The Internet has no borders, countries do. And that’s what makes it so difficult for law enforcement to chase cybercriminals. Trend Micro works with these bodies for years and we see how painful and long these processes are, once the cybercriminal is somewhere else. We not only work close with local police but also with Europol and INTERPOL, which helps when it comes to international crime. They do a great job, but the bad guys clearly have an advantage as their flexibility and speed makes it easy for them to jump around in cyberspace and build up systems everywhere. And pretty often, they go to countries where cybercrime is not a crime or chasing them is low priority.
Non-Europeans might believe that in united Europe it should be easier, but they might not realize that in terms of IT and Internet policies, Europe isn’t that united. So I’m excited to learn that officials from the European Commission will now start a dialogue with Internet service providers on how to get more information about cyber attacks and how to make it easier for police in one country to get electronic evidence from another.
Experts from 28 European countries will meet in March to discuss details. I really hope that the discussion will be fruitful and there will be a common agreement on how to share data and evidence about cybercrime—of course after a proper subpoena process. But is this good enough? Sure, it will help identify and process cybercrime in Europe faster, but what about if the cybercriminal is outside of Europe? And what if they just find better ways to hide their traces? That’s why I hope that something else will be discussed in March: how to work with the ISPs so they deliver clean water out of their Internet pipes.
I’ve been using this analogy for over 10 years now: no matter where in Europe I am, I drink tap water in the hotel rooms—and I never caught a stomach bug. That’s because they provide clean water. In cybercrime, while it is not that easy to clean it all, why do we still see so many spam emails? Why do simple malware still make it to the end-user? At least with this common stuff, you should be able to filter out, like how you process water before it becomes drinkable tap water. Baseline filters should be a standard and implemented at every European ISP. And when every ISP agrees on standards to share the logs about spam and malware, when every ISP warns others about new and wide-spreading malware and automatically generates an Open Standard Indicator of Compromise ruleset, which is then shared with everyone else, then we are moving ahead! And then Europe would be less attractive for the average cybercriminal.
So while I welcome these upcoming debates, I believe that more should be discussed. As a European, I expect that I have easy access to clean water, electricity, public transportation, and all other infrastructural benefits First World countries deliver. Am I demanding too much if I also want to have a basic filter to filter out the well-known malware, malicious URLs and spam?