Regulating Cybercrime Flashcards

Question 1

Q

anonymity online?

Answer

A

the use of proxy servers, encryption technology, and anonymous email accounts facilitates the ability to conceal one’s identity online.

Question 2

Q

What is cybercrime?

Answer

A

ybercrime refers to crimes committed through the use of computers, computer networks, or other forms of information and communication technology (ICT).

Question 3

Q

What are the two main categories of cybercrime?

Answer

A

Cyber-dependent crimes, which can only be committed through the use of technology

Cyber-enabled crimes are traditional crimes that have been increased in scale or reach by using technology.

Question 4

Q

What are some challenges in regulating cybercrime?

Answer

A

The networked nature of communication makes tracing difficult
Data may be stored in jurisdictions with lax regulation
Effective regulation requires a mix of legal, architectural, social norms, and market-based approaches to address cybercrime.

Question 5

Q

What is cyberterrorism?

Answer

A

Cyberterrorism can broadly be divided into two categories: situations where technology is used to facilitate the activities of terrorists and the use of computer network tools to harm or shut down critical national infrastructures.

Question 6

Q

What are some challenges in collecting statistical data on cybercrime?

Answer

A

There is a lack of consensus on the definition of cybercrime which affects its inclusion in official crime statistics

Some crimes facilitated by technology are not distinguished from offline crimes in the statistics

Under-reporting of cybercrime incidents

Lack of expertise and resources among law enforcement agencies

Problems with data collection methods can all contribute to the difficulty in collecting accurate data.

Question 7

Q

What is the distinction between an internal and external perspective in online offending?

Answer

A

The internal perspective is the perception of the user inside the virtual world

The external perspective is the view of the outsider observing the computer in the physical world

Criminal law is based on physical conduct and requires the physical act and mental state of the defendant

Online offending is reduced to physical conduct, as the harm and conduct leading to it occur in the real world.

Question 8

Q

what is Lax regulation?

Answer

A

Definition: Regulations that are not strict or rigorous.

Question 9

Q

Criminal sanctions for online conduct generally fall into three categories

Answer

A

offenses against the person,

offenses against property, and

offenses against public order.

Offenses against the person, such as virtual rape, can only be prosecuted if they fall under threat, harassment or stalking statutes.

Offenses against property may be offenses relating to unauthorized access and modification of data, while offenses against public order may include hate speech or incitement to violence.

Question 10

Q

what is malware?

Answer

A

Malware refers to malicious software, including viruses, worms, Trojans, bots, and spyware. It is often used to gather personal information for fraud or to discover vulnerabilities to exploit. Malware is commonly disseminated through infected storage devices or via the internet through executable files or deceptive advertisements.

Question 11

Q

What is a virus?

Answer

A

A virus is a malicious software that infects another program and replicates itself.

Requires activation of its host to be triggered.

Can cause significant damage to computer networks, and can result in data loss or theft.

Question 12

Q

What is a worm?

Answer

A

A self-replicating malicious software that propagates independently.

Similar to a virus but does not need to infect another program.

Can cause significant damage to computer networks, and can result in data loss or theft.

Can breach a system and propagate independently without triggering its host.

Question 13

Q

virus vs. worm

Answer

A

Primary difference: viruses require activation of their host, while worms can propagate independently after breaching a system.

Both can cause significant damage to computer networks and result in data loss or theft.

Both are types of malicious software.

Question 14

Q

What are Trojans?

Answer

A

Trojans are malicious programs that appear to be harmless but contain a hidden function. These programs can be delivered through software, email attachments, or websites, and can be used to install a back door, allowing a hacker to gain remote access to a computer. Some Trojans are designed specifically for financial attacks, such as Man-In-The-Browser attacks during online banking sessions.

In some cases, the presence of Trojans may be used as a defense, as the defendant claims that their computer was infected with malware of which they were unaware.

Question 15

Q

Bots

Answer

A

Bots are programs that infect a computer and allow remote control. They can be part of a “botnet”, a group of infected computers that can carry out coordinated tasks, such as spamming, DDoS attacks, malware distribution, click-fraud, and identity theft.

Question 16

Q

spyware

Answer

A

Spyware: a type of software that monitors a computer user’s activities and can collect personal and financial information without the user’s knowledge; can range from adware to more malicious programs designed for covert surveillance

Question 17

Q

DoS attack

Answer

A

DoS (Denial of Service) attack: a malicious effort to overload a network, server, website or computer, and cause it to crash, thus denying access to legitimate users.

Question 18

Q

DDoS attack

Answer

A

DDoS (Distributed Denial of Service) attack: the most sophisticated form of DoS attack, involving enlisting other computers to attack the target.

Question 19

Q

Challenges of cybercrime

Answer

A

Scale: Enormous scale due to the large pool of potential offenders and victims.

Accessibility: Technology is almost everywhere, making it accessible for both offenders and victims.

Anonymity: Criminals try to stay anonymous, and this possibility increases in cybercrime, making it hard to find a person behind a cybercrime attack.

Portability and Transferability

Global Reach: Cybercrime often has an international character, making it difficult to assess the case.

Absence of Capable Guardians: There is a lack of effective substantive criminal law, which has to do with prosecution.

Question 20

Q

types of cybercrime

Answer

A

Individual Cyber Crimes: Targeting individuals.

Organizational Cyber Crimes: Targeting organizations.

Property Cybercrimes: Targeting property such as credit cards or intellectual property rights.

Society Cybercrimes.

Question 21

Q

Article 6 Convention on cybercrime :

Answer

A

Art 6 CoC deals with the misuse of devices

Tools and programs are criminalised in art 6 CoC, however under 1(a) and 2 manuals on how to misuse devices could also be included through interpretation
It is up to national law to decide whether it falls or not.

Computer related forgery

Question 22

Q

Article 7 CoC

Answer

A

input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of whether or not the data is directly readable and intelligible. A Party may require an intent to defraud, or similar dishonest intent before criminal liability attaches.

explanation:
It does not have to be tangible, and it does not have to be directly readable and intelligible.

Question 23

Q

Art 225 DPC -> general forgery

Answer

A

Falsification of digital documents falls under this provision (dutch case law)

Question 24

Q

Art 232 DPC -> forgery of payment cards

Answer

A

Used for cases of skimming, not like the one above bc in 225 the requirements is ‘readable’ and cards contain codes with no meaning so are they readable? For this art this doesn’t matter bc it is specific to payment cards
Skimming is collecting data from a magnetic strip of a card and copying it in another card.

Question 25

Q

Article 8 CoC -> computer-related fraud

Answer

A

There has to be a loss of property

Explanatory report: “The term “loss of property”, being a broad notion, includes loss of money, tangible and intangibles with an economic value”.

Question 26

Q

Art. 326 DPC -> deception

Answer

A

A person who, with the intent of obtaining an unlawful gain, induces a person, by assuming a false name or a false capacity, by artful tricks, or by a tissue of lies, to surrender any property, provide a service, make available data, …
“Induce a person”: need a person to be deceived? No (according to case law)

Case law – computer-related fraud: A student put a keylogger in the computer of a teacher. The student typed their usernames and passwords, and the suspect could use their usernames and passwords. He used this information to order things online, all kinds of stuff, expensive but small. He ordered stuff and let it be sent to an address and when the delivery happened, he used a … to pick up the object. Then, he resold all the items. The police in the end found out who it was and got convicted.

Question 27

Q

Runescape case- theft of a virtual object

Answer

A

Theft: taking away a good or property belonging to someone else (art. 310 DPC)

Data is not considered to be a good/property under Dutch law.

Defendant argued that a virtual objects is not a good. However, Supreme Court decided that they are. Why?

Reasoning Supreme Court in Runescape case
* 3.3.2. … An intangible object may be considered a good provided it is an object that by its nature can be removed from the de facto control of another person.

3.6.1. The assertion that the objects are not goods because they consist of ‘bits and bytes’ is untenable. The virtual nature of these objects does not in itself preclude their being considered goods within the meaning of art. 310 of the Criminal Code (= theft). The Appeal Court’s ruling on this matter is thoroughly reasoned and is in no way incorrect in its interpretation of the law. The Supreme Court bases this conclusion in part on the fact that the appeal court established that “for the victim, the defendant and his co- accused, the possessions they collect in the game hold genuine value, which can be taken away from them” and that “this concerns items of value accumulated over the course of the game, which were obtained – or can be obtained – through time and effort” and that the victim had “exclusive de facto control” over the objects within the game environment and lost control of those objects through the actions of the defendant and the co-accused.

Difference between data and virtual object + the fact that they represent real value/money + remove the possession from one person.

Intangible object may be considered a good considering that it was removed from one person.

Question 28

Q

Why is it important to have a document (like CoC) that establishes which activities are criminal?

Answer

A

Because: to be able to prosecute these crimes, keeping in mind the international dimension of cybercrime. Legal certainty, also bc not all traditional provisions that apply to crime also apply to cybercrime. Because u cannot be punished unless the activity has been declared illegal (nulla poena principle).
to prevent dual criminality.

In CoC we are mainly looking at preservation, access/ collection and storage out of the steps

Question 29

Q

Digital leads that can be used when investigating

Answer

A

Digital leads:
(1) IP Addresses - IP addresses often do not specifically identify the device that an individual utilises, but they do provide law enforcement officials with a clue about the particular network that a person uses for his internet connection.

(2) Online Handles - a name an individual uses to interact with other individuals on the Internet

Online handles are a digital lead for three reasons. They:
(1) can allow law enforcement officials to gather publicly available information about an internet user,
(2) can direct law enforcement officials to an online service provider that may hold information about an internet user, and
(3) can enable law enforcement officials to interact (undercover) with the individual.

Question 30

Q

methods of investigation

Answer

A

Manual gathering of online information

Automated gathering of publicly available online information

Observation of the online behaviour of an individual

Examination of data that is on the servers/computers systems of others

Online undercover investigative methods

Question 31

Q

digital evidence

Answer

A

Digital evidence- any info of probative value that is either stored or transmitted in a digital form
Digital evidence can be extracted from a great variety of sources (eg storage media, computing devices, network communications, cloud…)

Can a phone be used in trial as evidence?
Information generated, stored or transmitted using electronic devices that may be relied upon in court. To guarantee that the evidence is accepted in court, it is necessary to obtain the information following very well-defined processes using specialised personnel and operating within an adequate legal framework

Question 32

Q

Procedural tools in CoC

Answer

A

Expedited preservation
– of stored data
– of traffic data
Production order
Search and Seizure
- of stored data
- of real-time
- interception

Question 33

Q

what is traffic data?

Answer

A

Definition of traffic data can be found in art 1(d) “traffic data” means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service

Who would preserve the traffic data? - ISPs

Question 34

Q

article 16- expedited preservation of comp data

Answer

A

Makes sure this data is not deleted
Right has a maximum of 90 days
If u need to keep info longer than u need to prove…
The first thing LE do is ask for data and preserve it

Question 35

Q

Computer data definition

Answer

A

“computer data” means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function; - article 1(b) CoC

Question 36

Q

article 17 CoC

Answer

A

Article 17 - expedited preservation of partial disclosure of traffic data
Some measures of disclosure

a, ensure that such expeditious preservation of traffic data is available regardless of whether one or more service providers were involved in the transmission of that communication; and

b, ensure the expeditious disclosure to the Party’s competent authority, or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted.

Eg who has communicated with u, when, but not the actual content of the messages

Art 16 is about preserving data, in particular traffic data

Preservation of data in art 16 -> max 90 days but can be extended

Art 17: also about preservation and partial disclosure of traffic data

Starts releasing some of the stored data
Creates laws for partial disclosure of this data

Eg see is SP were involved, so we could ask for preservation orders of that data as well

Question 37

Q

What is the second additional protocol about?

Answer

A

What is the second additional protocol about?
Among other things, subscriber info and traffic data

Art 7 protocol 2: parties can make laws that can provide that a competent authority asks directly for subscriber info

We’re trying to create direct lines: directly from LE in one country to an SP in another

Question 38

Q

Data retention directive

Answer

A

The legal basis used was for market regulation, thus there was no law enforcement for the legal basis

This directive obliges the data to be retained so the police could access even previous data

There were no safeguards in this directive
Is this against fundamental rights?

This was the question in digital rights Ireland

The court said that the directive goes against the right to private life and data protection

As there were no limits or safeguards this resulted in mass collection of data

The directive was then revoked but some states as they have already implemented these laws still have that level of data retention.

Question 39

Q

article 18 -> production order

Answer

A

Gives us the definition of subscriber information, and the way for states to access it.

what if the service provider is in another country tho?
A SP offering its services has to submit subscriber info relating to such services in the SP Possession or control
Why do we have to stop at subscriber data?
The countries negotiating were also thinking about their national laws
If art 18 allowed to order the SP to submit all the info that they had we would have difficulties of getting any data from eg Meta, bc in the US u need a probable cause, so if there were no this we would get no data
Art 16 and 17 do not give us access to the data; they only preserve it!

Recap:

If the service provider is within the same country the national law applies, easy to ask for submission for any specified data
Difficulty when its in another country; bc difference in national laws
Some countries have a really high threshold, eg the USA So art 18 helps- can release subscriber data
The police asking still have to abide by the national laws of that country, but the laws around subscriber data are less tight
Subscriber info we still have to abide by the rules of that country, mutual legal assistance procedure (takes time)

Question 40

Q

Mutual Legal Assistance Procedure

Answer

A

Mutual legal assistance procedure:

A court or judicial authority wants info from another country
From that, the request is transferred to the central authority of the country that we want the data from
Then it goes to another court, to check if it abides by their legal rules
If yes, the police collect that data from the SP
Goes back to the court
then back to the central authority
Then goes to the country asking
This takes cca 6 months

Question 41

Q

Second Additional Protocol

Answer

A

Second additional protocol

To not change the main text of CoC, new additions to the convention have been put in a protocol (racist and xenophobic content, and making the process of mutual legal assistance procedure faster).

Need 5 rectifications for the second protocol
Can the EU sign and ratify this?
Not a member of the council of europe, so it cannot rectify the second protocol
But all the MS can do so
What is the second additional protocol about?
Among other things, subscriber info and traffic data
Art 7 protocol 2: parties can make laws that can provide that a competent authority asks directly for subscriber info
Were trying to create direct lines: directly from LE in one country to a SP in another

Question 42

Q

Cloud Act- Clarifying lawful overseas use of data acts

Answer

A

Sometimes to follow a law of the country being asked, u may violate the law of the asking country
Eg under US law u have to follow a law bc u have to, u may violate EU laws due to a lack of disclosure (Microsoft case)
If it compiles with the order it breaks the law, if it complies with the law it breaks the order
This made it to the supreme court, the court didn’t say anything bc the US came up with the Cloud Act to solve this
As long as the US has a prior agreement with other countries
US individually enters into an agreement with other states
The Cloud Act does not recognise the EU being allowed to negotiate on the behalf of the whole union, each MS has to negotiate for itself

Question 43

Q

Subscription Data: Article 18(3)

Answer

A

– For the purpose of this article, the term “subscriber information” means any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:
 the type of communication service used, the technical provisions taken thereto and the period of service; 
 the subscriber’s identity, postal or geographic address, telephone and other access numbers, billing and payment information, available on the basis of the service agreement or arrangement; 
 any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement

Question 44

Q

does the CoC deal with anonymity?

Answer

A

Does not explicitly mention it, but art 16 and especially 17 with the identification of some traffic data u can start identifying how that particular computer has communicated with others, together with subscriber information can lead to information

Question 45

Q

Clough’s three questions

Answer

A

Does the state have the legislative power to regulate the relevant conduct   (‘prescriptive jurisdiction’)? 

Do the courts have the power to hear the particular dispute (‘adjudicative jurisdiction’)? 

Does the state have jurisdiction to enforce the law (‘enforcement jurisdiction’)? 

Question 46

Q

Sventesson & van Zwieten’s question

Answer

A

Does law enforcement have jurisdiction to investigate alleged criminal activity (‘investigative jurisdiction’)?
This is what is missing rn to have effective cybercrime

Question 47

Q

Prescriptive jurisdiction

Answer

A

1 Each Party shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence established in accordance with Articles 2 through 11 of this Convention when the offence is committed:

a. in its territory; or
b. on board a ship flying the flag of that Party; or
c. on board an aircraft registered under the laws of that Party; or
d. by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.

Covers a number of territoriality principles:
* -objective territoriality
* -nationality territoriality
* -extra-territoriality

Question 48

Q

Adjudicative jurisdiction

Answer

A

When more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution.

Yahoo!,Inc. v La Ligue Contre Le Racisme et L’Antisemitisme

Question 49

Q

Enforcement jurisdiction

Answer

A

Does the state have jurisdiction to enforce law?
* See Art.24 CCC on Extradition

There is a way to look at it from a way that it does have the power to enforce the law bc extradition eg.

Question 50

Q

Investigative Jurisdiction

Answer

A

Question(s):

– Should a country be allowed unilaterally to access computer data in another country without the consent and mutual legal assistance of another country?
In preservation orders, we can expeditiously preserve, but needs to be followed up w mutual legal assistance
Second additional protocol and EU approach for production orders, asking directly SP in the second country without MLA.
But by signing the protocol the countries give their consent
We can argue that these developments are moving towards investigative jurisdiction

– Are art.16-17 a way ‘round’ the difficulties: asking for the cooperation of communication and internet service providers with law enforcement? What are the limitations?

– How should we deal with ‘cloud’ and ‘deep web’ and (indirectly) ‘loss of location’/’loss of exact location’?

E.g. seeking direct access/assistance without involvement of foreign authorities * “What considerations must be taken into account in order to create a framework (whichever form it takes) for facilitating lawful LEA access to evidence held by cloud providers, by way of direct contact with those providers, while safeguarding the rights and interest of individuals, as well as the rights and interest of the provider, and those of other States?

Dan Svantesson (2016) – the concept of ‘investigative jurisdiction’

In essence “In the absence of an obligation under international law to exercise jurisdiction, a State may only exercise jurisdiction where: (1) there is a substantial connection between the matter and the State seeking to exercise jurisdiction; (2) the State seeking to exercise jurisdiction has a legitimate interest in the matter; and (3) the exercise of jurisdiction is reasonable, given the balance between the State’s legitimate interests and other interests.”

Question 51

Q

Article 32 –Trans-border access to stored computer data with consent or where publicly available

Answer

A

A Party may, without the authorisation of another Party:

a. access publicly available (open source) stored computer data, regardless of where the data is located geographically; or
b. access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.

Part a is a custom so not a problem
Part b is not very much used, bc it exposes the investigation too much

Art 32 is an exception to the principle of territoriality and permits unilateral transborder access without the need for mutual assistance under limited circumstances.

“A Party may, without the authorisation of another Party:

a. access publicly available (open source) stored computer data, regardless of where the data is located geographically;”

the mere fact that data are publicly available does not imply an absence of restrictions to researching them
What is the legal basis for this activity?
Should there be limitations?

b. access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.

“stored computer data located in another Party” = location needs to be known?

“lawful and voluntary consent of the person who has the lawful authority” = who is lawful authority? Where should the lawful authority be located?

“consent” = is lawful and voluntary= explicit?

Question 52

Q

Does art 32b apply to cloud investigations?

Answer

A

Probably only if location of server is known and consent obtained

– The dominant interpretation of international law implies that accessing data stored on a foreign server without the prior foreign state’s consent breaches the territorial integrity of that state. The wrongfulness is not mitigated by the fact that the location of data may be unclear or unknown.

According to Walden (2013), LEAs seeking access to electronic evidence that is held by a foreign cloud provider typically have four possible courses of action.

The LEA may:
(1) seek the assistance of the relevant foreign LEA via formal mutual legal assistance (MLA);

(2) seek informal assistance from the relevant foreign LEA;

(3) seek direct assistance of the foreign cloud provider (that is, without intervention by foreign authorities) or

(4) seek direct access to the data (without third party cooperation).

Svantesson and van Zwieten (2016) add:

(5) (spontaneously) share information from the criminal investigation with the foreign LEA, in order to enable them to initiate a domestic investigation – that way, evidence may be acquired domestically, to be subsequently (and spontaneously) shared with the LEA from the original country;

(6) (spontaneously) share information from the criminal investigation with the foreign LEA, which may then investigate and prosecute domestically – this would prevent the need to transfer cloud evidence over borders altogether

Question 53

Q

Cybercrime Convention

Answer

A

Conventions are generally independent of bilateral or other treaties

Cybercrime Convention - hybrid
– convention serves as a basis
– existing treaties take precedence
– convention supplements or applies in absence of other treaties

Question 54

Q

Difficulties of Mutual Legal Assistance

Answer

A

▪ Mutual legal assistance remains a primary means to obtain electronic evidence for criminal justice purposes

▪ MLA needs to be made more efficient
- Most cooperation mechanisms take months (or years!), not minutes

▪ Often subscriber information or traffic data is needed first to substantiate or address an MLA request

▪ MLA often not feasible to secure volatile evidence in unknown or multiple jurisdictions

Question 55

Q

Mutual Legal Assistance: General obligations

Answer

A

Afford MLA to the widest extent possible
MLA subject to the law of requested state or applicable treaties (locus regit actum)
If no pre-existing arrangement, supplement with new provisions
System of central authorities: no direct transmission, except in case of urgency (cc central authority)
– Transmission through central authorities
temporary transfer or transit of persons in custody
exchange of information on criminal records. – grounds for refusal based on public order and essential national interest – execution ruled by the law of the requesting country – forms of assistance: notifications, taking of evidence, handing of objects, request for search and seizure (subject to double criminality)…

Question 56

Q

Encorchat investigation

Answer

A

EncroChat, platform used by criminals which allowed criminals to delete messages after they have sent them  

- In early 2020, EncroChat served as one of the largest providers of encrypted digital communication. A very high share of its users presumably engaged in criminal activity. User hotspots were often in countries known as cocaine and cannabis trade, and in money laundering centers.

- EncroChat phones were offered to customers as a mechanism to have anonymity. They were not connected with a device or SIMcard on the customer's account. Customers could acquire EncroChat under circumstances guaranteeing the absence of traceability. EncroChat offered perfect discretion both of the encrypted interface (dual) operating system and the encrypted interface hidden so as not to be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port). EncroChat offered discretion with the terminal itself, since the camera, microphone, GPS, and USB port were removed.

- EncroChat provided functions designed to ensure the "impunity" of users, since messages were automatically deleted on the terminals of their recipients. Recipients used a specific PIN code intended for the immediate deletion of all data on the device. In addition, all data was deleted in the event of consecutive entries of a wrong password. EncroChat had functions apparently making it possible to quickly erase compromising messages, i.e., at the time of arrest by the police. In addition, the reseller/helpdesk could erase the device from a distance.

- The phones had a dual operating system

- The phones also had burn messages, once both parties have seen the message, the messages would self-destruct, not delete but burn meaning it cannot be retrieved.

- The phones also had a ‘panic wipe’, they could be wiped permanently even from a distance.

- Largest investigation of organized crime in EU

- The authorities had monitored the network for over two months before closing it down. Europol, Eurojust, and law enforcement authorities are still analyzing the data and expect it will lead to hundreds of new investigations in the coming months.4 As a result of the widespread use of the EncroChat among international criminal networks around the world, French law enforcement authorities opened a case in 2019 with the EU Agency for Criminal Justice Cooperation (Euro just), with the Netherlands.

- In April 2020, Eurojust facilitated the establishment of a joint investigation team between France and Holland with the participation of the European Union Agency for Law Enforcement Cooperation (Europol).5 Europol has actively participated in the joint investigations. It served as an information hub. Europol also contributed its extensive analytical and technical support system. Europol established and offered unique and global insight on the scale and operation of organized crime arising out of the

Question 57

Q

The sword function

Answer

A

The sword function: Traditionally, when a human right is violated it triggers criminal law
HR: sword function
Offensive role: triggering criminal law
Eg criminalisation of cybercrime
Eg criminalisation of a racist and xenophobic nature committed through computer systems

Sword and shield functions need to balance each other

Question 58

Q

The shield function

Answer

A

The shield function: opposite, it serves to neutralise criminal law, to prevent extensive use of and misuse of power by the government and police

HR: shield function
Defensive role: neutralising criminal law
Eg intrusive investigative means:
Torture v evidence

Sword and shield functions need to balance each other

Question 59

Q

third party responsibilities

Answer

A

Cloud platforms

Data for investigation is increasingly being kept on cloud platforms, they are wrongly empowered to mitigate between crime and law

Digital service providers

Interpol and Europol

Ensure expertise in law enforcement, and collecting data, DPA told Europol to delete vast shares of personal data

Privacy and data protection

Question 60

Q

Art 8 ECHR

Answer

A

Was there an interference?

Is the interference:

- In accordance with the law
- pursues a legitimate aim 
- necessary in a democratic society?

Necessary in a democratic society? To check use the Robert Alexy test

Question 61

Q

Robert Alexy test

Answer

A

effectiveness: is a measure actually contributes to realising the set goals

Proportionality: assesses the extent to which the impact of a measure is proportionate to the goals it aims to contribute to

Subsidiarity: assesses if there are alternatives that interfere less with privacy and other HR than the proposed measures

The issue with proportionality sometimes:
The softness of surveillance measures contributes to their receptiveness: accumulated non-intrusive measures?  

Accumulating the legislative measures over time  Eg license plate scenario, u can have the correct safeguards, but accumulating  its use over time in combination with analytics = mass surveillance

Question 62

Q

Hack Back: against hacking by police arguments

Answer

A

Efficiency:
- insufficient use of existing investigative powers
- encryption, wireless communication and cloud computing?
- harmful side-effects of decryption (cross-jurisdictional)
- even if allowed- will this evidence be reliable and used in court?

Proportionality:
- deeply affect the fundamental human rights of citizens (suspects` privacy)
- oversight
- predictability and the authenticity and integrity of the data collected?

Subsidiarity:
- use less intrusive measures?
- the police to use the power to hack only to disrupt

Question 63

Q

Hack Back: for hacking by police arguments

Answer

A

Efficiency:
- the scale of serious and organized crime
- use of resources (legal and technical)
- no other measure? criminals get suspicions …(hide the big fishes?)

Proportionality:
- hacking is a process… on each step?
- additional safeguards are possible: technical + legal + cross-border cooperation
- reliable evidence? (accountability)

Subsidiarity:
- other less intrusive measures? … or the measure to be less intrusive?

Question 64

Q

What is the relation between cybercrime, criminal law and human rights?

Answer

A

Human rights remain rich source of universal principles for criminal procedure
* Need to transpose and adapt both their sword and shield function

Answer 65

A

New criminal justice paradigm
Innovative techno-legal solutions that ensure efficiency and human rights safeguards

Answer 66

A

Criticism of the Cybercrime convention and data protection regime
Extending the procedural requirements outside of the traditional criminal justice model
Integration of criminal justice values and data protection principles!

Answer 67

A

All information that we do not need a warrant to obtain, eg departments for statistics u just pay a subscription and u can use the data, even if the police has to pay for it.

Answer 68

A

National request prepared and judicially approved based on individual national standard

Submitted to central authority for review

Sent from central authority to central authority

Assessed by receiving central authority and assigned

Transformed into national order

Served on service provider

SP responds to executing Na if possible

Executing national authority sends to requesting national authority

Requesting national authority sends to requesting judicial authority

Content data introduced as evidence in court admissibility verified

Only becomes an order in stage 5, up until that point it is a request

Answer 69

A

MLA remains a primary means to obtain electronic evidence for criminal justice purposes

MLA needs to be more efficient - most cooperation mechanisms take months or years, not minutes

Often subscriber info or traffic data needed first to substantiate or address an MLA request

MLA often not feasible to secure volatile evidence in unknown or multiple jurisdictions

Answer 70

A

Mutual legal assistance: request, no deadline set,
Mutual recognition: order from one country to another - legal instrument European Investigation Order

and

EIO: EIO can only be done by a judicial authority 
EIO directive does not apply to Ireland and Denmark EIO can only be used for investigative measures

Answer 71

A

MLA is for mutual assistance in criminal matters

EIO is for obtaining evidence in criminal matters

MLA is a request from a requesting state to a requested state

EIO is an order from a state issuing the order (issuing state) to the receiving/executing state

Answer 72

A

Form: Judicial decision 
Method: Issued or validated by a judicial authority of a Member State (the Issuing State)
Goal: To have specific investigative measure(s) carried out in another Member State (the Executing State) to obtain evidence in according with the EIO Directive

Answer 73

A

What is a JIT? 

A joint investigation team (JIT) is a team consisting of judges, prosecutors and law enforcement authorities established for a fixed period and a specific purpose. 
Established by way of a written agreement between the States involved. 
Purpose to carry out criminal investigations in one or more of the involved States.
Led by a person from the Member State in which the JIT operates.

Advantages of a JIT:

 * Simplifies communication, coordination and cooperation between members and participants
Real-time exchange of intelligence and evidence without MLAs/EIOs

 * Jurisdictional and evidential issues can be addressed 

Development of a common strategy 
Strengthens mutual trust and interaction between team members from different jurisdictions

Joint working – JIT members can be present in other jurisdictions 

Answer 74

A

EIO:
Bilateral setting- requesting and executing MS
Formalities of the form
Only in EU setting
Gathering of evidence is limited to requested investigative measures
Limited participation of requesting authority- support role and no LE powers
In principle no investigation in executing state

JIT:
Multilateral setting
Partners on equal footing, no leading role
Also for cooperation with non-EU MS
Unlimited, real-time exchange of information
Active participation of seconded members, agreement to take part in a joint investigation for common purposes
Parallel processing

Answer 75

A

Nature of the case: 

✓ Degree of complexity of the case and sophistication of the criminal network 

✓ Degree of complexity of investigations in the countries involved 

✓ Case connections between countries involved; ‘international view’ of the case; importance of cross-border police exchanges; role of Europol (if EU case)

Answer 76

A

Personalised: there is a concrete victim and suspect Prioritises fairness over efficiency: there is minimum state intervention
Investigation after the crime has already occurred
Traditional forensics (eg fingerprints)
Trial-centred: the investigation is a preparatory stage and the trial is where the facts of guilt or innocence is presented

Answer 77

A

Cross-jurisdictional
Data volumes and criminal profiling (data is collected before there is a concrete suspect)
Bypass fairness and legitimacy
Proactive
Scientificaition of factual inquiry (lack of safeguards of traditional forensics)
Investigation: outcome-determinative

Answer 78

A

Para 1. Equality of arms of the parties at the trial

Para 2. Presumption of innocence

Para 3. Non explicitly stipulates some of the minimum defence rights which should be guaranteed in the trial
The article doesn’t mention explicitly how the evidence has to be obtained but inexplicably hints at it, eg to be informed about the nature and cause of the investigation and based on which facts- there should be a procedure for that

In article 6 paragraphs 1 and 3 deal with the equality of arms. The procedural requirements for this are: fair procedure to evaluate the lawfulness and lawful use of evidence; the possibility to challenge evidence (fair disclosure and information about evidence); possibility to maintain equality of arms against expert evidence

Paragraph 2 deals with the presumption of innocence. The procedural requirements for this are: accurate fact finding; protection against prejudicial efforts in the evidence procedure; protection against reverse burden of proof.

Answer 79

A

Lawfulness
When u conduct investigations usually there is interference with other human rights but it should be kept to what is strictly necessary
Law that allows this investigative power should be very strict and specific
There should be more procedural guarantees, bc technology is becoming more sophisticated

Lawful use:
Whether the circumstances in which it was obtained cast doubt on its reliability or accuracy
The opportunity of challenging the authority of the evidence and of opposing its use
Questionable evidence must be evaluated in the light of supporting evidence

Fair disclosure: possibility to challenge the evidence
There is an obligation for the prosecution to challenge the evidence

Other evidence that might relate to the admissibility, reliability, and completeness of the former
There is a positive obligation to investigate and collect evidence in favour of the accused

In Rook v Germany:
We have the possibility for the disclosure of exculpatory and non-exculpatory evidence
The defence needs to be involved in the definition of the criteria for determining what may be relevant
To conduct further searches for exculpatory evidence

Answer 80

A

reliance on technology for delivering methods
lack of reliability validation for tools and methods

Law enforcement as amateur scientists and software as a silent witness

The presumption of innocence “Must be interpreted in such a way as to guarantee rights which are practical and effective as opposed to theoretical and illusionary”

The court should not start with the preconceived idea that the accused has committed the offence 

The burden of proof is on the prosecution Any doubt should benefit the accused

Accurate fact-finding

The obligation to collect both inculpatory and exculpatory evidence

The standard of proof can be a challenge in digital investigations

Answer 81

A

Prejudicial effects in evidence procedure
Protection against prejudicial statements about the facts by:

The court  
State officials at the pre-trial  
The prosecutor  
- Challenges in digital investigations  
- What about prejudicial effects embedded in technology  
Challenges in digital investigations
● Data expeditions  
● Data analytics, profiling (risk-based)
 Even if u are guilty, there could be exculpatory evidence that may lower the sentence, Always need not just data but more evidence  

Answer 82

A

Bulletproof hosing is a technical infrastructure service provided by an internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks.

Answer 83

A

Cybercriminals involved in the primary criminal process
Facilitators: bulletproof hosting providers - provide tools that allow cybercrime to take place in a way that is beneficial to cyber criminals

Answer 84

A

Datacenter -> hosting provider -> reseller -> service provider -> end user

Answer 85

A

Anonymity of customers

Protecting the continuity of criminal service

Accepting customers who want to commit criminal offences

Hosting provider is known as a favourable hosting provider for criminals

more criminal content on its servers than what is

generally observed in hosting networks with the same characteristics

having a company registration in an offshore company location such as the Seychelles or Dominica

having social and/or technical relationships with other bulletproof hosting providers or criminals

allowing pseudo-criminal services on its servers, such as gambling sites and websites that distribute copyrighted material

The price they charge

Investigation and prosecution of bulletproof hosting providers in the Netherlands

Intent

Answer 86

A

Strategies to hide and deny any involvement in and

knowledge of criminal offences committed by customers

By presenting themselves as a legal hosting provider

Not accepting crystal clear criminal behaviour

Reseller constructions

Secret language

Answer 87

A

An intermediary which provides a communication service that consists of the transfer or storage of data from a third party, shall not be prosecuted as such for an offense committed using that service if he complies with an order as referred to in Article 125p of the Code of Criminal Procedure. Complicity in the criminal offences -> not protected by article 54a DCC

Article 54 DCC and being an accessory to a criminal offence

Art 54a is meant to reduce the risk that intermediaries feel pressured to use preventative censorship - protecting freedom of speech

Legislator seems to be under the impression that the possibility of criminal liability for being an accessory to a criminal offence encourages hosting providers to use preventive censorship

A real risk?
Investigating authorities need to prove that the hosting provider has intent on being an accessory and intent on the crime
The investigating authorities only have the capacity to investigate and prosecute the worst hosting providers

Art 54a Dutch Criminal Code

An intermediary which provides a communication service that consists of the transfer or storage of data from a third party, shall not be prosecuted as such for an offence committed using that service if he complies with an order as referred to in Article 125p of the Code of Criminal Procedure

Hosting provider does not have a normal level of alertness/does not adhere to the rules of the notice and takedown code of conduct? -> then not protected by article 54a DCC and prosecution for being an accessory to a crime possible

Indictment needs to express that hosting provider has not acted ‘as such’ (as an intermediary) -> hosting provider hast not acted with the required level of alertness.

Answer 88

A

In the event of a suspicion of a crime as described in Article 67, first paragraph, DCC the public prosecutor may order a provider of a communication service as referred to in Article 138g to immediately take all measures that can reasonably be expected of him to make certain data that is stored or transmitted inaccessible, insofar as this is necessary to end a criminal offense or to prevent new criminal offences.

Answer 89

A

the company has made a reputation in cyber-security circles for being a hotspot for DDoS botnets, with cyber-criminals renting KV servers to host their bot scanners, malware, and command-and-control (C&C) servers, knowing they’d be safe from “harm.”

The botnets have been created using so-called “IoT malware,” which is malware designed to infect Linux-based operating systems that run on routers and other “smart” (Internet of Things) devices.

KV never took action against bad customers

Answer 90

A

Can a public prosecutor prosecute a bulletproof hosting provider for being an accessory? Yes
Does the indictment need to express that the hosting provider has not acted ‘as such’ (as an intermediary) No

Answer 91

A

Hacking and illegal interception

Answer 92

A

Considering data as goods would have the consequence that data would receive full protection via property offences. This would amount to a undesired situation, in view of the interest of the human right of ‘free flow of information’ (art. 10 ECHR).

Because data are multiple: when you take away data from someone, you usually copy them and the original owner may still have access to them. Compared to a good or property that is unique.

Answer 93

A

The mere unauthorized intrusion may lead to impediments to legitimate users of systems and data and may cause alteration or destruction with high costs for reconstruction. Such intrusions may give access to confidential data (including passwords, information about the targeted system) and secrets, to the use of the system without payment or even encourage hackers to commit more dangerous forms of computer-related offences, like computer-related fraud or forgery.

Answer 94

A

No, the device must be designed or adapted primarily for the purpose of committing a computer offence. This will usually, but not always, exclude dual-use devices.

Answer 95

A

The traditional concept of forgery is often about the creation of false documents in tangible form (like a paper form).

Traditional forgery offences often require the alteration of a readable statement or a visual representation. Text in words or pictures. Data does not have to be directly readable, or readable at all when there is no expression of a human thought.

Answer 96

A

If you want to answer this question you need to know if this behavior (this communication) is an offence in the jurisdiction in which it is sent or received? Did it cause a recognized harm, or occur in proscribed circumstances, such that it constitutes a criminal offence? In this particular case: most likely not.

Answer 97

A

Persons who posess this metrial stimulate the demand for such material and that could lead to ongoing production of these materials.

It contributes to the continuing harm of a child, since a child can suffer psychological harm by the knowledge that people watch the footage.

Answer 98

A

Directive 2013/40/EU

Answer 99

A

The perpetrator arriving at the meeting place. (s. 160 explanatory report).

Brainscape's Knowledge GenomeTM

Regulating Cybercrime Flashcards

Brainscape's Knowledge Genome^TM