Cleaning up the 'net

An Action Plan to combat the use and abuse of the internet for financial crime.

Cleaning up the 'net

An action plan to combat the use and abuse of the internet for financial crime



The internet is not a thing, it is not a place, it is not a person.

The internet, of itself, does nothing. It performs no function.

The internet does not form intent. It has no conscience.

The internet cannot be policed, it cannot be legislated and even if it could, no enforcement is possible. However, the internet has "touch points" that have physical and legal presence in countries. Those touch points can be policed, they can be the subject of legislation and enforcement can be effective.

In some ways, the internet is like the pipes in a domestic plumbing system. The plumbing system allows the delivery of water to terminal points: taps, showers and toilets; the internet allows the delivery of instructions and information to terminal points - computers. Activity that appears to happen "on the internet" actually happens on those computers.

Computers do nothing unless they are instructed to do something. Like a tap doesn't turn itself on, a computer does nothing without, initially at least, instructions from a human.

For too long we have talked about regulating "the internet."

The internet is the wrong target. To combat crime committed using the medium of the internet, we must regulate the people who use the internet to commit crime.

We know from wider criminal behaviour that a significant amount of crime is committed for profit.

Criminals who commit e.g. fraud over the internet cannot do so in isolation. The internet is not a thing but it is an eco-system. And around those criminals there are a host of seemingly honest businesses all willing to take a share of the criminals' profits in return for providing a range of services.

Cleaning up the 'net identifies them and shows how they can be recruited in the battle against crime, some of which is committed on-line.

But there is more: as Henry Shuster, a journalist who ran with a story that was not true, wrote about modern media, there is "a morsel of news, chewed over by endless panels of underqualified and over-opinionated pundits who replace reporting with pontification. Time gets filled, reputations get ruined — and no one bothers to check if the story is true."

Fake news, extortion, scams, pornography and dark markets are all within the scope of this non-technical review of the internet and what can be done to reduce the harm caused by a small percentage of its users.


Published in paperback 2015. 

This course is updated 2021.


Level: advanced

Pre-requisites: Using Quick To Learn More - manual and FAQ.

Language: English.

Portable CPD (TM): 10 hours

Certificate in Financial Crime Risk and Compliance (cFCRC) points: 25

Examination: No

Certificate of Completion: Yes.

Access: unlimited 12 months. Includes all updates during access period.

Price includes UK VAT where applicable.

Payment gateway: Stripe

---------------------------------------------


Contents

  • 1

    About this course

    • Caveat and Legal

    • Status of this Course

    • Pre-requisite

  • 2

    Introduction

    • The Internet is not a thing

    • We are where we are, but that is rarely where we should be.

  • 3

    Executive Summary

    • Introduction

    • The Problem

    • The Technology

    • The Solution

    • The methods

    • Enforcement

    • The results

    • About Nigel Morris-Cotterill

  • 4

    When the internet was young

    • The first paper

    • 1999 - when the internet was young.

    • Apparently legitimate businesses benefit from the criminal activities of their customers. And governments help.

    • Why internet crime and real world crime should be treated as the same thing.

    • Reform must include immediate suspension of suspicious websites.

    • We've been doing it all wrong. But we know how to do it right.

    • When criminals disappear, they still leave ripples. We already know how to interpret those ripples.

    • Author's note

  • 5

    The Use and Abuse of the Internet in Fraud and Money Laundering (1999)

    • Abstract

    • The Internet. A feat of technology - but little more revolutionary than the ball-point pen.

    • Is regulation of the Internet desirable?

    • In cyberspace, everybody knows your name but no one knows who you are

    • "It must be true, it's on the computer"

    • Internet fraud is easy

    • A vehicle for the rapid dissemination of information.

    • Encryption is one of the battlegrounds when regulation of the internet is considered.

    • Liability of ISPs for content of websites and mail

    • The internet: opportunities for money laundering

    • The internet and transfer pricing

    • Electronic cash

    • Conclusions

    • Note: 2015

  • 6

    The Problem

    • Introduction

    • Crime is crime is crime, regardless of the means used to commit it.

    • Codification and the Rule of Lenity

    • Laws to stop spam actively facilitate spam. That must change.

    • Drafting laws to outlaw fraud is simple. Governments don't want to do it, or they don't want to apply existing laws to the internet.

    • Some laws actively facilitate breaches of intellectual property rights. That must change.

    • US style republication laws protect blackmailers, bullies and extortionists. This must change. (1)

    • US style republication laws protect blackmailers, bullies and extortionists. This must change. (2)

    • The liabilty of search engines and referral sites.

    • More about search engines.

    • Search engines and obvious hate speech

    • How social media allows the spread of false and objectionable information.

    • Lies, lies and more lies.

    • The internet and conspiracy theorists (1)

    • The internet and conspiracy theorists (2)

    • Is republishing a libel a libel?

    • Lies spread at the speed of light.

    • Recklessness and gross negligence in on-line media.

    • Recklessness and gross negligence in reporting (2)

    • CASE STUDY: How the USA supports the origination and spread of false statements (1)

    • CASE STUDY: How the USA supports the origination and spread of false statements (2)

    • CASE STUDY: How the USA supports the origination and spread of false statements (3)

    • Spreading crime by stealth (1)

    • Spreading crime by stealth (2)

  • 7

    The Technology

    • The basics.

    • Data storage, distribution and redistribution (1)

    • Data storage, distribution and redistribution (2)

    • Data storage, distribution and redistribution (3)

    • Data storage, distribution and redistribution (4)

    • Virtually virtual: the internet is not a thing.

    • Identifying a location on the internet

    • Proxy Servers and Relays

    • Building success by strategically interupting data flows.

    • Data "packets"

    • Internet Protocols

    • IPv6: fun with numbers

    • "Reverse Proxy Servers"

    • Case Study

    • Proxy servers

    • What drives technological development?

    • The proliferation of top level domains

    • Criminals like really cheap stuff - and free is even better.

    • Domicile of Domains and Registrants (1)

    • Domicile of Domains and Registrants (2)

    • Domicile of Domains and Registrants (3)

    • Tracking users

    • Still more intrusive behaviour....

    • Of babies and bathwater

    • Domination and abuse in advertising.

    • Click Fraud

    • CASE STUDY: THE TOR PROJECT - the case for individual privacy

    • The Dark Side

    • The Who, the What and the Where.

    • The risks of shortened links

    • Rogues' Gallery

  • 8

    Public v private interest

    • Should we ban encryption?

    • The realities of attempts to ban encryption

    • More on copying of content.

  • 9

    The Solution

    • We already know how to do it, if the political will is there.

    • Information is generic; processing and analysing it is therefore generic.

    • Transaction reporting for data?

    • Suspicious activity for data?

    • Summary

  • 10

    The Method

    • A global, supra-national body

    • Don't regulate "the internet"; regulate people and their conduct.

    • Make "the internet" a product of responsible society.

    • What is The Internet Action Task Force?

    • What can we learn and apply from action against low-tax jurisdictions?

    • Global membership for a moral and fair approach.

    • Who should be represented on the The Internet Action Task Force?

    • Funding the The Internet Action Task Force

    • Legal Force of The Internet Action Task Force

  • 11

    Enforcement

    • The application of pressure

    • Sanctions for non-compliance

    • Compliance I/O

    • Blocking those committing malfeasance

  • 12

    The Result

    • Consequences - some good, some will meet with resistance.

    • Debunking myths to defeat objections.

    • Reduction of anonymity

  • 13

    Action Plan - Scratchpad

    • What is the scratchpad?

    • Scratch One

    • Scratch Two

    • Scratch Three

    • Scratch Four

    • Scratch Five

  • 14

    The Internet Action Task Force. DRAFT 24 Rules April 2015 / May 2021

    • Definitions

    • Recitals

    • 1. Adoption and compliance

    • 2. National Domain Name Registries

    • 3. Top Level Domains

    • 4. Property in Domain Names

    • 5. Misleading or fraudulent domain names

    • 6. Access to Registration Information.

    • 7. Transfer of domain information including e-mail addresses

    • 8. Free and anonymous e-mail services.

    • 9. Commercial e-mail.

    • 10. Adoption of IPv6 and implementation

    • 11. Fraudulent conduct and harmful materials

    • 12. Authorised access to computers and networks.

    • 13. Intellectual property

    • 14. Website owners as publishers.

    • 15. Providers of hosting, VPN, redirection and cloud services, etc. and approved persons.

    • 16. Action against promoters of and participants in terrorism.

    • 17. Communications services other than e-mail and applications for mobile devices.

    • 18. Cookies and user data

    • 19. Internet Service Providers and money laundering and support for terrorism.

    • 20. Internet client software

    • 21. Domain refusal, revocation, cancellation and suspension.

    • 22. The Internet Action Task Force Voting Procedure.

    • 23 Data Protection and transfer of data between countries

    • 24. Sanctions for non-compliance