Cybercrime not a police priority, peer warns

Not enough is being done to prevent low-level cyber-crime as it is not a priority to the police or Home Office, according to an independent peer.

Lord Erroll, one of the independent members of the House of Lords said that cybercrime has been a contentious issue for some time and is not going away.

"E-Crime is climbing steadily, but it's not a Home Office or police priority," said Erroll. "There is a feeling that all we need to do is say use a firewall or anti-virus product and lock the doors of your data. This doesn't work. There is no ability to prosecute level two crimes where the amount lost is low because it is below the individual police area's radar"

Speaking at Microsoft's Architectural Insight Conference being held at the Celtic Manor resort in Wales, the peer said IT architects had a "serious responsibility to protect the individual."

He urged resistance to proposals to water down the Data Protection Act. "We need to resist this and make sure that it works. Chinese walls are useful but if we are going to use them we have to make sure they work," he said.

Erroll said that transformational government is going to have the biggest impact on data protection in this country.

"The government wants to increase data sharing to make joined up government more efficient," he said. "Change your address once and it will ripple through the entire organisation. It has lots of benefits but huge dangers. Systems need to be able to handle those who are the exception and who do not want their address and data moved around."

Erroll said that legislation has an impact on business and protection needs to be built into systems and software that deals with this legislation. He gave one example where a large US Bank built itself the ultimate repository for its data, but one day someone realised that while they were nuclear proof, they weren't Patriot Act proof. "This meant creating separate repositories for bank data for their Arab and Chinese customers and keeping data outside of the USA."

He said that a light touch was needed to in order to assess the impact on people and organisations.

"It is pointless passing laws that can't be enforced and some of the laws we are passing are just PR exercises. What we need is a better way to get people to where we want to go", said Erroll. "Common law uses incentives and we need to think about how we can incentivise people to help make things more secure."

He also said that unauthorised access to systems needed to be guarded against not only externally but also internally.

"Unauthorised access is when people think of hackers, but most data leakage is from people inside the system not hackers. This is where social engineering comes in. There are people who use this to corrupt people. Everyone can be bought," said the peer.

His comments were echoed by Ex-FBI agent Ed Gibson, now chief security officer at Microsoft UK. Gibson added that hackers spend all day writing scripts targeting computers. "If you don't protect it then they will take it over and use it."

He said that information once obtained is easily misused. He said that children use social networking sites to talk to friends, and exchange information and pictures of themselves. He said a photo of a 12 year-old girl sitting outside the house posted on a social networking site is a "serious benefit to paedophiles."

"Look closely and you can see the house number. Closer still and there is the name of the street. Within 30 days of a photo being published, someone will be targeting that girl," he warned.