130 likes | 247 Views
Internet Governance and Regulation Internet Safety : Concrete Ways Forward For Government-Industry Partnerships. Baltic IT&T 2005 David Finn Senior Attorney and Director, Internet Safety -- Microsoft EMEA Riga, 6th April 2005. Introduction. The Challenge of Ensuring Internet Safety
E N D
Internet Governance and RegulationInternet Safety : Concrete Ways Forward For Government-Industry Partnerships Baltic IT&T 2005 David Finn Senior Attorney and Director, Internet Safety -- Microsoft EMEA Riga, 6th April 2005
Introduction • The Challenge of Ensuring Internet Safety • Legal: borderless nature of the Internet • Technological: fast changing environment (broadband, 3G…) • Both Private and Public Sector Own a Part of the Solution • 3 Examples of Public-Private Partnerships • The Botnet Task Force • SpotSpam • Child Exploitation Tracking System (CETS)
1.1 The Botnet Threat • The Botnet Phenomenon • Networks of thousands of zombie computers • Surreptitious bot (“robot”) placement = criminal opportunity • Botnets are sold to others for malicious purposes • DDoS attacks, spam relay, disclose PII, destroy data • A Reply: the Botnet Task Force • October 2004, Washington, USA -- 70 Law Enforcement officials from 16 countries • 11-14 April 2005, Prague, the Czech Republic • Already one significant prosecution
1.2 The Botnet Task Force • Content • Case studies and best practices • Technical training and support provided by both Microsoft and international law enforcement experts • Expected Outcome is to Establish a Protocol: • for handling investigative leads • for the exchange of information across national boundaries on a more regular basis.
2.1 Our Experience Fighting Spam • Legal Actions Since 2003 by Microsoft EMEA • 10 lawsuits - DE, FR, IT, UK, IL • 10 referrals to public authorities DK, FR, IT, LT, TR • 68 cease and desist letters DE, DK, ES, IT, IL, FR, HU, LT, SE, NL, TR • Processes • +130.000 trap accounts in the US and Europe • Partnerships with existing hotlines (FR, DE) • Network of in-house investigators and lawyers, outside counsels, corporate affairs managers
2.2 Existing Spam Rulings in EU • Civil Court • 260.000 € in Denmark against Debitel (SMS and email spam) (March 05) • Microsoft/AOL France v/ M. K. : 22.000 € in France in damages and various legal costs. Key support of the French Data Protection Authority (May 04) • Administrative Microsoft not involved • Series of fines amounting to 87.000€ in NL (Dec. 04 – OPTA) • 53.000 € fine in DK (Jan. 04 – Consumer Ombudsman) • Criminal Sanctions Microsoft not involved • 20.000 € in FR against an individual (flooding) (May 02) • 52 Nigerian arrested in the Netherlands (Jan. 04)
2.3 Variety of Legal Grounds • ISPs Have Some Legal Grounds for Action • EU wide, ISP does have some protection Civil: Breach of Contract, Trademark Criminal: Computer Misuse • Some specific legislation helps Unfair competition (DE), Property rights (NL) • EU Anti-Spam Legislation is User-Centric • By far, privacy and consumer protection statutes provide the most serious penalties • But little incentive for users to complain • Not relevant for ISPs
2.4 A Need for Public-Private Partnership • Industry Has Business Interest in Reducing the Nuisance Caused by Spam • But industry is not ideally equipped by law • Internet Users and Public Authorities are Properly Equipped by Law • But individual email users don’t have a strong incentive to complain and lack resources to act • Spam is received without boundaries • Managing complaints at national level is costly
2.5 A Concrete Project: SPOTSPAM • SPOTSPAM • Self‐Regulatory Plan on Tackling Spam • Under the EU Safer Internet Action Plan • Aims at international co-operation to provide for effective collection and use of evidence (i.e. reports from citizens) for action against spammers • Beneficiaries • Public authorities are best placed to take advantage of it • Internet users and industry will benefit indirectly • Challenges • Requires trust and commitment from citizens • Storage of reports from various countries is legally sensitive • Crucial need for close involvement from public authorities
2.6 A Concrete Project: SPOTSPAM • Participants • Full partners : eco (DE), NASK (PL) • Initial partners : • UK Anti-Spam Working Group • EuroISPA • Supported by Microsoft EMEA • Status • Project evaluated positively on 20 January 2005 • Currently in negotiation with the Commission • Expected Outcome: • Establish new ways to share complaints with public authorities • Provide public authorities with relevant information
3.1 The Child Exploitation Tracking System (CETS) • What it is • Software developed by Microsoft based on requirements of Canadian law enforcement units fighting child exploitation • Increase the effectiveness of investigators by giving them tools to store, search, analyze and share, through a network of securely connected police services • Already in use by Law Enforcement all over Canada – and that’s just the start
3.2 The Child Exploitation Tracking System (CETS) • Expected Outcome • Establish new ways to share information within Law Enforcement, at national and international level • Through teamwork involving all the experts: investigators, prosecutors, privacy authorities, industry • Official Unveiling is Tomorrow in Ottawa
Questions? David Finn dfinn@microsoft.com