Blueprint for e-Commerce Identity Authentication Launched - Conclusion of APEC TEL 27 Meeting in Kuala Lumpur
A report to guide governments in developing appropriate laws to enable the identification authentication of individuals and computers during electronic transactions has been presented at the APEC Telecommunications Information Working Group in Malaysia.
The "Electronic Authentication: Issues Relating to its Selection and Use" report has been described by eSecurity Task Group Chair, Steve Orlowski, as a major step forward in extending secure e-commerce throughout the APEC region.
"One of the major risks when exchanging money Online is knowing whether the person you are sending money to is legitimate and not a fraud," said Mr Orlowski.
"The Electronic Authentication report will assist governments to enact effective legal and policy frameworks for Internet users to determine with greater security that the person they are dealing with is genuine.
"The report provides a roadmap to assist governments to avoid obstacles that would deny their economies the benefits of electronic commerce."
The report was delivered as part of the APEC Telecommunications and Information Working Group Conference (APEC TEL 27) being held from 24 to 28 March in Kuala Lumpur, Malaysia.
Deputy Assistant Attorney-General at the U.S. Department of Justice, John G. Malcolm, has praised the initiatives in the report that he said is critical for the development of online trading in the region.
"It has been estimated that online trade in the Asia-Pacific region will grow by 720% from 2002 to 2006," Mr Malcolm said.
"This economic growth could be compromised by the activities of cyber-criminals and cyber-terrorists.
"The APEC TEL 27 meeting has brought about a number of achievements including the Electronic Authentication Report together with a number of other initiatives designed to create a safer environment for telecommunications and information networks and systems. These initiatives are in response to commitments made by APEC Leaders at their meeting in October 2002.
"The commitments made by the Leaders were designed to facilitate the implementation of cybercrime legislation in all APEC economies. It is envisaged that this legislation will assist the efforts of international cybercrime units and Computer Emergency Response Teams (CERTs) in the region.
"In their last meeting APEC Leaders stated that appropriate cybercrime legislation and systems for exchanging threat and vulnerability information should be operational by October 2003.
"In their 2002 Statement, the APEC Leaders also called for closer cooperation between law enforcement officials and business on issues of information security and fighting computer crime," Mr Malcolm said.
As part of this week's activities, APEC TEL 27 has conducted a CERT workshop, initiated projects funded by APEC to assist economies in developing CERT capabilities and in implementing Cybercrime legislation and approved the finalization of a compendium of computer security standards.
The CERT workshop, held over two days, was co-sponsored by Australia and Japan in close consultation with Malaysia as host of this week's APEC TEL meeting. The vulnerability of computer infrastructure and systems to cyber attack, particularly in developing economies was a key issue at the workshops.
Coordinator of the CERT workshop, Mr Alex Webling, Special Adviser for eSecurity at the Australian Attorney-General's Department said that the workshop was "both stimulating and challenging" and called for economies to consider ways in which APEC can establish effective CERTs across the region.
Mr Webling also said that Australia has committed US$100,000 to provide in-country training for Indonesia, Papua New Guinea, the Philippines, Thailand and Vietnam to develop CERT capacity. The APEC Budget Management Committee has endorsed an additional US$94,500 to extend this capacity building to Chile, Mexico, Peru and Russia.
The APEC Budget Management Committee has also endorsed a submission for the expenditure of US$76,000 to supplement a US$50,000 project from the United States to bring together experts in cybercrime law and policy," Mr Webling said.
"This meeting will allow them to exchange views on the development of comprehensive cybercrime legal frameworks and the establishment of cybercrime investigative capacity to cooperate between economies."
The APEC TEL 27 meeting also approved the finalization of a compendium of computer security standards. The compendium which was developed in cooperation with Standards New Zealand will assist business and government in identifying the appropriate standards for implementing security on their computer networks and systems.