Lecture 8 - Cybercrime

Question 1

What is a Crime?

Answer 1

Nullum crimen sine lege: no crime without law
- Act, activity, behaviour prohibited by law
- Punished with penalties and sanctions
- Defined mostly in the national law of sovereign states (except international crimes)

Question 2

What is Substansive and Procedural law?

Answer 2

What is Substantive and Procedural law?
Substantive law: what crime is
Procedural law: how to investigate crime

Question 3

What are the three types of crime

Answer 3

Three types of Cybercrime:
- New types of crime – CYBER DEPENDENT CRIME
o Crimes that didn’t exist before computers and networks
- Migration of traditional crime online -CYBER ENABLED CRIME
o Computers and networks used to facilitate commission of traditional crimes
- Any crimes that leaves digital traces -INVESTIGATION FRAMEWORK
o Digital investigations and digital evidence, access to data

Question 4

How to define cybercrime?

Answer 4

3 Perspectives
- Substantive criminal law ( nullum crimen sine lege):
o definition of specific “cyber” crimes should be very precise
- Crime investigation and digital evidence
o definition of cybercrime should be sufficiently broad:
 to apply procedural frameworks developed to fight cybercrime to other criminal investigations in cyberspace
 to guarantee protection human rights in digital investigations
- UNAC United Nations Convention against Corruption
o No definition? Not an issue

Question 5

What is the relation between internet and crime

Answer 5

• Crime is not new
• Global information and communication networks (target and tool): unique opportunities to commit crimes
• Opportunities for crime in cyberspace = unique challenges for crime prevention, detection, and investigation

Question 6

What are the opportunities for crime in cyberspace?

Answer 6

• Number of users and interconnected devices
  o “When everything is connected, everyone is vulnerable” Marc Goodman. 2015. Future Crimes. P. 13
• International dimension
  o Fragmented across the globe
• Missing mechanisms of control
  o Fragmented across the globe
• Automation and innovation
• Availability of tools and information
  o Deepfakes –
  o Password-guessing tools
  o Malware written by Large Language Models
  o Large Language Models facilitating spear phishing campaigns
  o AI models for crime: FraudGPT, WormGPT.

Question 7

What is the economical model of cybercrime?

Answer 7

• Profit-driven
• Commodities: data/information and resources
• Services: “outsourcing” crime
• Automation of attacks and operations

Question 8

How do criminals Mimicking legitimate businesses

Answer 8

• Darknet markets
  o Crimeware (cyber and services)
  o Drugs
  o Stolen identities
  o Forged documents
  o Weapons
  o Other illegal goods
• CaaS/C2C
  o Criminal 2 Criminal and Crime as a Service
  o subscriptions, “customer” support, trials, money back guarantee

Question 9

What is the I love you virus?

Answer 9

Casestudy: I love you virus:
- Created in Philippines, spread around the world within few hours- 45 million users- 20+ countries- Damage: $2-10 billion
- Who did it?
o Traced to Philippines (Onel de Guzman)
- What to do?
o Philippines: no law on hacking or distribution of viruses
o Charges: theft and credit card fraud (dropped)
o Double criminality: no extradition

Question 10

What are safe havens?

Answer 10

Safe havens: countries with no cybercrime legislation/weak cybercrime laws

Question 11

What elements do you consider when harmonizing cybercrime legislation?

Answer 11

1. Substantive law
   a. What is cybercrime
   i. Reaching consensus: what types of crimes? What is crime? “cybercrime”?
   ii. How specific “cyber” crimes should be?
   iii. “Technology neutral” laws?
2. Procedural law
   a. Instruments for investigation
3. Mutual legal assistance
   a. How to transfer evidence cross-border
4. Jurisdiction
   a. Whose laws apply?
5. Old laws / new laws?
   a. Updating laws or creating new laws?

Question 12

What are approaches to conceptualising cybercrime: what is criminalized?

Answer 12

• Ideological differences between countries
• Cybersecurity: illegal content vs techno-centric approach
• Different views on internet and cybersecurity/information security:
  o Open, free, secure internet
  o Expansion of state power and control
• Result: “Morality” crimes, expansion of the “speech”crimes, conceptualising cybercrime as content crimes

Question 13

Sketch the cybercrime legislation harmonization timeline.

Answer 13

• 1986 OECD
  o List of acts
• 2001 Council of Europe
  o Council of Europe’s Convention on Cybercrime (Budapest convention)
   Criminalisation (Substantive criminal law: list of crimes)
• (1) CIA* offences: illegal access, illegal interception, data and system interference, misuse of devices
• (2) Computer-related offences: forgery and fraud
• (3) Child pornography
• (4) Infringements of copyright and related rights
   Investigation (Procedural law)
• Preservation and partial disclosure of data, search and seizure, production order, interception of content data and real-time collection of traffic data
   Cooperation
• Facilitating cross-border mutual legal assistance
   Jurisdiction
• Some provisions on jurisdiction
• 2001-2014
  o Patchwork of different frameworks
   Arab league, African Union, Shanghai Cooperation Organisation and others
• 2019 United Nations
  o General Assembly resolution
   ITU (International Telecommunications Union)
• Cybercrime guide for developing countries (2009-2015)
• Toolkit for cybercrime legislation (2010 – 2012)
   UNODC (United nations office on drugs and crime)
• Open ended intergovernmental expert groups (GA Resolution 65/230, 210)
• Comprehensive study on cybercrime 2013
   Russian-Chinese proposal, Dec 2019
• Resolution on cybercrime: Russian-led, Chinese-backed
• Adopted by 79 votes to 60 with 33 abstentions
   UN Cybercrime treaty: controversies
• Crime control as an instrument for oppression and greater control over the internet
• What is cybercrime?
• Safeguards in criminal investigations
• Legitimising oppressive practices
• Ambitious timeline

Question 14

What are the challenges of digital evidence?

Answer 14

• Challenges
  o Vulnerability of digital evidence
  o Encryption
  o How to prove the link between a criminal and a mediating device
  o Procedural law: adoption of special instruments (interception of content data, quick preservation, production orders) + digital forensics
  o Seamlessness and intrusiveness: how to protect privacy and other fundamental rights

Question 15

What is the transborder component of cybercrime legislation

Answer 15

• Transborder component
  o Many “domestic” cases in physical world when only evidence is abroad
  o Harmonisation of substantive criminal law cannot guarantee mutual legal assistance in criminal procedure
  o How to obtain data quickly

Question 16

What is mla in cybercrime legislation?

Answer 16

• MLA
  o Cooperation between countries
  o Aim: collecting and exchanging information
  o Criminal investigations: asking for evidence ”located” in another country and extradition of offenders
  o Why use mla:
   Sovereignity: fundamental principle (protect citizens, maintain nationhood)
   State: sovereign power to carry out criminal investigations on the territory
   Human rights and safeguards: dual criminality
   Traditional MLA

Question 17

What are the challenges of digital evidence abroad

Answer 17

• Data located abroad is crucial in criminal investigations
• Mutual legal assistance mechanisms: too slow
• Hard to get data from platforms, social media and other intermediaries (even in your own country)
• Some providers cooperate volunatry, some do not

Question 18

What are the new instruments in electronic evidence?

Answer 18

US CLOUD act:
- Executive agreements with foreign governments to give direct access to data held by US providers
- US law enforcement agencies can unilaterally order foreign companies to disclose data stored abroad
EU E-Evidence regulation
- Direct requests for production of evidence to service providers located abroad-
- Extra-territoriality: includes non-EU providers offering services in the EU

Question 19

What is the importance of harmonization in combatting crime (Clough)

Answer 19

Importance of harmonization in combating crime
● Cybercrime presents unique challenges due to the transnational nature of underlying technology
● When offenders are in the same jurisdiction, evidence of the offending is passed through or stored in different jurisdictions
● Harmonization is crucial due to two factors ○ Eliminate/reduce the incidence of safe havens
■ If conduct is not criminalized in a country, people in that country could deliberately commit offences that affect other jurisdictions ○ Effective cooperation between law enforcement
● Harmonization does not mean exactly the same mechanisms for law, however [processes should work effectively and harmoniously while respecting national and regional differences

Question 20

What is in the convention on cybercrime (Clough)

Answer 20

Convention on cybercrime
● Convention has four broad categories of substantive offence
○ Offences against CIA of data and systems
○ Computer-related offences (computer related fraud and forgery)
○ Content-related offences (child pornography)
○ Criminal copyright infringement
● Less focus has been given to areas of investigation, criminal procedures, evidence and international cooperation
○ Investigation
■ Digital data is volatile
■ Powers allow for relevant data to be preserved, allowing authorities to seek its disclosure
○ International cooperation
■ Ability to carry out investigations affecting the territory of other states, so-called investigative jurisdiction
■ Provision is made in the convention for mutual assistance
■ In order to facilitate cooperation, both formal and informal the Convention provides a 24/7 network to be created
■ Current mutual assistance mechanisms are slow and bureaucratic

Question 21

What are the three aspects of harmonisation (Clough)

Answer 21

Three aspects of harmonisation.
1. Comprehensive
a. It comprehensively addresses the challenges of cybercrime.
2. Protective of rights
a. The extent to which it protects fundamental rights.
3. Representative
a. The extent to which it is representative of different legal systems.

Question 22

When is a cybercrime in the jurisdiction of a nation (Budapest) (Clough 2001)

Answer 22

The Convention requires parties to establish jurisdiction over the offences established under arts 2-11 when they are committed:
1. Within its territory.
2. On board a ship or aircraft flagged or registered under the laws of that party.
3. By one of its nationals if the offence is punishable under the criminal law where it was committed.
4. Outside the territorial jurisdiction of any state.
Parties may reserve the right not to apply, or to limit the application of, any of the jurisdictional bases other than territoriality.

Extradition
The practical ability to prosecute falls to the country that has the defendant in custody, not necessarily the country that asserts jurisdiction over the offence.
- Yet that country may have no interest in prosecuting, or may have one of a number of competing claims to prosecution, so extradition is the next step.
A common requirement of extradition is ‘ dual criminality’ and this causes particular challenges in the context of cybercrime where one jurisdiction may not recognise the relevant conduct as an offence at all.
- The Convention may play an important role in addressing these issues without the need for renegotiation of individual treaties. Under art 24 each of the offences established under arts 2 11 are deemed to be extraditable offences in any extradition treaty between or among the parties.

Question 23

What are the special protective mechanisms that the convention puts in place in order to balance these competing concerns are:

Answer 23

1. Investigative Powers
   a. What the Convention seeks to achieve is an equivalence of laws applying to the digital environment, allowing law enforcement to employ similar techniques to those already employed in relation to other forms of communication.
   b. A possible concern is that the Convention does not express any limitation on the seriousness of those offences that are subject to these investigative powers. Such concerns must, in general, be addressed by the principle of proportionality.
2. Mutual Assistance
   a. The Convention does not, in general, impose mutual assistance obligations on parties. Unless specifically stated to the contrary, mutual assistance is subject to the domestic laws of the requested party or applicable mutual assistance treaties
   b. However, mutual assistance is not to be refused solely on the ground that the request concerns an offence that the requested party considers to be a ‘fiscal offence’.
   c. As long as the conduct is criminalised in both countries, then dual criminality will be taken to be fulfilled regardless of how it is classified.
   d. Significantly, parties may refuse assistance if the request concerns an offence that the requested party considers to be a political offence, or it considers the request ‘is likely to prejudice its sovereignty, security, ordre public or other essential interests’.
3. Extradition
   a. Concern may be expressed that the Convention will expand the extradition obligation of parties to countries with which they would not otherwise enter into extradition arrangements.
   b. However, the requirements under the Convention are associated with existing or proposed extradition arrangements. When the Convention itself may be used by a party to support extradition, it is not obligated to do so.
   c. In addition, a number of requirements are imposed:
   i. First, these offences will only be extraditable if punishable under the laws of both parties by a maximum penalty of one year imprisonment or more.
   ii. Second, extradition is subject to the laws of the requested party and/or applicable extradition treaties.
4. Territorial sovereignty
   a. The convention has also been criticised for its lack of protection in relation to the rights of states, as law enforcement agencies now have the ability and technology to access data in other jurisdictions without seeking mutual assistance. However the fact that law enforcement agencies (LEAs) have the capacity to conduct such searches does not make it lawful.
   b. Art 32 (b) allows a party to ‘access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system’.
   i. Limitations on this provision is that consent must be voluntarily given and the person must have ‘lawful authority’ to consent to that data being accessed or received.
   c. While art 32 has the advantage of freeing up a large amount of data collection, and avoids the use of mutual legal assistance treaties, it is understandably a controversial provision.

Question 24

Why is there no united nations convention against cybercrime?

Answer 24

Despite near universal support for international action against cybercrime, there is currently no binding international cybercrime agreement.
- The United Nations is the obvious choice, with its resolutions, but none of their resolutions on cybercrime were binding, with member states invited to take them into account in developing their own efforts to combat the criminal misuse of information technologies.
Out of the first phase of the World Summit on the Information Society, held in Geneva in 2003, came the Geneva Declaration of Principles and the Geneva Plan of Action. The second phase held in 2005 produced the Tunis Agenda for the Information Society. These weren’t binding.
In 2007 the International Telecommunication Union (ITU), which is responsible for facilitating action line C5, launched its Global Cybersecurity Agenda (GCA). It highlights the importance of international harmonisation, but does not pursue a binding global initiative.
Harmonisation of laws and facilitation of international cooperation is seen as essential to achieving global cybersecurity. However, the mechanism whereby such harmonisation can be achieved remains contested

Question 25

What are the advantages and disadvantages of a UN convention on cybercrime

Answer 25

There are a number of advantages to pursuing a convention through the United Nations:
1. It would have the broadest geographic scope, being open to all member states.
2. It would provide an opportunity to address issues not included in the Convention, or to improve on provisions requiring amendment.
3. It would potentially allow amendment or removal of the provisions that have provided an obstacle to wider acceptance of the Convention

There are, however, a number of significant disadvantages
1. The time taken to reach international agreement, if agreement can in fact be reached, is really long.
2. Even assuming international agreement can be reached, it is not clear that it would add a great deal to the Convention.

Question 26

What are the Five ‘clusters’ of international and regional instruments addressing the challenges of cybercrime are:

Answer 26

1. The first are those which have been developed in the context of the Convention, the most significant being the Commonwealth Model Law on Computer and Computer Related Crime.
2. Those developed by the Commonwealth of Independent States (CIS) and the Shanghai Cooperation Organisation (SCO).
3. The third is the League of Arab States’ Arab Convention on Combating Information Technology Offences and associated Model Law.
4. Fourth is the Draft African Union Convention on the Establishment of a Legal Framework Conducive to Cyber Security in Africa.
5. The fifth category is United Nations instruments. Although there is no United Nations convention on cybercrime, the UNTOC can and has been utilised in the context of cybercrime.

Question 27

What is the two stream model by Maurer in Tropina 2020 on cybercrime legislation

Answer 27

o The politico-military stream
 Includes the use of the information technologies for undermining international stability.
o The economic stream
 Refers to the criminal misuse of information technologies.

Question 28

What are the Similarly, Jang and Lim (2012) common approaches to cyber threats?

Answer 28

o Security-oriented approach
 Considers cyber-attacks as a threat to the national security.
o Law enforcement approach
 Brings the malicious acts to the domain of criminal justice.

Question 29

How does tropina describe the challenge of defining cybercrime?

Answer 29

There is no commonly held definition of cybercrime, as there is actually no need for one because the term ‘cybercrime’ should be flexible depending on the context it is used in.

In the context of criminal procedural frameworks, the term “cybercrime” should be sufficiently broad to ensure that legal frameworks and international cooperation mechanisms initially developed for the purpose of collecting digital evidence in cybercrime cases will be applicable to any criminal investigations involving digital component
- This would also guarantee effective safeguards and protection of privacy and other fundamental rights equally in all the types of criminal investigations in cyberspace