The issue of governmental collaboration was raised at the recent International Forum on Cyber Security in Lille, France, where several criminal investigators raised concerns over legal barriers which are currently stopping them from investigating cyber crimes that span numerous countries.
With cyber criminals originating from all over the world, cyber crime laws and specialist police divisions are colliding, and cyber crime legislation, in particular, can differ from country to country. Along with a lack of a consistent cross-border legislation to improve conviction rates, the panellists agreed that things need to change.
“The subject [of this panel] on international co-operation is absolutely necessary but is it sufficient?” asked Laurent Baille, a cyber crime expert working on behalf of the National Gendarmerie, a branch of the French armed forces. “No, not yet in relation to the retention of data and the preservation of data. There are avenues for reflection,” he noted.
This issue can't even be helped by new technology solutions, said the panel, as there simply isn't one 'magic' solution available to investigators.
"Many of the technology solutions already exist; the big problem is that there is no legal structure," said Valerie Maldonado, a divisionary commissioner at France's Central Directorate of Judicial Police (DJP).
Legality issues at the forefront
Panellists added that defence teams “shouldn't have fewer tools than the attackers” and were especially concerned about legality, especially with cyber crime increasingly an international problem.
Noting data hosted by cloud providers in other countries – a topic that has also been highlighted as a result of the NSA surveillance – experts said that there are still legislative barriers, not only to data access, but also on how long they can hold that data. This isn't the first time this issue has arisen, with senior commonwealth law ministries debating the topic at a meeting in London back in September last year.
“There are legislative barriers around the cloud provider abroad,” said Maldonado, who encouraged governments to work on systems that allow for quick and basic cooperation across numerous countries.
“[The question] is there is a quick way to access the information required,” she added. “Often foreign investigations can't retain the data, so how do you expect us to do an investigation?”
Laurent Baille was bolder on the subject.
“Information from an investigation can end up in another country. We need to act, react fast cross-border geographically or legally. We need to break down borders.
“Why should we respect borders? Criminals don't.”
Andy Archibald who is deputy director for the National Cyber Crime Unit – part of the National Crime Agency in the UK – agreed that, despite the introduction of the Budapest Convention and the forthcoming European Cybercrime centre, due to be fully operational from 2015 to co-ordinate cross-border law enforcement, cooperation can still be improved.
“If you can't resolve international sharing, data sharing and international deconfliction, that's a real barrier. Data preservation is also a real challenge.”
Adele Desirs, who works as the criminal intelligence officer at Interpol, agreed that accessing personalised data was a challenge, but privacy lawyer Stewart Room told SCMagazineUK.com shortly after the event that there are already numerous laws in place to help with criminal co-operation, and instead said that getting these to work efficiently is often the issue.
“Law enforcement always wants more powers and I expect operationally on the ground they think the law is sub-optimal. Writing law is one thing, making it work is another,” he said.
Sharing should be encouraged
While law changes may be in the distance however, Archibald says that the nation states can help themselves by encouraging cross-border collaboration.
“The criminality borders were fine in the ‘analogue' age,” said Archibald. “The crimes were in Glasgow to Edinburgh, then Glasgow to London. Now it's worldwide. The environment is very different to 20 years ago, 10 years ago or even five years ago. We need a test framework that works well in the 21st century.
“We need to share some of the success stories and recover intelligence on the internet,” he added, noting that many cyber crimes are carried out by the ‘same people, same groups and same types of malware'.