Cybercrime and social networking sites – a new threat? – WS 07 2011

From EuroDIG Wiki
Revision as of 13:08, 19 November 2020 by Eurodigwiki-edit (talk | contribs) (Created page with "31 May 2011 | 11:00-12:30 <br /> '''Programme overview 2011'''<br /><br /> == Session teaser == The popularity of social networking sites has soar...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

31 May 2011 | 11:00-12:30
Programme overview 2011

Session teaser

The popularity of social networking sites has soared in recent years, and such sites do not only attract bona fide users. The aim of the workshop is to look at how social networking sites are being targeted by cybercriminals, how privacy and identity can be endangered and what are the adequate answers to those new threats, in an environment that users consider safe.

People

Key Participants

  • Marie Georges, Council of Europe
  • Ton van Gessel, Microsoft
  • Yuliya Morenets, Together Against Cybercrime
  • Branko Stamenković, Republic Public Prosecutor’s Office of Serbia

Moderator

  • Kristian Bartholin, Council of Europe

Session report

There was discussion about the legitimate collection, use and transfer of (aggregated) personal data by social networks and its interception by third parties for criminal purposes. Identity theft as a crime was discussed with regard to the application of the Budapest Convention on Cybercrime (its definitions and scope of application). Copyright infringement was referred to repeatedly.

Reclaiming one’s personal identity, in particular the ability of users to effectively complain and/or seek redress across borders (within the EU and beyond) was underlined. Hotlines and better dialogue with the providers of social networks were also referred to.

There was discussion on the lack of awareness of users (including children and their parents/carers) and the need to empower them more with regard to the configuration of their personal settings to protect personal security and privacy of data. The “right to be forgotten” on social networks was also discussed as a means to empower users to manage their identity.

Transcript

Provided by: Caption First, Inc., P.O. Box 3066, Monument, CO 80132, Phone: +001-719-481-9835, www.captionfirst.com


This text is being provided in a rough draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings.


>> KRISTIAN BARTHOLIN: Well good morning, everybody. And welcome to the shop 7 on cybercrime and in keeping with the discussions that we had, maybe we could turn down the music, someone? Because I think it’s very nice for the music, but it might be slightly distracting in the long run.

And as I said, good morning, my name is Kristian Bartholin, I’m from the Council of Europe and it’s my honor to be able to present to you the distinguished panel of specialists in the field of cybercrime, cyber protection, cyber security.

And we will have general questions we have already discussed yesterday and today the role of social networking media and social networking sites in general but also the role – but does it have any effect on cybercrime? And somehow one way or the other is there a linkage between the social networking sites that we have and cybercrime?

Getting really into the symphony orchestra here. I like classical music, but I think it’s different.

>> By the way, I’m comoderating this thing that we’re doing now. And I think it’s good also for the panel now to start a little bit by introducing themself a little bit so that we can readdress our questions regarding this.

>> Thank you very much for turning down a little bit this music. And I have –

>> I will start first, I’m from ministry of economic affairs agriculture innovation in Netherlands. Five minutes ago I didn’t know I wasn’t on this panel, so I have to improvise a little bit on the issue. I’m not completely ignorant on this issue, of course. I am specialist on cyber security within my ministry and closely working together with all the people also from security and justice in which we together made national study on national security in the Netherlands. In the past I have also led for one year a project on cybercrime on the project high tech crime unit which is also a crime unit in the Netherlands with a lot of expertise of catching the criminals. Last year, we had a huge case in the Netherlands called the cradle up case in which our cybercrime specialists in IT crime unit together with private/corporate and together with a lot of expertise from private companies managed to take down the huge botnet, so there were our expertise in Netherlands I think is okay. Oh well, that’s it for this moment and move the microphone.

>> I am Marie Georges. I am here as an expert for the Council of Europe, I’m basically economist but 30 years of data protection in France at the EU general directive on the national level. I am also, you know, we have also multi-identities. I am a mother and grandmother. I am not on Facebook because I think it’s difficult to manage so many emails every day. But I am well aware about what’s going on there even if I am not. Suddenly I received information from Facebook with all my friends or nonfriends which are on Facebook. So I stop. No one.

>> So you have more than 400 friends, too. We have more than 400 friends, too, in real life.

>> MARIE GEORGES: I have many connections.

[Laughter]

>> I have three daughters and they are playing on the Internet. They are using social media very heavily. And if you see what they are doing, man, that’s immense. But what we’re always forgetting is the criminal thing. As a parent, we try to safeguard our kids for the future. So we say okay, don’t drive too fast. Take care you drive on the side of the road, don’t drink. But as a parent we forget that we also have responsibilities to our kids. Do we know what they are doing? Do we know how they are acting? Do we know what are the consequences much their Twitter behavior? And that’s the difference with the question, then, for this topic. Are there criminal minds involved in this cyber thing? I need the mic.

>> I have a question. I don’t have kids, but can you know what the kids are doing ever in the whole life?

>> No, but you have to raise them.

>> That’s exactly what I mean. So you’re from Microsoft. So your first question was: Do I know that? Do I know that? Do I know that? But what about education? You shouldn’t do that because that et cetera, you know. There is occasion, et cetera. So I’m not aware about the plan on et cetera, but I would really like to talk about security. My opinion is about social engineering, et cetera.

>> Yes. We will talk about that. Thank you. Yes, perhaps we should indeed start out perhaps by asking our panelists. And of course afterwards anyone else that would be interested. But we start with cybercrime and the social networking sites in general.

It’s clear that social networking sites have – their popularity has really soared in the last decade. They have become incredibly popular. Everybody wants to have a Facebook address or whatever else is in mind there. And the purpose is also that sometimes in these – on these websites, we are encouraged to give away information that is absolutely rather private and which we would only share with persons who we know quite well as intimate friends or close relations.

But the difference is that once we are on the social networking site, we are strongly encouraged to share it with friends. And some much us have so many friends on Facebook and other places, that it’s highly unlikely that we will know them all or have met them in real life.

The point here of course is this is a wonderful place to be a cyber criminal because what you can do is to go in and mine all that information there. You can take it. You can use it. You can use it for identity safe purposes. You can use it for carrying out various fraud schemes, which happen a lot. And you can also use it actually as a way to get access to the computer of several computers that are connected. Social networking websites. You can get access to them and create a botnet which you can then use for your own sinister purposes afterwards. This is actually what happens when messages are being sent around from so-called friends and they continue no where. Once it’s installed on your computer, starts using it for the cyber criminal.

And the problem is to a certain part of it, once we’re on the social networking site, we’re like on holiday, nothing bad can really happen, that’s the way they think of it. Everything bad can happen, especially when we don’t think it will. But the question is: Are we well-prepared to deal with these issues? Do we have the necessary technical means to deal with this issue? That’s one part of the question. And then from a more general societal point of view, do we have the necessary information in place that will enable us to stop cyber criminals from taking advantage of social networking media which are otherwise an extremely useful and positive thing?

And I think that would be a clue to ask our panelists what our viewers are on this?

>> First of all maybe another thing, as well. It is also trade off when using this kind of new media.

In reaction to the person that asked the question about the children, I’m aware – I have children myself in age between 21 and 15 so they are very active on the Internet. I’m aware of the fact that they have to know some things about when they are acting on this Internet, on Facebook or Twitter or any kind of social media. I am also aware of the fact that I as a parent cannot always control them, not in real life. With the young kids, I was also trying to escape from the control of my parents. And now the case they will do themselves, as well.

But there’s also a difference between real life and the virtual world in which, of course, the possibilities for getting all kinds of criminal acts are really a little bit easier for people than bad things in real life. There’s always a tradeoff: Facebook and all types of social media give us good things. Don’t forget the fact that the social media has in spring engaged a lot of information in which people that were reacting against it, the regimes in other worlds that do a lot of things with that.

Knowing that, there are two things that should be very important. First of all is responsibility of those companies that issue these kind of social media. They should issue a lot of – I’m not sure if I should call it warnings, but at least they should make the people that use them, these social media, aware of the possible risks. That’s one thing.

And then there’s the responsibility of key players in society, which one of course is government themselves. We should do active awareness-raising programmes specifically aimed at those specific groups, targeted aims at those youth, people that use social media.

So those responsibilities should be met first before talking about educating issues.

>> Question?

>> One moment to get a mic.

>> I only want to make a really short remark. I completely agree with you, only I don’t like to have the word use in that because.

>> Can I have your name, please? Because for our international audience.

>> Iona and I work in social media marketing for a nonprofit organization and I work a lot with people using Facebook and other social media sites. And I usually have the biggest problems with people ordering age which are all the social media sites. The average age of my patrons I work with is 35 to 45. And they really have problems to understand the privacy settings. Most of the time the younger people don’t.

So I completely agree with you with social media, but I wouldn’t make this with an age.

>> More questions from the audience from us regarding the cyber security thing? Anyone?

>> Hello, good morning, I’m Yurogos I’m from Greece and in summer school. I just want to take a step back because I don’t really agree with your definition of cyber crime or who is actually the criminal. Two examples. You just mentioned the Arab spring. For the government of Egypt, people twitting or facing things on Facebook were criminals. And people have been arrested and the blogger has been – in Alexandria. I think we all know about this. Are these criminals? Where they are using social media to express themselves? No for you but for many governments around the world, they are criminals.

Also, you said that some people are actually face information and use them for whatever purposes, to do whatever they want to do with them. But in fact a lot of the users between themselves steal information from each other, use from each other, get videos from each other. Is that a crime? I’d really like to hear your opinion about that.

>> Well, perhaps I can clarify a bit from the point of view of what is international law on this issue. Certainly with the examples you gave of persons using the social media to help in organizing demonstrations and such would never fall under the international definition of what is cybercrime. Cybercrime is clearly defined as interference with systems; and on the one side this is the technical side of the crime, and then internationally it’s the uploading and downloading of illegal content, which for the time being is child pornography and of course piracy on the Internet, copyright infringements also covered by this definition.

So unlike that, it’s not the question of political participation, political demonstrations or political discourse, which is certainly not a crime and should not become one. But it’s true that around the world you have different definitions of what is crime and different societies you have different approaches to that according, very often, to the interest of the government.

But I think for the purpose of what we’re discussing here today, I think it’s a lot easier if we stick to the recognized international definition, which is persons who are actually committing real crimes. They are either abusing children or they are – sexually abusing children or they are engaged in fraud scheme or in some way to take away property from the owners. They’re engaged in various scams. I think that would be most useful for our discussion.

It’s true that if you go to a dictatorial state, you will find that they have another definition of it. Anyone who is against the regime is a criminal. But I think that is really the exception. That’s not the way we would like to discuss cybercrime.

>> I’ll start a little bit reflect your question.

>> There is no finding. I’m sorry. But findings on international law that affect cybercrime.

>> There is the Council of Europe convention on cybercrime. This is the only binding instrument. But it is certainly there. And it is also adhered to all around the world, not just in Europe.

>> Hello, my name is Caroline and I’m a student. I took pride in the new media summer school. But what you just say is according to this European council that I and all of my friends are criminals because we download movies. And that’s copyright infringement.

>> Yes.

>> But that means that I don’t believe that I’m a criminal. But it means that these definitions of cybercrimes should be changed within time, of course, because you cannot stop, you cannot arrest everybody because they download movies.

>> Yeah, I can assure you that I don’t think that police forces an around the world are going around arresting people for downloading movies. I think there are far more serious issues at stake.

Nevertheless, that said, copyright infringements are criminalized.

>> But I have a question from a remote participant, Rudy from Belgium. He asks: Many social networks are ran by international corporations. How can global policy be implemented so each country can ask application of national law on privacy and security aspects?

>> That’s an excellent question. Maybe we should try to ask our panelists. Maybe we should ask Marie Georges on this issue of privacy?

>> May I react also to what has been said before?

>> Yes, certainly.

>> Question about the kids. I would like to mention that kids have exactly the same rights of all others. Freedom of speech, right to privacy and so on. There is no limit of age in the convention, international convention.

The convention on children’s rights draw the attention that of course they need help, they need to be educated according to the age; okay? Because from the birth to the majority, it’s a way to get to be a free person, responsible in life, being able to vote, 18, 21 depending.

And so we have to know that during that time, especially the parents are responsible. Now, as parents, we know that for the last 20 years, we have to face new for our children. HIV, we have to take care of that. Harassment at the door of school, we have to – children to be careful when older people come to them they don’t know. And now we have social networks. We have a specific responsibility to understand those media because the empowered person for freedoms, freedom of speech, freedom of assembly and so forth that our kids may enjoy also. But how to do it.

So in my view, this is very important. We should not be feared of that. These new media empower them to. And there are some risks. And so we have to understand what’s going on. Of course, I am among those, especially under privacy, we think that all social media services should have the right features. Someone said that we don’t understand them, it’s true. But what the privacy community, all the regulators and so forth, they are saying now privacy by default. This is really important for social networks. Privacy by default. Those certain vices should not push people to publicize address, telephone number and so forth. Of course, you know in real life when you meet someone here that you don’t know, you ask the name. After a while maybe if you are interested, the telephone number. Personal address, that’s the last thing you ask for, okay? So all this should be dealt with in responsible services.

So I agree with those who say that it is not okay.

Now, about criminalization, above what is in the cybercrime convention, which is typical of what happens with digitalized and distant service, that is new. Offline we don’t get it with the system. And all this are typical and new. And it’s good thing that it has been – to prosecute someone, you need to have the same definition of the crime into countries when the crime comes from somewhere and has affected another. Or corporation, you need to have – best to have the same definition. So it’s good.

Now on the others, on the other question, the right to freedom of speech, it’s true that there are many differences. You can see it for instance under privacy when you look at the TV, the old last days, you can see the very difference in some nations which can show all the privacy of a person, you know, completely transparent and no problem. But there are differences. And I am one of those who says, who hopes that UNESCO will take this question on an international level. It is getting really a problem.

Now, are there new crimes on social networks? I don’t think there are new. They’re all like in outside. It might be easier because, you know, a criminal can be sitting at home and doing things without taking much risk. And so there might be some more. But the nature is the same.

So afterwards is the question of organization. I’m not in favor of surveillance of everything. But maybe there is a need for hotline for people being in those services so if they see something which is a problem, after education I say that, for the kids. So after that, hotline. And then connection with police when it is really a crime which is, you can prosecute. And then the police has the – must have the means to get to investigate and so forth. And go to justice and so forth.

So that’s the way I see the things for experience. I mean, we had – before Internet and with Internet, we had some other services which looks like which was already joining people and so forth. Maybe not as fast services. But we could have the – we could assess that the crimes were not different. But that’s one good thing to know. But there are means to – I am not in favor of, as I said, complete surveillance. I don’t think – I mean this would be completely against freedoms. We are in an area of liberty of communication, liberty of having contacts with persons. And on these matters, you can’t interfere for the public interest in a democracy. You cannot intervene if there is not a real problem. So that has been said by you. And of course Human Rights, that’s the case.

So for my first answer I would like to say.

>> This man.

>> Hello, my name is Jacques Deitrich. I come from Belgrade. I would try to be brief but I would like to put a case that I’m working on right now.

I have a celebrity that is a victim of a crime. It’s an ongoing investigation, so I cannot tell every single detail. But I can say what I want to say.

The perpetrators actually made a pen pal page on Facebook and profile page on Facebook. They started to send media announcements from those pages claiming that they are the celebrity.

Unlike Twitter, Facebook does not have that certified account. So if it’s Christina Aguilera, for instance, you know it’s one and only Christina Aguilera. But unfortunately my celebrity that I’m representing had American IDs and was in states at the moment. So she was able to reclaim her Facebook account because her Facebook account was published by Facebook on the grounds that many people claimed to be fake.

So her own account was suspended and the fake account was the only one over there. Actually it happened five times during the course of investigation.

She was able to get her account back just because she had American papers and everything. But she had to prove every – each and every time that she was the one.

Second thing, the guys doing this actually managed to publish some of the media announcements in newspapers here in Serbia. And they got credibility. And they made several announcements like that. And now people started to believe that they are the real thing.

And finally where the fraud is, where the fraudulent behavior is, based on that credibility, they tried to sign a contract with the papers to write a column for them, a weekly column that they will be paid as a celebrity. This is real ingenious up to this moment. They forged, I mean photo shopped, our celebrity’s Serbian ID. And that concrete forgery is the only thing that they deserve jail for according to our – not legislation but legislation put in practice. Because in Serbia, if you have a crime for three years, three years is max for the crime and you’re the first time, you will go free. You will see no jail absolutely not. But this is something that you go to jail for like eight years. And then it’s more serious.

So prosecution and district attorney got involved. They are doing their investigation. And I as a lawyer representing victim here had absolutely no rights to absolutely no data whatsoever. I cannot get name and address attached to IP address that I know the perpetrator was connected from. I have absolutely nothing.

>> Keep it short.

>> Okay, yeah, yeah, yeah, sorry. So what our prosecution does is they are trying to get some info from the Facebook, but that has to go international way. Can you imagine the Facebook as the only company that has to reply to numerous requests like that? So there is cybercrime. You have it. It’s big. I would like your opinion on that, how to fight it. Help me, please.

>> Thank you for the short question.

[Laughter]

What can I give you? Keep it short?

>> MARIE GEORGES: It is true that because this international thing I mentioned easier, I said. Must be a need for more cooperation in those areas because it’s also a question of – it’s a question of procedures but it’s also a question of means for prosecutors and so forth. So I am sure the crime is on this kind of question everywhere north, so there is equivalence. It’s a matter of cooperation. And I think that it is personal. I think that because all these things are easier, there should not be political questions in those cooperation if you see what I mean. Problem between two states, make it political. We say yes to this country, no to the other one. And the agreement and so forth. On this matter, I say that under the data protection experience. The data protection laws and the obligation that is within at least EU to cooperate between data protection authorities in those case, one of the issues is to lower the level of political problems in cooperation. I think we need to have data protection in all the world on the same kind of model with DPAs so they can cooperate at the moment. It is one thing to facilitate cooperation on this matter.

I don’t know to which supra national authority you could ask for help. But to say ’Look, I don’t get through. “I don’t know if there is a possibility yet. But this is a case.

>> Okay. I want to have first another question from the Internet because – asked do you think government should impose space to use filters or the technical tools to deal with cases mentioned here as child pornography on the Internet, et cetera?

What I know from my experience is that already collaboration ongoing between government and law enforcement in this case. But not all governments. I know for the Netherlands we do. But I don’t know how other governments are acting on this one. So if somebody has some additional remarks on that one, I will be –

>> Well just to say that filtering is of course an issue. And the possibility to block websites which contain particular child pornography already is today a possibility and can be done. The question that I think most practitioners from the law enforcement side asking themselves is whether this is really enough, whether this is really useful. Because it’s possible to bypass these blockings. And if you are sufficiently determined, you can actually still get access to the websites and see where these kind of content is posted on.

The question is whether we are in this regard perhaps more making ourselves believe that we’re doing something to – the issue than actually trying to get these websites off the net entirely and completely, which is, I think, perhaps at the end of the day the only solution to child pornography. Blocking to be an intermediary solution, but it is certainly not – you do not really get to the root of the problem by that. And there are so many possibilities to bypass blocking, as I said, that at this time’s probably not the most ideal solution, but it is sometimes considered as a political quick fix, so to speak.

>> Do you have for now?

>> From the European commission. Just quickly on this last point on the blocking filters. Just as a point of information because the question asked what is possible, what is impossible? European Commission has recently made the proposal for the direct protection of minors which covers a number of areas. It does include an article, which is article 21 if I remember correctly, in which the proposal of the Commission which is currently being discussed between the Parliament and the member states, is to have both the take down websites; if that is not possible, then the blocking of the websites. This is just as a point of information.

I would like, however, to get back very quickly to the point that was made by a lady from the audience, what is a crime. If copyright infringement is a crime, and criminals. I would like to be very clear on this point. The law has to be followed. I do not – we do not believe that a solution to a law which you or others might believe is wrong or bad is breaking the law. I am aware that there are many arguments on civil resistance, et cetera. I personally, and this is my personal opinion, that this is not a sustainable solution. What I would encourage, and the Commission always encourages that: Be engaged. Because the reality is that when we do laws, we try really to listen to all the parts. And I have to say that my personal feeling is that I call it the voice of the young people, with digital, have different opinions on crime and some consider crime and some people do not believe they should be crimes – they are not necessarily posed the legislators in the right way. I put the right between the quotes. When I say the right way, I say that, frankly, it is difficult to accept arguments that all information should be free. That is not a viable argument because even in international law when we talk about freedom of expression and information, there are certain limitations.

When it comes to copyright, we have to realize that at the end of the day, there has to be some kind of economic system ability. I’m not saying the current model is more sustainable than other models, but the point is if you want to propose a different model, welcome the model and propose it. It has to be real, it has to be practical and actionable. Vague, I make no offense, vague claims that does this mean we are all criminals? Unfortunately at the end of the day it must also be yes, you are criminals. It doesn’t mean that we like the situation. But help us find an alternative.

>> Mr. Glasser? My name is Bill Glasser. It’s interesting to see how with each speaker, picture about definition of c cybercrime gets more complete. And I want to shed another light on this, another view to add. Cybercrime is not only about breaking rules, it is also about earning money. You can bring a lot of money by breaking laws, buy stealing data on the Internet, by selling it. There are virtual market places where criminal tools can be bought. You can simply make a website, a phishing website, for example, you can just steal it, not I don’t it. You can get credit card numbers to sell it. And this is also a very important part of cyber criminality. And a new perspective in this light is that we also see that there’s another thing that’s very valuable and can be traded and that’s information. So it’s not only money, it’s stealing information and dealing with information.

And we see that almost every day more and more. It’s a very interesting topic. And maybe in a few years, information will be good trading good for cyber criminals. Thank you.

>> Okay. I have here – you had a question?

>> Hi. My name is – and I work at the university. Recently I come from Spain. We had the Spanish international governance forum. Within that, there was a workshop organized with kids. Not just young people, kids. And there were some very interesting results to the research they did and the workshop they did.

First of all, they asked – they did a study on what effects Internet on social media, what results it brings to kids. And they researched social relationships and learning. In all of these areas they had a lot of positive things and negative things and then some dangerous things, such as them being exposed as victims to criminals.

Then they tried to put the numbers on what the results are, actually are. What the institutions are paying attention to, and what the media is saying about this. And there was a huge mismatch. Of all the good things they are getting out of media and Internet, about social networks and Internet, little of it was being paid attention to by the institutions. Even less was being paid attention to by the media. So the kids sense this. And it became, for them, that the outside world was not understanding them and was, you know, like predicting doom where they only saw or they mainly saw all the positive things they were getting out of it.

So I say there’s probably something wrong in the way we’re communicating with them because we cannot be emphasizing so much. By we I mean not only media, really all institutions and all these interesting workshops and efforts, we cannot be focusing so much on the things that are not – that do not let them know that we are aware also of the positive things that are there. So I wanted to bring this up because I think there’s also some of this underlying in some things that have been mentioned, the way they do not feel understood by the way we approach this issue.

>> Okay. The lady?

>> Yes. From the European Youth Forum. My question goes back to criminalization, actually. But as well as that was already mentioned a couple of times, I agree that the question cannot be let’s liberalize everything. But the debate, again, needs to be more open in the sense that we need to allow young people, we need to allow users of this social networks, we need to allow them to have a dialogue with responsible. But I’m sorry, the parents need to have a part in this dialogue and not the educational part only. Because they are also users. And that’s why we should involve them. Not because they are the educators in the strict sense, but because they are the users. And children look up to their parents not to what they try to educate them for but what they are. So how parents use the media, how parents use Internet, that’s how your children will use Internet.

>> Again the awareness thing. Again the awareness thing to the parents.

>> Okay. Hi, it’s Caroline again. Like I said before, I’m just a user. I’m a nobody. I’m a student and I study new media, that’s why I’m here. But I was invited to the new media summer school to share my thoughts about the future of the Internet and what Internet governance should look like from the perspective of a user. I’m not representing anybody. I’m just representing the way that I use the Internet. And we started the talk off with talking about our children. And of course I don’t have any children, but I was a child not too long ago. And I know how I used new media. And I very much agree with the point that she just made, the way that I am using new media, that’s going to be the way that my children use new media. And I feel way more confident in being a good example to them because I have been on chats, in chat sessions where these guys have approached me. “I have this cool car and you look very beautiful. Can you send me some more photos”? I learned not to do that, of course, but I’m very curious have any of you grownups ever been in that situation? I don’t think so. So we started off with education and awareness in the way I’m going to bring up my children is to talk about the awareness. And it has to be a culture. There has to be an etiquette. How do you present yourself online? Which photos do you share? What’s appropriate? What’s not.

When I was young, I was brought up in Canada and parents were very proactive of their children there. protective. Don’t go anyone. Even if they claim they’re an aunt or uncle. If they say your parents sent you, we have a code word. Sounds silly right now, but I learned that you have to be careful. And I’m sure that the way that I have learned to use new media will be of benefit to my children. And I hope that people here today will see this point and actually listen to the youth and how we use new media because I understand you don’t have a Facebook page, but if you had experience on Facebook and chat sessions, then I think that the attitude of today would be a little bit different. So I thank you all for just listening to my story. Thank you.

>> Just one gentleman in the back?

>> I want to connect to one of the things that were said earlier about information and patterns that are dealt with and that is actually not, as you said, perhaps sometime in the future, that is something going on right now. And not just by people who enter into different accounts and collect different information, but rather exactly like the companies that are doing these kinds of things. This is something that keeps evading this topic of cyber crime and cyber security and things. Because if there is a social network which I have entered into and I have not set again my privacy settings properly, there’s a lot of information that can be gathered, a whole profile can be created and then sold. And then those patterns not just pop up my user name but pop up from everybody’s user name, sold to big companies as the trends.

But it doesn’t stop there because when I enter into Facebook, the I don’t remember name I put into is my email address. So people very often, you know they put in their email address and very often they forget and they put in the password, not for Facebook but for their email address. So that allows of course Facebook to enter my email address, as well, and collect a lot more information about me and not just about me, but again create a whole cloud of information that can be sold there.

So that is dealing with information that keeps on not being addressed in these cybercrime. That is the ultimate cybercrime that needs to be addressed.

>> Thank you.

>> I used Facebook as an example. It is not the only one. It is just the standard there at the moment.

>> Okay.

>> Writing on several comments that have been made. I think the buzzword until now is education. I would like to elaborate a little on that because it is not only educating the users, and I agree with some people who say it’s not only the kids that have to be educated, but first, maybe even more important, the elderly people, the parents or even grandparents that have to be educated because there’s a huge digital gap between what the younger people are used to doing on the Internet and what the parents have not learned from the start by using the Internet. So they are more illiterate, like I speak for myself, because I’m more illiterate than my kids are on the Internet. So the parents have to be educated.

But there are also a lot of other aspects on education. And that is educating the cybercrime chain. When we look, I can speak for the Netherlands, when we look at the Netherlands, when there is at one point some kind of criminal act that has the potential of getting to courts, then our – have to be educated as well because what is Facebook? What is malware? What is whatever term you might have on this, on the issue, our judiciary organization is not fully prepared yet to deal with those cases. They don’t understand what is the problem? They have to be educated, as well.

In the whole cyber crime chain, a severe program for educating not only focused on the users but also on those who have to fight cybercrime is very important.

>> Thank you.

>> Thank you. I would like to comment on copyright and blocking thread. We talk about education and how to effectively use the law we have, but I think we deny our responsibility here for creating better law and for applying more Human Rights perspective and the public interest that has been mentioned. I don’t think that we all need to say we have the law, we need to apply the law we have. No, we definitely have to consider whether the law we have is good in terms of Human Rights and public interest and thinking about copyright. Let me remind you that even Kris said we need to reform and change the copyright. So it is not only pirate but also European commission. Blocking, there is another issue I want to underline. If we have a law, how we enforce the law. It’s another legal aspect. If the enforcement goes against Human Rights, maybe we need to change the law and the enforcement principles, as well. Again I’m thinking about copyright. Nobody wants child pornography online, but it is not the solution to block Internet content. It’s the worst solution. Even if used as a supplement to takedown. So I think we really need more reflection on this and I would like to hear from panelists and everybody here.

>> Thank you. British – society. Yes. This is a very, very key thing and we also need to think about industry, business, the leaders. They need to be made aware, as well. And I’ll come back to that point in a moment. But we need to think about culture. Would we ever think about leaving our home with our front door unlocked wide open? No, I don’t think we would. Why don’t we do that? It’s because from children upwards we are being taught to look after our property, to lock it. This is something that has been going on for absolute centuries. So we need to think about it in a cultural term as much as anything else.

Coming around to the business, we need to understand that business is there to make money. And I’ll give you an example not from the Internet era but from the era of telecommunications, telephone back about 20 odd years ago. It was a thing called short termination. You had in the UK some international premium numbers. The most expensive place in the world to take a call to was Tuvulo, TV. What you had there was sex lines, obviously. Now, those calls to those sex lines went from the UK out apparently to shall we say the sex help desk in Tuvulo. Huge costs 10 pounds a minute plus, I think. However, that call was short terminated. The actual center where the call was answered was in Reading, just outside London. Now interestingly enough, British telecom made money on that call, as did the Tuvulo telecom authority, as did all the other authorities that carried that call all the way through.

Now, coming back to that Spanish survey. Why is the industry, the institutions not listening? It’s probably because there is some financial interest underneath that. The bottom line is when we talk about downloading shall we say a film for free. The bottom line is somebody went up and put up maybe 10, 20 million pounds to make the film in the beginning, and they’re looking for their money, so we can’t necessarily do things free. But there are costs. There is a cost to put the wires in the ground to bring the Internet to our home. So everywhere somebody is looking to make a little shave on it. And these kind of criminal things are going to make money for the people who are providing the infrastructures and everything else. We need to remember that. And if only way we’re going to correct that is again, I believe, from the culture. That it is not culturally correct that British telecom supports short termination of that telephone call. It may be very old but it’s a very graphic example as to what happens. And this is exactly what is happening in the cybercrime today.

>> I would like to go and back in a few minutes?

>> I have a very quick comment.

>> Okay.

>> And I am speaking here as a father, as a businessman, as a heavy user of social media. I use Facebook very much, Twitter, Linked in. I use pretty much anything out there. I may somehow the company we provide social media network for other communities. As a matter of fact, I know that focus here is the cybercrime. But on the other hand the benefits of using social media, you know, for good purposes, is much higher I think that somehow overshadows – I’m not saying that the crime is not out there. The crime is anywhere. The crime will be even in social media.

But on the other hand, you know, the benefits that I’m taking out of the using the social media for my social and business purposes are much higher than, let’s say, the threats of the cybercrime at this stage. I know that everything is out there. This is as a businessman or as a citizen.

On the other hand, as a father, I have my son who is always pushing me. And he likes to use little things out there. I always find a little bit – I always talk about the good of social media and openly I tell him that whenever he feels threatened or something is bugging him, he should tell me immediately because I’m here to protect him physically and virtually whenever just like around him. I mean he’s still not grown adult. But I think that he feels, you know, that parental care all the time whenever he feels threatened.

My comment is that as we do, I think that part of education against the cyber crimes should be part of the school curricula. Pretty much in every school, you know, that we should have classes that the teachers should speak to them. The only problem is that I see the social media still young or is still new, it is still fragile. And sometimes it’s very difficult to find the same attitude towards it like we find the attitude towards the crime in the States. So different professors, they have different approach and different individuals even in this room we have different approach for the same thing. So we don’t really yet have a certain attitude towards it. Some have positive experience, some have negative experience. I have experience both ways.

But I think that overall it is more positive. So I think that the parents on one hand and the school education on the other side and even the media. Like making it both ways, the good and the bad. I think that it will help an overall society, the kids to be better prepared for what may be sometimes an unexpected reaction to social media. Because in overall in general they find it cool. Sometimes there are some unexpected situations they should know how to react, not to freak out.

>> Okay, thank you.

>> Going back to this question of the kids, after I said they have rights, they have the same freedom. And we have to bring them to autonomy.

I think like another area we have seen for years and years, what is the most important is that parents discuss among themselves. To educate the kids very small, woman, mothers, they discuss. Because there was a poll recently more of the question of the mothers. They will discuss together. And probably I didn’t look, but I’m sure blogs on which you can discuss also. So I think the experience, I mean media, media general is to – it goes too quick. We are in an area in which there is a question of experience. Understanding the settings, understanding the different technical things. So I think it is a question of experience. So you need to have experience with the children. And to discuss how to introduce the question. By discussing among parents. I really think it’s very important.

And as I said, it is the first responsibility, the legal responsibility is on the head of the parents. Legally. Not on the education on this. And the way they act, if they do something which is wrong, will be the parents.

>> And to add to that, the parents could be helped very much with a good school education. I fully agree with you that on the first thought, that kids go to school, that there should be some kind of curriculum from within schools that learns them how to deal with these kind of new media. There’s only one thing that bothers me, that we have to teach the teachers first and maybe the kids can teach the teachers better and then the teachers can teach the kids. But we have to start with some kind of forms of curricula that helps the teachers, as well, make sure that they can teach the kid in proper way.

>> Thank you very much.

>> Thank you. From European commission. I’d like to move a little bit from this awareness point and education point, these are very, very important. I have to say sometimes when I was a child unfortunately quit a longer time ago than Caroline, my parents always told me never accept cookies from old people. Very simple line. And I fail to see honestly, and I am a parent, I fail to see what is so different in the one world of this simple rule would not apply. What do we need more in terms of awareness to teach children, youngsters they should be careful with people they don’t know?

But aside if this, there is a risk, I see a risk that if we focus too much on awareness which is an important element, we forget that there are or there should be obligations, legal obligations from certain service providers to ensure that their services cannot be easily used. Whether it’s grooming, whether it’s other forms of – to children. For example, many social networking sites, and I’m not going to name names, make it exceedingly difficult, as was mentioned before, I think, to actually give less data than you need. You do not need to give the color of your air, the name of your cat and grandmother. And yet some of the social networks ask it and make it difficult for people not to provide the information.

Now we as the European Commission as I mentioned the previous day do not like to regulate. It is not our general philosophy. But if the industry does not come up quickly with self-regulatory solutions to the problem, then at a certain point we would be – and I use the term – we will be forced to regulate. Because there is a social issue here that needs to be addressed.

And secondly on the point I think that was made by the Spanish lady or the lady studying in Spain, was you, I think, was made buy some other participant, as well the balance between the negative and positive elements.

I think if you allow me three minutes of propaganda and I think it’s important information point that Commissioner Cruz is responsible for the European Commission gave a speech in the international missing children’s day on the 25th of May. I would like to red two passages because this is the position of the Vice President Cruz on the matter.

“We must understand safety does not only mean protection against risk and threats. We have to empower our children and youngsters and let them see the digital world and the Internet for what they truly are: An incredible resource for learning, expressing one’s self, knowing people from everywhere. Everyone should have technology instruments to ensure that children, youngsters can enjoy the benefits of the digital world, avoid its worst elements and handle its unpleasant aspects. But we should not put our children and youngsters in a digital glass cage hoping that they will never encounter any harmful or illegal content online because this will simply not work.”

Now this is the line of Vice President Cruz, but on the other hand we should not be naive. There are bad people out there. There is bad content out there. It is our responsibility to take care of that, as well. Without forgetting all the positive elements which I personally believe is still 99 percent of what is out there. But this doesn’t mean that it’s acceptable. That there is 1 percent of child an bus going online, it is acceptable to keep it because it’s only 1 percent.

>> Yes. I got a microphone. Thank you very much. My name is Professor Ronich medical nuclear physicist, retired in Belgrade. I am on Internet for the last 20 years. I have a conclusion from this discussion, very nice, interesting, clear discussion, that people are afraid. They are afraid for their kids. They are afraid for their cards, they are afraid for their money, for everything. Why? Because the technical development at the beginning of 21st Century was too fast for the human brains, for the humanity to get it. We have not adapted by our brains, I don’t mean these brains here, they are very clever all around, but generally speaking, people are not adjusted to this great technological change. And of course they want to defend themselves. How to defend? By introducing new laws, by introducing punishment, by introducing restrictions, by introducing imprisonment and things like that. It is not possible. Internet is too large. Too big. They have no laws to restrict Internet. And of course Internet is extremely important for the science. Modern science is not possible without the Internet. Keep that in mind.

And of course what is the science? It is the future of the mankind. It is the future of our planet. So just leave the Internet free as it is. Leave it to live as it lives. And that is the only solution. Thank you very much for your attention.

[Applause.]

>> Thank you very much for your contribution. Questions, remarks?

>> We have one question up here and one comment here.

>> Hi. I’m a student come from Denmark. I just want to say something about social network. I mean, we’re building our life in the social network. But most of the time we are freed of the social network. Like I know so many friends of me, like they I don’t their fake name on Facebook. But why? Because they are afraid of like the people like they don’t want them to see their information. Like they will abuse their information. So like we need – I mean of course education is important, like the parents educate their children like how to use social network. But we are not like 10 years old. We are like youths. But we know like what we are doing.

I think that the social network platform, they should offer some technical support like how can we protect ourselves? Like if we post something, okay, on Facebook, do we have the right like to delete them? But we all know like Facebook they reserve your information for some time. But if we decide to delete like some information we don’t want the others to see again, so why do they have the right to reserve that? They may not show it to anyone, but we have the risk like maybe somewhere we find out like some day later.

So it’s not like we – I think we should have our right to regret. We should have our right to give the freedom of speech or something. But we also have the right to like withdraw our speech. And I think the best way to learn like how to behave and how to use social network is you experience it by yourself. After like something happened, like you post something, you never want to post it again. But if you know you can delete it, you can learn from it. You don’t expect like anyone others to do something for you, but you know like okay, I can take responsible for my action. Thank you.

>> Thank you very much. The gentleman?

>> My name is Jacques – I’m with first – court in Belgrade. But as it is popular to say in this conference, I speak on my behalf.

I would like to say something about the fear of criminalization when we download something, we are all criminals. The letter of the law, we are. Serbian law, also. But in Serbia, we have a law for organization and the jurisdiction of special prosecutor for cybercrime. And his jurisdiction is only intellectual property basis, when you have over 500 copies of something of illegal.

So if you download one movie, state won’t prosecute you. And I don’t think the author of that intellectual property, is it movie or program, if he would create a lawsuit against you. That would be bad publicity for him. So the main of state and is the point for people to divert them from downloading the illegal software but the main is against people who are making it possible for people to be paying illegal copies. Thank you.

>> Maybe I can make a comment based on what I heard here. I think we have had an extremely interesting discussion so far, unfortunately we will have to finish in order for you to have some lunch. But I think that there’s something that really sticks here. That is that on the one hand we have the realization that there is something going on on the Internet which we do not want at all. There is crime there as there is in the real world. It’s no different and many. Crimes committed on the Internet in fact as old as the world itself. They are just being committed in a different way by different technological means. Are they not deep down very different when you look apart from the interference with the IT systems, et cetera, which are purely technical concept.

But what I’m asking here, what I would like to ask you here is on the one hand we have this wonderful picture of the Internet as a free place, a place where everyone can do whatever they like. The last frontier, so to speak. But is it really true? The last frontier is somewhere out there in the wilderness but the Internet is in our living room. Should we not try in a way to normalize the Internet? And say that what is applicable in real life could also be applicable on the Internet?

So that also goes for the criminalization impact. If someone takes your money, it doesn’t really matter whether they are taking it to you in person or just stealing your credit card details on the Internet. Your money is gone. I think that it also applies to the way that we deal with the industry as individual users, the way the government deals with the industry, the way the industry deals with us and the way the industry deals with other competitors in its field.

The thing is that the Internet, in a way, has come of age. And perhaps now it’s time to start looking at how we made the Internet a more responsible and thereby more safe place but also a place where we can fully utilize all the excellent opportunities that it offers.

So my question here is I think do you really see such a big difference in a way between on the one hand having a free for all Internet and the fact that you could have an internet which is safe and good place to be? There will be some risks. There is always risks in life. But you can minimize them. Or you have a place where nobody knows and it is a huge risk. That would be my last question to the public.

>> Yes. I think we are all looking for a safe. We would like not to have to bother all the time the settings on too much things. So it’s true. There is not a free space for anything even bad. It’s not, I think, the real tension for the moment. There is a real tension between those which are on the free, open Internet but responsibility which are quite – not quite yet publicly. But it is coming – against the business model which prevents that more safe universe with Internet. There is tension. Because of the business model.

And I am a little bit on this side because I think with services which are for the purpose of communication between people, groups, it’s ecosystem personally. And those systems rely only on the business of personal data. There is a contradiction somewhere. So for the moment, everybody is trying to put them on the right road, even the Council of Europe. I don’t know if the Commission knows that the Council of Europe is going to issue a recommendation on social networks. Very often the Council of Europe is ahead of the Commission. So other areas so you could take the opportunity of that. But in the reflexion for the moment, the economic model is not seen. But I’m sure within some years, you will see many functions of the social networks which will be in your pocket. Not on the platform. Announcement on that.

>> Hi, this is Caroline again. You asked the question should we normalize Internet? And my answer is we already have. For me, Internet is normal. I don’t remember life without Internet. I’m just waiting for the business and the political worlds to catch up with me and my children in the future.

But if this medium, the Internet, is to be part – we understand now that it’s part of our social lives. It should also become part of our culture just like you said earlier. And that means we have to understand Internet as a part of our culture and have the etiquette and the awareness and the ability to deal with it. That’s all.

>> From the European Commission, the question is very, very important. I think if I may be a bit provocative, it’s a nonquestion in the sense that the Internet has become so important, so central in our life that it’s not anymore being the frontier.

As Carolyn mentioned, the Internet is normal. Especially for the younger people, it is part of their life. Now the question is how – the question is not whether we have to intervene, it’s how we’re going to intervene.

And for me personally, I never have understood the question whether what is legal offline should be legal online. That again for me is a nonquestion because most of the laws of are technology-neutral and what is legal. They don’t say if you do this only, this happens or if you go somewhere else this other thing happens.

But in terms of substance, of substantive law, I don’t see major issues there. It is going to be very challenging as to – a law. How do you actually intervene to prevent or to prosecute whether it’s crimes, whether it’s legitimate behavior? Or even the law is not only made to prevent something. Law often goes to promote some activity. And how do you positively do that? I think it’s very important in our current and future debates, we are open to all opinions. We try to avoid what is sometimes felt like conservative approach, which is that the Internet that we have today is so perfect that we don’t want anything else. We refuse anything else. That is a conservative approach. We need to make it very clear without the constraints, which should remain a space where rights, including the rights for private, for businesses to make money, should be fully exercised.

And in conclusion, response to the Council of Europe, I would like to dimension that the Commission already has social networking before the Council of Europe. Thank you.

>> I have no doubt.

>> Last round of questions.

>> I have a short answer if we can call it a question. About the normalization of Internet. I do believe that, you know, the Internet is normal very much I believe. And I would say now what Internet is discovering, the there is the clash of generations and cultures. And I fully agree with the professor that even the effort that we tried to introduce the Convention in the way of controlling the security to the network, I think it is not the right approach ever. Because I think that the Internet out there is a New World. Not yet explored enough. And I think that every effort that we make to stop it growing by conventional means, I think it will hurt it. So that I think is free the word grow. And I think that sooner or later, we just realize that the benefits of these – what is today social media, in a few years it will be social model of living for many people. It will be very normal and we should be ready to face the challenges if we can call the challenges and benefits of that growth. Thank you.

>> One last question.

>> Thanks. So I’ll repeat in other words what I previously kind of intervened on. And that is back to the normalization of the Internet discussion. The last frontier is the home, you’re right. But never before has access to the home been so possible by anybody who has enough information on anybody within that home. Now that is possible.

So even though we have to approach with the same common sense that we would approach any other issue, it is a different beast that needs to be treated somewhat differently, some kind of different creativity needs to be applied to it.

Now, the question of how to do that just occurred to me, actually, to the European Commission or to the Council or whoever it is: Empower me to see how these places aggregate data on me. So empower me. Make them give me that information. Make them allow me to see how my information is stored and how that is used. You don’t need to do anything more than that.

>> I am Agnes from the children policies division. I have a message to the young people which is not so much to do with my background but more my own thoughts also after our discussion. I think you and also others are saying yeah, the Internet is already normal. It’s just we’ve got to have our freedom. But, for example, as you said, I want to delete information which I posted. I want to have this possibility to have that deleted. Another little “but” which we want to be safe, we want to have that. We want to behave normally and feel safe.

Just to remind you, if you send a letter by post. I don’t know if you’re still doing it. You can be sure that the secret of correspondence is kept, that nobody will open the letter. I mean if you provided that you live in a space with a rule of law. I’m thinking about the European Union. You can be sure that nobody will open the letter. Nobody will give the information of the address, the sender to anybody else. You can just do that. Be safe.

If you shop and buy a mobile phone and you come home and say it’s broken, there’s a problem with it, it doesn’t work, you can go back to the shop, get your money back, you’re refunded.

If a newspaper that writes some information about you that’s absolutely right, you write to this newspaper in the coming days to publish a correction with the correct information.

All this is not done because these service providers are so nice and friendly and respect your rights just because they find it important. All of this is done because there are so many laws and bylaws and regulations and there’s justice and the judiciary and there’s the police who enforce these laws.

And the discussion about the normalization of the Internet is the step-by-step and especially the procedures as somebody from the European Commission said, it is about all these little laws which have to be adopted and the little steps which have to be taken in order for us to be able to be free on the Internet and have the same more or less security that we have in all these other settings.

>> I think we are already past our time. So there’s one last question to the lady in front and then unfortunately we have to close the session. So push the button.

>> My name is Marie I’m a researcher in Brazil. I wanted to make a really quick comment about what has said about the lobbying technologically neutral. I don’t believe this is true anymore. If we buy a hard copy of a book in the bookstore, according to the first sale, we are able to resell ill. We are able to lend it to a friend or give it as a gift. But if we buy an online book, then we can only open in one platform or we can open in two computers. We cannot share it online with anybody, even if we like the book and want to share it with a friend. And some e-books even don’t allow you to read out loud. So you cannot enable the function that would allow you to listen to the book.

So this is something for me really amazing. If I buy a book, I want to be able to read it to my sister, to my kids. So we are losing rights with only regulation. So we are trade double standards. I think that public governments have to take care into that.

>> I think that was a very important message we got here at the end. Perhaps also exactly underlines the need to do on the Internet as you do in the real life. Why should it be different? I agree it’s a very good question. Unfortunately we have to wrap up now. I would like to thank our panelists for participating on short notice, I have to say. And I’m really, really pleased with a very good contribution to our discussion. I would like to thank you, the public, for being so great and putting so many excellent questions to us. And I wish you all a very good. Bye-bye.

[Applause.]