The following was originally posted on PogoWasRight.org:
The Swedish National Police Board (Rikspolisstyrelsen) has called for new international laws to catch hackers on the internet, after US internet service providers refused to divulge information on the weekend’s attack on government websites.
“The problem is that the internet is an international phenomenon and legislation is national. It’s not limited to Sweden though, it is Europe. And because most big internet providers are US based, we all have the same troubles dealing with them,” Anders Ahlqvist, IT-crimes specialist of the national police, told The Local.
Read more on The Local.
Clearly the U.S. counts on the cooperation of non-U.S. law enforcement when pursuing those who hack U.S. businesses or entities. References to non-public cooperation between Scotland Yard and the FBI in the Ryan Cleary case, leaked online by hackers, provide just one example of how law enforcement is working together across borders (often extra-legally). But equally clearly, under U.S. law an ISP does not have to cooperate with non-U.S. requests unless certain legal requirements are met. So what’s down the road? Will we see legislation enacted that dilutes the protections required in the name of dealing with cybersecurity and hacks that are increasingly viewed as threats to our national security? What will the international agreements look like and will they be bilateral or multi-national?
Will this be another security trumps privacy argument that will erode our privacy protections more?
For US based businesses, I’d like to see the comaprision of total foreign sales vice the cost of maintaining (including breaches)an infrastructure to keep the commerce open to foreign entities.
Let’s say I have a home based business, or a small business that serves products that are 95% or more bought strictly in North America. And I don’t believe their is a significant ROI to merit me serving several countries I think are probably not going to purchase my merchandise at all, or a a very rare occurrence. So, why not GEO-Block alot of these countries thru use of a firewall, IDS/IPS, or other means? That will cut down some of the attack avenues and the company can then focus on what is supposedly important to them… Cashola-in-pocket.
It will also prevent some overseas Web-crawlers from gaining access to the site(s) and populating into their market. If they don’t see you, it is one less thing you have to worry about.