The Great Debate

Rising tide of cyber-crime shows why we need Web regulation

Michael BarrettMichael Barrett is the Chief Information Security Officer at PayPal. He is on the advisory board of StopBadware.org, an anti-malware “neighborhood watch” led by Harvard University’s Berkman Center for Internet & Society.

In less than five years, Internet crime has changed from an anomaly of teenage vandals into a multi-billion dollar industry. Just one form of cyber crime, “phishing,” where criminals masquerade as trustworthy entities in e-mails and instant messages to steal private data, reportedly amassed $3.2 billion last year.  Another form, spyware, where software surreptitiously monitors a victim’s online activity, prompted 850,000 U.S. households to replace their computers and inflicted damages totaling $1.7 billion, reported the Consumer Reports National Research Center State of the Net Survey.

At the same time, Internet usage has skyrocketed worldwide with 20 percent of the world’s population, or about one billion people, online today. It’s not hard to understand why the Internet’s popularity has continued to grow in the face of its threats. Could you get through your workday without e-mail or search? Could your kids make it to dinner without checking Facebook or sending a text? If you’re like most people I know, the answer is likely, “no way.”

We are socially and economically dependent on the Internet – a fact that makes us vulnerable in tough financial times. So, it may surprise you to know that no single entity is responsible for regulating the Internet or keeping its users safe.

Historically, Internet safety has relied on the goodwill of a few small actors such as non-profits like StopBadware.org, an anti-malware neighborhood watch led by Harvard’s Berkman Center for Internet & Society. Within the federal government, the Federal Trade Commission monitors Internet fraud and the Department of Homeland Security oversees a national cyberspace response system. The private sector, offering a host of cyber-security products and tools, and consumers also play a powerful role in keeping us all safe online. Companies such as my own employer, PayPal, invest substantially in the security of our own applications and infrastructure; we have state of the art fraud management systems; we work with law enforcement to catch, prosecute, and convict criminals whenever possible. But the persistence of the cyber-crime industry continues.

Principles for a better Web

Colin MaclayCaroline Nolan By Colin Maclay, Acting Executive Director, and Caroline Nolan, Research Associate, Berkman Center for Internet & Society at Harvard University

More than one billion people are online, with three times that amount connected via mobile devices, just one indication of how integrated digital technologies are with lives and livelihoods around the globe. While governments have for the most part encouraged these developments, they are increasingly aware of technology’s capacity to disrupt existing power structures and accordingly ambivalent. As governments seek to control information and online activities, private actors – information and communication technology (ICT) firms in particular – are increasingly called upon to assist in those efforts.

Many of us mistakenly assume that Internet governance doesn’t touch us, and maybe it doesn’t – what expression is allowed on the Net and whether your personal information is shared with law enforcement is often governed less by law and more by practice. As Jonathan Zittrain and John Palfrey have long argued, companies providing technology services are important Internet points of control  and are under great pressure to comply with local laws and practices, which can be at odds with international standards, corporate values, and social norms.