Computer Crime Problems Research Center


(By David Penfold)

It has been reported in the news that Chinese hackers are defacing US government sites and, in turn, US hackers are defacing Chinese government sites. At the same time, in the UK, a National Hi-Tech Crime Unit (NHTCU) has been set up to investigate paedophilia, fraud, extortion, hacking and copyright abuse. My initial reaction is to deplore the first of these and praise the second. However, as so often, the situation is not that simple.

Some time ago, it was reported that ‘hacktivists’ were using their cyber abilities to assist civil rights workers in China (see Will we condone this because we deplore some of the repressive attitudes of the Chinese government? After all, the Chinese government are arresting and sending to prison people who use the Internet for what they regard as subversive activities. Yet, the UK government has brought into law the Regulation of Investigatory Powers (RIP) act, which essentially gives the police powers that are not dissimilar to those of the Chinese government and which will presumably now start to have real teeth with the setting up of the NHTCU. That other countries with similar laws include Russia and Malaysia is hardly encouraging. What will our position be if ‘hacktivists’ decide that they will target the UK as well as China?

Probably the most controversial aspect of the RIP act is the power to demand the keys to any encrypted information - and the burden of proof is on the accused; they have to prove themselves innocent, rather than the reverse, reversing the usual assumption of ‘innocent until proved guilty’. Thus, if someone refuses to produce the keys or has ‘lost’ them, they could face a two-year jail sentence. For the innocent this is a horrifying prospect, while it has been suggested that, for the real criminal, this may provide an easy option, i.e. two years rather than a much longer sentence if illegal material were discovered following decryption.

Of course, the vast majority of people do not condone crime of any kind, major or otherwise, and in a previous article [] I have deplored the abuse of intellectual property rights that, in my view, very correctly led to the curtailing of Napster’s activities. However, the USA, France and Germany have rejected the approach taken by the British government and Ireland has even made it illegal for the government to access encryption keys. Even the UK Data Protection Commissioner has noted her concern and suggested that the powers in the act could be contrary to European human rights laws. In contrast, the Council of Europe is in the process of finalizing an international treaty on Internet crime, which Canada, Japan, the USA and South Africa are also expected to ratify. Presumably, countries signing this treaty will feel that it has enough teeth without the need for an RIP-type bill.

It has been shown that the man accused of killing UK television presenter Jill Dando managed to obtain her address via the Internet and there is no doubt that paedophilia and racism are encouraged by certain sites, so it is clear that the Web needs to be policed. However, if other countries can cope without draconian measures such as the RIP act, it is not clear why the UK needs to emulate more repressive regimes.

The World Wide Web has effectively crept into every part of our lives. It is hardly surprising, therefore, that it is used for criminal activities. However, there is a danger that the RIP act, and possibly the activities of the NHTCU, will infringe the rights of innocent citizens, whose activities may not be to everyone’s taste, but are nevertheless quite legal. Who will be the first person to be sent to prison because they have lost their encryption keys? Let us hope that the judiciary takes a common sense view of the situation; we do not need Internet martyrs!


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright © Computer Crime Research Center, 2001-2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
[email protected]