A Leash on Persistent Threats
Legal measures against cyber crimes
With the revolutionary growth in the number of ICT service providers and users, this globally-interconnected digital infrastructure forms a platform for various interactions essential to modern life. Securing this widely employed system of computers has “traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them”-Gosser. With the number of such penetrators constantly on the rise and the targets of cyber attacks being so diverse, the frequency of these attacks is seen to increase rapidly with the establishment of sophisticated methods for the execution of the same.
Legal Provisions against a number of Cyber Crimes
“While a viable cybersecurity policy includes a wide range of considerations, legal measures play a key role in the prevention and combating of cybercrime. In particular, at the national level, cybercrime laws most often concern criminalization – establishing specialized offences for core cybercrime acts.”[1]
Enhancing cybersecurity contributes to the protection of critical information infrastructures thereby ensuring the security and economic well-being of a nation. Moreover, cybersecurity also helps facilitate the development of information technology and the Internet.
- Illegal Access (Hacking)
A provision on illegal access is included in The Council of Europe Convention on Cybercrime[2], protecting the integrity of computer systems by criminalizing unauthorized access to a system. 2002 Commonwealth Model Law’s section 5 also aims to protect computer systems from illegal access. The 2005 EU Article 2 of the Council Framework Decision on attacks against information systems contains a provision that allows the criminalizing of such access. Illegal access is a criminal offence according to Article 3 of the 1999 Stanford Draft International Convention as well.[3]
- Illegal Remaining
Continuing to remain in a computer system after unauthorized access or expiration of permission also compromises the integrity of such systems. The Convention on Cybercrime signed in 2001 saw the addition of a clause that criminalized the “intentional failure to exit a computer system”[4] after inadvertent access.
- Illegal Acquisition of Computer Data
Legal and regulatory provisions for illegal interception are present in The Council of Europe Convention on Cybercrime, Stanford Draft International Convention and the Commonwealth Model Law.
§ 1831 of the Economic Espionage Act of 1996 protects content of any format, also addressing computer-related offences which are covered by § 1831(a)(2)-(5). Section 8of the HIPCAR1475 cybercrime legislative text protects the secrecy of stored and protected computer data. Section 202a of the German Penal Code also contained a provision that covers all stored computer data in general that is protected against unauthorized access.[4]
- Illegal Interception
Numerous providers and a number of points form a part of Internet enabled data transfer processes. The weakest point for interception of these processes remains the user often unequipped with adequate protection against such attacks.
The integrity of nonpublic transmissions is upheld by the The Council of Europe Convention on Cybercrime criminalizing such unauthorized interception. 2002 Commonwealth Model Law’s section 8 also functions similarly.
- Data Interference
Critical business information is stored in digital infrastructure as data. Such information when attacked or accesed without authorization can result in financial losses.
Article 4 of the Council of Europe Convention on Cybercrime protects the integrity of data against unauthorized interference, providing required protection to computer data and programs. Section 6of the 2002 Commonwealth Model Law further also criminalizes both reckless acts. Moreover, this provision mentions in subsection 2 that temporary effects are also covered.[5] The informal 1999 Stanford Draft International Convention lists two provisions that criminalize activities pertaining to data interference “if it interferes with the functioning of a computer system (Article 3, paragraph 1a) or if the act is committed with the purpose of providing false information in order to cause damage to a person or property (Article 3, paragraph 1b).”[4]
- System Interference
Attacks on computer systems of people, critical infrastructures or businesses offering ICT services can cause serious financial losses and affect other powerful systems as well.
The intentional hindering of authorized use of computer systems is criminalized under Article 5 of the The Convention on Cybercrime. [2]
Section 7 of the 2002 Commonwealth Model Law is in line with Article 5 of the Council of Europe Convention on Cybercrime with the addition of the criminalization of reckless acts as well. It also lists more acts in the definition of “hindering”.[5] The EU Council Framework Decision also criminalizes illegal data interference in Article 3. Also, Article 3 of the 1999 Stanford Draft International Convention covers all activities of computer system manipulation.
- Pornographic material
The criminalization of illegal sexually-explicit content considering its gravity is a must but is seen to differ with countries. An example is the consideration of exchange of pornographic material as a criminal act under 184 of the German Penal Code. [4]
Child Pornography
The prohibition of exchange of child pornographic content aims to decrease the access to such material thereby also avoiding subsequent sexual abuse of children.
In order to facilitate the protection of children against sexual exploitation, the Convention on Cybercrime includes “an article addressing child pornography, criminalizing the abuse of children, as well as traditional methods of distribution of child pornography.”[4] Three subsections on the same can be seen in paragraph 2 of Article 9. Article 20 also addresses the Protection of Children against Sexual Exploitation and Sexual Abuse. Section 10 of the 2002 Commonwealth Model Law also functions similarly, criminalizing the publishing, production and possession of such material. [5]
- Copyright Crimes
Digital sources make possible the generation of quality copies of academic work, artwork etc. thereby also increasing copyright violations against them. Article 10of the Convention on Cybercrime[2] covers such offences.
Conclusion
While aiming to tackle threats of a widespread nature such as cyber crimes, international cooperation is a necessity. Considering the implications cybersecurity has on security, economic prosperity and public safety, each nation will have to develop a strong foundation through its own national cybersecurity strategy and reforms also ensuring effective functioning of said legal measures.
References
[1] Appazov, Artur. (2014). Legal Aspects of Cybersecurity.Retreived 9th May, 2019, from http://www.justitsministeriet.dk/sites/default/files/media/Arbejdsomraader/Forskning/Forskningspuljen/Legal_Aspects_of_Cybersecurity.pdf
[2] Council of Europe – Convention on Cybercrime ETS No. 185 (2001). Retreived 9th May, 2019, from
[3] Abraham D. Sofaer, Gregory D. Grove & George D. Wilson, Draft International Convention To Enhance Protection from Cyber Crime and Terrorism, in Abraham D. Sofaer & Seymour E. Goodman, eds., The Transnational Dimension of Cyber Crime and Terrorism, Stanford, CA: Hoover Institution, 2001, pp. 249-265. Retreived 10th May, 2019, from
http://stanford.edu/~gwilson/Transnatl.Dimension.Cyber.Crime.2001.p.249.pdf
[4] A Cyber. (2012). Understanding Cybercrime: Phenomena, Challenges and Legal Response. Retreived 9th May, 2019, from
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/Cybercrime%20legislation%20EV6.pdf
[5] The Commonwealth Office of Civil and Criminal Justice Reform (Commonwealth Secretariat 2017). Model Law on Computer and Computer Related Crime. Retreived 10th May, 2019, from