Impact of Information Technology
• Development of IT has changed our
– societies
– commerce
– lifestyle (communication, working, shopping)
• This creates considerable legal problems in many areas
• Its more important than ever to legislate on computer or cyber crime
Crimes relating to computers
Definitions
• Computer crimes
• Cyber Crimes
• Electronic crimes
Characteristics
• traditional & new criminal activities
• transnational
Problems
• unreported
• lack of training
Role of Computer in Crime
Computer as Target
• Using a Computer to attack victim computers
• Attacks on the confidentiality, integrity or availability of information or systems
Computer as Tool
• Fraud
• Gambling
• Pornography
• Piracy
• Harassment
Computer as Accomplice
• Personal information (diaries, downloaded e-mails)
• Contraband (porn)
• Stolen Information (trade secrets, credit cards)
• Key evidence unknown to suspect!!!
Cyber-criminals
Insider threats (employees)
Hackers (teenage thrill-seekers to sophisticated criminals)
Hactivists (overloads e-mail servers or
hack web sites to send
political message)
Virus writers Criminal groups
(attack systems & steal password for financial gain)
Sensitive intrusions (sensitive information is obtained via computer
intrusions)
Information warfare (alternative to military
attacks)
Terrorists (who have potential to
disrupt government systems with computer attacks)
Cyber Warfare (attack by sovereigns ---
Crime or Declaration of war)
Jurisdiction in “Real” World
governing law
jurisdiction forum
conveniens enforcement of judgments
Transnational Crime
determining the locus
delicti
Trans-border investigation
jurisdictional conflicts
extradition
Challenges for legal regime
Can we adapt existing law to cyberspace?
Do we need new legislation?
• Problem comes when very idea of jurisdiction, based on geographic boundaries, is difficult to apply to Internet which does not recognize geographical distinctions
What are options other than legislation?
• International/regional treaties
• International convention
• Development by system operators and Internet users of "rules" for behavior on Internet?
• Options available to individuals to regulate their conduct on a private basis - through contracts, private associations, custom etc.
International efforts
1977 • First comprehensive proposal for computer crime legislation
was introduced in US Congress by Senator Ribikoff in 1977
1983 • Recommendations of expert committee of OECD in Paris in
1983 to ensure legislation for certain categories of computer crime
1986 • OECD ‘Computer-Related Crime’ Report 1986
1989 • Council of Europe Recommendation R(89) 9 on computer
misuse
1990-92
• Discussed at 13th Congress of International Academy of Comparative Law in Montreal in 1990, at UN’s 8th Criminal Congress in Havana 1990, and at a Conference in Wurzburg, Germany in 1992
International efforts
1995 • Council of Europe Recommendation R(95) 13 (“problems of procedural
law connected with information technology”)
1995-2000 • Interpol organized its International Conference on Computer Crime in
1995, 1996, 1998, and 4th Conference was held in 2000
2001 • Convention on Cyber-Crime 2001
2007 • ITU launched the Global Cybersecurity Agenda (GCA) in May 2007 by
the Secretary General
2008 • ITU's High Level Experts Group delivered Report with
recommendations, including on cybercrime legislation, in August 2008
2011 • ITU in 2011 published a book: Understanding Cybercrime: Phenomena,
Challenges and Legal Responses, by Professor Marco Gercke, Germany
Convention on cyber crime
30 states sign Convention at opening ceremony at Budapest, on 23.XI.2001
First international treaty on cyber crimes, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security
Contains a series of powers and procedures such as search of computer networks and interception
Main objective is to pursue a common criminal policy aimed at protection of society against cyber-crime, especially by adopting appropriate legislation and fostering international co-operation
Convention is product of four years of work by experts of Council of Europe, United States, Canada, Japan and other countries which are not members of the Organization
Approaches of Various Countries (sometime back)
No special legislation
• Argentina
Amendments in penal laws
• Australia
Special laws
• Singapore
Objectives of cybercrime legislation
to deter actions directed against
• confidentiality
• integrity
• availability of computer systems
• networks
• data
• misuse of such systems, networks and data
to combat such criminal offences, by facilitating
• detection,
• investigation
• Search & seizure
• prosecution of such criminal offences
Possible offences
Attempt and aiding or abetting
Corporate liability
Criminal access
Criminal data access
Cyber stalking
Cyber Terrorism
Data damage Defamation Forgery Fraud
Malicious code
Misuse of devices
Misuse of encryption
Obscenity Phising
Spamming System damage
Traditional crime
Unauthorized access to
code
Unauthorized interception
Waging cyber war
Investigation & International cooperation
Investigations by Investigation Officer
Power of Investigation Officer to access
computer and data
Expedited preservation of evidence
Real-time collection of traffic data
Trans-border access International co-
operation
Territorial scope of offences
Next Steps
Basic information to computer users
Training of IOs, lawyers, judges
Center of Excellence on Information Security
Establish Computer Forensic Lab
Prepare investigation kit & instructions
Convince Government for Legislation
Promote Cyber-computer ethics
Recommended