New Zealand has been singled out at an international computer security conference as a country lacking in computer crime laws.
At the first Global InfoSec Summit in Washington, former White House official Bruce McConnell, who lead the International Y2K Cooperation Centre, said a preliminary analysis of 44 nations showed more than half of the countries studied lacked any specific computer crime laws at all. Most of the major industrialised countries have such laws, including India and Malaysia. But there are some notable exceptions, such as New Zealand and Norway, he said.
For businesses, the absence of specific laws dealing with information security creates an element of risk and uncertainty. "I don't think there is a resistance [to computer-specific laws], it's more of a lack of awareness," McConnell said.
More countries have laws prohibiting break-ins of government computer systems but they don't necessarily extend those same protections to the private sector, said McConnell, who operates a Washington-based consulting firm McConnell International LLC. But "as a general matter, the penalties are very weak," he said.
However the New Zealand government is expected to announce e-commerce and e-crime legislation at an upcoming e-commerce summit in Auckland on November 1. The government has been working on amendments to the Crimes Act to cover hacking and data theft. The e-commerce legislation is expected to put digital or electronic signatures on the same legal footing as physical signatures.
The Washington conference, sponsored by the Information Technology Association of America in Arlington Virginia, and the World Information Technology and Services Alliance in Virginia, a group that represents high-tech trade associations worldwide, took a bird's eye view of security issues worldwide. When it comes to cybersecurity, the conference proceedings revealed that many countries remain far apart in their approaches.
Some attendees were worried about the security implications raised by the Uniform Computer Information Transaction Act (UCITA), the controversial software licensing law being considered by states in the US. Vendors may use the law's provisions to prohibit reverse engineering of software code, something security experts often do to search for problems.
But Steve Katz, the chief information security officer at Citigroup, said industry groups, such as the Banking Industry Technology Secretariat (BITS), can put pressure on vendors to ensure software is examined.
BITS last year established a security laboratory in Reston, Virginia, operated by Global Integrity, to test the security features of banking applications. "If a product doesn't pass, you are going to have a problem getting in the door" of a financial institution, said Katz.
Businesses that plan to offer digital signatures to consumers may have a tough sell ahead of them, according to an opinion poll released by the ITAA. In a telephone poll of 1,000 adults, 70% of respondents said they wouldn't feel safe using digital signatures. Harris Miller, president of the ITAA, said the results clearly indicate that the public is sceptical. "Leaders of the New Economy have an educational challenge," said Miller.
But more respondents - 42% versus 21% - were inclined to trust businesses over government when it came to protecting their personal data. Thirty-seven percent surveyed didn't answer this question.
J. J. Disini, a Manila-based attorney, offered a postscript to the Love Bug virus incident that had the conference audience laughing.
The technical computing college that the alleged author of the Love Bug virus attended before he dropped out has developed a program to place students in jobs in foreign countries, said Disini. He said the school's tag line for selling itself could be: "If our dropout can cripple the world's systems, imagine what our graduates can do."