Cyber Law

Cyberspace Crimes Law

In his book “Cyberthreats and International Law” (Eleven International Publishing, 2012), Georg Kerschischnig wrote:

“With cybercrime incidents on the rise, law enforcement saw itself obliged to react. Many
countriesinstalled special police forceswith trained personnel to tackle the newchallenges.
Still, the scale of cybercrime is diametrically opposed to the number of actual arrests. Often
due to budgetary constraints, law enforcement is marginalized in a war being fought
between the ICT security industry and cybercriminals.See Jenkins 2009 – Hacked to Pieces, radio broadcast. Only one quarter of the respondents of the 2008 CSI Computer Crime & Security Survey contacted a law enforcement agency, while two thirds preferred trying to identify perpetrators on their own. Almost half of the respondents’ justification was that they thought that law enforcement could not have helped them in the particular situation anyway. This does not shed a good light on the perception of law enforcement’s capabilities in this matter (see Richardson Robert, 2008 CSI Computer Crime & Security Survey, Computer Security Institute, 2008, 22 et seq.)

When states started to recognize the national security component of cyberspace, the
situation became yet more complicated. If any, legal frameworks pertinent to cyberspace
targeted cybercriminals, thus private individuals and not states.53 Lacking a clear strategy,
the distribution of responsibilities between law enforcement agencies, secret services, and
the military were undetermined in most countries, and they still are in many places. Part
of the problem isthat motivations behind cyberintrusions are often unclear, and therefore
it is difficult to categorize a cyberthreat in the first place, which would however allow to
assign responsibility to the respective entity in charge. Specialized agencies or the military
are responsible for cyberthreats otherthan cybercrime,such as cyberterrorism or cyberwar, and law enforcement does not have the operational control over national security. This
overlap of jurisdictions forms obstacles to national and international cooperation.

A good example for this dilemma is the cyberextortion of critical infrastructure operators: before the extortionists do not demand a ransom (for not disrupting the service), the preceding cyberintrusions do not necessarily indicate an instance of cybercrime; rather, the intrusions could indicate future cyberespionage or cyberterrorism, or could even be the harbinger of an imminent cyberwar. However, to some extent thisjurisdictional dilemma can be alleviated by special cybersecurity clearinghouses.

These institutions, most of them CERTs, are usually based on public-private
partnerships and mostly staffed by the industry and universities. Their primary function
lies in monitoring, alerting, and facilitating the coordination of entities that engage in
incident handling and information sharing, rather than taking countermeasures (See, for example, OECD 2005 – Promotion of a Culture of Security, 39 et seq.).

Another problem isthat cyberintrusions are not always categorized as criminal offences
in national criminal codes; much less can they cause extradition. Cross-jurisdictional
cooperation is not universal, and even where it exists, the interlocutor of specialized
agencies of one nation might be regular police of the other nation, which is unable to assist
due to a lack of knowledge or resources. An obstacle for public capacity building is that
ICT knowledge is accumulated in the private sector, which generally offers bettersalaries
and more promising careers to ICT experts than governments do. Apart from allocating
more resourcesto training and creating newICT posts, moststates are therefore compelled
to reach out to the private sector to keep up with the challenges originating in cyberspace.
Therefore, many industry experts work as contractors for states.”

Cyber Law

Cyber Law

Cyberspace Crimes Law

Resources

See Also

Comments

Leave a Reply Cancel reply