Digital innovation is transforming almost every sector of the economy by introducing new business models, new services, and ultimately new ways of creating value and jobs. These digital solutions provide important benefits, but they also bring major risks and cybercrime threats for both developed and developing countries.
Notorious bank robber, Willie Sutton, allegedly said that he robs banks because “that’s where the money is.” Today, that is no longer true. The money is in the information. And the information can be obtained surreptitiously in various ways, including hacking to steal all types of data, or purchasing it on the dark web from cyber criminals.
The very concentration of information among private companies and the public sector may have positive aspects, but it also makes us more vulnerable. Last year, for example, Marriott International, British Airways, Adidas AG and Humana Inc were all hacked.
As people in developed and developing countries become increasingly connected and adopt digital technologies, they also become more vulnerable to data breaches and various forms of cybercrime: from phishing and pharming to cyberstalking, cyberdefamation, and theft, forgery, and any other criminal mischief involving the Internet.
In this context, we recently held the first international Cybercrime NETwork event which brought together some 100 participants from 18 countries across six continents. At the event, jointly organized with the U.S. Internal Revenue Service at World Bank headquarters, participants shared knowledge and experiences on topics such as cryptocurrencies, the dark web and blockchain tracing, as well as methods for investigating cybercrime and strengthening countries’ cybersecurity. In many countries tax administrations also have the data and capability to aid in detecting and investigating all sorts of financial crimes, in collaboration with other agencies.
“Democratization” of Cybercrime
Through the various interventions, it became clear that the “democratization” of Internet-based burglary tools of cybercrime is a huge challenge for tax authorities across the world. And this challenge requires a global and coordinated solution and much more support for, and cooperation with, authorities in developing countries.
Anonymity enabled by digital innovation has been a boon for tax evaders, prompting authorities to seek out more knowledge and international collaboration in tax enforcement. For example, there are currently more than 2,000 crypto currencies, with different levels of privacy requiring different tools for investigators to trace. Encryption and decryption are in a virtual arms race, with the state of play depending on the device where the data is stored and the tools becoming available to law enforcement.
Some cyber-relevant guiding principles
In the face of these challenges, how can we best help countries and policy makers move towards a more positive vision for effectively fighting cybercrime?
Here are five guiding principles that we shared with the participants at the cybercrime event and that could help guide the conversation on the way forward.
Exert leadership of the cybercrime agenda in manner that builds trust. The cybercrime agenda is inherently a governance agenda that requires the active participation of diverse stakeholders from both the public and private sectors. This is necessary to gather their insights, build awareness and ownership. The resulting legal regime is one that should provide an objective, predictable, transparent, and universally-applicable set of rules.
Define ‘sensible’ enforcement powers. We would expect governments over time to establish units with specialized expertise in cybercrime to support investigation, prosecution, and other functions.
Safeguard fundamental rights of speech and privacy. Regulatory frameworks must assure the freedom of speech and access to information. Yet, according to the United Nations Conference on Trade and Development (UNCTAD), only 107 countries had privacy laws or bills in place as of 2014.
Establish public-private partnerships. The responsibility for stopping cybercrime not only rests with governments but also with the private sector. Some aspects of the relationship may be straight forward, such as knowledge sharing. Others a bit trickier: for example, which companies can the government trust and thus warn about cyber threats? When should a company be held liable for its failure to safeguard consumer data? When can companies be compelled to decrypt devices or build-in back doors in software for later use by law enforcement?
Strengthen international cooperation. Developed countries, such as the ones represented at the Joint Chiefs of Global Tax Enforcement (J5), are likely to further strengthen their operational cooperation. However, more should be done to share knowledge with developing and less connected countries. Efforts to multi-lateralize legal frameworks should also continue, not least to address obvious, legal gaps. Remarkably, identity theft has not been universally condemned in multilateral instruments, nor have extortion, spam, harassment, stalking, or bullying.
Through technical assistance and advice, the World Bank is already working with developing countries to manage cyber-risks via several initiatives. For example, the World Bank’s Legal Department has developed an assessment tool for client countries to evaluate their legal, institutional and technical capacity to combat cybercrime. And the Stolen Asset Recovery Initiative (STAR), implemented jointly with UNODC, works with developing countries and financial centers to prevent money laundering and facilitate return of stolen assets. The Bank’s Global Tax Team also works with client countries to build capacity, help strengthen tax administration, and combat cybercrimes.
It’s clear that more cooperation between developed and developing countries is needed to address effectively the cybercrime threats that countries face. The first international Cybercrime NETwork event was a step in the right direction to help governments find more effective and collaborative responses to tackle the increasing cyber risks. As World Bank Group we stand ready to support these efforts.
Willy Sutton, the notorious bank robber, ended up in jail for most of his adult life, having stolen about $2 million. Today, cybercrime costs the global economy some $600 billion annually, suggesting that in the absence of real progress, crime now pays like never before.