Cybercrime webinar Tropina.pdf
Transcript of Cybercrime webinar Tropina.pdf
CYBERCRIME
Dr. Tatiana Tropina,Max-Planck Institute for Foreign andInternational Criminal Law
Webinar27th of March, 2015
2
What is cybercrime?
New form? New medium?
• Migration of traditional crime on-line
• Cyber-offences: new type of crime (illegal access, illegalinterference with data and system,…)
3
Underground economy
Moderator of the Silk Road after Utopia’s seizure: "isa serious blow to the darkweb marketplace
community…regroup, and do it again.”
"Show them that you, we, are a hydra -- cut off onehead and ten more spring up”
4
Cybercrime: challenges
• Number of Users
• International dimension
• Missing mechanisms of control
• Automation
• Innovation
• Availability of tools and information
5
Low impact
• High latency & lack of reporting
• Low impact on the victim hard to justify the violation ofpublic order
6
Confusion and misconceptions
• Cybersecurity-related terms: “cybercrime”, “cyberwar”,“cyberattack”, “cyberterrorism” absence of a clearconsensus
• Terms are used interchangeably, sometimes with littleregard for what they actually mean
• Sensationalization and exaggeration
• Overuse of such terms as ‘cyberwar’ and ‘cyber-weapons’ tendency to view the situation in catastrophic terms
• Legal and regulatory responses: confusion andmisunderstanding
7
Legal domains
8
9
Cybercrime: legal aspects
A bit of history: the Love bug
10
• Created and launched in the Philippines, rapidly spread around theworld within hours
• Affected 45 million users in more than 20 countries, inflicted adamage between $2 and 10 billion.
• Was traced to the Philippines, but Philippine law neither criminalizehacking nor the distribution of viruses
• Obtaining the warrant took several days, which allowed the suspectample time to destroy key evidence
• Onel de Guzman, a former computer science student, was responsiblefor creating and disseminating the “Love Bug.”
• De Guzman was charged with theft and credit card fraud, but thecharges were dismissed as inapplicable and unfounded
• De Guzman could not even be extradited to other country becauseextradition requires double criminality
Cross-border environment
• Safe havens: countries with no cybercrime legislation(cybercrime vs. “bread and butter” problem): impact onother countries
• Harmonisation of criminal law: computer crimes shallbe criminalised in the same way (not necessary word-by-word) to allow collaboration
• On the surface: might seem easy, however:
– Reaching consensus: what type of crimes?
– Updating laws or applying existing laws?
– How specific “cyber”-crimes should be?
11
Harmonisation?
• Sovereignty & control vs. borderless Internet
• International instruments: fragmentation, no singlesolution
• The differences between the various legal systems
• Religious, moral and cultural differences
• Human rights concerns and different approaches to theprotection of privacy
• Historical coincidences
12
Global solution?
• Which body is to take responsibility?
• Different needs?
• What is the level of standards, protection and safeguards?
• How to agree to disagree (e.g. content crimes)?
• A blame game – where we are?
Substantive and procedural law
• Substantive law (what crime is) is to the large degreeharmonised
• Procedural frameworks: how we obtain evidence indigital environment: process of harmonisation startedmuch later
• Which instruments to use? General or specificframeworks? How compatible are they in a cross-borderenvironment?
• Encryption and innovation
14
Criminal procedure
• Computer artefacts and data are vulnerable
• Old MLAT systems are slow
• Sovereignty and jurisdiction
• How to obtain data quickly?
• Formal cooperation vs. informal information sharing:admissibility issues
15
Way forward?
• Procedural frameworks: development andharmonisation
• Mutual legal assistance
• Transborder access to stored data
• Privacy issues
• Admissibility of electronic evidence obtained in differentjurisdiction
16
Human rights concerns
• How does the state achieve its criminal justice goal?
• Investigative measures: simultaneously seamless andvery intrusive
• Content-related crimes: restriction on freedom ofexpression can possibly be turned into an instrument ofoppression
• Difference between activism, hacktivism and…crime?
17
Privacy and investigations
• Data protection and privacy regulation in differentcountries
• Lowering the standards vs. minimal set of standards
• Intrusiveness of investigations - who enables applicationof the procedural instrument?
• Some countries: little or no judicial oversight for themost intrusive measures
• Transborder access: privacy conflicts
18
Regulation: blurring borders
19
Criminal lawStrictly regulated procedures
Specific safeguards
Law of warIntelligence law
Preventive police law
Private investigations
Safeguards?
20
Ecosystem of fighting cybercrime
Criminal law: limitations
Law: one of the most important components
However
• Criminal law can only react to the problem
• Pro-active measures + reactive approaches
• Capacity building, awareness raising, prevention, earlydisruption, detection
21
Ecosystem: challenges
• Non-hierarchic network: missing mechanisms of control
• Cybercrime: a fast-changing multi-faceted problem
• No “one fits all” solution
• Complex ecosystem: combination of top-down andbottom-up approaches
• Collaboration between public and private stakeholders
• Need for transparency, accountability and human rightsprotection
Industry role
• Starting in the 1990s with private hotlines for reportingchild abuse and involvement of ISPs in blocking andremoving illegal content
• Growing and developing in many areas, getting moreprivate stakeholders involved in prevention, detection,investigation
• Different intermediaries (not only ISPs) are now consideredas critical points for collaboration
Forms of collaboration
• Hotlines and reporting platforms (IWF, INHOPE)
• Codes of conduct
• Public awareness campaigns
• Botnet mitigation projects
• Capacity building programs (2 Centre, InternationalCentre for Missing and Exploited children)
• Investigations: informal information sharing and ad hoccollaboration towards structured approaches?
Industry: problems
• Investigating and prosecuting cybercrime: limitations(complement but never substitute proper legalframeworks)
• Clear frameworks , cost-effective solutions
• Corruption, mishandling of investigations, transparency
• Private censorship with no limits?
• Deficit of control
• Enforcement in a cross-border environment
Role of civil society
• Criminal law: the highest degree of governmentalintervention
• Policy-making and law-making processes: still top-down?
• Bottom up approaches: awareness raising, voluntaryinitiatives, privacy discussions, human rights protection
• National and international level
Finding balance
• Safeguarding the Internet
• Protecting human rights
• Protecting interests of all stakeholders
• Building capacity and trust
27
Thank you!
Tatiana Tropina
Senior Researcher
Max-Planck-Institut für ausländischesund internationales StrafrechtGünterstalstr. 7379100 Freiburg i.Br.
Tel.: +49 (761) 7081-0Fax: +49 (761) 7081-294
28