Cleaning up the 'Net - An Action Plan to combat the use and abuse of the internet for financial crime

This title is out of print pending the publication of a second edition in Q4 2024

About this title

The internet is not a thing, it is not a place, it is not a person.

The internet, of itself, does nothing. It performs no function.

The internet does not form intent. It has no conscience.

The internet is like the pipes in a domestic plumbing system.

The plumbing system allows the delivery of water to terminal points: taps, showers and toilets.

The internet allows the delivery of instructions and information to terminal points - computers.

Activity that appears to happen "on the internet" actually happens on those computers.

Computers do nothing unless they are instructed to do something. Like a tap doesn't turn itself on, a computer does nothing without instructions from a human.

For too long we have talked about regulating "the internet."

The internet is the wrong target. To combat crime committed using the medium of the internet, we must regulate the people.

We know from wider criminal behaviour that a significant amount of crime is committed for profit.

Criminals who commit e.g. fraud over the internet cannot do so in isolation. The internet is not a thing but it is an eco-system. And around those criminals there are a host of seemingly honest businesses all willing to take a share of the criminals' profits in return for providing a range of services.

Cleaning up the internet identifies them and shows how they can be recruited in the battle against crime, some of which is committed on-line.

Introduction (extract)

The internet is part of the fabric of society and with demonstrable capacity to be misused by a wide range of criminals from fraudsters and extortionists, to those who hack devices to change their behaviour and as a tool in the armoury of terrorists. A root and branch review and a fundamental change of ethos is the only way to protect society at large from the actions of an increasing number of people who commit crime for profit, for ideological reasons or just because they can. And we also need to look at who profits from the use of the internet by those criminals. We have make them accountable for their business practices, as we have done across the financial sector.

In 1999, I published a paper called "The Use and Abuse of The Internet in Fraud and Money Laundering."* It received wide acceptance among the academic community and government departments but, as it appeared only in an academic journal, was not widely read in the financial sector. Recently, a number of the issues I raised have come back to the fore. As I considered them afresh, I realised that I had done much of the work before. 15 years before.
Cleaning Up the 'Net" started as a problem for which I needed a solution, became a pitch for an article and then turned into a book. The book became an action plan for a global strategy which can be implemented only by co-operation between governments.

We know that the internet provides, simply because of its scale, ideal opportunities for criminals to use social networks such as Facebook, twitter and Google+, free and anonymous e-mail accounts such as Yahoo! and even mobile messaging like Blackberry Messaging (BBM) and WhatsApp as command and control networks as well as recruiting tools and for the dissemination of propaganda.

The internet is a place full of dark and dangerous places. Attempts at regulating the internet have focussed on limited applications, nibbling around the edges. Nigel Morris-Cotterill says this is not the correct solution. The correct solutions will revolutionise the internet, will make access more difficult and more expensive and will reduce the number of players. It will make those remaining players more responsible. It will take courage and political will and a global initiative. If that sounds improbable, it's been done before. The mistakes of the previous application can be avoided and the 'net can be cleaned up very quickly and at little or no cost to governments.

There will be pressure groups, special interest groups and commercial enterprises who complain, who say that this will have an unnecessarily restrictive impact on "rights."

You choose: regulation or anarchy, safety or harm?

We've done it before. Are we brave enough to require our governments to do it again?

Dedication 5
Caveat 6
Executive Summary 14
Introduction 14
The Problem 14
The Technology 15
The solution 15
The methods 15
Enforcement 16
The results 16
Nigel Morris-Cotterill 17
Introduction. 19
1999 - when the internet was young. 19
Apparently legitimate businesses benefit from the criminal activities of their customers. And governments help. 22
Why internet crime and real world crime should be treated as the same thing. 23
Reform must include immediate suspension of suspicious websites. 25
We've been doing it all wrong. But we know how to do it right. 26
When criminals disappear, they still leave ripples. We already know how to interpret those ripples. 29
Author's note 31
The Use and Abuse of the Internet in Fraud and Money Laundering (1999) 33
Abstract: 33
The Internet. A feat of technology - but little more revolutionary than the ball-point pen. 34
Is regulation of the Internet desirable? 36
In cyberspace, everybody knows your name but no one knows who you are 37
"It must be true, it's on the computer" 40
Internet fraud is easy 40
A vehicle for the rapid dissemination of information. 46
Encryption is one of the battlegrounds when regulation of the internet is considered. 47
Liability of ISPs for content of websites and mail 49
The internet: opportunities for money laundering 52
The internet and transfer pricing 56
Electronic cash 57
Conclusions 58
Note: 2015. 59
The Problem 61
Crime is crime is crime, regardless of the means used to commit it. 62
Codification and the Rule of Lenity 63
Laws to stop spam actively facilitate spam. That must change. 64
Drafting laws to outlaw fraud is simple. Governments don't want to do it, or they don't want to apply existing laws to the internet. 68
Some laws actively facilitate breaches of intellectual property rights. That must change. 69
US style republication laws protect blackmailers, bullies and extortionists. This must change. 70
Is republishing a libel a libel? 94
Spreading crime by stealth. 113
CASE STUDY: Ransomware 113
The Technology 123
Where in the world is my data? 124
Virtually virtual: the internet is not a thing. 132
Proxy Servers and Relays 136
Data "packets" 143
Internet Protocols 144
IPv6: fun with numbers 149
"Reverse Proxy Servers" 151
The proliferation of top level domains 165
Domicile of Domains and Registrants 170
Click Fraud 185
CASE STUDY: THE TOR PROJECT - the case for individual privacy 187
The Dark Side 191
How TOR supports the hidden web. 192
Rogues Gallery 198
The World's Worst Spam Producing Countries 198
The World's Worst ISPs 199
The World's Worst Spammers 200
The Top 50 comment spammers 200
Should we ban encryption? 202
More on copying of content. 205
The solution 209
The Method 217
What is the The Internet Action Task Force? 219
Who should be represented on the IATF? 225
Funding the IATF 228
Legal Force of IATF 229
Enforcement 233
The result 241
Action Plan - Scratchpad 247
The Internet Action Task Force 259
DRAFT 20 Recommendations April 2015 259
1. Adoption and compliance 261
2. National Domain Name Registries 262
3. Top Level Domains 264
Jurisdictional TLDs and non-Jurisdictional TLDs 264
.com and .net TLDs 265
.org TLDs 267
.mil, .edu, .gov 268
.int 269
Basic information required for purchase of a domain 270
Address for service of notices relating to hosted domains. 271
Legal Residence 272
Required Sub-subjurisdictions 273
Retention of Documents 273
4. Property in Domain Names 274
Ownership 274
Misleading or fraudulent domain names 275
6. Access to Registration Information. 276
7. Transfer of domain information including e-mail addresses 276
8. Free and anonymous e-mail services. 277
9. Commercial e-mail. 279
10. Adoption of IPv6 and implementation 281
11. Fraudulent conduct and harmful materials 282
12. Authorised access to computers and networks. 286
13. Intellectual Property 289
14. Website owners as publishers. 292
15. Providers of hosting, VPN, redirection and cloud services, etc. and approved persons. 296
16. Action against promoters of and participants in terrorism. 299
17. Communications services other than e-mail and applications for mobile devices. 301
18. Cookies and user data 304
19. Internet Service Providers and money laundering and support for terrorism. 305
20. Internet client software 307
20. Domain refusal, revocation, cancellation and suspension. 310
21. IATF Voting Procedure. 312
22 Data Protection and transfer of data between countries 314
23. Sanctions for non-compliance 315
Definitions 316
Case Study 317
1. Disallow ALL html in e-mails. 319
2. Hide your logo. 322
3. Don't get added to spam-lists. 332
CASE STUDY: Removing an illegal copy of copyright material. 335
Some brief notes on relevant EU law and how it both helps and hinders the Action Plan 347
Afterword 367

Keywords: anonymising services, Cloud, enforcement, fraud, intellectual property, internet, IP, ISP, liability, money laundering, Search Engine, theft

© 2015 Nigel Morris-Cotterill
All rights reserved