Cisco and INTERPOL have announced a deal to share threat intelligence. The deal is headed by the INTERPOL Global Complex for Innovation (IGCI) in Singapore. As part of this deal the two organisations will develop a joint approach to coordinating and sharing data. The release says that the deal will improve threat detection around the world. It also believes that it will pave the way for future collaboration on training and knowledge sharing.
Noboru Nakatani, Executive Director of IGCI, commented: “The exchange of information and expertise between the public and private sectors is vital in combating cybercrime. No country or company can do this alone. INTERPOL’s agreement with Cisco provides us, and law enforcement in our 192 member countries, with access to important cyber-threat information which will help us not only detect attacks but also help prevent them.”
An interesting challenge for privacy advocates
For threat intelligence data to have value to law enforcement it needs to:
- improve detection of crime
- Identify the perpetrator
- Increase the chances of a conviction
Both of these require personal data and this is the challenge for threat intelligence teams and cybersecurity analysts. Much of the data they gather is, by its nature, anonymised or at least pseudo-anonymised. When you start to bring those sets together you begin to create data that quickly identifies individuals. It is an issue that is already beginning to happen as AI and machine learning systems pore through the vast amounts of data.
Even without that AI approach, we’ve seen anonymous data sets ruled as PII when they are combined with other data. The case of Breyer vs German Government is one such case that shows how PII can be inadvertently created. Here, the intention will be to create PII.
It is worth noting that countries across Europe are setting out their rules for who is exempt from many GDPR provisions. Law enforcement and intelligence services are two activities that European countries are granting exemptions to. That means that INTERPOL is exempt from a number of provisions over what it gathers and holds. However, Cisco is not. There will be a lot of interest in exactly what Cisco is providing and what provisions there are to delete or correct that data.
What does this mean?
Putting all of this aside, this is an important deal. Cyber-attacks are being launched from around the globe. Some are individuals, some are sophisticated criminals gangs and some are state-sponsored actors. The latter is particularly difficult to pin down due to the resources at their command. This level of threat intelligence combined with intelligence on criminals could deliver some significant breakthroughs.
Singapore has some of the tightest privacy and cybersecurity laws in the world. It is seen as a trusted location by the EU and as the data is being shared with INTERPOL there is unlikely to be any objection to this deal from lawmakers. The big question is how many other threat intelligence companies will see this as a green light to work with INTERPOL?