FBI criticises 'hands-off' ISPs over cybercrime

An FBI special agent has hit out at the regulation of the UK-based units of large global ISPs and the role they play in allowing the perpetuation of cybercrime through a lack of co-operation with law enforcement.

Speaking at the Computer and Internet Crime Conference in London, Special Agent Ed Gibson, who is the assistant legal attaché to the US Embassy, expressed concerns that national boundaries are still too much of an obstacle to law enforcement.

Gibson said such obstacles can delay law enforcement efforts by months at a time and singled out the ISPs and their regulation for doing too little to ease the process.

Many of the large US-based ISPs are hiding behind domestic laws and distancing themselves from their UK responsibilities, he said.

"Why on earth do we not require that ISPs conform with the laws of this country?" asked Gibson, who said UK law enforcement are unable to go into businesses registered in the US and make use of the Regulation of Investigatory Powers Act (RIPA) to access information that could aid an investigation.

According to Gibson, 80 per cent of global email traffic, including the majority of the spam scams which circulate, comes via the webmail services of providers such as AOL, MSN and Yahoo! so finding a way to tap into the relevant data they could provide would prove invaluable.

But he said law enforcement often hit a brick wall when dealing with such companies. The firms can insist on due judicial process - the equivalent of an online search warrant, which can take four to six months - before they will comply with providing data for investigations.

Gibson said the regulation of web hosting companies is also to blame for high levels of online crime.

"Why do we allow hosting companies to take credit card details from an individual and let that person put up a website without knowing who they are or what they are doing?"

The FBI's Gibson urged companies to adopt a "know your customer" policy and said such an approach would eliminate a lot of the anonymity which facilitates many forms of cybercrime and likely prove an important move in combating it.