Computer Crime Research Center

staff/mohamed.jpg

A Critical Look at the Regulation of Cybercrime

Date: May 11, 2005
Source: Computer Crime Research Center
By: Mohamed Chawki

Abstract

Introduction:
Cybercrime is a major concern for the global community. The introduction, growth, and utilisation of information and communication technologies have been accompanied by an increase in criminal activities. With respect to cyberspace, the Internet is increasingly used as a tool and medium by transnational organised crime. Cybercrime is an obvious form of international crime that has been affected by the global revolution in ICTs. As a resent study noted, cybercrimes differ from terrestrial crimes in four ways: “They are easy to learn how to commit; they require few resources relative to the potential damage caused; they can be committed in a jurisdiction without being physically present in it; and they are often not clearly illegal.” On such a basis, the new forms of cybercrime present new challenges to lawmakers, law enforcement agencies, and international institutions. This necessitates the existence of an effective supra-national as well as domestic mechanisms that monitor the utilisation of ICTs for criminal activities in cyberspace.


I. The Rise of Crime in Cyberspace

The term “cyberspace” was coined by the science fiction author William Gibson in his 1984 novel Nuromancer, to describe the environment within which computer hackers operate. In this novel, the activity of hacking- securing unauthorized access to the contents of computer systems- is couched in very physical terms. The image is of the hacker overcoming physical security barriers to penetrate into the heart of computer systems and make changes to the physical structure thereby modifying the operation of the system. When departing, the hacker might even remove and take away elements of the system.
Cyberspace radically undermines the relationship between legally significant (online) phenomena and physical location. The rise of the global computer network is destroying the link between geographical location and: (1) the power of local governments to assert control over online behaviour; (2) the effects of online behaviour on individuals or things; (3) the legitimacy of the efforts of a local sovereign to enforce rules applicable to global phenomena; and (4) the ability of physical location to give notice of which sets of rules apply.
Faced with their inability to control the flow of electrons across physical borders, some legislators strive to inject their boundaries into electronic mediums through filtering mechanisms and the establishment of electronic barriers. Others have been quick to assert the right to regulate all online trade insofar as it might adversely impact local citizens. For example The Attorney General of Minnesota, has asserted the right to regulate gambling that occurs on a foreign web page that was accessed and ‘brought into’ the state by a local resident. Also, the New Jersey securities regulatory agency has similarly asserted the right to shut down any offending Web page accessible from within the state.
On such a basis this section examines the distinct phenomenon of “cybercrime”. Compare it with traditional crime and review the reports that have been conducted on its incidence and the damage it inflicts.

1.1 A Study of the Phenomenon
1.1.1 Understanding the Concept of Cybercrime
Generally speaking, computers play four roles in crimes: They serve as objects, subjects, tools, and symbols. Computers are the objects of crime when they are sabotaged or stolen. There are numerous cases of computers being shot, blown up, burned, beaten with blunt instruments, kicked, crushed and contaminated. The damage may be international, as in the case of an irate taxpayer who shot a computer four times through the window of the local tax office. Or unintentional, as in the case of a couple who engaged in sexual intercourse while sitting on computer sabotage destroys information, or at least makes it unavailable. Computers play the role of subjects when they are the environment in which technologies commit crimes. Computer virus attacks fall into this category. When automated crimes take place, computers will be the subjects of attacks. The third role of computers in crime is as tools-enabling criminals to produce false information or plan and control crimes. Finally, computers are also used as symbols to deceive victims. In a $ 50 million securities-investment fraud case in Florida, a stock broken deceived his victims by falsely claiming that he possessed a giant computer and secret software to engage in high-profit arbitrage. In reality, the man had only a desktop computer that he used to print false investment statements. He deceived new investors by paying false profits to early investors with money invested by the new ones.
In the United States, police departments are establishing computer crimes units, and cybercrime makes up a large proportion of the offences investigated by these units. The National Cybercrime training Partnership (NCTP) encompasses local, state, and federal law enforcement agencies in the United States. The International Association of Chiefs of Police (IACP) hosts an annual Law Enforcement Information Management training conference that focuses on IT security and cybercrime. The European Union has created a body called the forum on Cybercrime, and a number of European states have signed the Council of Europe’s Convention on Cybercrime treaty, which seeks to standardize European laws concerning cybercrime. From this perspective, each organization and the authors of each piece of legislation have their own ideas of what cybercrime is-and isn’t. These definitions may vary a little or a lot. To effectively discuss cybercrime in this part, however, we need a working definition. Toward that end, we start with a board, general definition and then define specific one.
When speaking about cybercrime, we usually speak about two major categories of offences: In one, a computer connected to a network is the target of the offence; this is the case of attacks on network confidentiality, integrity and/ or availability. The other category consists of traditional offences- such as theft, fraud, and forgery- which are committed with the assistance of/or by means of computers connected to a network, computer networks and related information and communications technology. Cybercrime ranges from computer fraud, theft and forgery- to infringements of privacy, the propagation of harmful content, the falsification of prostitution, and organized crime. In many instances, specific pieces of legislation contain definitions of terms. However legislators don’t always do a good job of defining terms. Sometimes they don’t define them at all, leaving it up to law enforcement agencies to guess, until the courts ultimately make a decision. One of the biggest criticisms to the definition of computer crime conducted by the U.S Department of Justice (DOJ) is of its overly broad concept. The (DOJ) defines computer crime as ‘any violation of criminal law that involved the knowledge of computer technology for its perpetration, investigation, or prosecution’. Under this definition, virtually any crime could be classified as a computer crime, simply because a detective searched a computer data base as part of conducting an investigation.
One of the factors that make a hard-and-fast definition of cybercrime difficult is the jurisdictional dilemma. Laws in different jurisdictions define terms differently, and it is important for law enforcement officers who investigate crimes, as well as network administrators who want to become involved in prosecuting cybercrime that are committed against networks, to become familiar with the applicable laws.
Also, one of the major problems with adequately defining cybercrime is the lack of concrete statistical data on these offences. In fact, reporting crimes is voluntary. This means that the figures are almost certainly much lower than the actual occurrence of networked-related crime.
In many cases, crimes that legislators would call cybercrimes are just the ‘same old stuff’, except that a computer network is somehow involved. The computer network gives criminals a new way to commit the same old crimes. Existing statutes that prohibit these acts can be applied to people who use a computer to commit them as well as to those who commit them without the use of a computer or network.
In other cases, the crime is unique and came into existence with the advent of the network. Hacking into computer systems is an example; while it might be linked to breaking and entering a home or business building, the elements that comprise unauthorized computer access and physical breaking and entering are different.
Most U.S states have pertaining to computer crime. These statutes are generally enforced by state and local police and might contain their own definitions of terms. Texas Penal Code’s Computer Crime section, defines only one offence - Breach of Computer Security- as ‘(a) A person commits an offence if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner’.
California Penal Code, on the other hand, defines a list of eight acts that constitute computer crime, including altering, damaging, deleting, or otherwise using computer data to execute a scheme to defraud, deceiving, extorting, or wrongfully controlling or obtaining money, property, or data using computer services without permission, disrupting computer services, assisting another in unlawfully accessing a computer, or introducing contaminates into a system or network. Thus, the definition of cybercrime under state law...
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo