4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

ukessays.com http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php

The Emergence And The Impact Of Cybercrime International Law Essay

Need help? 0115 966 7955

INTRODUCTION
The Internet with its unique advantage of anonymity and speed is like a double edged sword. While it promotes free expression and forms a large part of our everyday life, it also provides an asylum for the perpetration of all types of Cybercrimes. Every day, new cybercrimes emerge, Phishing, hacking, botnets, ATM hacking, Identity theft, Stock price manipulation, hacking cars to mention a few. Also we hear terms like Cyber threat, cyber terrorism, cyber This is made more difficult by the fact that while the internet may be borderless for the cybercriminals, law enforcement agents must consider the boundaries and the sovereignty of other nations. As a result, the different legal systems and the disparities in the laws of various nations often present major obstacles to the fight against cybercrime. The existence of an International treaty on cybercrime is a fundamental pre-requisite for the combat against cybercrime. This law should ideally set out the offences and make adequate provisions for investigations and prosecutions, as well as jurisdiction. The importance of this cybercrime treaty is illustrated by the love bug virus of 2000 which inflicted damage in 20 countries, while the perpetrator a Philippine, suffered no harm for his actions because there was no cybercrime legislation in place in the Philippine. The awareness of the impact of cybercrime has spurred many regional and International initiatives in the area of cybercrime amongst which has emerged the Council of Europe Convention on Cybercrime 2001(The Convention). The Council of Europe (CE) was convinced of the need to pursue a common criminal policy with the aim of protecting the society against cybercrime inter alia, by the adoption of an appropriate legislation and by encouraging International co-operation, hence the Convention on Cybercrime. The Convention which came into force in July 2004 currently has 47 signatories including non member states, out of which 30 countries have ratified the Convention. Considering the need for a global treaty on Cybercrime, in other to be better positioned against the anonymity, speed, and the transnational or the borderless nature of the internet, this essay considers how well the Council of Europes Convention on Cybercrime might serve as a model for global legislation in the field of computer crime, considering the Substantive provisions, the procedural provisions and the provisions relating to International Cooperation. It analyses the merits and demerits of the convention and its effect on the global fight against cybercrime. It also considers other factors which affect the effective implementation of the Convention.

THE CONVENTION
The Council of Europes Cybercrime Convention is a binding International treaty and a historic milestone in the fight against cybercrime and has been recognised as the leading treaty in the area of computer crime.
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 1/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

The Convention though negotiated under the aegis of the Council of Europe, had four non European countries who participated in the drafting and negotiations and it is open to all countries for signature and ratification. Many scholars have argued that it is a regional initiative meant for the members of the Council of Europe, and will always be a European Convention, though other countries may want to use it as a guideline or reference for the development of their own legislation, by adopting its principles in accordance with their own legal system and practice. However the participation of the four non European countries; United States, Canada, Japan and South Africa in the negotiations and drafting portrays the intention for international implementation of the Convention. The Convention aims at preventing illegal intrusion into the works of computer systems. The convention was necessary in other to dissuade acts against the confidentiality, integrity and availability of computer systems, networks and data by the criminalization of such conducts, and the adoption of sufficient powers to combat such offences, the efficient detection, investigation and prosecution of such offences and an effective International co-operation. The drafters took into cognisance the efforts of other International organisations in the field of cybercrime and also the existence of similar treaties between the Council of Europe member states and other states, stressing that the Convention on Cybercrime is intended to supplement these other Conventions in criminal investigations and proceedings relating to computer systems and data, and the collection of evidence of criminal offences in electronic data. In the 1990s when the Convention was negotiated and drafted, it seemed to address the major computer crimes prevalent in that era. Although the drafters had made the provisions quite broad, possibly to accommodate issues that might emerge in the future, it is clear that presently (9 years since the Convention opened for signature) with the rapid growth of the Internet and ICTs, cybercrimes have expanded much more than the Convention can accommodate in its current state.

THE SUBSTANTIVE CRIMINAL PROVISIONS

The Convention deals with four kinds of cybercrimes; Hacking of computer systems and violations of network security, Computer related fraud, child pornography and the infringement of Copyright and related rights. It also makes provisions for sanctions and penalties. Hacking or Hacktivism has The Convention could also bring in provisions to criminalise cyber attacks against Information Infrastructures. ICTs have blurred the lines between cybercrime and cyber terrorism. The Estonian attack is one of such examples and there is therefore need for the protection of critical Information Infrastructure as part of societys protection against cybercrime and cyber terrorism. The provisions of the Council of Europe Convention on the prevention of terrorism 2005 (especially articles 5-7) come in handy. The provisions of the Convention are wide and provide a lot of flexibility and discretion for member states in the drafting of their own laws. It provides the minimum consensus for offences, and parties in adopting their own measures may exclude petty or insignificant misconducts and criminalise other conducts which they deem relevant. They may also impose other conditions for criminal liability to attach with respect to specific offenses. This flexibility allows different parties to adapt the provisions in accordance with their own legal systems as is consistent with most international treaties. There is however a lack of clarity in the definition of the offences and certain key definitions necessary for interpreting the provisions are very broad. In the provision for sanctions, parties are to adopt effective, proportionate and dissuasive sanctions. On one hand, this provision may be providing the legal obligation
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 2/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

for parties to make use of online enforcement tools or adopt other effective measures in symmetry to their existing criminal law. On the other hand, it may result into conflicting terms, definitions and provisions by different nations which may lead to an excessively lenient criminal legislation in some states or major inconsistencies among national regulations. This may have detrimental effects as criminals may direct their attacks through tolerant legal systems and focus their activities on the most vulnerable victims. In other words, undermining the essence of the Convention which is, the harmonisation of the elements of the various offences, in the domestic criminal substantive laws of nations and connected provisions in cybercrime. The expectation is not so much the unification or exact correspondence of national legislation, but rather to tackle frictions and inconsistencies among national laws. Relativity on the definitions will most likely reduce the loopholes and inconsistencies among national legislations and prevent scenarios whereby a crime cannot be prosecuted because the perpetrator is resident in a country which does not criminalize the conduct or criminalises it but as a minor offence. The Convention should be able to provide the minimum sanction or penalty for each of the offences to serve as a guideline for parties. The Convention is not dynamic which has led to lacunae in the provisions and there is a need to update it to accommodate emerging issues. Issues such as phishing, spam, identity theft, crime in the virtual world and social networks, amongst others are not covered as nominate crimes, although some may be subsumed into other categories. Provision should also be made for the criminalization of preparatory acts prior to the attempt at committing the established offences. The Convention could also bring in provisions to criminalise cyber attacks against critical Information Infrastructures. ICTs have blurred the lines between cybercrime and cyber terrorism. The Estonian attack is one of such examples and there is need for the protection of critical Information Infrastructure as part of societys protection against cybercrime and cyber terrorism. The provisions of the Council of Europe Convention on the prevention of terrorism 2005 (especially articles 5-7) come in handy.

Copyright and related Offences

Article 10 of the convention provides for offences relating to the infringement of Copyright and related rights. The provision criminalises the infringement of copyright and related rights but did not specifically provide for other intellectual property offences like infringement of trademarks. Critics have argued that provisions relating to Intellectual property rights should not be included in the Convention as it is already meaningfully addressed in other Treaties like WIPO and TRIPS. Further, some countries especially in Asia do not have traditions on Copyright legislation as covered by Art 10 of the Convention and as such provisions relating to copyright and related rights should not be included in a global protocol as a measure to be implemented by all parties. The action by several countries, including the European Union, US, Canada and Japan amongst others in the negotiation of an Anti-Counterfeiting Trade Agreement (ACTA) also questions the success of the Copyright provisions of the Convention. ACTA will establish a new legal framework with its own governing body which countries can sign or join voluntarily. The non European countries that played a major role in the drafting of the Convention are also playing a major role in the negotiation for ACTA. ACTA will be made up of three primary components; International cooperation, enforcement practices and legal framework for the enforcement of intellectual property rights. It aims to provide an international framework which will improve the enforcement of IP rights. Since the Convention contains a provision dealing with the infringement of copyright and related rights,
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 3/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

why the negotiation of a new agreement instead of an amendment of the provisions contained in the Convention? Bearing in mind that some of the participating states are signatories to the convention. The answer could be the inadequacy of the provision relating to copyright and related rights, the unsatisfactory rate of ratification of the Convention by more countries or the realisation that the provisions relating to copyright should not be part of the Convention or some other political or economic reason. According to the European Union, they didnt negotiate ACTA through any of the existing structures because a free standing agreement will provide the most flexibility for interested countries. Considering the ultimate objective of ACTA which is to improve IPR enforcement in large emerging economies like China and Russia (who are not signatories to the Cybercrime Convention), the motive for ACTA may lean towards economic or political interest. Be that as it may, article 10 of the convention should be updated to reflect all infringements of IPR. Whether or not provisions for Copyright and related rights should be part of the Convention depends on whether Copyright and other related offences can be committed through the use of a computer system and on the internet.

Child Pornography
Basically all forms of child pornography are criminalised by article 9 of the convention. Some countries like the US already had laws prohibiting child pornography before the Convention. The convention extended the prohibitions to electronic transmissions of child pornography thereby making virtual child pornography unlawful. Arguments against virtual child pornography, has been refuted on the grounds that it will be difficult to differentiate between those who use real children and computerized images. Notwithstanding, the Convention gives the parties the discretion to either or not criminalise virtual child pornography and mere possession. As a result, some countries criminalise mere possession regardless of intent to distribute while in some countries like Russia, mere possession is not illegal. Furthermore, parties have the discretion to determine the age of a child which must be between 16 and 18 years. The developments of ICTs have escalated child pornography and in turn have spurred many international and regional responses. The issue of child pornography has been an agenda in various International forums. At a session of the Internet Governance Forum (IGF 2010), child pornography was discussed extensively and many of the participants representing different countries and regions of the world applauded the provisions of child pornography contained in the Convention on Cybercrime and advocated for more countries to become signatories to the Convention for a unified fight against cybercrime. The substantive criminal provisions of the Convention brought together for the first time the consensus of criminal conducts on the internet and is replicated (with some few additions in some cases) in almost all cybercrime laws in the world both national, regional and international. For a Convention to be successful in achieving its desired goal and encourage ratification by a large number of nations, it is imperative that only the offences which are prohibited by a general consensus should be included in the Convention. This was the issue with the "Additional Protocol to the Convention on cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems. It did not form part of the Convention but was drafted as a separate instrument, because many members including the US objected to its provisions as contrary to their Fundamental human rights laws.

PROCEDURAL PROVISIONS AND INVESTIGATIVE POWERS

The Convention requires parties to establish the power and the procedures for criminal investigations and
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 4/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

prosecutions. Such powers should enable Law enforcement officers with the help of Internet Service Providers (ISP) where necessary to preserve expeditiously, computer data or traffic data stored in a computer system to avoid being lost, order the production of data, search computer systems or its component for stored data, seize, copy or remove any such data and record or collect real time transmissions of any content and data traffic. The scope of the provisions covers not only the criminal offences established by the Convention, but other criminal conducts committed using a computer system as well as the collection of evidence in an electronic form in relation to any crime. It follows that the provisions will apply to all criminal activities which use and benefit from ICTs and as such have a wide application. Due to the speed of ICTs, evidence of cybercrime consists mainly of digital information which is ephemeral in nature and can be easily altered, lost or deleted. Therefore swift action in the collection and preservation of digital evidence is very important. Broadly speaking, the investigative powers envisaged by the convention transcend cybercrimes and will cover most criminal activities. For instance, in a kidnap investigation, it may be necessary to seize and analyse the suspects computer or mobile phone in order to collect electronic evidence. The collection of Content and traffic data according to Article 20 and 21 should only be employed for serious crimes and what constitutes serious crime is at the discretion of the parties. Critics have challenged these provisions especially the collection of traffic and content data on the basis that it intercepts personal communications and as such a violation of the right to privacy and communication. They argue that the procedural provisions of the Convention extend beyond the scope of the offences, does not make adequate provisions or guarantees for the protection of human rights and fundamental due process, and gives the parties the power to establish both the conditions for exercising the powers of investigation and prosecution and the safeguards against them and place no substantial constraints on the law enforcement agencies which will inevitably lead to violations of rights and privacy. Even ISPs decried the provisions as placing a burden on them. Nevertheless the protection of Human rights is guaranteed by article 15, which requires parties to ensure that these powers of investigation and prosecution are subject to the law protecting human rights and liberties. This involves both the human rights protection in the domestic laws of the parties, and other international obligations which the party has undertaken. This means that each party is still bound by its Human rights laws and obligations even in the investigation of crimes contained in the Convention. Parties are also mandated to establish a judicial or Independent supervision as a check and lay out the limitations on the scope and duration of the investigatory powers. In the face of the criticisms, one might reason that personal information are being hacked into constantly by criminals for illegal purposes and it would not be worse to look into these private communications in other to fight crime. That depends of course from which perspective it is viewed and the concern for the likelihood of abuse. It is important that in the investigation and prosecution of cybercrimes, the right balance should be struck between the protection of the fundamental human rights of individuals and the effective prosecution of cybercrimes. Practically, most of the challenges to the prosecution of cybercrimes come from the area of implementation of the relevant law, collecting evidence in other nations, understanding technical evidence and issues of extradition.
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 5/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

Jurisdiction
By the provisions of Article 22, Parties are to exercise jurisdiction in a particular offence when it is committed in its territory or by its national or on board a ship or aircraft registered under the party. The parties should where appropriate in a situation of jurisdictional conflict, where more than a party is claiming jurisdiction for an offence contained in the convention, hold a consultation to determine which jurisdiction is the most appropriate to prosecute the matter. The provision failed to address adequately the resolution of jurisdictional conflict which is of fundamental importance. Computers and networks are rarely subject to physical and spatial boundaries and together with the nature of the internet, jurisdictional conflicts will most likely arise frequently. Therefore the method of possible consultation between interested parties to resolve issues of jurisdiction without any further guidelines will likely not resolve positive conflicts and may waste a lot of time which is of essence in the investigation of cybercrimes. The provision provides no guideline or conditions for the resolution of the conflict. In this regard, the 2005 European Union Framework Decision on attacks against information systems went a step further to provide for a mandatory consultation as opposed to the Conventions Consultation where appropriate and provides three criteria for determining jurisdiction as; the offenders nationality, the place where the offence was committed and where the offender was apprehended. The provision on jurisdiction should clearly set out the criteria for the conferment of jurisdiction over an alleged cyber criminal in cases of jurisdictional conflicts. This will prevent the occurrence of issues of concurrent jurisdiction and probably double jeopardy and provide specific conditions for the resolution of jurisdictional conflicts. Furthermore, territorial notion should be expanded to enable the prosecution of crimes irrespective of whether the conduct occurred either in whole or in part in the prosecuting countrys territory, and also the recognition of punishments successfully served in other jurisdictions. The admissibility of evidence lawfully gathered from other countries in relation to International computer crimes should be part of a conclusive and workable agreement on jurisdiction. This is important especially with cloud computing which allows the transfer of digital data across national boundaries, where they can be stored on servers in any location thus preventing access to the law enforcement who tries to collect evidence or investigate criminal activities.

INTERNATIONAL COOPERATION
International cooperation is at the core of the fight against cybercrime and is one of the issues challenging its effective implementation. The transnational effect of cybercrimes, the speed of the internet and the ever changing nature of ICTs have made International cooperation very important, because it aids expeditious actions which are very crucial to the prosecution of cybercrime. The scope of International cooperation under the Convention is wide. Generally parties should cooperate and assist other parties to the widest extent possible in the process of investigations and proceedings. This cooperation can come in two ways, either by extradition or by mutual assistance. Where there is an issue which needs the international cooperation of parties, the parties involved will be guided by any Extradition treaty or Mutual agreement which already exists between the parties. For the offences provided in article 2-11 of the cybercrime convention, such an offence must be punishable by at least a maximum of one year imprisonment to qualify for extradition under the existing framework. The Convention will only come into play in cases of Extradition where no other extradition treaty exists between the parties. Parties may require mutual assistance from other parties in respect of all investigatory and prosecution
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 6/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

provisions of the convention including the criminal conducts committed using a computer system and the collection of evidence in an electronic form in relation to any crime. As a result, mutual assistance between parties will apply to both cybercrimes and ordinary crimes, subject to various exceptions. On the strength of mutual assistance, police can cross national boundaries to access servers in other countries for data as long as it has the consent of the owner of the network systems. Russia has been in opposition of this provision after the US police had gained access to the computers of some Russian men accused of defrauding US banks in 2000. It has refused to sign the Cybercrime convention saying that its reluctance to sign is based on the fact that it wants to preserve state sovereignty and monopoly in the exercise of investigative powers based on the strength of its existing domestic laws and procedures. The provisions on international cooperation have received the greatest criticism of all the provisions of the convention; from the scope of its application, to the level of assistance that the parties are required to give. In the view of the critics, assistance to the widest extent possible could be stretched really far, and the scope of assistance required by the convention involves a wide range of crimes not covered by the convention, and does not provide adequate guarantees for due process and the protection of human rights. They argue that the protection of the human right of privacy is fundamental and should not be sacrificed at the altar of international cooperation. On the other hand, an international treaty requires some amount of flexibility and a treaty with a strict obligation with regards to guarantees may discourage states from adopting it and in the case of the Convention will jeopardise its main objective which is international cooperation. The lack of the requirement of dual criminality for granting assistance was also highly criticised. The convention made no specific provision for dual criminality except in Article 29 Para 3, where it exempted the application of dual criminality for the expedited preservation of stored computer data. Following from this, one may assume that other provisions where dual criminality is not exempted requires dual criminality. Indeed what the convention has done is to leave the basics of mutual assistance to established national and international agreements between the parties. Therefore in each case of mutual assistance, the parties are bound by the traditional agreement on Mutual assistance between them, and if it requires dual criminality, then dual criminality will apply. As stated earlier, International Cooperation is very important to the fight against cybercrime. Its effect can be in two ways. On one hand, it may deter countries who are very particular about their sovereignty from becoming a party to the convention as is the case with Russia. On the other hand, it may eventually be the factor that will motivate many states to ratify and implement the convention. This was the issue raised by critics when Turkey became a signatory to the convention in November 2010. Turkey has a wider range of cybercrimes in its law than that covered by the scope of the Convention and has imposed bans on some internet sites like YouTube and Daily motion. Their signing of the convention was seen by many as a sort of defence system which will give them access to international information and cooperation. Another achievement by the Convention is the establishment of a network of national contact points which will be available on a 24/7 basis for assistance and collection of evidence. The network is open to all countries and 55 countries have joined so far. Parties are obliged to create such national points and equip them adequately.

DIPLOMACY ISSUES
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 7/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

The Convention only becomes effective upon ratification and implementation. The implementation of the Convention is very important. The Convention is in its 6th year since it came into force in 2004. Currently, the US is the only non member of the Council of Europe who has ratified the Convention. Despite the important role which it played during the negotiations and drafting of the Convention, it ratified the Convention in 2006, five years after signature in 2001. Within the Council of Europe, some members like Russia and Monaco have not signed the treaty, while others like the UK, Poland, Austria, and Greece have signed, but have not ratified the convention. On the global level, the level of implementation is very poor , and most of the countries with the highest number of internet users have neither signed nor ratified the Convention. Certain factors like Sovereignty, territoriality, human rights issue, Security, politics, international reputation and economic issues influence the decision of states in becoming parties to international conventions. Some authors are of the opinion that these issues play more prominent part in the implementation of the Convention by member states rather than its legal enforceability. This is buttressed by the poor level of ratification by countries, especially non European countries. The reason may be that states are reluctant to sign a law which they were not part of the negotiations. Generally the effectiveness of the convention may also be affected by the mechanism of international law which is usually slow. After the lengthy negotiations and drafting, states need to ratify and then implement them into national laws . This process may take some time and this factor needs to be taken into consideration when judging the effectiveness of the convention. Albeit these problems, the Convention is a milestone in the fight against cybercrime and serve as a model for other legislations in the field of computer crimes including regional initiatives, national and international legislations. It is the only binding international treaty on cybercrime and countries are urged to become parties to the convention in other to promote international cooperation and eliminate the occurrence of safe havens for cybercriminals. A cybercrime treaty needs to connect every country of the world. Much will not be accomplished when the most likely countries from which criminals operate are left out. Critics argue that the convention is a European Initiative meant for European states and have called for a global treaty on cybercrime negotiated under the umbrella of the United Nations. At the 12th United Nations Congress in Brazil in April 2010, a proposal for a treaty on global cybercrime was rejected. The EU and the US strongly supported the idea that no new treaty was needed since the Convention on cybercrime has been in place for 10 years. They reasoned that a new treaty would involve lengthy negotiations and will take very long to resolve and is a further waste of time and resources in lengthy negotiations that might not lead to a definite or a better conclusion. Another consequence of initiating a new negotiation for a global convention is that it might have the effect of suspending the implementation of legislative reform already in progress.

CONCLUSION
Cybercrimes pose a lot of challenges in the world today. The solution to the scourge of cybercrimes is an effective international instrument which will foster international cooperation. The Council of Europes Convention on Cybercrime is the only international treaty with the highest impact in the area of cybercrime. Its impact is either directly on the signatories or indirectly on the countries who have modelled their laws on the convention.
http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 8/9

4/24/2014

The Emergence And The Impact Of Cybercrime International Law Essay

The Convention however needs to be updated to incorporate emerging issues and more countries need to ratify the convention to make it more effective. Cybercriminals will not wait for nations to assemble and negotiate a new treaty. There is a need for a binding law in force for the fight against cybercrime. Therefore every country should be enticed to get involved and become a party to the convention. While the convention exists, it is wise to hang on it pending the possible negotiation of a new global cybercrime treaty.

Share This Essay

Did you find this essay useful? Share this essay with your friends and you could win 20 worth of Amazon vouchers. One winner chosen at random each month.

Request Removal
If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal: Request the removal of this essay.

More from UK Essays Need help with your essay?

We offer a bespoke essay writing service and can produce an essay to your exact requirements, written by one of our expert academic writing team. Simply click on the button below to order your essay, you will see an instant price based on your specific needs before the order is processed: Order an Essay - via our secure order system!

http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php

9/9