COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...
COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...
COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER EIGHT: PREVENTI<strong>ON</strong><br />
traffic for known signatures, although some amount of targeting is required to make this effective. A<br />
review from the European Network and Information Security Agency concluded that: ‘Identifying<br />
botnet traffic among benign, regular traffic is like searching for a needle in 100 million haystacks.’ As noted above<br />
and in Chapter Five (Law enforcement and investigations), general traffic monitoring may also, in<br />
some circumstances, risk conflict with data protection and privacy laws. 130<br />
Content filtering – As discussed below in the context of ISP liability, laws in some countries<br />
require ISPs to block access to illegal content such as child pornography. There are various ways in<br />
which ISP can do this, with different methods making tradeoffs between speed, cost, effectiveness<br />
and accuracy. Using DNS Filtering, ISPs can control the answers given to users by their DNS server,<br />
thereby restricting access to a domain, such as ‘google.com’, but not a specific page or set of search<br />
results. This is easy to bypass as users can simply use alternative DNS servers that will give genuine<br />
results. IP Header Filtering can be used to block individual computers based on their addresses or<br />
even partially to block specific services such as web or email. As many websites may be running on a<br />
single internet server, it can affect unrelated websites – sometimes in very large numbers. Deep Packet<br />
Inspection can be used to examine the main body of internet traffic. This allows extremely flexible<br />
filtering, but requires expensive hardware on high-speed ISP links, and can slow all user<br />
connections.<br />
In practice, many filtering regimes employ a combination of these approaches, forming a<br />
hybrid filter. Often, simpler filters, such as those based on DNS, are used to identify traffic to be<br />
redirected to more complex filters. This hybrid approach allows sophisticated filtering with greatly<br />
reduced resources.<br />
Another possible ISP response to illicit content is to slow down traffic rather than blocking<br />
it altogether. This approach can be used to make a service sufficiently inconvenient that users avoid<br />
it. Examples of this include the slowing of encrypted web connections, to force users onto<br />
unencrypted and thus inspectable versions of websites, and the practice of ISP ‘throttling’ of<br />
filesharing traffic such as BitTorrent.<br />
Possibilities for filtering or blocking of content, including with the aim of cybercrime<br />
prevention, have raised a number of human rights concerns. The Human Rights Council has<br />
emphasized, for example, the importance of internet access to freedom of expression and other<br />
human rights. A resolution adopted at its 20 th session ‘Affirms that the same rights that people have offline<br />
must also be protected online, in particular freedom of expression,’ and ‘Calls upon all States to promote and facilitate<br />
access to the Internet.’ 131 The Special Rapporteur on the promotion and protection of the right to<br />
freedom of opinion and expression, has similarly called the internet ‘an indispensable tool for realizing a<br />
range of human rights, combating inequality, and accelerating development and human progress… facilitating access to<br />
the Internet for all individuals, with as little restriction to online content as possible, should be a priority for all<br />
States.’ 132<br />
Intermediary liability – Internet content filtering is closely linked with the possibility of<br />
imposition of service provider liability for content. ISPs typically have limited liability as ‘mere<br />
conduits’ of data. However, as discussed below, particularly in the context of internet hosting,<br />
modification of transmitted content can increase liability in some legal systems, as can actual or<br />
130 Hogben, G., (ed.) 2011. Botnets: Detection, Measurement, Disinfection & Defence. ENISA, pp.73-74.<br />
131 A/HRC/20/L.13, 29 June 2012.<br />
132 A/HRC/17/27, 16 May 2011.<br />
251