ÇáãÓÇÚÏ ÇáÔÎÕí ÇáÑÞãí

ãÔÇåÏÉ ÇáäÓÎÉ ßÇãáÉ : Altdus ray frank



áÇÑíä
07-27-2009, 10:33 AM
ALTDUS RAY FRANK



LACK OF INTERNATIONAL UNANIMITY REGARDING CYBERLAWS: THE FUEL OF CYBERCRIME


INTRODUCTION

It is truly nothing but spectacular when one stops and thinks of the evolution of computers. In the comparative whim of things, it was not too long ago that humans still revolved around the wonder that was the abacus. This simple but efficient device made numerical calculations much quicker and easier. It is to this era, which spans thousands of years, can one trace back the origins of computers.

Of course anything made for good is prone to tempt the darker side of man, leading to abuse and or misuse. The best example of this is Alfred Noble’s quest for dynamite to help miners and construction workers, but as history shows, the dynamite found its primary use as a weapon in the military[1] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn1).
The earliest recorded cybercrime took place in the year 1820. Joseph-Marie Jacquard, a textile manufacturer in France, produced the ‘loom’. The ‘loom’ was a device which allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology[2] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn2).
Eventually, this mischievousness grew with the advent of newer technologies and the acts of sabotage only grew more violent and disruptive in nature. The times have changed and are changing in the direction where individuals no longer need the telephone, the televisions or radio as a communications device, but rather, have become solely dependant on the internet. This creates a world wherein the armed thugs of yester years have transformed into computer geeks, armed only with their computer and a net connection. The conflict between the dependency of society on the internet and the hooligan’s immature need to rein havoc is what first caused the topic of Cyberlaw and cybercrime to arise.
DEFINITION
In order to first define what cybercrimes are, one must grasp a proper understanding of what crime is interpreted as. A crime is an activity that is considered wrong generally and banned by the laws of society. A conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences. Of course, this is a more personal interpretation and it much more appropriate to refer to more established authors.
CONVENTIONAL CRIME-
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”[3] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn3)
The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”.[4] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn4)
Cybercrime can be defined in a wide variety of ways, but these explanations cannot be stated ipso facto mostly due to the rapid change in the field. A suitable definition may not be as suitable tomorrow, which in itself presents the majority of the problem. The law can only outlaw activities which are possible or reasonably anticipated possible in the near future, during a period of time, e.g. it is not possible for any country to regulate the field of artificial intelligence, simply because the perception of artificial intelligence to this day is nothing more than fiction belonging to the likes of the popular T.V. shows such as “Star Trek” and “Stargate”.
The definition of ‘cybercrime’ is not fixed and should be considered to be in a fluid state wherein change in the structure is nothing short of certain.
CYBER CRIME-
“Cybercrime is regarded as computer-mediated activities which are either illegal or considered illicit by certain parties and which can be conducted through global electronic networks. This web page includes resources related to cyberstalking, electronic crime, high-tech crime, internet crime, etc. Separate pages have also been created to focus on fraud and identity theft.”[5] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn5)
Cybercrime is a term “used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. These categories are not exclusive and many activities can be characterized as falling in one or more categories.”[6] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn6)
The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
For the reasons confined to the following discussion cybercrime means those crimes which are committed with the use of or through electronic or digital resources. The existence of a parallel virtual dimension is recognized, equating the crimes in the real world as equally applicable in the virtual world. The punishment are not and cannot be as severe as those imposed for a transgression in the real world, but they are still of a serious nature and vary according to gravity of the presented situation.
DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-
On the surface there appears no distinction between cyber and conventional crime. However, on a deeper introspection there exists a rigid and comprehendible fine line of demarcation between the conventional and cyber crime. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.
THE HORROR THAT IS CYBERCRIME
Worms have been accredited with unleashing the worst attacks in history, it reputation for destruction has not lost meaning with its transition from the real world to the virtual. The “Love Bug” computer worm had had been calculated by accountants to cost businesses worldwide an estimated $8.7 billion in damages.[7] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn7) To make matters worse, the college drop-out who confessed to have “accidentally” released the worm in the form of an email attachment got away with it because there were no applicable cybercrime laws in the Philippines with which to charge him. The United States and the Philippines had entered into a “Mutual Legal Assistance Treaty (MLAT),” but to extradite him, a crime had to have been committed according to the laws of Philippines, which lacked the regulation of cyber crime.
The “Love Bug” and its variants underscore the world’s dependence on computers and concurrent vulnerability to computer attacks. Credit card theft alone is estimated to cost banks and individuals some $400 million annually, while profits lost by firms from stolen patents and trademarks amount to $250 billion a figure estimated to be nearly five percent of world trade.[8] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn8) Not surprisingly, with computer attacks doubling each year[9] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn9), cybercrime has the capacity to knock off-balance a country’s whole economy. The ease with which cybercriminal distributed malicious code that result in “denial-of service”, creation of Trojan horses, spreading of worms and virus have only lead in more and more individuals committing similar offence, as they see no harm and more so, no punishment.
Despite the staggering cost of computer attacks, Internet fraud and the computer- facilitated theft of proprietary information are still the leading causes of financial loss due to computer use. The social cost of cybercrime often are fixed by the ease in prohibited activities such as cyberstalking, child pornography and identity theft. Computer security experts are also worried that a well-designed worm could crash or even demolish the Internet in times of war.
It was not till the aftermath of the September 11, 2001 terrorist attack on the United States, that the American Congress as well as other governments passed a series of laws designed to assist law enforcement agents to combat terrorism by expanding governmental access to electronic data in cyberspace. Ironically, the lives of ordinary people who are not suspected of having ties to terrorism will be affected by the government’s new take on cybercrime. As people increasingly rely on computers and the Internet to engage in a wide variety of daily tasks, common expectations of privacy also increase. However, increased criminalization and employment of invasive technology to prevent crime and terrorism may infringe upon civil liberties without actually delivering any increased security.[10] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn10)
METHODS OF EXPLOITATION
Humans have longed to do many things in their lives, but it because some of these activities interfere with other humans that laws and regulations are required. Laws and rules provide a safe haven for the weaker aspects of society and thereby allowing society as a whole to flourish. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. Avoiding the social and psychological aspect of crimes in general the reason for cybercrime can be termed to be the vulnerability of computers. These vulnerabilities may be said to be:
1. CAPACITY - The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium making it a bigger target for criminals.
2. ACCESSIBILITY - The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. In fact, to a certain extent the popularity of the cyber world is the largest contributor to cybercrime.

COMPLEX MECHANISM- The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
HUMAN NEGLIGENCE - Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
LOSS AND DESTRUCTION OF EVIDENCE - Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
THE PEOPLE BEHIND THE CRIMINALS
Almost everybody with any sort of world knowledge know who hackers are or if not at least what they do. This image society has placed upon these miscreant criminals are nothing short of astounding. The governments and companies have gone on the curb these criminals’ activities while on the other hand mass media and advertising place these lowlifes on a higher pedestal. In a move remnant of the “Godfather” of the yester years, hackers are gaining popularity like the gangsters of the Al Capone generation.
They are being praised as heroes, under dogs standing up to the big dogs, the government. It is only reasonable to assume that this kind of popularity attracts greater numbers into their fold. The cyber criminals constitute of various people who can be grouped together. This division may be justified on the basis of the object that they have in their mind. The following are the basic category of cyber criminals.
A. BETWEEN THE AGES OF 6 – 18 YEARS – The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness. The thirst for knowledge is an inbuilt gift and curse. Younger minds have a tendency to know and explore things, especially those that they find fascinating. Another cognate reason may be to prove themselves as outstanding individuals amongst other children in their group.
B. STRUCTURED HACKERS - These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil a particular agenda, these might include, but not limited to, political ideology, fundamentalism, expression of dissent etc…
C. PROFESSIONAL HACKERS / CRACKERS – Money is paper and there are those who are willing to break laws in order to chase after the paper. Here in the case of professional hacker/cracker, their work is motivated by the smell of money. These kinds of hackers are mostly employed to hack the site of rivals or in certain cases allies and get credible, reliable and valuable information. They are also sometime employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
D. UNHAPPY EMPLOYEES - This group include those people who have been either fired by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employer. They have the inside knowledge and technical know how to bypass security measures and create a mess from which the employer must spend it resources clearing up.
THE ISSUES AT HAND
Cybercrime and its entire variants have been considered as a miscreant foe, which creates undue havoc among web users and their respective affiliates. This foe exists because it makes it possible to attack, disrupt, destroy and loot data. These issues can be classified into various groups.
· Uniform Recognition of Crimes
· Jurisdiction
· Uniform Punishment
· Extradition/Cross Border Cooperation
In the modern world, data and information are more valuable than any stone, gem or currency. It was once said “Knowledge is God”, such a statement could not be truer in the present era. Those with the knowledge can do what they want, whenever and to whomever without restrictions or any sort of hindrances. This is not to be interpreted in the sense that since hackers have superior computer knowledge, they are equal to gods, but the information they steal gives them knowledge which can result in undue shifting of power in a way making them very powerful individuals.
Example – A hacker, through the use of his computer expertise, attacks and steals information from the passport database systems of a country.
1. This information gives the hacker the ability to find any person entered into such database.
2. Manipulate the information so as to create problems for passport holders.
3. Even printout duplicate passports which can be used by terrorist or extremist in their plots.
Here the hacker is nothing short of a form of god playing with the lives of ordinary individuals. He uses and abuse the knowledge he has, to interfere and violate the freedoms of individuals. Although, almost every crime involves the violation of a right by the transgressor, the problem with virtual criminals is that it is painfully hard to catch and prosecute evasions of law.
Uniform Recognition of Crimes – as stated earlier there is no hard and fast rule to determine which activities constitute cybercrimes and which do not. The activities which constitute cybercrimes vary from nation to nation and what if often met with serious punishment in one country is not even an offence in another. There is no real need to go into different types of cybercrimes and its recognition by various countries, it must be simply understood that various nations around the world address cybercrimes differently in with that regard the enforcement of such crimes vary too.
The prime example to be used is the current hot topic of piracy. While piracy is rigorously prosecuted in the United States, with stunning reports of “college students, grandmothers, children, single moms and anyone else who might have shared a song over peer-to-peer networks”[11] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn11) facing lawsuits and felony charges, while the same activity has found safe haven in the Netherlands and other countries.
To put it plain English, the major problem with tackling cybercrime is simply that there is no unanimity as to the nature and scope of cybercrime.
Jurisdiction - A hacker, cracker or whatever cybercriminals want to call themselves makes it hard for law enforcers to enforce respective legislation regarding cybercrime. This is mostly due to the fact that there are too many jurisdictional issues involved. The authorities must look into the physical location where the crime was committed. In order, to make such an assessment, the location of the computer which was used to commit the crime must be looked into, the location of the computer wherein the crime was committed, their respective databases, transaction terminal, etc… must be looked into[12] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn12).
Unfortunately thanks to the United Stated, in its overzealous need to uphold the fundamental right of freedom of speech, opened pandoras box, causing a ripple effect in the legal community’s perception regarding the jurisdiction of cybercrimes committed.
YAHOO! FRANCE CASE[13] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn13)
Two groups in France complained to the court that Yahoo! France’s auction websites sold Nazi memorabilia and Third Reich related goods, which is banned under French Law. They consequently requested the court to take stringent action. Yahoo! took up the plea that it was a company incorporated in the United States of America and that the French Laws did not bind it. It was further contended that, technologically speaking, it was not possible for Yahoo! to block access to all Nazi Memorabilia.
The French Court ordered Yahoo! France to remove all Nazi memorabilia and content from its website failing which it would have to pay a fine of 100,000 frank for each day of non-compliance. Yahoo! complied with the order of the French Judge and removed almost all of the Nazi memorabilia links on its auction *******
However, Yahoo! also moved an American court for a declaration that the directions given by the French Judge were not enforceable in United States and that Yahoo! being an American company was not bound by the decision of the French Court.
In a historical judgment, the American District Court of California held that the directions of the French Judge could not be enforced in the United States of America, as the same were violative of the first Amendment of the US Constitution. The Judge further held that though the American court respected the French judgment, yet the fact was that the French judgment was passed in the peculiar facts relating to France and that such judgment would not be applicable in American Law on American citizens and legal entities.
This judgment has got far reaching significance and consequences on the entire subject of jurisdiction. Till now, the courts anywhere in the world could assume and were assuming jurisdiction on Internet transactions and websites that were located outside the country.
This decision underlines the principle that even if a foreign court passes a judgment or directions against a legal entity of a particular country say Country Z, then that judgment or direction would not be applicable automatically to Country Z’s legal entity or citizen. The decision or direction of the foreign court will need to be scrutinized by Country Z’s courts keeping in mind the local laws of that country, before it can be enforceable in Country Z.
Thereby, if a particular country, in which a cybercrime has been committed, tries and prosecutes the offender, such a judgement will not be enforceable till the country wherein the offender has a legal entity, ratifies such a judgment through a motion of that countries courts.
Uniform Punishment – This was only to be anticipated with the emergence of the problem with the lack of uniform recognition of crimes. Since there is a complete lack of unanimity regarding the definition of crimes it is only reasonable to assume that there is no universal punishment regarding the same. After all if there is no crime how can there be any punishment[14] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn14).
Extradition/Cross border cooperation – This is the topic that puts it all together. If there was international cooperation based on a common understanding and mutual friendship then the issue of cybercrime would not be imperative at all in the international community. For that matter, if there was any real and sustainable form of international cooperation on any level most of the problems facing the international community today would cease to exist[15] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn15).
PRESENT SOLUTION TO THESE ISSUES
It cannot be said that the global community is not aware of these issues or are ignorant of them. The world has come across these problems and has tried to find solutions to them, the problem lies within the compromise made with regards to the implementation of these solutions. The solutions, while attempting to deal with various issues involved in cybercrime have failed to tackle the problem and instead addressed the secondary issues with all its might.
Until recently, there was only precedence set by courts which governed cyberspace. The case laws set precedence with regards to many issues and tried to address them in a manner previous judges tackled the matter. This created a wide variety of problems; the judges of various nations lacked a universally equitable ability to decide cases according to a predetermined common formula. Resulting in duplicity of decisions and more predominantly causing a conflict in the decision tendered.
Problems with Precedence set by Court Decisions
This was seen in a wide array of cases starting with the redefining of the rules tendered in the Zippo case[16] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn16) by the Yahoo France Case[17] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn17). In the beginning the courts of different countries began making the mere access to Internet as a sufficient ground for assuming jurisdiction over Internet related transactions. The Zippo case redefined this view by requiring courts to look at “something more” than the mere Internet access in order to assume jurisdiction. That “something more” could be in the form of the interactivity of the website or any other factor, as per the opinion of the courts. This principle was further redefined in the Yahoo France Case with the American Courts crying foul to the French judicial decision to outlaw sale of Nazi memorabilia. This decision had far reaching consequences for the courts, for until the above mentioned decision was tendered courts anywhere in the world could assume and were assuming jurisdiction on information and data transactions that were located outside the country. This case rewrote that assumption.
In the case of Inset Systems, Inc. v. Instruction Set, Inc.[18] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn18) a court actually suggested that a non-resident of a country who runs a website, which could be viewed by citizens of the forum state, was enough to justify the exercise of personal jurisdiction over the website’s owner and operator. Thankfully such an erroneous judgment in the case of Designs88 Ltd. v. Power Uptik Productions[19] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn19), wherein the judges stated “Although the defendants appear to be correct in their contention that much of the activity in this matter occurred in cyberspace, this can not signify that the increasingly large number of those who deal in e-commerce shall not be subject to jurisdiction in any earthly court…There being no district court of cyberspace…Defendants will have to settle begrudgingly for the [court wherein the crimes was effected or felt the most].”
To start discussing cases wherein overruling has played a predominant rule is a vexatious and never ending task, it must be simply understood that the constant overruling and revocation of the rules invoked in one case by other judicial decisions had caused a great deal of confusion resulting in numerous courts taking upon itself to decide cyberlaws according to its interpretation of natural laws as well other principle of laws.
Convention on Cybercrime, 2001
This was the first convention to address the issue of cybercrime. This historic convention which is the brain child of the European Union tried addressing the various complicated issues associated with the problem of cyber crime with a wide array of success. The Convention on Cybercrime, 2001(hereby referred to as the convention) led the charge in normalizing the nature and punishment of various different cybercrimes.
A Brief Description of the Convention
The Council of Europe, on November 8, 2001 adopted the Convention on cybercrime (ETS n°185)1 and became open for signature on November 21 in Budapest on the issue of the International Conference on Cybercrime. As of today this convention constitutes a world recognized covenant, which addresses the issue of crimes in cyberspace. A brief outline of the above mentioned convention is as follows. The most important headings are:
v Definition of Terms
v Substantive Criminal Law
v Procedural Law
v Jurisdiction
DEFINITION OF TERMS (Chapter 1) – Here the drafters of the convention has gone in to define certain words, in order to alleviate any sort of misunderstanding. These words defined are “computer system”, “computer data”, “service provider” and “traffic data”.
SUBSTANTIVE CRIMINAL LAW (Chapter 1; Section 1) - Section 1 defines various computer or computer-related crimes that should be punishable under criminal laws. Several types of offences have been presented and classified under four categories, billed titles, in Section 1:
· Title 1 - Offences against the confidentiality, integrity and availability of computer data and systems;
· Title 2 - Computer-related offences;
· Title 3 - Content-related offences;
· Title 4 - Offences related to infringements of copyright and related rights.
Title 1 specifically states the illegality of certain activities as stated in the convention. These activities include:
§ Illegal access (Art. 2);
§ Illegal interception (Art. 3);
§ Data interference (Art. 4);
§ System interference (Art. 5);
§ Misuse of devices (Art. 6).
Title 2 is the “relations” part of the convention and seeks to bring out various connections between cybercrimes and its impact on the real world.
§ Computer-related forgery (Art. 7);
§ Computer-related fraud (Art.8).
Title 3 deals with content-related offences and concerns itself with offences related to filtration of content passing into a country. A prime example of this would be the ban of child pornography under Article 9.
The criminalization of xenophobic acts committed through computer systems is treated by the additional protocol[20] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn20) to the convention on cybercrime. “Racist and xenophobic material” means any written material, any image or any other representation of ideas or theories, which advocates, promotes or incites hatred, discrimination or violence, against any individual or group of individuals, based on race, colour, descent or national or ethnic origin, as well as religion if used as a pretext for any of these factors.
The following activities, in addition to aiding and abetting, are punishable: dissemination of racist and xenophobic material through computer systems, racist and xenophobic motivated threats, racist and xenophobic motivated insults, denial, gross minimization, approval or justification of genocide or crimes against humanity.
Title 4 describes offences related to infringements of copyright and related rights. Additional offences related to attempting to commit or aiding and abetting offences, as defined in the Convention, is also punishable and the question of indirect liability is raised. Sanctions and measures mentioned in the convention are related to consequences flowing from the serious nature of these offences by providing for criminal sanctions that are effective, appropriate and dissuasive. The seriousness of the punishment is dependant upon the gravity of the offence. The convention has left it upon the signatories to the convention to set out the punishments of the violation of the provisions, as quoted below.
“Each Party shall adopt such legislative and other measures as may be necessary to ensure that the criminal offences established in accordance with Articles 2 through 11 are punishable by effective, proportionate and dissuasive sanctions, which include deprivation of liberty. Each Party shall ensure that legal persons held liable in accordance with Article 12 shall be subject to effective, proportionate and dissuasive criminal or non-criminal sanctions or measures, including monetary sanctions.”
PROCEDURAL LAW (Chapter 1; Section 2) – “The articles in this Section describe certain procedural measures to be taken at the national level for the purpose of criminal investigation of the offences established in Section 1, other criminal offences committed by means of a computer system and the collection of evidence in electronic form of a criminal offence. The Convention requires or invites a Party to establish powers or procedures other than those contained in this Convention, nor preclude a Party from doing so.”
This section has two general provisions (Article 14 & 15) that apply to all the articles relating to procedural laws, while Title 2 concerns “Expedited preservation of stored computer data”. Which are made distinct as a classification line is drawn between computer and traffic data. Article 16 deals with “Expedited preservation of stored computer data” and Article 17 states “Expedited preservation and partial disclosure of traffic data”.
Title 3 – contains Article 18 which deals with the notion of production order. A “production order” provides a flexible measure which law enforcement can apply in many cases, especially instead of measures that are more intrusive or more onerous. The implementation of such a procedural mechanism will also be beneficial to third party custodians of data, such as ISPs, who are often prepared to assist law enforcement authorities on a voluntary basis by providing data under their control, but who prefer an appropriate legal basis for such assistance, relieving them of any contractual or non-contractual liability[21] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn21).
Title 4 - contains Article 19, “Search and seizure of stored computer data” which aims at modernizing and harmonizing domestic laws on search and seizure of stored computer data for the purposes of obtaining evidence with respect to specific criminal investigations or proceedings. Any domestic criminal procedural legislation includes powers for search and seizure of tangible objects. However, in a number of jurisdictions stored computer data per se will not be considered as a tangible object and therefore cannot be secured on behalf of criminal investigations and proceedings in a parallel manner as tangible objects, other than by securing the data medium upon which it is stored. The aim of Article 19 of this Convention is to establish an equivalent power relating to stored data6.
Title 5 – contains two articles, Article 20 and Article 21. Article 20 speaks about “Real-time collection of traffic data” and Article 21 “Interception of content data” constitutes “Real-time collection of computer data” and addresses the problem of real-time collection of traffic data and of interception of content data by competent authorities, as well as their collection or interception by service providers. Obligations of confidentiality are also addressed.
JURISDICTION - The section “jurisdiction” mentions that each party is required to punish the commission of crimes established in the convention, committed in its territory.
Principles related to international cooperation, extradition and mutual assistance are given in Chapter III. Procedures pertaining to mutual assistance requests in the absence of applicable international agreements are also defined.
Article 35 speaks about the creation of mutual assistance points of contacts, available in each country 24 hours per day, 7 days per week in order to ensure immediate assistance in investigation.
This convention was hailed as a success by many around a world, for it is the one and only tool for regulating cyberspace. "This treaty provides important tools in the battles against terrorism, attacks on computer networks and the ***ual exploitation of children over the Internet, by strengthening ... cooperation with foreign countries in obtaining electronic evidence,"[22] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn22) U.S. Attorney General Alberto Gonzales said in a statement.
Definitions instead of terms - An interesting feature of the convention was that instead of defining a particular cybercrime i.e. hacking, spreading malware, etc…, the articles provided a description rather than a name as to various acts prohibited by it. The convention essentially instead of allocating terms and defining the scope of each term, rather tackles the issues by describing activities which are prohibited.
Terms used by a generation, changes as per the whims and fancies of the following generation, thereby an attempt to allot a word to a particular action is although of temporary convenience but, in the long run it leads to a great many problems. For example, the term murder used to imply any unauthorized ending of a human life by the action of the individual. Now, murder has been subcategorized into manslaughter, homicide, culpable homicide, etc… If such change were to happen to a field as stagnant as criminal law, the same is applicable to Cyberlaw, in not but ten fold in pace[23] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn23).
The field of Cyberlaw in expanding exponentially and terms of the yesteryears no longer feed the needs of the current era. The previous terms of virus and worms are being clubbed together as malware, while trojans are now known as spyware. This creates a major problem as to how to categorize a particular crime, which the above convention has superbly dealt with.
Jurisdictional Issues and International Cooperation[24] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn24)– These issues have been dealt with extensively in Chapter 3 of the convention. It would almost seem that the convention framers saw jurisdictional issues as the greatest flaw in the then existing system of cyberlaws and sought to address it with significant importance. The chapter deals with who has the jurisdiction regarding cybercrimes committed as well the extradition process of such criminals.
The convention expressly speaks about mutual assistance, extradition and a maintenance of a 24/7 service in order for a smoother functioning of the judicial mechanism for the purpose of preventions, prosecution and monitoring of cybercrime.
Punishment – The convention has gone on to require those countries who are signatories to the convention to go ahead and enact punishments for the prohibited activities listed out in Art.2 – 11 in the convention. The punishments could extend up to deprivation of liberty.
It is only rational that certain prohibited acts carry some sort of punishment in order to have any sort of response and/or validation by society at large. The convention has left it up to the signatory countries to define the extend to which punishment can be imposed, thereby disallowing the uniform punishment aspect that is crucial in forging a unanimous stand against cybercrime.
Limiting Liability[25] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn25) – In order, a conduct be described criminal, the offense must be “without right.” This means activities carried out with lawful government authority or any other legitimate and common activities inherent in the use of cyberspace is not restricted as per the provisions of this treaty.
A similar protection is extended to innocent or ignorant people in order to alleviate fear of prosecution. These extensions include:
§ ATTEMPTS TO PROTECT SERVICE PROVIDERS FROM LIABILITY – The Convention ensures that service providers will not bear liability for being mere “conduits” of criminal conduct if they have no intent to commit such conduct; the exact meaning of “intent” is left to the interpretation of the relevant local judiciary.
§ ATTEMPTS TO PROTECT LEGITIMATE COMMERCIAL ACTIVITY FROM LIABILITY – The drafters of the convention refers to the exceptions in their explanatory notes for each offense, and explicitly states “legitimate and common operating or commercial practices” are activities carried out with authorization and in extent of rights conferred, thereby not prosecutable under the cloak of this treaty[26] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn26). For example, the application of cookies to remember information about customers and customer preference by Amazon.com is not violative of this covenant as the site has permission to do so by the users.
§ ATTEMPTS TO PROTECT THE COMPUTER SECURITY COMMUNITY FROM LIABILITY - Authorized testing of computer systems, is considered a “legitimate and common activity in the design of networks,” is exempt from liability under illegal access and illegal interception. But, the drafters have made it clear any such tests on computer security should be “authorized by its owner or operator” else the transgressor can be held for criminal liability. The production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted primarily for the purpose of allowing illegal access is prohibited as well.
Thereby, allowing various entities some leeway in carrying out certain and often required activities without holding them responsible for criminal misconduct. These provisions are a necessity in the virtual world where changes are occurring not by the hour or day but by the second. If it were not for these provisions the development in the field would have been greatly effected.
Opponents Views[27] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn27) - Opponents of the Convention are also concerned that giving the police such power may allow the police to force individuals to provide their passwords to officials[28] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn28). People seem to constantly forget, if the police have the necessary probable cause to obtain a search warrant, you must unlock the door and let them in[29] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn29). When an individual allows the police to search your home that is a blatant violation of a persons private space, so how is it a violation of privacy when the police with a similar warrant searches a person’s computer?
A password to the computer similar as a key to a door has to be used by the relevant authorities to gain such access. Once the police have established probable cause and have the proper authority, there is no reason as to call invasion of privacy into question. As long as the police are in compliance with fundamental rights of privacy allowed to all humans and they conduct an investigation according to the procedure prescribed by law, the government should be allowed to prosecute those who break the law. The Convention does not provide for any violations of human, political and social rights, it only increases the ability of signatory and willing nations to prosecute those in other countries who commit cybercrimes against citizens of their countries.
Civil libertarians and human rights activists are concerned that a person will no longer remain anonymous on the web. This argument can be countered on the grounds that the government has no desire to regulate what every Internet user is doing, nor would it be possible for the government to maintain such information. The only individuals who face a threat to their privacy while online will be the individuals who are breaking the law.
The Preamble of the Convention itself states:
“Mindful of the need to ensure a proper balance between the interests of law enforcement and respect for fundamental human rights, as enshrined in the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, as well as other applicable international human rights treaties, which reaffirm the right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impact information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;”[30] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn30)
Given that the Convention specifically addresses human rights and privacy, there is no support for the argument that the Convention directly violates the right to privacy.
STEP TO BE TAKEN/FUTURE SOLUTIONS
The greatest leap that occurred in the arena of cyberlaw is the declaration and ratification of the Convention on Cybercrime, 2001. This international agreement set the bench mark which all law regulatory mechanisms must look at and conform to and was to end cybercriminals’ “feeling of impunity”[31] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn31). Unfortunately, though this convention which took years into the making has clogged up a wide array of loop holes, there still remain certain problems which the convention has yet to address.
Lack of Deterrence-The most common problem pointed out is that in order for the convention to serve as a more efficient deterrent agent, additional nations will have to sign the Convention and abide by its mandates. The problem arises not out of those nations who are signatories or those who have already ratified the convention but those countries that did not participate in the Convention’s negotiations, some of whom allow cyber criminals operate freely without any hindrance. This creates a problem for the prosecution of these criminals, as hackers are starting to frequently route cyber attacks through portals in Yemen or North Korea, who are not party to the Convention.[32] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn32)
Unless there is a unanimous step by all the nations of the world in the ratification of this convention, the work put into it will go to waste. Cybercrime is much different than regular crime in the sense that there is no territorial restriction placed upon the criminals, thereby allowing for the bypass of the laws of a state by using other countries (those who have not ratified the convention) servers to commit the crime. Best it be visualized; the authorities are stuck behind a flag and a gate, while the criminals are making off with the loot.
Inefficiency-Some analysts criticize the Convention for not permitting police authorities’ direct cross-border access to computer data, which arguably creates an extra, time-wasting step[33] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn33). The crime has been committed; the crime can be inarguably traced back accessing data available in another countries server. Instead of immediately accessing such a server, the authorities have to send a request and wait for it to be approved; only after such approval can the authorities access such information. The “red-tapism” phenomenon has drawn criticisms in many democracies but its existence in Cyberlaw has to be checked or there need not be a Cyberlaw at all[34] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn34).
Contradiction with Internal Laws- This convention has drawn a bulk of its criticism on the basis of the clause which states that a request to “spy” upon a person by a foreign government will have to be adhered. This is to be done even if the crime that a person is accused of having committed is not recognized as a crime in the investigating country.
The Electronic Frontier Foundation (EFF) has come out swinging stating that "the treaty requires that the U.S. government help enforce other countries' 'cybercrime' laws - even if the act being prosecuted is not illegal in the United States…That means that countries that have laws limiting free speech on the Net could oblige the FBI to uncover the identities of anonymous U.S. critics, or monitor their communications on behalf of foreign governments."[35] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn35)
The EPIC (the Electronic Privacy Information Center), another civil liberties organization based in the United States, criticized the convention in a letter to the Senate as lacking adequate safeguards for privacy, a downfall which would "create invasive investigative techniques while failing to provide meaningful privacy and civil liberties safe-guards, and specifically lacking judicial review and probable cause determinations…"[36] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn36)
Company Issues- The Convention places too high a burden on service providers in requiring that they assist law enforcement in identifying and investigating cyber criminals. Although it does not require any assistance outside of a service provider’s “existing technical capability,” the Convention also does not provide any reimbursement of costs associated with complying with the new procedures, such as data interception, storage, and surveillance, should service providers have the technical capability to cooperate. Critics also worry about broader economic risks stemming from declining trust in e-commerce, the end effect of such monitoring might result in users worrying that they are they have no privacy thereby negatively affecting the e-market.
The failure to provide for an agency or other more concrete mechanism of involving the private sector in combating cyber crime is clearly visible in light of the criminal activities regarding cyberspace flourishing and growing. A reactive strategy to fighting cyber crime, focusing on law enforcement and investigation after the fact, must be complemented by a strong protective approach through routine, comprehensive information-sharing and exchange of lessons learned, with the express involvement of the private sector.[37] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftn37)
CONCLUSION
The Convention on Cybercrime is a shining beacon that uplifted and brought peace upon a chaotic system of cyberlaws. Before the said convention came into force the courts of rival nations where firing out judgments and decisions which were often contradictory and sometime violating the principles of double jeopardy. The convention brought an order and refinement to the then chaotic cyber world.
Alas, as nothing is perfect, the convention too in all its glory was not devoid of error. The convention has major flaws as mentioned above and these flaws unless clogged immediately will be exploited by miscreants to re-bring the chaos that once was.
Cyber criminals who not unlike the gangsters of the real world evade authority figures, they play a game of cat and mouse. Wherein the mouse with its agility and maneuverability can outrun and outpace a cat which is far more bulky and slower. This is a perfect simile to the prevailing situation in Cyberlaw wherein the authorities who are like cats are trying the catch the perpetrator who like the mouse has greater advantage in agility and maneuverability.
Change is needed and should come in the form of concrete actions, less the problems of the preceding years resurface to rein havoc. Change is not easy but unless it is pushed through, the future of cyberspace will belong to the criminals.
"There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things."


— Niccolo Machiavelli
The Prince (1532)




[1] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref1) Alfred Noble: the Man and His Work. Waco, TX: Thomas Nelson, 1962.

[2] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref2) "Cyber Crime, Introduction to Cyber Crime, Defining Cyber Crime, Cyber pornography." Cyber Crime, Press Releases - Cyber Crime. 6 May 2008 <http://cybercrime.planetindia.net/intro.htm>

[3] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref3) Anson, William Reynell. The Law and Custom of the Constitution: Volume 2: The Crown, Part 1. Paris: Adamant Media Corporation, 2001.

[4] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref4) Proprietary Articles Trade Association v. AG for Canada [1931] AC 324.

[5] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref5) "Michigan State University Libraries - Criminal Justice Resources - Cybercrime." Michigan State University Libraries. 6 May 2008 <http://www.lib.msu.edu/harris23/crimjust/cybercri.htm>

[6] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref6) Taipale, K.A.. "Cybercrime, Cyberterrorism, and Digital Law Enforcement." The Global Information Society Project. 6 May 2008 <http://information-retrieval.info/cybercrime/>

[7] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref7) Kim Zetter, Viruses: The Next Generation, PC WORLD, Dec. 1, 2000, at 192 (citing
research firm Computer Economics).

[8] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref8) Press Release, Council of Europe, Cyber-Crime—The Targets It Hits, the Damage It Does, at http://press.coe.int/dossiers/107/E/e-cibles.htm (last visited Aug. 21, 2002)

[9] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref9) Robert Lemos, Internet Attacks Seen Doubling in 2001, CNET NEWS.COM (Oct. 15,
2001), at http://news.com.com/2100-1001-274435.html?legacy=cnet.


[10] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref10) Graham B. Smith, Comment, A Constitutional Critique of Carnivore, Federal Law Enforcement’s
Newest Electronic Surveillance Strategy, 21 LOY. L.A. ENT. L. REV. 481, 492, 499 (2001)


[11] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref11) "File-Sharers Fight Back." TechNewsWorld. 21 Mar. 2008. 7 May 2008 <http://www.technewsworld.com/story/62240.html?welcome=1210160251>.

[12] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref12) Balkin, J. M.. Cybercrime: Digital Cops in a Networked Environment (Ex Machina: Law, Technology, and Society). London: NYU Press, 2007.

[13] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref13) Piazza, Peter . "Jurisdictional Comity Is No Joke." Security Management 45.2 (2001): 38.

[14] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref14) Blane, John. Cybercrime and Cyberterrorism: Current Issues. n/a: Novinka Books, 2003.

[15] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref15) Mcquade, Sam C.. Understanding and Managing Cybercrime. Boston: Allyn &Amp; Bacon, 2005.

[16] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref16) Zippo Manufacturing Company v. Zippo Dot Com, Inc. (W.D.Pennsylvania, 1997) , 65 USLW 2551, 42 U.S.P.Q.2d 1062.

[17] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref17) Yahoo! Inc. v. La Ligue Contre le Racisme United States Court of Appeals for the Ninth Circuit Order No. 05-1302.

[18] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref18) 937 F.Supp. 161 (D.Conn. 1996)

[19] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref19) 133 F.Supp.2d 873, 877 (W.D. Va. 2001)

[20] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref20) "ETS no. 189 - Additional Protocol to the Convention on Cybercrime, ." Council of Europe - Treaty Office. 15 May 2008 <http://conventions.coe.int/Treaty/EN/Treaties/Html/189.htm>.

[21] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref21) www.conventions.coe.int/Treaty/en/Reports/Html/185.htm (p.27).


[22] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref22) Gonzales, Alberto. "Prepared Remarks of Attorney General Alberto R. Gonzales ." The U.S. Chamber Of Commerce 1 (2006). 10 Jan. 2008 <http://www****doj.gov/ag/speeches/2006/ag_speech_060620.html>.

[23] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref23) Moore, Robert. Cybercrime: Investigating High-Technology Computer Crime. Cincinnati: Anderson Pub Co, 2005.

[24] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref24) Reyes, Anthony, and Jack Wiles. The Best Damn Cybercrime and Forensics Book Period. US: Syngress, 2007.

[25] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref25) Jones, Calvert. Council of Europe Convention on Cybercrime: Themes and Critiques. Berkeley: School of Information Management and Systems, University of California at Berkeley, 2005.

[26] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref26) Richards, James R.. Transnational Criminal Organizations, Cybercrime, and Money Laundering: A Handbook for Law Enforcement Officers, Auditors, and Financial Investigators. Boca Raton: CRC, 1998.

[27] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref27) http://www.nesl.edu/lawrev/vol37/1/marler.pdf

[28] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref28) Waelde, Charlollete, and Hector Macqueen. Intellectual Property: The Many Faces of the Public Domain. London: Edward Elgar Publishing, 2007.

[29] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref29) Solove, Daniel. The Digital Person: Technology And Privacy In The Information Age. London: NYU Press, 2004.

[30] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref30) http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm

[31] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref31) “European Cybercrime Pact Aims to Set Global Benchmark,” Agence France Presse, Nov. 22,
2001.

[32] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref32)Declan McCullagh, “Global Cybercrime Treaty Gets Senate Nod,” Silicon.com, Aug. 7, 2006.

[33] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref33) William New, “Privacy agenda in 2002 has international flavor,” National Journal Technology Daily, Jan. 23, 2002; “Under Antiterror Law, Government Can Use U.S. Standards to Nab Foreign Hackers,” Associated Press, Nov. 21, 2001.

[34] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref34) Wall, David S.. Cybercrime: The Transformation of Crime in the Information Age (Crime and Society). University Park, PA: Polity, 2007.

[35] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref35) O'Brain, Danny. "The World's Worst Internet Laws Sneaking Through the Senate ." Defending Freedom in the Digital World. 3 Aug. 2006. 11 May 2008 <http://www.eff.org/deeplinks/2006/08/worlds-worst-internet-laws-sneaking-through-senate>

[36] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref36) Rotenberg, Marc. "Pdf version of the Letter of Compliant file against the ratification of the Convention on Cybercrime." Letters to the Senate. 26 July 2005. 16 Feb. 2008 <epic.org/privacy/intl/senateletter-072605.pdf>.

[37] (http://www.shaimaaatalla.com/vb/newthread.php?do=newthread&f=77#_ftnref37) Jones, Calvert. "Convention on Cybercrime: “Themes and Critiques”." Net Dialogue. 10 Nov. 2005. 11 May 2008 <http://www.netdialogue.org/discussion/?p=22>.