Upload
caren-cain
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
CYBERCRIME
Dr. Tatiana Tropina, Max-Planck Institute for Foreign and International Criminal Law
Webinar27th of March, 2015
2
What is cybercrime?
New form? New medium?
• Migration of traditional crime on-line
• Cyber-offences: new type of crime (illegal access, illegal interference with data and system,…)
3
Underground economy
Moderator of the Silk Road after Utopia’s seizure: "is a serious blow to the darkweb marketplace
community…regroup, and do it again.” "Show them that you, we, are a hydra -- cut off one
head and ten more spring up”
4
Cybercrime: challenges
• Number of Users • International dimension • Missing mechanisms of control• Automation• Innovation• Availability of tools and information
5
Low impact
• High latency & lack of reporting
• Low impact on the victim hard to justify the violation of public order
6
Confusion and misconceptions
• Cybersecurity-related terms: “cybercrime”, “cyberwar”, “cyberattack”, “cyberterrorism” absence of a clear consensus
• Terms are used interchangeably, sometimes with little regard for what they actually mean
• Sensationalization and exaggeration • Overuse of such terms as ‘cyberwar’ and ‘cyber-weapons’
tendency to view the situation in catastrophic terms • Legal and regulatory responses: confusion and
misunderstanding
7
Legal domains
8
9
Cybercrime: legal aspects
A bit of history: the Love bug
10
• Created and launched in the Philippines, rapidly spread around the world within hours
• Affected 45 million users in more than 20 countries, inflicted a damage between $2 and 10 billion.
• Was traced to the Philippines, but Philippine law neither criminalize hacking nor the distribution of viruses
• Obtaining the warrant took several days, which allowed the suspect ample time to destroy key evidence
• Onel de Guzman, a former computer science student, was responsible for creating and disseminating the “Love Bug.”
• De Guzman was charged with theft and credit card fraud, but the charges were dismissed as inapplicable and unfounded
• De Guzman could not even be extradited to other country because extradition requires double criminality
Cross-border environment
• Safe havens: countries with no cybercrime legislation (cybercrime vs. “bread and butter” problem): impact on other countries
• Harmonisation of criminal law: computer crimes shall be criminalised in the same way (not necessary word-by-word) to allow collaboration
• On the surface: might seem easy, however: – Reaching consensus: what type of crimes?– Updating laws or applying existing laws? – How specific “cyber”-crimes should be?
11
Harmonisation?
• Sovereignty & control vs. borderless Internet• International instruments: fragmentation, no single
solution• The differences between the various legal systems • Religious, moral and cultural differences • Human rights concerns and different approaches to the
protection of privacy • Historical coincidences
12
Global solution?
• Which body is to take responsibility?
• Different needs?
• What is the level of standards, protection and safeguards?
• How to agree to disagree (e.g. content crimes)?
• A blame game – where we are?
Substantive and procedural law
• Substantive law (what crime is) is to the large degree harmonised
• Procedural frameworks: how we obtain evidence in digital environment: process of harmonisation started much later
• Which instruments to use? General or specific frameworks? How compatible are they in a cross-border environment?
• Encryption and innovation
14
Criminal procedure
• Computer artefacts and data are vulnerable• Old MLAT systems are slow• Sovereignty and jurisdiction• How to obtain data quickly?• Formal cooperation vs. informal information sharing:
admissibility issues
15
Way forward?
• Procedural frameworks: development and harmonisation• Mutual legal assistance• Transborder access to stored data• Privacy issues• Admissibility of electronic evidence obtained in different
jurisdiction
16
Human rights concerns
• How does the state achieve its criminal justice goal?• Investigative measures: simultaneously seamless and
very intrusive• Content-related crimes: restriction on freedom of
expression can possibly be turned into an instrument of oppression
• Difference between activism, hacktivism and…crime?
17
Privacy and investigations
• Data protection and privacy regulation in different countries
• Lowering the standards vs. minimal set of standards• Intrusiveness of investigations - who enables application
of the procedural instrument? • Some countries: little or no judicial oversight for the
most intrusive measures • Transborder access: privacy conflicts
18
Regulation: blurring borders
19
Criminal law Strictly regulated procedures
Specific safeguards
Law of war Intelligence lawPreventive police law
Private investigations
Safeguards?
20
Ecosystem of fighting cybercrime
Criminal law: limitations
Law: one of the most important components
However
• Criminal law can only react to the problem • Pro-active measures + reactive approaches• Capacity building, awareness raising, prevention, early
disruption, detection
21
Ecosystem: challenges
• Non-hierarchic network: missing mechanisms of control• Cybercrime: a fast-changing multi-faceted problem• No “one fits all” solution • Complex ecosystem: combination of top-down and bottom-
up approaches• Collaboration between public and private stakeholders• Need for transparency, accountability and human rights
protection
Industry role
• Starting in the 1990s with private hotlines for reporting child abuse and involvement of ISPs in blocking and removing illegal content
• Growing and developing in many areas, getting more private stakeholders involved in prevention, detection, investigation
• Different intermediaries (not only ISPs) are now considered as critical points for collaboration
Forms of collaboration
• Hotlines and reporting platforms (IWF, INHOPE)• Codes of conduct• Public awareness campaigns• Botnet mitigation projects• Capacity building programs (2 Centre, International
Centre for Missing and Exploited children) • Investigations: informal information sharing and ad hoc
collaboration towards structured approaches?
Industry: problems
• Investigating and prosecuting cybercrime: limitations (complement but never substitute proper legal frameworks)
• Clear frameworks , cost-effective solutions• Corruption, mishandling of investigations, transparency• Private censorship with no limits?• Deficit of control• Enforcement in a cross-border environment
Role of civil society
• Criminal law: the highest degree of governmental intervention
• Policy-making and law-making processes: still top-down? • Bottom up approaches: awareness raising, voluntary
initiatives, privacy discussions, human rights protection• National and international level
Finding balance
• Safeguarding the Internet
• Protecting human rights
• Protecting interests of all stakeholders
• Building capacity and trust
27
Thank you!
Tatiana TropinaSenior ResearcherMax-Planck-Institut für ausländischesund internationales StrafrechtGünterstalstr. 7379100 Freiburg i.Br. Tel.: +49 (761) 7081-0Fax: +49 (761) [email protected]
28