Australian and US governments have acknowledged electronic law enforcement is ineffective while supranational corporations control the information across global communications infrastructures, claims the Internet Industry Association (IIA).
IIA chief executive Peter Coroneos last week returned from 10 days in Washington where he led an Australian industry delegation as part of a joint US and Australian government and industry conference on critical infrastructure and protection. Australian representatives included NOIE, while officials from the White House, FBI and US Homeland Security also attended.
Speaking at a University of NSW conference on cyberspace law, Coroneos said private industry today had control of and access to global information that governments didn't. In an attempt to salvage control, governments were creating more laws, but they were unenforceable, he said.
"There's a recognition from both governments, Australian and US, that since industry controls and operates the infrastructure under which global communications occur, that without industry cooperation and a partnership arrangement, the traditional role of law enforcement in national security agencies is rendered largely ineffective. And for that [reason] we've seen people in private industry being accorded the highest level of security," he said.
"It's a recognition by that level of government that they don't have exclusive control any more."
Coroneos said governments have proposed the establishment of information-sharing advisory councils to address the power imbalance between themselves and industry, but he questioned whether industry had much to gain from them.
"[The sharing of information will be] more from industry back to governments, because they're [governments] concerned about the effects on shareholders. If you're a bank and you've been hacked, then the national security imperative is you've got to tell someone that's occurred.
"[For instance] the continual disclosure rules of the stock exchange state you must disclose to the market any material matters that could affect your share price. If you've been hacked, that's one. So there's a real sensitivity on the part of industry as to how much information they're prepared to share," Coroneos said.
Fellow conference speaker and Australian Securities and Investment Commission legal counsel in electronic enforcement, David Perry, said his personal view was the lack of an Australian law requiring ISPs to keep logs also affected this power imbalance.
"The government has a light-touch approach to regulation. The IIA code is trying to address that, but it will be a long process."
As for the proposal of information-sharing advisory councils, any exchange of information is good, said Perry, but there would always be impediments to the release of information when dealing with Customs and the like.
Another speaker in agreement was Michael Mac Neil, associate professor, Department of Law, at Carleton University in Canada.
"There is a view that the sovereignty of all governments is being undermined. With different international laws there's the suggestions of havens for data mining, defamation and such.
"There's pressure towards common denominators in international law to make them effective," said Mac Neil.
Coroneos referred to Exodus, formerly one of the largest Web hosting companies in the world, as an example of the power of Internet companies compared to governments. Exodus had operations in nations with different legal systems around the globe. The business claimed that one in three mouse clicks accessed content hosted on an Exodus site.
"Exodus could give content from Germany to the US because it owns it. You could try to take the company to court, but how are you going to get evidence against it when it is the one that controls the network?" Coroneos said.
Perry agreed that while such activity was blatantly illegal, theoretically those that control information can look at it and "who's gonna know?"
The privatisation of regulation was the answer to preventing more weak laws, Coroneos said.
"The good thing about codes as regulatory instruments is they adapt faster to technology. Rather than legislation that is too technology specific, or rather than legislation that is so vague it needs to be tested in court, we can be as specific as we like and change them."