A former director of the federal police cyber crime unit has hit back at Eugene Kaspersky's claims that the EU Convention on Cybercrime will not work.
The cybercrime convention aims to unify laws around the world to aid prosecution of offences including copyright infringement.
Kaspersky, the head of Russian security firm Kaspersky Labs, rubbished the decade-old global treaty and called it a failure he said because it could not unify cybercrime laws across signatories.
But it was the world’s best chance at unifying laws across national boundaries, said Nigel Phair who was now director of the Centre for Internet Safety.
“The EU Convention is all we have,” Phair said.
“Nations should embrace it as much as possible. It is critical because it makes it more possible to act against cyber crime across borders.”
Legal differences left police relying on law-enforcement agreements and Interpol to prosecute cross-border cybercrime.
The 2001 EU convention was a “first mover” on cross-border prosecution of cybercrime and was a mature, model criminal code adopted by nations such as Australia.
The UN International Telecommunication Union did “piecemeal work around the edges” of the convention but missed its opportunity to lead the development of international cybercrime law, Phair said. The ITU flagged problems with the adoption of the treaty outside of the EU in 2009 (pdf).
Kaspersky criticised the treaty on grounds that nations would not alter their laws.
"Do you think it's real that if a government computer in Russia is infected, that they will let the US in? Or that the White House will let Russia in? And then China or Latin America? Forget about it," Kaspersky said.
But Phair said it was too early to cast doubt on the acceptance of the treaty: “I’m a believer that nations get to know each other through trade and joint training and investigations. It develops respect and trust”.
Interpol police won't happen
And Phair doubted Kaspersky’s comment that a solution was in an “internet Interpol”. He said Interpol did not have the statute to be an enforcement agency and such an entity would likely be rejected by nations.
“They can be nothing more than a conduit of information and best practices between nations. A global police force is BS,” he said.
Efforts should instead be poured into training police, regulatory agencies and educating the public on online risks, he said.
In the near term, Australia should extend its investment in neighbour countries for organised crime enforcement to cybercrime.
“We do not have a lot of intel[ligence] on cybercrime” in developing Asian countries because “the government and private sector do not put much research into it”, Phair said.
“It is a small footprint but it is valuable.”