Cybercrime: education not legislation the answer

Legislating against electronic crimes such as spam and ID fraud will not reduce the problem; instead, education for small businesses and consumers and cooperation between countries is the answer, according to two major industry groups, who launched a consultation paper on the subject on Thursday.

The paper, published by ecommerce lobby group EURIM, and think tank The Institute for Public Policy Research (IPPR), argues that although some legislation is required to fight internet-based crimes, alone, it will make no difference unless backed up by corporation between international law enforcement agencies and education for computer users.

Philip Virgo, secretary general of EURIM, said that as long as people are so easily fooled by scammers, no amount of legislation will solve the problem of phishing, where fake emails are sent to online banking users asking them to "confirm" their password and username: "Under no circumstances are you supposed to reveal the whole password - nobody at the bank will ask for more than a few random letters from it - and yet people have been giving the complete phrase to the phishers," he said.

This was backed up by Brian White, MP for North East Milton Keynes, who said that legislation on its own can never solve problems. "You also need education, particularly of the users. There are lots of users of computers that are prime targets for open relays because they don't know they have left the gate open," he said.

White said that internet crimes were quickly becoming a good source of revenue for organised crime gangs that have adopted the new technology to spread fear and generate income. He explained that traditionally, organised crime made money from extortion, by going to a shopkeeper and demanding money in return for protection. This type of crime has now been transferred to the virtual world.

"Offering protection from denial of service attacks is making them [organised criminals] money. Organised crime is adapting to the Internet world and it is something we need to be quite serious about," he said.

Virgo added that there is already plenty of legislation to address many of the crimes committed using computers and the internet. "The fraud scams come under the fraud laws, the vast bulk of pornography can be dealt with under the obscenity laws in the UK, the US and Canada - and in each of those countries they are extraditable offences," he said.

Richard Starnes, director of incident response and managed security services at Cable and Wireless, argues that in ecrime, technology issues are only a small proportion of the problem.

"User education and awareness is absolutely vital. This is definitely not a technology problem - it is maybe 20 per cent a technology issue but it is an 80 per cent people issue," he said.

White added that although companies should be responsible in ensuring their technology "keeps ahead of the game," any single measure to tackle the ecrime problem would fail. "It is a combination of all those issues - any one on its own will not achieve the result," he said.

Munir Kotadia writes for ZDNet UK