Official report

Offical report on visit to Washington DC of APIG 7-9 February 2005 on Internet security

Trip Objectives:

To follow up on progress since October 2003 visit (e.g. on UK/US anti-spam moves)
To facilitate an exchange of ideas and dialogue with lawmakers and influencers in the US
To brief them on the current legislative situation in the UK and EU
To gain an understanding of the US approach to information security (particularly for health and financial information), including budgets and organisational responsibility
To discuss international technical, legislative and social solutions that will achieve results and inform policy to the respective Governments
To encourage UK and US Governments to lead the way on ‘information society’ issues on a global scale, e.g. for the EU/US Summit and WSIS, in conjunction with industry
To ensure that the appropriate lawmakers and influencers on both sides of the Atlantic continue to engage in dialogue after the trip

UK delegation included:

Derek Wyatt MP
Ian Taylor MP
Ian Stewart MP
Claire Hobson, DTI
Phil Budden, British Embassy, Washington DC

Meetings were held with:

Senator Ron Wyden (D-Oregon)
Congressman Rick Boucher (D-Virginia)
Ambassador Gross, US State Department
Andy Purdy, Head, Cybersecurity Division, Department of Homeland Security
Lydia Parnes, Acting Director of Bureau of Consumer Protection Division, Federal Trade Commission (FTC)
Members of the Cyber Crimes Unit and innocent Images Unit, Federal Bureau of Investigation (FBI)
Alan Charlton, Deputy Ambassador, British Embassy, Washington DC
Paul DeGregorio, Vice Chair, Election Assistance Commission
John Harwood & Partners, Wilmer Cutler Pickering Hale and Dorr LLP
Tom Galvin & Partners, 463 Communications
Christian Rogan, MessageLabs UK Government Relations
Microsoft, US Government Team
MessageLabs, US Office
Vodafone, US Government Team

The UK Delegation were invited to the annual ‘State of the Net’ conference of the US Internet Caucus. The Members of Parliament sat on the ‘international panel’ organised to highlight their mission, alongside Ambassador Gross from the US State Department and Erika Mann MEP. The Parliamentarians used the platform as an opportunity to underline the UK's role in tackling internet security breaches through enforcement, and in building on British-American agreement to secure meaningful international collaboration, as with the 26-state 'London Action Plan'. There was general audience interest in the prospect of moving beyond 'spam' to the more worrying cyber security dimension, and in the UK and US leading the way. The MPs stressed that more private companies had to ensure they had effective and enforced security policies rather than rely on legislative protection.

Key messages from the US:

The agencies responsible for internet security reported good working relationships with their UK counterparts, seeing the UK as a close ally
The US reported increased organised crime in the cyber arena. This has now become a major threat to the internet-based 'information society', and to the digital aspects of the knowledge-based economy, particularly to the authenticity of health and financial related information
In both the cyber crime and cyber security areas, the US contacts were well aware of the international dimension to the challenge, with much sourced from Eastern Europe, states of the 'Former Soviet Union' and the Far East
There is considerable scope for improved information sharing nationally and internationally. Lack of resource was cited as a hindrance to improving information sharing across borders
Industry is making good progress on technical solutions. These were becoming more sophisticated and widely available. E-commerce was being held back by ‘trust’ issues such as authentication
Industry is co-operating with enforcers in some areas, e.g. ISPs for email information, but companies are reluctant to share, even in the strictest confidence, that they have suffered a cyber attack, e.g. DDOS
Legislators that passed the CAN-SPAM Act recognise that this is only part of the solution
The US agencies stress the need to combat terrorism as their goal, though they admit that organised crime is the bigger current threat

Achievements:

The Delegation succeeded in raising the profile of the view that nuisance 'spam' has given way to more serious challenges from organised crime in the cyber arena
In the context of both the UK’s EU Presidency, and in preparation for the new World Summit on the Information Society (WSIS), the delegation has contributed positively to the process of agreeing a British-American agenda on these 'information society' issues with the US Administration and their American counterparts in the US Congress

By encouraging British-American leadership in these areas - as with 'spam' and the resulting multilateral effort, the delegation has made progress in pointing transatlantic and global efforts in the right direction

Recommendations to UK Government:

APIG recommends that the Government looks at the current barriers to information sharing on cyber security both nationally and internationally (especially with the US) and initiates immediate discussions to find ways of breaking down these barriers
APIG recommends that the Government consider the merits of creating a cabinet level position responsible for information technology issues to create a focal point of responsibility for these critical issues
APIG recommends the Government do more to educate individuals and businesses about protecting themselves from cyber attacks.
Although the US and the UK have public/private groups looking at risks to critical national infrastructure, APIG have concerns about how effective they are
APIG recommends that the Government push for a multi- pronged international approach to spam enforcement that includes:
Technology – security/authentication
Active enforcement plan – national/international co-operation
User Awareness – firewalls/virus software/behaviour
Regulation – OECD toolkit for those countries who have no spam laws