Cybercrime Czar? Government bailout for cybercrime?

Barack Obama announced last week that there will be a new Cybercrime Czar in the US reporting directly to the president. We wonder what, if any good that will do. Can he/she be more than a figurehead when the crimes they want to stop originate in the Ukraine or Bulgaria or Indonesia? Will they attempt to burden us with more ineffective regulation? Will they prescribe government ordained solutions that deal with the problems of 6-12 months ago, rather than let the free market respond with solutions in real time? We don't know, but the fact that Obama's servers were hacked during his much-touted social media-driven campaign gives some insight into why he believes this is so important.

Cyber-banditry long ago outgrew the notion of the solo, acned, 17 year-old hacker in his parents' basement, and is now recognized as being a truly global criminal enterprise.  And while international cooperation is important, depending on governments to protect data privacy and security will only go so far.  Critical differences in national laws for investigation, prosecution and conviction stand as ready-made barriers to effective international cooperation.  Attaching penalties to mishandling of sensitive data makes sense, but depending on governments for comprehensive oversight is a flawed strategy.  And this presumes that all jurisdictions care enough about cybercrime to have laws on the books.

For example, in some jurisdictions, data can be used to make a case, but not prosecute.  An article at mondaq.com authored by Prokauer Rose LLP, 'European Union: EU Data Privacy Agency Adopts Recommendations On Reconciling EU Data Privacy Requirements With U.S. Litigation Rules', highlights how differences in jurisdictions' data privacy laws between the EU and US can heavily constrain prosecutors.  Commerce is global, and crime is global - but anti-crime laws remain national and sometimes even more localized, with state and provincial laws able to hamstring international investigations and prosecutions.

To understand just how global and insidious cybercrime has become, every CIO, CFO and every executive of companies doing business on the internet should read Kimberly Kiefer Peretti's detailed review of carding's hidden world.  The extensive professional organizations carding networks now operate have long range implications for national and international security well beyond the financial/commercial world.

As a recent Gartner study and other 2009 reports from the Identity Theft Resource Center make clear, data breaches have wide implications in direct fraud, delayed, multi-pattern fraud, and the scope and scale of breaches, with accompanying frauds clearly on the rise.  The Gartner study also makes clear that the prosecution track records are abysmal.  In this era of exploding government debt we can't expect more resources to come the prosecutors' way. 

With jurisdictional, legal, and economic issues preventing an effective government response, companies and organizations must take greater responsibility for data security and defending against criminal activity themselves, no matter what laws say.  There is no government bailout for cybercrime.