Research published earlier this week by internet security company McAfee has revealed that the Netherlands is a true paradise for cyber criminals. Politicians in The Hague reacted immediately with plans to curtail the privacy of computer users even more. This is an absurd reaction, thinks Mathieu Paapst, university lecturer in Law and IT at the University of Groningen. ‘This will solve very little. The government’s first concern should be to make citizens, and more importantly the business community and government bodies, more aware of the risks they are running.’
According to McAfee, there are only two countries where cyber criminals are more active than in the Netherlands: the United States and the Virgin Islands. 154 Dutch servers are used on a daily basis to control hundreds of thousands of computers all over the world. They send spam, phish for login credentials and passwords, crack bank accounts and steal confidential corporate and government data. It is understandable that the Netherlands scores so highly in the research, says Paapst. ‘We have an excellent internet infrastructure in the Netherlands. There are no fewer than 6.4 million broadband connections, some 1500 hosting companies – including Google’s European datacentre – and we are the world’s main hub for internet traffic. We are a frontrunner in the internet world. If you consider this, it’s not surprising that we are in the cybercrime top 3.’
Paapst does not object to the results of the research. ‘It’s how the politicians have reacted that bothers me. Their conclusion is that our third place in the cybercrime ratings is a bad sign and that we are apparently failing to track down the cyber criminals. And so they decide we need to sacrifice even more of the public’s privacy. But that’s a knee-jerk reaction. It should in fact be the other way around. The government should be enabling us to protect our privacy, not reducing it.’
Dutch datacentres contain some 1.5 million servers. Paapst: ‘Only 0.01 per cent of those servers are responsible for cyber-attacks, and to catch that 0.01 per cent the politicians want to introduce such rigorous measures that the privacy of all users is at risk. I really think that’s going too far. Compare it with “regular” burglaries. It’s like giving the police powers to search any house any time they please, without first asking the owner’s consent, only to check whether the owner doesn’t happen to be a burglar.’
Paapst notes that it’s knowledge that the Netherlands lacks the most. The awareness levels of computer users need to be raised. ‘The average citizen does not even know what botnets are, so how are they supposed to protect themselves against them? The recent advertising campaign highlighting the dangers of phishing was long overdue.’ Here is a job for the government, according to Paapst. ‘Computer users need to be much more aware of the importance of using an up-to-date virus scanner. And this applies equally to businesses and government bodies.’
‘The Dutch have a surprising amount of faith in technology,’ says Paapst. ‘But they are unaware of a lot of the risks. The same applies to government bodies and IT companies. A recent example was a pilot project whereby funeral directors can now report deaths online. Everybody talks about the advantages of the system, that it saves so much time for so many people, but nobody thinks about the disadvantages. Imagine a hacker breaking into the system and reporting someone as deceased. Or blackmailing somebody by threatening to do so. IT is still thought to be the solution to nearly everything, but it can only be a solution if serious thought is given to the disadvantages.’
Several measures will be required if you want to tackle cybercrime effectively, believes Paapst. ‘First the government has to do a lot more to increase the awareness levels of computer users. Then they need to increase the police presence online. In practice, many reports of cybercrime are simply not dealt with by the police. This is nothing to do with a lack of relevant powers, but is mainly due to the lack of knowledge and manpower. Take the situation where a person reports a trader on eBay for failing to deliver a purchase. The police probably don’t even know how to trace the trader’s location, let alone apprehend him.’ Paapst believes that another step towards a safer internet environment is a reporting obligation for businesses and government bodies in cases of attempts to steal their data. ‘That would help enormously to determine exactly what kind of risks we’re dealing with.’
Mathieu Paapst (Delfzijl, 1974) studied Law at the University of Groningen. He is now a lecturer and researcher for the Centre for Law and IT there. His research focuses on internet law, intellectual property rights and IT tenders, and the legal, ethical and social aspects of the information society.
The 51st edition of KEI week is devoted to the theme of sustainability. On Monday 12 August, around 6,000 KEI participants and KEI leaders were handed cloth bags instead of plastic ones and a KEI wristband with a chip enabling digital payments. A vegetarian...
Recent studies into the relationship between decreases in sea ice in the Arctic and ice-cold winters in the mid-latitudes, like the Polar Vortex cold waves in North America, seem to suggest that such a connection does indeed exist. However, the mechanisms...
Thursday 15 August marks the start of the 10-day Noorderzon Performing Arts Festival, held in our beautiful Noorderplantsoen park. Young and old will return home from the festivities slightly smarter than they were before, thanks to the ‘University...