Are regulators finally aware of the Internet?
Crimes committed through the Internet largely go uninvestigated and unprosecuted by law enforcement and regulatory bodies. Most highly visible is the plague of attempted fraud such as phishing for online banking passwords and advance fee scams like “you’ve just won a lottery†or “help me get money out of Nigeriaâ€. System intrusions through spyware and direct attack also go largely unprosecuted, as do denial of service crimes and spam.
Part of the problem is the multi-jurisdictional nature of the Internet. Which agency should take the lead in attempted fraud originated by a person physically located in Kenya who used a compromised home PC in the U.S. to send e-mail through Yahoo UK to a victim in Canada? Is it even possible to gain cooperation from each of the law enforcement, government, regulatory agencies and private service providers needed to trace the crime to the originator?
Another issue is that even more than a decade after the Internet became widely available, most law enforcement and regulatory bodies still lag in technical knowledge and investigation abilities for computer-based crime. There is also a lack of will, especially when it comes to shutting down profitable businesses, even if those profits are through violations of the law.
A few developments this week with the U.S. Federal Trade Commission (FTC) give hope that things with that agency at least might be finally be changing.
The FTC has successfully won a US$4 million judgment against spyware purveyor smartbot.net. It was one of the many spyware operations that infiltrated computers by advertising spyware removal software that was actually a trojan front for spyware. Interestingly, the person behind smartbot is the legendary Sanford Wallace, one of the first of the large-scale spammers.
Another recent FTC action is the launch of lawsuits against some of the companies who use fraudulent techniques to access and then sell telephone records. Last year Maclean’s Magazine embarrassed the Canadian Privacy Commissioner by obtaining her personal landline and cell phone records by using one of these “data brokersâ€.
The data broker action is particularly promising since it deals with privacy issues. The U.S. is one of the few countries that still has no national consumer privacy laws which has lead to a huge unregulated industry collecting and selling personal information. Unintentional disclosure of these data is rampant in the U.S., a fact that has only recently gained public attention because of recent laws in some states requiring notification of large breaches of personal data.
The FTC has also started a few actions against spammers and pharmaceutical scammers but nothing yet of major significance.
It’s important for U.S. regulatory and law enforcement bodies in particular to act against Internet crimes since so much of it originates there. Almost all spam, for example, originates from persons in the U.S. It may be sent via open relays in South Korea and link to web sites hosted in China, but the individuals behind it are folks like the infamous Alan Ralksy in Michigan.
However, every country needs to focus far more on Internet crimes than they have so far. The excuses that it’s too new or affects only a few people doesn’t wash anymore. Internet usage currently estimated to be anywhere from 694 million to over one billion people. Losses from advance fee frauds like the Nigerian 419 scam alone are estimated at over US$ three billion, and that is just one small cottage industry of criminals.
Hopefully recent actions in the U.S. signal the start of a new awareness and willingness to bring Internet-based crime under control.
Related posts: