Cyber security expert Mellisa Hathaway has worked with two US Presidents – George W Bush and Barack Obama – until August 2009. She then left to establish Hathaway Global Strategies – a cyber security consultancy firm.
Hathaway, recently in Kolkata, spoke about a variety of issues on cyber security that includes why it is difficult to have a uniform cyber law; the need for greater cooperation between nations; threats of hacking derailing diplomatic relationships, and so on. Excerpts:
There has been a perennial debate on what encryption policy should be followed and whether governments should have access to personal messages. What is your take?
No country should demand for technology to be weakened, because that makes you susceptible to harm. Our countries may create an access point but that does not prevent a criminal from using it for harm. Governments have started talking about the need for universal access in the post-Snowden age or in a surveillance age, where people are turning to encryption to maintain privacy.
The reason why governments want access is because there are criminals using the same activity to compromise safety issues.
Some countries are demanding creation of a back-door or a copy of the keys, and others are turning to local data storage, while others methods are being worked at.
In the digital age when we say ‘geography is history’, do you see the need to have a universal cyber law?
I believe it will be difficult to get a common view of the (cyber security) law across 196 countries; because there are different approaches, cultures, and history on how we think about freedom of speech; the right to privacy as well as freedom and security.
I do believe there is a common view of criminal activity and there are many nations who agree on a multi-lateral or bi-lateral basis.
The Budepest Convention (on Cybercrime) saw 60-odd countries come together. India has also proposed an international cyber crime treaty – where more countries can come to a common view.
I think that is very important to pursue; because there is criminal activity happening at and across all our borders.
How important are issues of cross-border investigation and prosecution when it comes to cyber crime?
The common theme of discussions here (Kolkata) and in Mumbai have been the speed with which you can “investigate and prosecute” incidents of cyber crime. By definition, international cooperation is too slow at the speed of the Internet, which means that crimes happen too fast on the internet and when they (investigators) have the right indication of the probable cause (to see the crime taking place) then it is in somebody else’s territory or the data moves to another country.
In such a situation then; what is the solution?
We should be able to work on machine speed on some of these things and not at the speed of the bureaucracy.
Does this not take us back to the question of having a universal cyber law?
I think we all have a different view of what is private data and what is to be protected. For example, Europe has very strong laws on data protection; and the US has individual State laws; and India is just beginning to talk about data protection laws.
We are all at different levels of maturity. I don’t believe we will reach common harmony for all of our laws. But I believe we will have common agreements and look to quicken and accelerate the paths of cooperation.
Do you feel groups of one country hacking into another country’s server to steal data, hamper diplomatic relationships?
Yes. And I actually see that the governments, corporations and groups of citizens can be both victims and aggressors.
The form of power being used over the Internet for political activism, protests or criminal activities, as well as disruption of service and destruction of property has its frequency increasing, and is causing nations to address issues they never had to address because power can be significant in the hands of few.
Where once we used to worry about the powers in government versus the government; we now have to worry about power in the hands of corporations and citizens, who have the same or equal power as the government.
In India, cyber crime has mostly been concerned with financial irregularities. Globally, what has been the scenario?
The USA for example is worried about intellectual property rights. So breaking in and illegally copying information is one of the key points President Obama has brought up. In the US, you also have personal identity thefts. In Europe, they are more concerned with frauds and identity thefts; followed by intellectual property rights.
I think all around the world, intellectual property thefts happen. It’s just that corporates are not aware.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.