G8 Conference on High-Tec Crime, 22-24 May 2001, Tokyo



The draft Recommendations from the "G8 Conference on High-Tec Crime" being held in Tokyo (and draft press release reproduced below) give effect to the extended "International User Requirements" (as set out in ENFOPOL 29) - which require access to mobile phones, satellite phones, internet usage and users' personal details - at the international level.

The draft Recommendations would allow national law enforcement agencies to service "foreign preservation instructions" by serving an interception order on network and services providers through "expedited approval" even where: "there is no violation of domestic law".

The meeting is comprised of high-level officials and advisers from the G8 countries (eg: the G8 Senior Experts Group on Transnational Organised Crime) and representatives from business. The G8 members are:
US, France, UK, Germany, Italy, Japan, Canada, Russia and the European Community.


G8 - Recommendations on tracing networked communications across borders

i) Ensure data protection legislation, as implemented, takes into account public safety and other social values, in particular by allowing retention and preservation of data important for network security requirements or law enforcement investigations or prosecutions, and particularly with respect to the Internet and other emerging technologies.

ii) Permit domestic law enforcement to serve foreign preservation instructions to domestic service providers after expedited approval, with substantive review if required by domestic law through a domestic judicial or similar order.

iii) Authorise domestic law enforcement, through the execution of a single domestic judicial or similar order where permitted by domestic law, expeditiously to preserve or to instruct domestic service providers expeditiously to preserve existing traffic data regarding a specific communication whether one or more service providers were involved in its transmission, and to instruct the service providers expeditiously to disclose a sufficient amount of traffic data to enable identification of the service providers and path through which the communication was transmitted.

iv) Ensure the expeditious preservation of existing traffic data regarding a specific communication whether one or more service providers were involved in its transmission, and the expeditious disclosure of a sufficient amount of traffic data to enable identification of the service providers and path through which the communication was transmitted, through the execution of a single domestic judicial or similar order where permitted by domestic law.

v) Authorise domestic law enforcement to use the mechanisms described in the prior paragraph to respond to a foreign request, through expedited mutual assistance, even if there is no violation of the domestic law of the requested state.

vi) Upon receiving a request from another state to trace a specific communication, authorise competent authorities, even if there is no violation of the domestic law of the requested state, to use mechanisms available under domestic law expeditiously to preserve all existing domestic data necessary to trace the communication, notify the requesting state if the communication appears to come from a third state, and provide sufficient data to the requesting state so that it may request assistance from the third state.

vii) Authorise domestic law enforcement to trace in real time specified communications in order to determine their path, origin or destination, including through multiple providers in a country , using a single domestic judicial or similar order if permitted under domestic law.

viii) Authorise domestic law enforcement to use the mechanisms described in the prior paragraph to respond to a foreign request, through expedited mutual assistance, even if there is no violation of the domestic law of the requested state.

ix) Encourage strong user-Level authentication for appropriate applications, with due regard for technological neutrality and users' freedom of choice.

x) Allow service providers to retain non-personal data, perhaps by strongly supporting the adoption of best practice codes by service providers and service provider associations.

xi) Authorise under domestic law the recording of IP addresses or other traffic data indicating the destination of a communication in real-time.

xii) Allow service providers to co-operate with one another through the sharing of traffic data regarding network fraud and abuse when necessary to protect immediately a provider's rights and property , and encourage them to contact law enforcement as soon as possible.

xiii) Allow service providers to co-operate with one another through the sharing of non-personal data {concerning [[illegal][harmful] activity regarding their businesses and services][network fraud and abuse]}{when necessary to protect a provider's [system][rights and property].

xiv) Encourage modification of the network architecture to support strong authentication, with due regard for technological neutrality and users' freedom of choice.


Draft Press Release (l May)

G8 Officials and the Private Sector Meet to Discuss Combating Computer Crime/ G8 Government/Private Sector High-Level Meeting on High-tech Crime

Tokyo - Senior representatives of the governments and the private sector from all G8 countries met here this week to continue discussions on combating high-tech and computer-related crime and the exploitation of the Internet for criminal purposes. The G8 Govemment/Private Sector High level Meeting on High-tech Crime was held May from 22 to 24 and was sponsored by the G8's Senior Experts Group on Transnational Organised Crime, known as the Lyon Group.
1.

2.
Information and communication technology (11) is one of the most potent forces shaping the Twenty First century.

The economic, social and cultural transformation we are witnessing promises to be profound. However, constant advancement of IT also provides criminals with opportunities to abuse such new technologies to commit crimes. High-tech crime can be committed through several telecommunications/ computer networks in different countries in an instant, and directly affects private individuals as well as companies and countries around the world. It poses a serious global threat.

In order to combat effectively high-tech crime, international cooperation is indispensable. The G8 thus has been addressing this daunting challenge within the framework of the Lyon Group. Cooperation among governments alone is not sufficient. The partnership between governments and the private sector is critical and has been emphasised by G8 Heads of state and government since their Summit in Birmingham in 1998.

It is against this background that the Lyon Group convened the first conference of G8 government and private sector representatives in May 2000 in Paris. At the Paris Conference, G8 government officials - engaged in a dialogue with representatives from 130 major companies associated with communications and new technologies. Delegates discussed the ways in which new technologies threatened the security of communication and computer systems or were being used for criminal purposes, and explored possible solutions.

At the Kyushu-Okinawa Summit last year, G8 Heads of State and Government welcomed the results and the momentum created by the Paris Conference and stressed the need to promote dialogue with the private sector. The Lyon Group thus convened the Berlin Workshop in October last year to progress the dialogue. To best complement the Paris Conference, the majority of the work in Berlin unfolded in small workshops, and emphasis was placed on reducing impediments to cooperation and developing practical solutions.

This week's Tokyo Conference was convened to further promote dialogue with the private sector, following the commitment of the Heads at the Kyushu-Okinawa Summit, with a view to producing concrete results.

To achieve this, senior representatives of the governments and the private sector from all G8 countries (about 200 participants) met in small project groups to exchange views and opinions on concrete topics and in plenary to explore cross-cutting issues and future cooperation between governments and the private sector.

Five project groups examined the issues of i) data retention, ii) data preservation, iii) protection of e-commerce and user authentication, iv) prevention and assessment of threat, v) training, and explored possible solutions that enhance the public interest, including by protecting public safety , privacy and other social values and encouraging the growth of e-commerce.

Among the specific work undertaken at the project groups was:

- In relation to data retention, an evaluation of the costs and priorities in terms of resources, privacy and business opportunity-, while examining the variety of services, business models and service providers currently in existence; discussing best practices for voluntary data retention taking, into account the legal and technical issues involved

- Concerning data preservation, discussing best practices for both law enforcement requests for access to or preservation of data and industry responses to such requests, taking account of the legal and technical issues involved.

- With respect to protection of e-commerce and user authentication, defining better business practices for Internet merchants for protection against fraudulent activities, including: mechanisms for the exchange of information, authentication of on-line transactions and identifying the responsibilities of different actors; and exploring the different kinds of user authentication and which applications incorporating user authentication are likely to contribute to the deterrence of crime and increased confidence in cyberspace.

- As to threat assessment and prevention, discussing appropriate cooperation among relevant actors regarding -IT security; and defining; actors, objectives, and mechanisms, including; application of IT security standards, exchange of information and early warning systems.

- Regarding training, developing the skill sets necessary to ensure that individuals involved in the fight against high tech crime within and across borders are sufficiently knowledgeable to allow effective investigation.
All the groups engaged in free, frank and practical discussions with active involvement of participants both from the government and private sectors. Capitalizing on the work done at the Paris Conference and the Berlin Workshop, the groups developed concrete products towards practical solutions [some of which are attached hereto. ]

4.
5.
After the project group sessions, all the participants met in plenary . The participants discussed the areas taken up in the project groups from a wider perspective, and also explored broader issues, inter alia, future cooperation among relevant actors, public awareness and outreach to non-G8 countries.

While development of any formal agreement or agreements was not sought, all parties recognised the value of this dialogue and the need for it to continue through various mechanisms and fora as appropriate.

The government-delegates attending the Workshop, after consultation with private sector representatives, shared the following views:

While IT offers unprecedented opportunities for accessing, sharing and exchanging information and for economic development, its abuse is a source of increasing concern for the international community. The more IT becomes an essential foundation of the global society, the more crucial it will become to ensure safety and confidence in cyberspace. Lack of confidence therein may well endanger the very foundation of the IT -driven society. In this sense, governments, the private sector, and individual users all share a joint interest in the fight against high-tech crime.

In order to secure safety and confidence in cyberspace, it is necessary to maintain- law enforcement's ability to locate and identify high-tech criminals and to ensure they can, effectively prevent online criminality, while respecting privacy, sound development of industry, and other social values. Needless to say, many solutions to these challenges call for further development and cooperation between government and the private sector. Improvement of education and training opportunities for both public and private sector parties is also critical.

The Tokyo Conference represents another significant step in the deepening dialogue between G8 governments and private sector representatives in these areas, and in turn, in combating high-tech crime and furthering safety and confidence in cyberspace. We seek, at the turn of century, the continuing protection of the prosperity , opportunity, and civil rights of our citizens in cyberspace.

The results of the Conference reaffirmed the need to-strengthen further the cooperative relationship between government and the private sector, and to improve-international cooperation worldwide, in order to combat high-tech crime.

The outcome of this Conference is expected to enhance discussions among the G8 Heads who will meet in Genoa in July 2001.

back to Updates: Updates  back to: S.O.S.Europe



Statewatch home page   Statewatch News online

© Statewatch ISSN 1756-851X.Material may be used providing the source is acknowledged. Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.