International law on computer crime

K778 Alexander Serenko

March 2002

International law on computer crime AGENDA 1. CASE (Favorite Topic) 2. International Law Problems

3. What is virtual crime?

4. What is Cyberterrorism? 5. Convention on Cybercrime 6. Cybercrime laws 7. Report cybercrime & links 8. Conclusion 9. Q&A

International law on computer crime Dmitry Sklyarovs CASE 27-year-old Russian citizen
Ph.D. student studying cryptography
Created Advanced eBook Processor that allows translating secure eBook format into regular PDF

Arrested in July 2001 in Las Vegas and charged with distributing a product designed to violate copyright protection measures
Later released on bail and returned to Russia in December 2001 after agreeing to cooperate with the US The charges have not been dropped

International law on computer crime Dmitry Sklyarovs CASE

www.freesklyarov.org www.boycottadobe.org

Believed did nothing wrong Why did he have to get to the US to be arrested? Unfortunately, international laws (if they exits in the particular countries) often collide

International law on computer crime International Law Problems

Territoriality is a major issue

Reality - world consists of sovereign states Sovereignty - full jurisdiction and control within borders Internet is not unique in challenging these issues Jurisdiction Principles: Territoriality Principle - primary basis for exercise of jurisdiction, generally prevails Nationality Principle - undisputed, but seldom invoked Universal Jurisdiction - very narrow category of crimes

International law on computer crime International Law Problems

Where is the cyber criminal from?

Whats in a name?
Email address: @mail.com @yahoo.com @me.tv Domain names: dot com IP addresses They are not indicative of anything dot edu dot org

Cyber Criminal A, citizen of country B and resident of country C, commits a cyber crime in country D through the IP and email address of country E

International law on computer crime International Law Problems Even assuming the basic laws are in place

agencies will have to deal with extradition collective evidence to transfer to foreign
agency. Language and cultural barriers admitting evidence from foreign countries

technical problems with investigation

International law on computer crime

At some point, we start dealing with cybercrime laws because most crimes will involve computers in some way, and all crime will be cybercrime Donn Parker, cybercrime researcher Cybercrimes are distinct phenomenon

They must defer from traditional crimes

On the other hand, cybercrimes are variations of regular crimes - illegal action that result in the imposition of criminal liability According to Anglo-American common law tradition, crimes consist of four elements: conduct, mental state, attendant circumstances and a forbidden result

International law on computer crime

Cybercrime - crime analogues:

Theft
In physical world - is someones taking property belonging to another with the purpose of depriving the lawful owner of that property

In cyberworld - it involves the theft of property (software, hardware) or the theft of services (internet server time and resources, computer services, e.g. CPU resources and bandwidth for DoS attack)

International law on computer crime

Fraud
In physical world - use false statements and misrepresentations to persuade the victim to part with property or other valuables voluntarily

In cyberworld - online fraud schemes are simply a variant of traditional fraud schemes and liability may be imposed by using the traditional elements. Very important for the counties that do not have special cybercrime

International law on computer crime

Forgery
In physical world - altering and/or using a document for the purpose of defrauding someone

In cyberworld - computer is used to alter create a false written or electronic document. In addition, deleting a computer document such as data file

International law on computer crime

Stalking
In physical world - repeatedly following or being in another persons presence for no lawful reason and with purpose of causing death or bodily injury to that person of causing emotional distress by placing him or her in reasonable fear of death or bodily injury

In cyberworld - cyber stalkers never directly threaten to victims, use tactics that harass their victims - recall the hackers video - I will be watching yooooooouuuuuuuu!!!!!!!!!

International law on computer crime

The transportation of terrorist activities to cyberspace: using computer technology or cyberspace to commit crimes in order to advance political agenda The US, as the worlds technological superpower, is the most vulnerable nation in the world to cyberattack May disrupt communication and paralyze economy

Alter formulas for prescription medicine at a major pharmaceutical manufacturer

No special laws have been introduced

International law on computer crime

Methods, weapons and techniques

new technology provide cyberterrorists with new weapons:

TEMPEST device - capture data in the form of

electromagnetic radiation emitted from electronic devices and allows that data to be reconstructed
Radio Frequency Weapons - fire the electrical waves to its target. USSR example

Transient Electromagnetic Device - bursts of energy weapon of choice to the modern cyber warrior ($300)
There is no international cyberterrorism laws

International law on computer crime Convention on Cybercrime

Prepared by the Council of Europe

Intended to be the first ever international treaty to address criminal law and procedural aspects to various types of criminal behavior directed against computer systems, networks or data and other types of similar misuse
Approved in September 2001 Opened for signature by member states at an international conference in Budapest staring November 2001

International law on computer crime Convention on Cybercrime

Each country that signed the convention should:

Adopt legal and other measures to establish

as criminal offences under its domestic law Cooperate with the other member countries investigating computer crime In the future, it will be supplemented by an additional protocol making any publication of racist and xenophobic propaganda via computer networks a criminal offence

International law on computer crime Convention on Cybercrime

Offences include: illegal access of the computer systems

illegal interception (what the FBI and CIA do is legal???)

data interference

system interference
misuse of devices including computer program, password, access code or similar data by which any part of a computer system is capable of being accessed including possession of any such items unauthorized access

International law on computer crime Convention on Cybercrime

Status of Convention on February 2002. Member States of the Council of Europe:

Albania, Armenia, Austria, Belgium, Bulgaria, Croatia, Cyprus, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Malta, Moldova, Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, Macedonia, Ukraine, UK
Non-member States of the Council of Europe: Canada, Japan, South Africa, USA Recall the case. Do we see Russia here?

International law on computer crime Particular Countries

Argentina and Tunisia - No special penal legislation. Hackers paradise!!!

Australia - unlawful access or storage of data with no harm: 6 months, access of Commonwealth computers or more serious crime: 2 years Austria - any computer crime: fine up to $260,000
Belgium - unlawful access with no harm: 6 months - 1 year, with harm: 6 m - 3 years, more severe - up to 5 years Brazil - from 2 to 12 years Canada - up to 10 years

China - fine of 5,000 yuan for individuals and 15,000 for organizations. All income should be confiscated

International law on computer crime Particular Countries

Czech Republic - no special legislation Denmark - cybercrime with no intent: up to 6 months, with intent: up to 2 years Finland: up to 1 year France - with no harm: up to 1 year and 100,000FF fine, with harm: up to 2 years and 200,000FF fine Greece: up to 3 months Hungary: up to 8 years depending on the damage

Israel: up to 3 years
US: the largest and most complicated legislation - up to 20 years

International law on computer crime How to report computer crime?

Given we are in Canada, report to our local authorities at ccmostwanted.com

Fdg

International law on computer crime

Interpol www.interpol.int
Fight Information Technology Crime (ITC) Decided dont re-invent the wheel Uses the expertise of its members in ITC area

Created working parties to reflect national expertise in the following regions:

Europe

Asia
America Africa

International law on computer crime

Interpol www.interpol.int
European Working Party on ITC: formed in 1990 (most EC countries)

amongst its major achievements are

the handbook on the investigation of computerrelated crime, which serves as an introduction for a novice computer crime manual - a guide for experienced investigator

training courses, working groups, projects (Criminal Threats Against E-Commerce)

International law on computer crime

Interpol www.interpol.int
American Working Party on ITC: Canada, US, Argentina, Chile, Columbia, Jamaica, the Bahamas - follow the European Model African Working Party on ITC: South Africa, Zimbabwe, Namibia, Uganda, etc - offer basic training courses Asia-South Pacific Working Party on ITC: Australia, China, Hong-Kong, India, Japan, Nepal, Sri Lanka - follow the European Model All their activities are coordinated by The Steering Committee

International law on computer crime

Interpol www.interpol.int
The idea of Interpol IT Crime committee

to streamline the individual efforts of the member countries by avoiding unnecessary duplication and waste of human and financial resources too early to talk about a uniform international cybercrime law

International law on computer crime Links

www.crime-research.org

www.cops.org - Intl Association of Computer Investigative Specialists cybercrimes.net Univ of Dayton Law School HierosGamos computers and the law research center

HG.org
conventions.coe.int Convention on Cybercrime of Council of Europe

International law on computer crime Conclusion

There is no uniformed international computer

crime legislation

Territoriality is the major issue

Each country may or may not have its own cybercrime law

Convention on Cybercrime by the Council of Europe is the first international computer crime related document Interpol is watching you!
Dont break the law!!!

International law on computer crime

Questions?