Home Office silent on international co-operation

The government has again defended its decision to award new powers to the police and MI5, allowing them to hack into personal computers without a warrant, but appeared less confident about what to do with malware attacks committed from outside the country.

vnunet.com was given exclusive access to the letter of response given by Home Office minister Vernon Coaker to a series of questions posed, through his MP, by Simon Heron, analyst with security vendor Network Box. The response also covers the issue of a potential centralised government database of communications records.

Heron's letter asked the Home Office to explain what it was doing to ensure that any centralised database run by private businesses wouldn't end up in the wrong hands, and that police hacking powers would not be abused. Coaker responded by re-emphasising that comms data would not include the content of calls, and that suggestions of a privately-run database are just "press speculation on the options that will be discussed in a consultation paper". "Depending on the outcome of the consultation, we will then look at options for maintaining our communications data capabilties," he wrote. No explicit ruling-out of such a plan then.

Coaker also defended the new police hacking powers which were widely reported in January, saying that "authorisation [normally from a chief constable] must be necessary and proportionate for the prevention and detection of serious crime and that what the action seeks to achieve cannot be achieved by other means". All cases must be notified to an independent oversight body - the Office of Surveillance Commissioners, he added.

All of which is not particulary surprising and couched in typically wooly political prose. But when asked by Heron, "I am also very keen to know about the international actions the government is taking to curb the increasing deluge of malware that businesses and individuals have to deal with which imposes a huge expense on the UK economy", the response was a little less than satisfactory.

Coaker explained the recent changes to the Computer Misuse Act, bringing us closer to the European Cybercrime Convention, and of its backing of Get Safe Online, and even of the "commercial interest" that "access service providers" have in ensuring no malware gets onto their systems. And that's it. No information on any work being done by the UK to seek agreements with other countries which might help to arrest the flow of malware into the UK. Nothing about the international work being done on an international Convention on Cybercrime, for example.

If the government's policy, as it seems to be, is to trundle towards a European convention, and let the security vendors and ISPs battle it out with the cyber criminals, then we're in for a pretty tough time. Without international action to take down the malicious sites, arrest the spread of botnets and leave no hiding place for the online criminals, the UK will continue to bear the brunt of many of the attacks.