Vigilance or Vigilantism?

SiliconRepublic.com ran a recent story on how spam levels are nearly back to height they were before the infamous shutdowns of the McColo and Interchange ISPs.  For those of you not aware of the story, the Washington Post published an article highlighting that both of the above ISPs were allegedly hosting systems managed by criminals involved in distribtuing spam and other malware.  Subsequent pressure and public outcry resulted in upstream providers cutting off services to McColo and Interchange until they were totally isolated from the Internet.

Many hailed the shutdowns of the McColo and Interchange ISPs and the subsequent temporary decline in spam volumes as a victory for vigilance and liken the actions to those of a neighbourhood watch scheme.

But is this really how we should be policing the Internet?  Both McColo and Interchange lost their access to the Internet for breaches of the Terms of Service of their upstream providers, but in each case there was no involvement by law enforcement.  This was in spite of the evidence pointing to the illegal activity being conducted on both McColo and Interchange’s networks.

Questions need to be asked as to what were the actions of law enforcement in relation to these providers?  Were they themselves in the process of gathering evidence to effect criminal prosecutions?  Were they observing the activity on these criminal sites to gather useful intelligence into the workings of online criminal gangs?  Or were they unable to take any action?

To me this is not a success for vigilance, instead it highlights a failure or inability of law enforcement to act effectively against online criminal activity. What has really happened is that the problem has simply been moved to a different provider, most likely in a jurisdiction with weak Internet related laws, and the opportunity for law enforcement to permanently shut down the criminals behind those schemes may now be lost.

If we have to resort to civil laws and breach of contracts instead of criminal law to tackle cyber crime then I am afraid that we have a long way to go to deal with the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.