Anonymity in Cyberspace: Finding the Balance
Date: July 09, 2006Source: Computer Crime Research Center
By:
... that contain bomb threats against a given building or threats to cause serious bodily injury.[54] Thus Internet based activities should consistently with physical world activities and in a technology-neutral way to further important societal goals (such as the deterrence and punishment of those who commit money laundering). National policies concerning anonymity and accountability on the Internet thus need to be developed in a way that takes account of privacy, authentication, and public safety concerns.[55]
In one recent case, Judy McDonough, a 56-year-old occupational psychologist from Shaw, England, suffered a disturbing blow: she realized someone had stolen her identity from Internet.[56] But by that time, the thief had already opened two credit cards in her name, taken out three bank loans and ordered £ 2, 3000 in debt in three years.[57] McDonough tried six times to report the crime to the local authorities, and bank officers made lacklustre efforts to help. Finally, McDonough turned to her Member of Parliament for assistance. Hitherto the thief – who McDonough suspects is a relative-, has not been caught.[58] In another very recent case,[59] an American citizen tried to sell his house in California. He contacted several real estate agents to discuss with them a listing for the house. He was then informed by these agents that his house has been rented to individuals that he was not aware of or have even agreed to rent his house to. Someone was collecting the rent on his house, and upon checking with the USA county records he found out that someone has used his name and arranged to fake his signature, made a power of attorney in his name and received loans on his property, bought a business in his name and has accumulated a huge amount of financial burden in his name as well. The personal information of this victim was found and downloaded from Internet.
4- REGULATING ANONYMITY IN CYBERSPACE
From logical, theoretical, and pragmatic perspectives, knowing the problem, risks associated therewith, and the ills resulting there from is an indispensable step towards a possible regulation. Since these issues are difficult and sensitive, it is not easy to decide how to legally regulate anonymity in cyberspace. According to an EC report, published in 1999:[60] “ Users may wish to access data and browse anonymously so that their personal details cannot be recorded and used without their knowledge. Content providers on the Internet may wish to remain anonymous for legitimate purposes, such as where a victim of a sexual offence or a person suffering from a dependency such as alcohol or drugs, a disease or a disability wishes to share experiences with others without revealing their identity, or where a person wishes to report a crime without fear of retaliation. A user should not be required to justify anonymous use. Anonymity may however also be used by those engaged in illegal acts to complicate the task of the police in identifying and apprehending the person responsible. Further examination is required of the conditions under which measures to identify criminals for law enforcement purposes can be achieved in the same way as in the “off-line” world. Precedents exist in laws establishing conditions and procedures for tapping and listening into telephone calls. Anonymity should not be used as a cloak to protect criminals”. At the present time no consistent policy can be discerned in any one jurisdiction that would allow the resolution of the tensions illustrated above. Each problem relies on striking a faire balance between the interests of the individual on the one hand, and the interests of the State on the other. Various countries have laws both protecting and forbidding anonymity. For example, many countries have laws protecting the anonymity of a person giving tips to a newspaper, and laws protecting the anonymity in communication with priests, doctors, etc. [61] On the other hand, the obvious risk of misuse of anonymity has caused some countries to try special legislations concerning its regulation. [62] Cases of defamation often result in corporations seeking motions to uncover the identities of individuals who have made negative comments on bulletin boards or websites.[63] Although hurtful, these comments are often opinions, not facts and therefore not punishable crimes.[64] In the case of cyber-trespass, it is first required that plaintiffs show damages caused by defendants. Safeguards ensure that anonymity is protected until proof of a crime exists. These safeguards prevent an ISP from providing a “subscriber’s personal information without the subscriber’s knowledge and consent, except in certain specified circumstances. [65] Accordingly, the Council of European Union has adopted a Directive of the European Parliament and the Council on data retention[66], amending directive 2002/58/EC. The Directive aims to harmonise Member States’ provisions concerning the obligations of the providers of publicly available electronic communications service or of public communications networks with respect to the retention of certain data which are generated or processed by them, in order to insure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law.
The Directive is applied to traffic and location data on both legal entities and natural persons and to the related data necessary to identify the subscriber or registered user. It shall not be applied to the content of electronic communications; including information consulted using an electronic communications network. The data retained are provided only to the competent national authorities in specific cases and in accordance with national law. They are retained for periods of not less than six months and not more than two years from the date of communication. “Agreement on retaining communications data places a vital tool against terrorism and serious crime in the hands of law enforcement agencies across Europe ” British Home Secretary Charles Clarke said in a statement. Modern criminality crosses borders and seeks to exploit digital technology. [67] Member States have to take necessary measures to insure that any intentional access to, or transfer of; data retained is punishable by penalties, including administrative or criminal penalties that are effective, proportionate and dissuasive. Each Member State will designate a public authority to be responsible for monitoring the application within its territory of the provisions adopted regarding the security of sorted data.[68]
Following entry into force of the directive, Member States will have as a general rule 18 months in which to comply with its provisions.
At the same time, governments have confronted the dangers of cyberspace by devoting significant resources towards formulating a legal framework that addresses the technical and operational challenges of crime.[69] The Convention on Cybercrime is considered “one of the most important legal instruments elaborated within the Council of Europe”. [70] It was approved by the Committee of Ministers of the Council of Europe (COE), and on November 23, 2001, the Convention was signed by twenty-six member states of the COE along with four non-member states — Canada, Japan, South Africa, and the United States, and entered into force on July 7, 2004.[71] The Convention is the first international treaty to allow police in one country to request that their counterparts abroad collect an individual’s computer data, have the individual arrested and extradited to serve a prison sentence abroad.[72] It aims principally at (1) harmonising the domestic criminal substantive law elements of offences and connected provisions in the area of cyber-crime; (2) providing for domestic criminal procedural law powers necessary for the investigation and prosecution of such offences as well as other offences committed by means of a computer system or evidence in relation to which is in electronic form; (3) setting up a fast and effective regime of international co-operation. [73]The Convention defines substantive criminal laws to be legislatively adopted by all signatory states.
It covers crimes in four main categories: (1) “offences against the confidentiality, integrity and availability of computer data and systems;” [74] (2) computer-related offences; [75] (3) content-related offences (for example, child pornography); [76] and (4) “offences related to infringements of copyright and related rights.” [77]
The Convention also seeks to harmonize new procedures and rules of “mutual assistance” to aid law enforcement in the investigation of cybercrimes. Signatory countries are required to ensure that certain measures are available under their national law: “[e]expedited preservation of stored computer data;” expedited preservation and disclosure of traffic data; the ability to order a person to provide computer data and to order an ISP to provide subscriber data under its control; “[r]eal-time collection of traffic data;”[78] and interception of content data.[79] The Convention provides that signatory countries must adopt measures to establish jurisdiction over any offences committed in their respective territories or by their nationals.[80] Moreover, it empowers legal authorities and police in one country to collect evidence of cybercrimes for police in another country, and establishes a “24/7 network”[81] operating around the clock, seven days per week, to provide immediate assistance with ongoing investigations.
According to article 15 which deals with “conditions and safeguards,” the “establishment, implementation and application of the powers and procedures provided for in [Section 2...
Add comment Email to a Friend