PARIS, MAY 17: In the fast-moving world of cybercrime, the deed is done in nanoseconds while the response creeps along at snail's pace.Viruses such as the recent Love Bug can flash through the Internet at lightning speed and hackers can crack into websites or bombard them into submission from anywhere around the world.As soon as the crime goes cross-border, however, a jungle of national laws waits to slow police down as the issue slips from cyberspace into the diplomatic orbit where international law and regional jealousies are just as important as hot pursuit.Lacking a world government to confront this new borderless type of crime, the Council of Europe has taken up the challenge and begun drafting an international convention to fight hackers, virus writers and fraudsters who steal credit card numbers or defraud online consumers and auction fans.The text, which is supported by non-EU members United States, Canada, Japan and South Africa, will not be ready for signing before September 2001 light years away at Internet speed. But officials see no way to speed up this hare-and-tortoise race.``I would rather have a convention very quickly, but I'm afraid I have to listen to what the delegates bring forward,'' said Henrik Kaspersen, a Dutch law professor working on the draft at the Strasbourg-based Council of Europe.Different laws, customs and economic interests make it very hard to harmonise policies towards something as new and creative as cybercrime, he told Reuters. The Council's work is complicated by the presence of the United States and Canada, whose legal systems can be quite different from those of the 41 European member states.``Where the issue is technical, you can have fast results,'' he said. ``When it comes to those other areas, you have very difficult problems to overcome.''Computer industry representatives attending a cyber crime conference in Paris sponsored by the Group of Eight (G8) industrialised countries flashed weak smiles and searched for diplomatic turns of phrase when asked how they saw the problem.``It's quite hard to attach the international treaty process to the digital world,'' said Douglas Sabo of the Information Technology Association of America.``I think it is very difficult to get this kind of wide consensus,'' remarked Peter Kraaibeek of the German computer security company ConSecur. The goal the Council has set is ambitious.Signatories to the convention, which will be open to countries from around the world, have to agree to ensure their national laws make it a crime to steal, intercept, damage or alter computer data of any kind.They should impose ``effective, proportionate and dissuasive sanctions'' against cybercrime including fines, jail terms and extradition to foreign countries.In a particularly controversial passage, the draft says Internet service providers (ISPs) should be forced by law to store data for use in criminal cases. No time period is set but rumours of a three-month period have upset the computer industry, which wonders who will have to pay the huge costs to hold so much data.The World Information Technology and Services Alliance(WITSA), a group of 41 high-tech industry associations from around the world, issued a statement saying this threw the discussion about Internet security back by two years ``light years in the digital environment''.``The cost of maintaining the information would inhibit the growth of electronic commerce and the legal implications are broad and undefined,'' it said.David Aucsmith, chief technologist for the US ChipmakerIntel, dismissed the idea out of hand, saying: ``There is not enough storage space available to man to keep the Internet stored for three months.''Companies specialising in ``intrusive software'' programmes that simulate hacker attacks to allow a company to test the security of its computer system are also unnerved by a paragraph that would ban these programmes because they could be used in a real cyberattack.``That would present a big hurdle for us,'' said Philippe Lemaire of the French computer security company CF6. ``If you can't do these tests, you deprive companies of an important tool.''On the positive side, both companies and government officials welcome the convention's plan for a round-the-clock system of cyber crime contacts around the globe so that police or prosecutors in one country can directly contact their counterparts in another to launch a search for a hacker.
