cybercrime legislation – worldwide update 2007
TRANSCRIPT
9/2/2007 1
CYBERCRIME LEGISLATION –WORLDWIDE UPDATE 2007
Professor Pauline C. ReichWaseda University School of Law
Director, Asia-Pacific Cyberlaw, Cybercrime and Internet Security Research Institute
Tokyo, [email protected]
9/2/2007 2
Council of Europe CybercrimeConvention
Signatures without ratifications as of August 200722 –Austria, Belgium, Czech Republic,Germany, Greece, Ireland, Italy, Malta, Moldova, Montenegro, Norway, Poland, Portugal, Serbia,Spain, Sweden, Switzerland, UK + Canada, Japan, South AfricaRatifications as of August 200721-Albania, Armenia, Bosnia & Herzegovina, Bulgaria, Croatia, Cyprus, Denmark, Estonia, Finland, France, Hungary, Iceland, Latvia, Lithuania, Luxembourg, Netherlands, Romania, Slovenia…..
9/2/2007 3
(continued)
Former Yugoslavian Republic of Macedonia, The Ukraine, the United States
9/2/2007 4
A Model for National Legislation?
Aims of the Convention:Harmonizing domestic criminal substantive law elements of offenses and related provisions in the area of cybercrimeProviding for domestic criminal law powers for the investigation and prosecution of such offenses as well as other offenses committed using a computer system or evidence related to them which is in electronic form;Setting up a fast and effective regime of international cooperation.CONVENTION ON CYBERCRIME EXPLANATORY REPORT
9/2/2007 5
Four chapters of the Convention
Mutual legal assistance, e.g. for extradition
Substan-tive and procedural law
Ch. IV. Final clauses
Ch. III. International cooper-ation
Ch. II. Measures to be taken at domestic level
Ch. I. Use of terms
9/2/2007 6
Chapter II – Section 1 substantive law
Data interferenceSystem interferenceComputer-related forgeryComputer-related fraudOffenses related to child pornographyOffenses related to copyright and neighboring rights
9 offenses in 4 categories+
Illegal accessIllegal InterceptionData interferenceMisuse of devices
9/2/2007 7
Ch. II, Section 2 - proceduralAny offense committed by means of a computer
system or the evidence of which is in electronic form
Procedural powers: expedited preservation of stored data; expedited preservation and partial disclosure of traffic data; production orders; search and seizure of computer data; real-time collection of traffic data; interception of traffic data
9/2/2007 8
Council of Europe OCTOPUS Meeting – Strasbourg, France June 2007
COUNTRIES PARTICIPATINGAlbaniaArgentinaArmeniaAustriaAzerbaijanBelgiumBosnia and HerzegovinaBrazilBulgaria
9/2/2007 9
And…
Kosovo (Serbia)LatviaLithuaniaMexico
EgyptEstoniaFinlandFrance
GermanyHungaryIndiaItalyIrelandJapan
Canada Chinese TaipeiCroatiaCyprusCzech RepublicDominican Republic
9/2/2007 10
And…MoldovaMonacoMoroccoNetherlandsNigeriaNorwayPakistanPortugal Philippines
RomaniaRussian FederationSerbiaSlovakiaSouth AfricaSpainFormer Yugoslavian Republic of MacedoniaTurkeyUkraineUnited KingdomUnited StatesTotal –49
9/2/2007 11
Country Profiles Submitted to the Council of Europe
AlbaniaArgentinaArmeniaAustriaBrazilBulgariaRepublic of CroatiaCyprus
9/2/2007 12
Profiles (continued)Czech RepublicDominican RepublicFormer Yugoslav Republic of MacedoniaFranceGermanyHungary Lithuania Kingdom of Morocco
MexicoMoldovaPortugalRomaniaRepublic of SerbiaSlovakiaTurkey(23 profiles)
But to what degree are Asia, Oceania, Africa, Latin America, the Middle East participating?
9/2/2007 13
What approaches have countries taken in their legislation?
Various models among the laws in effect in countries worldwide:1.Some interpret and extend existing criminal laws and procedures2. Some adopt new criminal laws and procedures3. Some have a mixture of both4. Some have laws mainly written to facilitate e-commerce5. Some apply tort law as well as criminal law, e.g. for spam6. Some countries are stalled
9/2/2007 14
COUNTRY COMMENTARIES -CYBERCRIME AND SECURITY
Baltic StatesBrazilCzech RepublicJapanSouth AfricaIsraelIndiaThe NetherlandsThe PhilippinesSingaporeUruguayThailandUnited Statesand others in progress (Australia, Republic of Korea, Malaysia, Serbia, Croatia, Bulgaria, Rumania, Italy, Ireland, Sweden, and more)
9/2/2007 15
Total number of countries that are members of the United Nations – 192
Total number of countries in the world -194
Until the whole world is “on the same page”, Cybercrime legislation will not be effective in curbing Cybercrime
9/2/2007 16
NEW EFFORTS
ITU INITIATIVE STARTING IN MAY 2007 TO ADDRESS CYBERCRIME AND CYBERSECURITY ISSUES
9/2/2007 17
What’s delaying adoption of legislation?
Legislators may not understand technologyEven if there is legislation, some countries are not utilizing it due to lack of trained law enforcement personnel who know how to conduct investigations, preserve data, etc.Judges may not understand the legislation or technology issues and may not be able to apply the lawsCourts may not allow digital evidence
Prosecutors and defense lawyers may not have training or knowledge of such laws – need to include such training in law faculty/law school curriculum and in continuing educationThe general public may not understand the issues and may not be pushing for new legislationCountries may not have enough technology use to merit adoption, however they may be conduits of cybercrimeCountries may not have overall policy about Cybercrime/Cybersecurity and may be issuing legislation that conflicts with other legislation (existing or new)
9/2/2007 18
Case Study - ThailandTwo chapters of CYBERCRIME AND SECURITY written by Police Major Kissana Phathanacharoen, entitled “Thailand Cybercrime and Security Issues,”(9/06) and “The Application of Existing Thai Criminal Law Dealing with Computer Hacking” (11/06).
Good news: Legislation has come into effect as of July 18, 2007 – Computer Related Crime Act
Prosecution was previously hampered as a result
Recent cross border case -Country used as a conduit for cybercrime
9/2/2007 19
Case Study - Singapore
Very advanced in use of technologyAdequate legislationProsecutionsNew legislation to address new issuesGovernment policy favors adoption of legislation and it is carried out in a timely manner
9/2/2007 20
Case Study - Republic of Korea
Multiple laws related to cybercrimeNew laws and amendments as new issues ariseLeader in the region in Cybercrime law and Cybersecurity areasProducing doctoral dissertations about Cybercrime
9/2/2007 21
Case Study -JapanHas passed some laws, signed CybercrimeConvention but has not ratified itStalledNeed for curriculum in law faculties and new law schools, interdisciplinary collaborations between law and tech communitiesNeed for public awarenessNeed to train lawyers, prosecutors, judges, law enforcement
9/2/2007 22
Case Study -India
Original law designed for purpose of e-commerceSlow to amendFocuses primarily on public morality cases when prosecutions ariseAmended legislation pending – will reach Parliament in December 2007
9/2/2007 23
Case Study - Kingdom of CambodiaLittle telephone penetration with land linesMobile phone penetration is higherGradual adoption of Internet, e.g. mobile
InternetRecent efforts to start a CERTNeeds technical assistance to develop
law
9/2/2007 24
Case study - Australia
Has adopted Cybercrime legislationSome prosecutionsProtracted controversy about privacy protection
9/2/2007 25
Case study - Malaysia
Has adopted legislationFew prosecutionsOngoing concerns about human rights protections
9/2/2007 26
United Nations Involvement
“We must remember, the world is not Silicon Valley” – Pauline C. Reich
Much of the model legislation is from the developed countriesMany developing countries are in a different stage in use of the Internet, email, computers, etc.
9/2/2007 27
Need for communication and sharing of model laws
Countries need to look at model laws from other countries with similar circumstances and degrees of technology useMany countries need technical assistanceMy proposal: distance learning, online conferences (regional, global)
9/2/2007 28
Some considerations in determining legislation to adopt
Countries need to be able to adapt laws as new forms of technology are used, for example, wireless Internet, mobile phone for payments, VoiPConvergence and net neutrality issues arise Laws adopted must take into account human rights issues, privacy
9/2/2007 29
More work is needed on a legislative model that is viable for all the countries of the world, giving them the flexibility to adapt the model to their own legal systems and technological use in the present and into the future.Countries also need an overall policy, rather than piecemeal adoption of legislation.
9/2/2007 30
Sources of further informationBOOKSJody Westby, EditorInternational Guide to
Combating Cybercrime(American Bar Association,
2003) Jody Westby, EditorInternational Guide to Cyber Security (American Bar Association, 2004)
TREATISE
Pauline C. Reich, General Editor, CYBERCRIME AND SECURITY (Oceana, a division of Oxford University Press – 3 volume looseleaf set updated every 2-3 months)
9/2/2007 31
And….Jody Westby, EditorInternational Guide to Privacy, (American Bar Association, 2004)Bert-Jaap Koops and Susan W. Brenner, Editors, Cybercrime and Jurisdiction – A Global Survey (Cambridge University Press, 2006)Ian Walden, Computer Crimes and Digital Investigations (Oxford University Press, 2007)
U.S. General Accounting OfficeGAO-07-705CYBERCRIME - Public and Private Entities Face Challenges in Addressing Cyber ThreatsJune 2007
9/2/2007 32
WebsitesThe RegisterZDNet.comSiliconValley.comSydney Morning HeraldWashington PostAUSTLIIHKLIICANLIIWorldLII, etc.
9/2/2007 33
Council of Europe Convention on Cybercrime
Additional Protocol to the Convention on Cybercrime – Concerning the Criminalization of Acts of a Racist and Xenophobic Nature Committeedthrough Computer SystemsTwo Explanatory ReportsSee CYBERCRIME AND SECURITY and Council of Europe website