abusive price for peering directly with them, he said. The traffic of ISPs for whom peering is refused will be directed to other destinations via transit agreement and will reach the dominant ISPs through a longer path, with a negative impact on users’ quality of service, he said. Another reason for the alleged behavior may be to force hosting providers such as Google to move their servers to the dominant ISPs’ networks in order to give the latter’s clients better quality, he said. Genna stressed that Orange, Telefonica and Deutsche Telekom aren’t dominant in the peering market, but they are in the broadband access markets. The EC intends to verify whether they're leveraging that position to get higher prices in the competitive peering market, he wrote. Orange spokesperson said: “A number of Orange premises are currently subject to inspection by the European Commission and these inspections could take several days to complete. Orange is extending its full cooperation to the European Commission and at this point the Group’s working practices have not been called into question in any way. We are confident about the eventual outcome of this matter, given the French Competition Authority decision regarding Cogent which exonerated our Group. The company’s business activities are continuing as normal during the inspections.” The EC probe apparently arises from a dispute between Orange and Cogent last year, Genna wrote. Cogent was refused a free peering agreement and lost a case before France’s competition authority on the basis that Orange was allowed to charge for peering to avoid a strong imbalance of traffic from Cogent, which was hosting, among other things, the Megaupload cyberlocker service, he said. Orange was, however, required to clarify its peering policy, he said.

The U.K.’s “expansive spying regime” appears to operate outside the law, isn’t accountable and is neither necessary nor proportionate, Privacy International (PI) said Monday in a claim filed in the Investigatory Powers Tribunal (http://bit.ly/15r7MWK). The action challenges the government on two fronts, PI said: (1) Failure to have a publicly accessible legal framework in which communications data of those located in the U.K. are accessed after being obtained and passed on by the National Security Agency through Prism. (2) The “indiscriminate interception” and storing of huge amounts of data by tapping undersea fiber cables through the Tempora program. It’s reported that the U.K. has had access to Prism since at least June 2010, and generated 197 intelligence reports from the system in 2012, PI said. Without a legal framework that lets citizens know the circumstances in which such spying takes place, the government “effectively runs a secret surveillance regime, making it nearly impossible to hold them accountable for any potential abuses,” it said. That appears to breach the European Convention on Human Rights, which safeguards the rights to privacy, personal communications and freedom of expression, it said. PI intended to file the Prism case in the Administrative Court, which would have made it public, but after government objections, filed in the tribunal, whose proceedings aren’t public, the organization said. The Government Communications Headquarters, which is taking the lead on the case, said it doesn’t comment on intelligence matters.

Fallout from the revelations of U.S., and now U.K., spying continues in Europe as high-level government officials began setting up an EU-U.S. group to discuss the allegations, the European Parliament said it will start an in-depth probe into the surveillance programs and Digital Agenda Commissioner Neelie Kroes warned that American cloud security providers will lose business if they don’t safeguard customers’ privacy. However, it appears that the turmoil won’t stall talks on the transatlantic trade and investment treaty (TTIP), prompting criticism from privacy advocates.

CAMBRIDGE, U.K. -- The inherently global nature of the digital economy and the companies that lead it is forcing data protection authorities (DPAs) to boost cross-border cooperation, said Canadian Privacy Commissioner Jennifer Stoddart Monday. One focus of that increased coordination was a joint Canadian-Dutch investigation of California-based WhatsApp, a mobile messaging platform, said Stoddart and Jacob Kohnstamm, chairman of the Netherlands Data Protection Authority. The company has begun to clean up its act, but the situation isn’t yet resolved, Kohnstamm said. Mobile apps in general, and geolocation services in particular, create privacy headaches which industry is trying to cure, said other speakers at a Privacy Laws & Business conference.

BRUSSELS -- The 700 MHz band will likely be harmonized globally for mobile broadband services at the World Radiocommunication Conference in 2015 but under three different band plans, speakers said Wednesday at a Forum Europe spectrum management conference. The goal of WRC-15 is to coordinate use of the 700 MHz and other bands, but the Radio Regulations don’t deal with band plans, Joaquin Restrepo, ITU Radiocommunication Bureau head of outreach and publication services division, said. If the 700 MHz band is coordinated for wireless uses, but there are separate band plans for the U.S./Canada, China and the rest of the world under the Asia-Pacific band plan, then economies of scale, roaming and interoperability will suffer, he said.

BRUSSELS -- The idea of harmonizing spectrum nationally, at the European level and even globally, is gaining ground but won’t be easy, speakers said Tuesday at a Forum Europe spectrum management conference. Europe and other regions are focused on the 700 MHz band, whose ultimate use will be a major topic at the World Radiocommunication Conference in 2015, but other bands may also be suitable candidates, they said. But some cautioned that harmonization must be better defined and that it isn’t always a good thing.

The scale of the Prism surveillance program shows “how fragile our open Internet is,” said Council of Europe (CoE) Information Society and Action against Crime Director Jan Kleijssen in an interview. While organized crime and terrorism are challenges that must be met, they can’t be allowed to compromise people’s freedoms, he said: Security and human rights “should be mutually reinforcing.” Kleijssen spoke Tuesday before this week’s European Dialogue on Internet Governance (EuroDIG) in Lisbon, Portugal. He also said the CoE is trying to mend fences with several of its members who signed the new International Telecommunication Regulations (ITRs) last year when most rejected it. How to keep the Internet open, free and safe remains elusive, speakers said at a Thursday EuroDIG debate.

The European Commission wants speedy answers to its remaining questions about Prism, said Justice, Fundamental Rights and Citizenship Commissioner Viviane Reding and Home Affairs Commissioner Cecilia Malmström in Wednesday letters to U.S. Homeland Security Secretary Janet Napolitano and Attorney General Eric Holder. The four met Friday at a ministerial powwow in Dublin to discuss the surveillance programs but Holder, to whom Reding had sent questions June 10 (CD June 14 p14), was “not yet in a position” to respond to them all, the officials said. “Given the strength of feeling and public opinion on this side of the Atlantic,” the EC wants answers as soon as possible, they wrote. U.S. spying continues to rankle the European Parliament, whose Civil Liberties, Justice and Home Affairs (LIBE) Committee Reding updated Wednesday.

Along with more malware, phishing, ransomware and mobile platform malware, cybercops can look forward to more infiltration of large corporations by criminals hacking into the law, accounting and other firms serving them, said Europol Assistant Director Troels Oerting in an interview Monday. The center is also seeing a hike in the volume of mainstream crime by average people who can now easily buy hacking tools, he said. Carrier grade network translation (CGN) on IPv4 networks is one of several challenges to tracking cybercriminals, said Oerting, who heads Europol’s European Cybercrime Centre (EC3). Other experts have said CGN may hamper investigations (CD June 11 p5).