data protection and cybercrime the dilemma of internet service providers ceenet workshop 22...
TRANSCRIPT
Data Protection and CybercrimeThe dilemma of Internet Service Providers
CEENET Workshop22 September 2002
Joe McNameeRegulatory Affairs Manager, EuroISPA
22 September 2002 CEENET Workshop Slide: 2
Introduction• EuroISPA was born on 6 August 1997 in Brussels
• Pan European association of ISP associations in EU Member States.
• Grown from 6 to 9 members since its inception.
• Represents an estimated 800 ISPs across the European Union.
• Put simply, it is the largest ISP Association in the world.
22 September 2002 CEENET Workshop Slide: 3
Aims• Protect and promote European interests within
global Internet.
• Deliver benefits of new technologies to individuals whilst meeting legitimate concerns of parents and weaker members of society.
• Encourage development of free and open telecommunications market.
• Promote the Interests of our Members and provide common services to them.
22 September 2002 CEENET Workshop Slide: 4
AEPSI
AFA
AIIP
ISPA AT
ECO
ISPAI
NLIP
ISPA UK
Members & PartnersFull Members International Partners
Associate MemberLINX - London Internet Exchange
US ISPA - United States Internet Service Providers Association
APIA - Asia & Pacific Internet Association
IIA - Australian Internet Industry Association
CAIP - Canadian Association of Internet Providers
HKISPA - Hong Kong Internet Service Providers Association
TELESA - Telecom Services Association, Japan
ISPA SA - Internet Service Providers Association South AfricaECOMLAC - Latin America and Caribbean Federation for Internet and Electronic Commerce
22 September 2002 CEENET Workshop Slide: 5
An important distinction...
HARMFUL
vs
ILLEGAL
22 September 2002 CEENET Workshop Slide: 6
The Internet is full of surprises
• Age Anonymous• Gender Anonymous• Identity Anonymous• Not easily traceable• Many different
technologies• Changing and growing
22 September 2002 CEENET Workshop Slide: 7
Introduction• Data protection: the obligations of ISPs• Law enforcement: the obligations of ISPs• The problem of the ISP ‘in the middle’• The legal framework to the rescue?• Conclusion: every option is the wrong one
22 September 2002 CEENET Workshop Slide: 8
ISP Issues with cybercrime• Legal and Technical Framework
– illegal vs harmful
• Interception• Data Retention – integrity and security• Liability-issues• Expedited Retention/Interception• Data Protection• Cost Sharing• Disruption of normal business
22 September 2002 CEENET Workshop Slide: 9
ISP Role in Law Enforcement• Log file retention• Technical Advisor• Expert Witness• Notice & Takedown Procedures• Mutual Legal Assistance• Interception• Evidence Preservation
22 September 2002 CEENET Workshop Slide: 10
Data Protection• The protection of consumer’s private data
– is an obligation for ISPs, – is a prerequisite for keeping customers’ trust and
staying in business.
• ISPs have every incentive to take every possible measure to protect consumer’s personal data, however...
22 September 2002 CEENET Workshop Slide: 11
Law enforcement
• ...ISPs also have legal obligations to aid law enforcement in the combat and prevention of cybercrime.
• BUT: Law enforcement officials may consider data protection a secondary concern, and often make demands on ISPs that effectively assume data protection violations by the ISPs.
22 September 2002 CEENET Workshop Slide: 12
The problem• ISPs responsibilities to the consumer (its
clients) • ISPs responsibilities to help fight cybercrime
CONFLICTING DEMANDS on ISPs: what to do?
22 September 2002 CEENET Workshop Slide: 13
Answers from the legal framework?• The legal environment in which ISPs find themselves
with respect to these two issues is VERY complex and, at times, arbitrary:– 95 Data Protection Directive
• Implementation
– E-commerce Directive• Implementation
– New Communications Package (forthcoming)– National sets of laws, regulations– UNCERTAIN LEGAL FRAMEWORK
22 September 2002 CEENET Workshop Slide: 14
Privacy Conclusions• ISPs are stuck in a trap with the demands of
consumers, data protection authorities and reputation on the one hand…
…and the demands of law enforcement officials on the other.
• The problem is compounded for ISPs operating in more than one Member State as data protection attitudes, laws and practices vary considerably from state to state.
22 September 2002 CEENET Workshop Slide: 15
Activities• G8 – Cybercrime • Council of Europe – Cybercrime convention
• EU – Directives, Policy, Data Protection
• UN – Cybercrime
• ICRA – Internet Content Rating Association
• INHOPE – Internet Hotline Providers in Europe
• Europol• Interpol
22 September 2002 CEENET Workshop Slide: 16
Other Content Liability issues• Copyright Directive - temporary internet files• Electronic Commerce Directive
– Mere Conduit– Caching– Hosting– No obligation to monitor
22 September 2002 CEENET Workshop Slide: 17
Competition Issues• All accession countries have completed
“telecoms chapter”• Framework Directive• Access and Interconnection Directive• Licencing and Authorisation Directive• Telecoms Data Protection Directive• The chapter has been completed so
everything is okay then?
22 September 2002 CEENET Workshop Slide: 18
Competition Issues• Local loop unbundling is a mess• Leased line provisioning is a mess• Numerous complaints about interconnection
for ISPs.• Having the legislation is one thing - having
effective,
Contact Points:
Joe McNamee
European Affairs Manager , EuroISPA
T: +32 2 503 2265F: +32-2-503 4295
W: www.euroispa.org