Cybercrime Laws: National And International Boundaries

what laws apply once cybercrime crosses national and international boundaries

The rise of cybercrime has brought to the fore the question of how to tackle it when it crosses national and international boundaries. The very nature of the internet means that cybercrime is often transnational, and criminals are increasingly exploiting the online space to take advantage of less severe punishments and the difficulty of being traced. This has challenged the effectiveness of domestic and international law and law enforcement.

There is no single definition of cybercrime, but it generally refers to illegal internet-mediated activities that take place in global electronic networks. These can range from hacking and data interference to child pornography, fraud, and identity theft. The international nature of cybercrime means that it can be difficult to establish jurisdiction and enforce laws. While some countries have established cybercrime laws, the lack of harmonization between national legal systems can make it challenging to prosecute cybercriminals operating across multiple jurisdictions.

The concept of a cyber border has been proposed, which would involve adapting existing authorities and laws to address the unique challenges posed by cyber threats. This could include interpreting functional equivalents of the border (FEBs) in the cyber context, such as network routers or computer servers, as points of inspection for cyber threats. However, the enforcement of cyber borders also raises privacy concerns that need to be carefully considered.

International cooperation and collaboration are crucial in combating cybercrime, and various organizations have developed strategies and conventions to address this issue. For example, the Council of Europe drafted the Convention on Cybercrime in 2001, which aims to provide a legal framework for fighting cybercrime and facilitating international cooperation. Nevertheless, the constantly evolving nature of cyber threats and the ease with which borders can be circumvented online mean that the development of effective strategies to combat cybercrime remains a complex and ongoing challenge.

Characteristics Values
Lack of a single definition of "cybercrime" "Cybercrime" refers to illegal internet-mediated activities that often take place in global electronic networks.
Transnational nature of cybercrime There are no cyber-borders between countries, and existing laws in many countries are not tailored to deal with cybercrime.
Challenges to law enforcement Criminals take advantage of less severe punishments and difficulties in being traced in the cyber realm.
Types of cybercrime Illegal access, data espionage, data interference, content-related offenses, computer-related offenses, and combination offenses.
International responses Efforts by organizations such as the Group of Eight (G8), the United Nations (UN), the International Telecommunication Union (ITU), the Council of Europe, the Asia-Pacific Economic Cooperation (APEC), and others to combat cybercrime and protect data and systems.
National responses Various countries, including the United States, China, and others, have enacted laws and established agencies to address cybercrime.
Jurisdiction and sovereignty issues Determining jurisdiction in cybercrime cases can be complex due to the involvement of cyberspace, requiring adaptations in traditional legal frameworks.

lawshun

International cooperation and data access

International cooperation is essential in addressing cybercrime due to its transnational nature. No single country can effectively tackle this issue alone. Various international organisations and agreements have emerged to facilitate collaboration and establish legal frameworks for combating cybercrime.

The Council of Europe, for instance, co-drafted the Convention on Cybercrime in 2001, which was signed by 46 member states and later ratified by 25 countries. This convention aims to harmonise cybercrime offences, empower law enforcement, and enable international cooperation. The convention underscores the importance of safeguarding state sovereignty and addressing challenges related to extraterritorial evidence.

The Group of Eight (G8) has also played a pivotal role in combatting cybercrime and protecting data. In 1997, G8 released a Ministers' Communiqué that included an action plan and principles to combat cybercrime. Additionally, G8 mandated that all law enforcement personnel must be equipped and trained to address cybercrime, and it designated 24/7 points of contact within member countries.

The United Nations (UN) has also actively addressed cybercrime through various resolutions and initiatives. In 1990, the UN General Assembly adopted a resolution on computer crime legislation, and in 2000 and 2002, it passed resolutions on combating the criminal misuse of information technology. The International Telecommunication Union (ITU), a UN specialised agency, leads efforts in cybersecurity standardisation and development.

In addition to these international organisations, regional groups have also emerged to address cybercrime within their respective regions. Examples include the Asia-Pacific Economic Cooperation (APEC), the Commonwealth of Nations, the Economic Community of West African States (ECOWAS), and the Arab League and Gulf Cooperation Council (GCC). These regional groups have developed strategies, guidelines, and legal frameworks to enhance cybersecurity and combat cybercrime.

To effectively address cybercrime, international cooperation must extend beyond intergovernmental organisations. Public-private partnerships have emerged as a promising approach to tackling cybersecurity issues. For example, the Internet Corporation for Assigned Names and Numbers (ICANN) partnered with the United States Department of Commerce in 2006 through the Multistakeholder Model of consultation. Additionally, the Federal Bureau of Investigation (FBI) has established special technical units and developed tools like Carnivore to assist in investigating cybercrime.

Data access and retention are crucial aspects of addressing cybercrime. The concept of a "national cyber border" has been proposed, drawing analogies from traditional border security. This concept involves defining a cyber border and utilising existing laws and authorities to protect against cyber threats. The interpretation of "Functional Equivalents of the Border" (FEB) is essential in this context, allowing regulatory requirements to be imposed away from physical borders. The FEB is applicable when there is a nexus to the border, no material change since the border crossing, and the inspection occurs at the first practical detention point after the crossing.

While international cooperation and data access are vital, challenges remain. For instance, privacy concerns arise when tracking cybercrime, particularly when involving private-public partnerships and the development of more secure technology products. Additionally, insufficient criminal laws and regulations in some countries impede the fight against cybercrime, underscoring the ongoing need for international collaboration and legal harmonisation.

lawshun

Jurisdiction and sovereignty

Territorial sovereignty refers to a state's authority and power over its geographic territory, including its information and communications technology (ICT) infrastructure. Unauthorized access to a country's ICT infrastructure by third parties, even in the course of investigating a cybercrime, can violate state sovereignty.

Jurisdiction, linked to sovereignty, grants states the authority to enforce laws, define and safeguard rights, and punish law violations within their territory. The principle of territoriality asserts that states have jurisdiction over crimes committed within their borders. However, determining jurisdiction in cybercrime cases is complex due to the involvement of cyberspace.

Cybercrime jurisdiction is established based on factors such as the offender's and victim's nationality and the impact of the cybercrime on the state's interests and security. National cybercrime laws play a crucial role in establishing jurisdiction, with variations in how different countries approach this matter. For instance, Malaysia's Computer Crimes Act of 1997 asserts jurisdiction over cybercrimes committed by any individual, regardless of nationality, if the offence is committed within or outside the country. In contrast, Tanzania claims jurisdiction over cybercrimes that occur within its territory, involve Tanzanian nationals, or target Tanzanian computer systems, devices, data, or citizens.

The evolution of the cyber border concept is essential to address the convergence of traditional border and cyber security. While the interpretation and adaptation of existing laws can provide a legal framework for defining a national cyber border, the unique nature of cyberspace may require a radical departure from contemporary legal thinking.

lawshun

National cybercrime laws

Territorial Sovereignty and Jurisdiction

Territorial sovereignty refers to a state's authority over its geographic territory, including its information and communications technology (ICT) infrastructure. When unauthorised access to a country's ICT systems occurs, it violates state sovereignty, even if it is done in the course of investigating a cybercrime originating from another country. Jurisdiction, linked to sovereignty, grants states the authority to enforce laws, define duties and rights, and punish law violations within their territory.

Factors Determining Jurisdiction

While the principle of territoriality asserts that jurisdiction is established when a crime is committed within a state's territory, the complex nature of cyberspace poses challenges in determining jurisdiction for cybercrimes. Other factors, such as the nationality of the offender and victim, as well as the impact of the cybercrime on the state's interests and security, also come into play when establishing jurisdiction.

Examples of National Cybercrime Laws

The Computer Crimes Act of 1997 in Malaysia establishes the state's jurisdiction over cybercrimes committed by any person, regardless of nationality, inside or outside the country. Similarly, Tanzania's Cybercrimes Act of 2015 claims jurisdiction over cybercrimes with a connection to the country, including those committed using a computer system or device located within its territory or directed against its systems or residents. Kenya's Computer Misuse and Cybercrimes Act of 2018 establishes jurisdiction over cybercrimes committed by its citizens or residents, targeting its citizens or government, or with the intention to compel action from the Kenyan government.

Challenges and Shortcomings

While national cybercrime laws provide a framework for addressing cybercrimes within a country's borders, they often fall short in the context of transnational cybercrimes. The dynamic nature of cyberspace and the ease of committing crimes across borders highlight the need for international cooperation and standardised legislation. Additionally, the interpretation and application of existing laws to cybercrimes can be cumbersome, and there may be a need for separate legal codes specifically addressing cybercrimes.

lawshun

The role of private entities

Private entities play a crucial role in addressing cybercrime, alongside public entities. These include internet service providers, security vendors, software developers, and computer forensics vendors. They focus on developing and implementing technology systems to protect against computer intrusions, internet fraud, and spam. Additionally, they play a critical role in detecting cybercrime and gathering admissible evidence for investigations.

Internet service providers offer various levels of internet access and related services such as customer support, spam protection, and virus protection. They also assist law enforcement by monitoring and providing information on selected internet activities and offering technical expertise for investigations. Security vendors, such as email security firms, screen electronic messages for harmful data and take action to prevent it from reaching the intended target. Software developers work on improving the quality and security of operating systems to detect and block malicious code. Computer forensics vendors provide investigative services to detect the theft of trade secrets, employee fraud, and the recovery of inaccessible documents and files. They also develop tools used by law enforcement to investigate cybercrime.

Furthermore, private entities face challenges in addressing cybercrime. These include reporting cyber incidents, ensuring adequate law enforcement capabilities, working across multiple jurisdictions, and implementing information security practices. Private entities may choose not to report cyber incidents due to concerns about negative impacts on financial markets, reputation, litigation, and job security. Additionally, there is a limited pool of individuals with the specialized skills needed to address cybercrime, and private entities often offer higher salaries and benefits, attracting talent away from public entities. Working across multiple jurisdictions with differing laws and procedures complicates investigations, and implementing strong information security practices and raising awareness about criminal behaviour are also challenging.

To address these challenges, public-private partnerships have been formed to increase trust, improve information sharing, and leverage resources and technologies. However, more can be done to ensure agencies have the necessary capabilities to combat cybercrime effectively.

lawshun

The impact of cybercrime on traditional border security

The emergence of cyber threats has radically changed the border security landscape forever. The internet and cyber methods provide an opportunity to circumvent traditional border security measures, perpetrate crimes, and harm nations to a degree that was once only possible through large-scale military actions. Terrorists, criminals, and nation-states can take advantage of the asymmetrical nature of cyber methods to threaten and harm a nation and its people.

Attacks on critical national infrastructure, the theft of sensitive government and industry trade secrets, the importation of hazardous and illegal materials, and the stealing of funds from banks and citizens are just a few of the crimes and threats that once required some physical compromise of traditional border security and controls. All of these actions are now possible through the illicit use of the internet.

Some crimes commonly committed against individuals by foreign actors today, such as the theft of personal information or finances, would have been improbable or impossible before the advent of the new "cyber vector" of attack. Cyber threats have converged with traditional border security threats and now either complement them or provide new opportunities to threaten the nation. By providing an avenue to circumvent physical border security measures, cyber methods have rendered many traditional border security efforts obsolete.

The government's role in defending against foreign cyber intrusions is far less robust than traditional border security. Rather than focusing on preventing the entry of cyber threats, the government often functions in a responsive role, investigating after an attack has occurred. The defence of the nation's cyber frontier is largely left to private entities, both individuals and organisations, to protect their own cyber borders.

From a border security perspective, this is highly undesirable due to interdependency issues. Once compromised, each individual or organisation's computer or network can become an additional attack vector operating within the nation's borders. This situation is analogous to making every individual responsible for their own physical border security and, ultimately, that of the entire nation.

The concept of a cyber border can be defined and enforced by adapting existing authorities and interpreting current and traditional border enforcement laws. The simplest method to define the cyber border is to apply the land border concept: the place where data transmission cables cross physical national borders would constitute a border crossing. However, this analogy is deficient as data can cross borders via other means, such as satellites. A more practical definition of the cyber border is the functional equivalent of the border (FEB), where data arrives at the first practical point of inspection—a network router, computer server, PC, or other networked device.

The importance of defending a nation against cyber threats is critical to national and homeland security. The magnitude of current and emerging cyber threats may surpass traditional threats. The asymmetrical nature of cyber provides minor nation-state enemies and even lone wolf actors with the ability to inflict great harm on a great military power. Criminals will continue to exploit cyber advantages, rendering many aspects of traditional crime prevention ineffective or obsolete.

Adapting and evolving the definition of the border to include a national cyber border will help deny this pathway for foreign threats and protect the nation and its people.

Frequently asked questions

National cybercrimes are those that occur within a single country's borders and are subject to that country's laws. International cybercrimes, on the other hand, occur across multiple countries' borders and may be subject to different laws and legal systems.

International cybercrimes present unique challenges due to the involvement of multiple jurisdictions and legal systems. The lack of standardised cybercrime laws and the constant evolution of cybercrime methods make it difficult to prosecute offenders and obtain justice for victims.

Countries cooperate through formal and informal mechanisms. Formal mechanisms include mutual legal assistance treaties and extradition treaties. Informal mechanisms include information sharing and joint investigations between law enforcement agencies from different countries.

International cyber law aims to protect sovereignty and jurisdiction while also facilitating international cooperation. The principles of equality, non-interference in domestic affairs, and the establishment of functional equivalents of borders (FEBs) in cyberspace are crucial to this endeavour.

Written by
Reviewed by
Share this post
Print
Did this article help you?

Leave a comment