Invitation to present at Afrinic
March 2010 I presented to circa 90 law enforcement officials from all over the world in a meeting with four of the five Regional Internet Registrees (RIRs). In different presentations they introduced themselves and stated what they stand for. I was invited to present on the need for law enforcement (LEAs) and the RIRs to cooperate, share information and interact more in order to make the Internet a safer place. The chair of the Africa Network Information Centre (Afrinic) approached me afterwards and invited me to present at an Afrinic meeting with LEAs. It seems like this may happen in November.
A green wave hitting west-Africa
I can´t exactly remember in which hotel room it was, but this spring I saw an add on an international news channel. A green laserlike light was upsetting the sea, the beach, forests, streets, buildings. One big green wave was uprooting everything that came in it´s way. I tend to ignore adds, but about the third time it came by it had got me wondering: what is this about? Fibre optics are reaching west-Africa. Oh no, my reaction was. More trouble for the world. Is this where my job deformity has gotten me to, that I cannot be happy for opportunities given, and that my primary reaction is only on what this will do to spamfigures and cyber crime around the world? If the add made one thing clear it is that fibre optics offers all sorts of opportunities and that African police forces will have to rise to fighting cyber crime at some point in time. Internet safety is also of utmost importance to African organisations and end users.
What to bring to Afrinic?
So here I am, with an invitation to present to African LEAs present at an industry – LEA meeting. What to say? Where to start? At the Internet Governance Forum 2009 in Sharm el Sheikh, Egypt, African participants mostly reacted with a plea for funding when international cooperation was concerned. This got me thinking. Couldn´t written off forensic gear of western LEAs be donated to African colleagues? It will work for several more years, right? Still, the African comments kept sitting in the back of my head after I was invited to present.
As I was asked to bring the presentation I did in London, this could be the easy way out, but would that work in the African environment? My first thoughts are that as most countries in Africa will be fairly new to preventing and fighting cyber crime, there are a lot of lessons learned and best practices out there for them to build on. E.g., tested legislation, self regulation, first steps in cross border cooperation and cooperation with industry. Being new to an old job means you have a lot of possibilities to choose from and can go for what works best.
Work on procedures to exchange information
As I will probably only have about 30 minutes I think it important to stress to make sure to work on procedures for LEAs and Afrinic. LEAs, whether from Africa or elsewhere, will need information that Afrinic has in order to find evidence on cyber criminals. Afrinic could make clear what information it has in her databases and what part of this information is publicly available in her databases and what part is not. When a procedure is in place it will make information exchange faster. Do formal procedures have to go through a Mauritian court or via another applicable procedure? (Afrinic is based in Mauritius.) How can these be made as efficient as possible? What about training opportunities for LEAs?
Of course LEAs need to have like procedures within their own countries and maybe even need to be backed up by the law of their respective countries in order to be able to investigate spam and cyber crime at all. They need to be able to exchange information with colleagues (cross border), but all that is a different story.
Request for feedback
I would appreciate feedback on what to bring to this meeting as it is a good opportunity to speak to a lot of law enforcement officers from Africa on the fight against cyber crime.
Wout de Natris
19 October 2010