Kara Sears
Cybercrime law is a critical aspect of the digital age, providing rules and standards for internet usage and safeguarding individuals, organizations, and infrastructure from potential cyber threats. The evolution of cybercrime, from viruses on floppy disks to sophisticated ransomware, has posed significant challenges to law enforcement. The non-local nature of cybercrime, transcending geographical boundaries, further complicates jurisdiction and enforcement. Various countries have enacted cybercrime laws, such as the Cybercrime Prevention Act of 2012 in the Philippines, to address these evolving threats. The history of cybercrime legislation is extensive, with the first computer virus detected in 1971 and the Computer Fraud and Abuse Act, a pivotal US cybersecurity bill, enacted in 1986.
| Characteristics | Values |
|---|---|
| Year of cybercrime law creation | 2012 (The Cybercrime Prevention Act of 2012) |
| Country | Philippines |
| Cybercrime offenses included | Cybersquatting, cybersex, child pornography, identity theft, illegal access to data, and libel |
| Criticism | Curtailment of freedom of expression, "cyber authoritarianism" |
| Cybercrime law definition | Provides rules of conduct and standards of behaviour for the use of the Internet, computers, and related digital technologies |
| Cybercrime law application | Rules of evidence and criminal procedure, and other criminal justice matters in cyberspace |
| Cybercrime law purpose | Reduce risk and/or mitigate harm to individuals, organizations, and infrastructure in the event of a cybercrime |
| Substantive cybercrime law | Prohibits specific types of cybercrime and punishes non-compliance |
| Jurisdiction | Linked to state sovereignty, which is a country's right to exercise authority over its territory |
| Challenges | Non-local nature of cybercrime, requiring international cooperation for law enforcement |
| Existing laws | Computer Fraud and Abuse Act (CFAA) in the United States, USA PATRIOT Act of 2001 |
Explore related products
What You'll Learn
The Computer Fraud and Abuse Act of 1986 (US)
The Computer Fraud and Abuse Act (CFAA) was enacted in 1986 as an amendment to the first federal computer fraud law to address hacking. The CFAA is a United States cybersecurity bill that was enacted as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The original 1984 bill was enacted out of concern that computer-related crimes might go unpunished.
The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization. However, it does not define what "without authorization" means. The Act has been amended several times, most recently in 2008, to cover a broad range of conduct beyond its original intent. The CFAA is both a criminal law and a statute that creates a private right of action, allowing compensation and injunctive or other equitable relief to anyone harmed by a violation of this law. These provisions have allowed private companies to sue disloyal employees for damages for the misappropriation of confidential information (trade secrets).
The CFAA is an important law for prosecutors to address cyber-based crimes. However, as technology advances, the use of criminal law to regulate conduct using such technology also advances. The CFAA has been criticised for its harsh penalty schemes and malleable provisions, becoming a tool ripe for abuse and use against nearly every aspect of computer activity. The breadth and ambiguity of the CFAA are concerning, and some support wholesale reform of the CFAA, believing that violations of website terms of service should not be federal crimes.
It is important to note that jurisdiction plays a crucial role in cybercrime investigations and prosecutions. Jurisdiction refers to a state's power and authority to enforce laws and punish non-compliance. Given that cyberspace lacks geographic boundaries, determining jurisdiction can be challenging. Law enforcement and national courts must consider the interested state's jurisdiction when investigating and adjudicating cybercrime cases.
The Law Behind the Separation of Immigrant Families
You may want to see also
Explore related products
Cybercrime Prevention Act of 2012 (Philippines)
The Cybercrime Prevention Act of 2012, officially recorded as Republic Act No. 10175, is a law in the Philippines that was approved by President Benigno Aquino III on September 12, 2012. It is one of the first laws in the Philippines to specifically criminalize computer crime. Prior to the passage of the law, there was no strong legal precedent in Philippine jurisprudence for prosecuting crimes committed on a computer. For example, Onel De Guzman, the computer programmer charged with writing the ILOVEYOU computer worm, was not prosecuted by Philippine authorities due to a lack of legal basis.
The Act addresses legal issues concerning online interactions and the Internet in the Philippines. It includes substantive penal, procedural, and international cooperation rules, in line with the Cybercrime Prevention Act of the Budapest Convention, which took effect in February 2014. The Act also mandates the National Bureau of Investigation and the Philippine National Police to organize a cybercrime unit staffed by special investigators to handle cases pertaining to violations of the Act, under the supervision of the Department of Justice. The unit is empowered to collect real-time traffic data from Internet service providers with due cause, require the disclosure of computer data within 72 hours after receiving a court warrant, and conduct searches and seizures of computer data and equipment.
The Act covers a range of cybercrime offenses, including cybersquatting, cybersex, child pornography, identity theft, illegal access to data, digital fraud, computer-related forgery, and libel. While the Act was hailed for penalizing illegal acts done via the Internet that were not covered by old laws, it has been criticized for its provision on criminalizing libel, which is perceived as a curtailment of freedom of expression or "cyber authoritarianism". Its use against journalists has drawn international condemnation.
The Regional Trial Court has jurisdiction over any violation of the provisions of the Act, including any violation committed by a Filipino national regardless of the place of commission. Jurisdiction shall lie if any of the elements were committed within the Philippines or with the use of any computer system wholly or partly situated in the country, or when damage is caused to a person who was in the Philippines at the time the offense was committed.
Arizona's Immigration Law: Understanding SB 1070's Policy
You may want to see also
Explore related products
$43.07 $59.95
The evolution of cyber threats
The 1980s saw the emergence of the first real malicious software (malware) threats. Following the formation of the internet in 1983, hackers had a vast field to explore and exploit. The Morris Worm attack in 1988 was the first cyberattack to gain significant media attention. This worm infected more than 6,000 computers, causing damages ranging from $100,000 to millions of dollars.
In the early 2000s, the first open-source antivirus engines, such as OpenAntivirus and ClamAV, were made available. Commercial antivirus software like Avast also started offering free security solutions to the masses. However, cybercriminals were also evolving their tactics, stealing user credentials, launching phishing attacks, and spamming other users through instant messaging or email.
The 2010s witnessed a rise in advanced persistent threats (APTs) and high-profile breaches that impacted national security and cost businesses millions. During this period, notable cyberattacks included the publication of credit card details of more than 400,000 people by a Saudi hacker and the leaking of classified information from the National Security Agency (NSA) by former CIA employee Edward Snowden.
The period between 2017 and 2020 marked the emergence of Internet of Things (IoT) and AI-related cyber threats. IoT devices, which are increasingly used by businesses, often lack proper security measures, making them vulnerable to attacks. AI has become a double-edged sword, with businesses using it to enhance security measures and cybercriminals leveraging it to create more sophisticated attacks, such as generating realistic phishing emails.
Looking ahead, the cyber-threat landscape is expected to become increasingly complex with the continued rollout of 5G networks and the adoption of edge computing devices, creating new vulnerabilities for cybercriminals to exploit. Quantum computing also poses a threat to current encryption technologies, potentially rendering them obsolete. As newer technologies, such as AI and machine learning, become more prevalent, the challenge of staying one step ahead of cybercriminals remains an ongoing battle.
The Sherman Act: A Landmark Anti-Monopoly Law
You may want to see also
Explore related products
![Corporate and White Collar Crime: Cases and Materials [Connected eBook] (Aspen Casebook)](https://m.media-amazon.com/images/I/61Xi3VNkluL._AC_UY218_.jpg)
Cybercrime law: substantive, procedural and preventive
Cybercrime law is a relatively new field, with the first computer virus, the Creeper Virus, detected in 1971. The first cybercrime conviction was in 1983 when Ian Murphy hacked into AT&T's internal systems. The evolution of cyber threats has been rapid, with the first major cyber attack, the "Morris Worm", predating the World Wide Web.
Substantive Cybercrime Law
Substantive cybercrime law focuses on the substance of the crime, the actus reus, or "guilty act", and the mens rea, or "guilty mind". These laws prohibit specific types of cybercrime and punish non-compliance. Substantive laws are guided by the "substance" of the criminal act, such as forbidden conduct and the mental element. For example, the US has substantive cybercrime laws that forbid hacking, illicit infiltration of computer systems, identity theft, and obscene content.
Different countries may choose to criminalize different conduct by selecting different elements that constitute a crime. For instance, cyber-crime laws enacted to criminalize illicit access to ICT systems and stealing information from computer networks differ among various countries.
Procedural Cybercrime Law
Procedural cybercrime law demarcates the processes and procedures to be followed to apply substantive law and enforce it. Procedural law includes rules of evidence and criminal procedure, which are not standardized between countries. Due to the transnational nature of cybercrime, there is a need for harmonized rules of evidence. Procedural law also includes the "criminal procedure", which constitutes instructions on how to handle a suspected or accused person.
Preventive Cybercrime Law
Preventive cybercrime law focuses on regulation and risk mitigation. Information protection laws and cybersecurity laws aim to mitigate material damage and reduce vulnerability to cyber-attacks. Preventive laws also assist relevant agencies in detecting, investigating, and prosecuting cybercrimes by providing the necessary tools and infrastructure.
The Laws of Kepler: A Story of Celestial Discovery
You may want to see also
Explore related products
Cybercrime jurisdiction
In the context of cybercrime, jurisdiction refers to the authority of a state or legal entity to enforce laws, define rights and duties, and punish violations related to cybercriminal activities. The determination of jurisdiction in cybercrimes is established by factors such as the nationality of the offender and the victim, the impact on the state's interests and security, and the ability to demonstrate a "sufficient connection" or "genuine link" between the cybercrime and the state exercising jurisdiction.
The principle of territoriality, which grants states jurisdiction over crimes committed within their physical territory, is a fundamental aspect of traditional criminal jurisdiction. However, the borderless nature of cyberspace complicates the application of this principle in cybercrime cases. As a result, modern jurisdictional provisions have expanded to include both nationality and conduct that occurs outside the territory but has, or is intended to have, consequences within it.
To address the complexities of cybercrime jurisdiction, international cooperation and agreements have become crucial. The Council of Europe's Convention on Cybercrime, established in 2001, is a notable example. Article 22(1) of the convention states that each party "shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence...included in this Convention, when the offence is committed...in its territory." This provision highlights the ongoing efforts to adapt legal frameworks to the unique challenges posed by cybercrime.
Additionally, the investigation and prosecution of cybercrimes may involve multiple jurisdictions, particularly in transnational cybercrimes. Factors such as the place of the commission of the crime, the custody of the perpetrator, the harm caused, the strength of the case, and the punishments available in the competing jurisdictions come into play when resolving conflicting jurisdictional claims.
Judicial Branch: Creating Law and Order
You may want to see also
Frequently asked questions
Cybercrime law provides rules of conduct and standards of behaviour for the use of the Internet, computers, and related digital technologies. It also outlines rules of evidence and criminal procedure, as well as other criminal justice matters in cyberspace.
The Computer Fraud and Abuse Act of 1986 (CFAA) is a United States cybersecurity bill that was enacted as an amendment to existing computer fraud law. It is considered the first computer-specific criminal law.
The Cybercrime Prevention Act of 2012 is a law in the Philippines that addresses legal issues concerning online interactions and the Internet in the country. Other countries, like Germany, Japan, and China, have amended their criminal codes to combat cybercrime.
Cybercrime can occur across multiple jurisdictions, which poses severe problems for law enforcement as it requires international cooperation. Determining jurisdiction in cyberspace is challenging due to its non-geographic nature.
