Volume 14, No. 3, December 2004
|
Cyber-Laws and Enforcement |
||||||||||||||||||||||||||||||||||||||||||||||||
|
Ajmal
Edappagath |
||||||||||||||||||||||||||||||||||||||||||||||||
|
Importance
of trust and security on cyber-space* Information
and communication technologies (ICTs) today have impacts on virtually every
aspect of society and every corner of the world in information or digital
age fostering commerce, improving education and health care, and
facilitating communications among all stakeholders. The more cases of
cyber-crimes over the ICTs especially through the fastest growing medium
like Internet, the more voices for regulating them in whatever forms. Some
countries, thus, began to accommodate such voices or demands through
revising the existing laws and / or issuing new legislation(s) – or
‘cyber-laws’ to deal with new issues on ICTs. The
term or scope of ‘cyber-laws’ is yet unclear in many countries although
it can be interpreted at large in two: One is for the relevant legislations
dealing with or regulating converged computer, telecommunications and
multimedia or broadcasting in such cases as the Multimedia and
Communications Act, Malaysia; the other is for those tackling the emerging
cyber-crimes in such cases as the Information Technology Act in India and
the Convention of Cyber-crimes adopted by the Council of Europe. The term of
cyber-laws or legislations referred to in this paper will be limited to the
latter. In
the global information society – beyond national jurisdictions, an
escalating national de jure
regulation meets a similarly pervasive de facto futility of enforcement. National legislatures might
continue to enact regulations especially over criminal matters, but their
regulatory endeavors are unlikely to be effectively enforceable, as they
desire due to the global nature of ICTs. Global phenomena like cyber-crimes
should in principle propel nations to achieve legislative co-operation and
partnership at international levels, since cyber-space is no respecter of
national boundaries. The
nature and extent of the problem in enforcing the laws over the cyberspace
is enormous. Some law enforcement agencies are responding aggressively,
others are not fully aware of the problem on the cyberspace and lack the
expertise and resources to pursue the kind of cases appearing everyday. Some
ISPs have taken affirmative actions to crackdown on cyber offenders, whilst
others have not. There is a great deal more that government and/or industry
can and should do to empower individuals to protect themselves against cyber
offenders and other online threats. The
main scope and development of cyber-laws The existing legislations and statutes need to be reviewed to determine whether they can address the issues arising out of the new ICT era. If the current laws are inadequate to deal with the problems, national governments and / or appropriate regional and international bodies need to either revise the existing laws or enact new laws to provide individual, corporate and government users with maximum trust and security, as Table 1 articulates a few examples. Enforcement mechanismsTo optimize benefits of ICTs and secure confidence of users, information society should be safe and secured through not only cyber-laws per se but also appropriate enforcement mechanisms. However, first of all, many countries do not have specific enforcement agencies to combat various cyber-crimes. Table
1:
Scope and Development of ICT Legislations
It
is only the recent when countries started to create such agencies. For
instance, “a Cyber-crime
Agency called European and Network Information Security Agency (ENISA)”[4]
was created in early 2004 with a final approval by the European Union. The
National Cyber Security Center (NCSC) was set up under the wing of the
National intelligence Service (NIC) in South Korea in 2004.[5]
Whilst, “Operation Cyber Seep in the USA is being coordinated nationwide
between the Justice Department, the Federal Bureau of Investigation, the
Federal Trade Commission, postal inspectors and customs agents with
supported by sate authorities and foreign governments”[6]
– i.e., close coordination is required among relevant agencies at not only
national levels but also regional and global levels, since one of the
most important challenge often faced by the enforcement agencies is that the
cyber-criminals have the ability to commit the crime quickly and then
disappear without revealing their true identity or location. Often these
criminals are located in a foreign jurisdiction. Thus, tracking them
requires law enforcement agencies to be created and act faster through cyber
border cooperation from a spectrum of organizations representing
governments, businesses and consumer groups in various countries. Second,
cyber-law enforcement is relatively a new challenge for the most enforcement
agencies. Many countries do not have necessary skilled law enforcement
personnel to deal with computer and even broader ICT related crimes.
This undercuts the efforts to battle the growing threats like cyber-crimes.
In this regard, some countries have started special training for cyber
policemen in India by the Ministry of Communications and Information
Technologies[7]
and Anti-Cyber Crimes Cell (ACCC) officials in Pakistan[8].
Many others are still developing their expertise and resources to
investigate and prosecute cyber cases. Third,
according to a recent survey of law enforcement agencies, it appears that a
majority of the agencies have not investigated or prosecuted any cyber
cases. The reason for such laxity was attributed to mainly the fact that the
majority of its victims don’t report the conduct to law enforcement
agencies. Moreover, the law enforcement agencies per se will not take
them seriously: i.e., lack of awareness of importance of enforcement on
cyber-crimes. Most law
enforcement agencies do neither recognize the serious nature of the cyber
cases and nor investigate them. This requires for raising awareness and
education from not only the enforcement agencies but also victims and
citizens at large. Fourth,
at national levels, several countries began to impose legal enforcements
such as penalties or imprisonments on different types of cyber-crimes.
For example, according
to the Spam Law passed on December 2 2003 in Australia, “first offenses
will result in a maximum penalty of US$161,000 per day for organizations and
US$32,200 per a day for individuals. Repeat corporate offenders will face a
maximum penalty of US$805,500 for each day of spamming, with individuals who
are repeat spammers facing a maximum penalty of US$161,000 per day.”[9]
In case of Singapore, “violators of the Computer Misuse Act such as
website crackers can be jailed up to 3 years of fined up to S$10,000”.[10]
Fifth,
greater cooperation, harmonization and effective communications among law
enforcement agencies and relevant bodies at national, regional and
international levels are essential to combat sophisticated cyber-crimes or
unlawful conducts at different jurisdictions through the ICTs, especially on
the Internet, since the
limitation of law enforcement agencies to specific geographic jurisdictions
creates serious challenges for them when they investigate activities that
can be readily contrived to be extra-jurisdictional (i.e. occur somewhere
else), trans-jurisdictional (i.e. occur across two or more areas), or are
supra-jurisdictional (i.e. occur somewhere that no agency has jurisdiction
over). To meet this challenge of cross-border cyber-crimes at regional and
international levels: e.g., ·
EU
issued the Cyber-Crime Treaty in 2002, which has been signed by the major
European countries. Its main principle was based on a uniform approach to
fight the cyber-crimes to deal with jurisdiction and enforcement. ·
ASEAN
countries also seek stronger security links through a consideration to
develop a treaty on cyber-crime, so is the commonwealth. ·
OECD developed a new
web site www.oecd.org/sti/cultureofsecurity
dedicated to help combat security risks to information systems and networks.[11] ·
UN ESCAP organized a
seminar on ‘Harmonized Development of Legal and Regulatory Systems for E-Commerce in Asia and the Pacific’ to raise awareness among lawyers, justices, and legal professionals.[12] ·
ITU as the mandates
has taken various actions from developing international standards to
organizing numerous seminars and meetings in order to build confidence and
ensure security of ICT, especially its networks.[13] Sixth,
another important enforcement mechanism can be community or industry
self-regulation such as code of conducts or practices: e.g., the USA –
especially the FCC[14]
- together with private industries[15]
is in favor of 'un-regulation' of Internet markets or 'self-regulation' by
industries themselves especially in the areas of privacy or personal data
protection. Last but not least, law enforcements should be hand-in-hand with
developing technical measures such as software (e.g., open-source
e-mail software, filtering system) and hardware (e.g., a new ‘chip and pin
card’[16]). Future
ahead The
more cases of cyber-crimes over the converged ICTs especially through the
growth of Internet and e-commerce beyond national boundaries, the more
voices for regulating them at national, regional and international or
multi-lateral forms. As the types of cyber-crimes vary, however, ways of
tackling the different types of cyber crimes especially through legislations
or regulations may diverse from one country to another, especially when they
occur within a specific national jurisdiction with different definitions and
socio-political environments from others. Thus, harmonization of the
relevant or different national laws is increasingly required, which has been
recognized and taken up actions by UN agencies like the ESCAP and ITU. As
well demonstrated in such cyber-crimes as ‘love virus’ or ‘cyber
attack’ affected by more than one national jurisdiction, there is also
need for either bi-lateral or multi-lateral cooperation on the prosecution
of international hackers or criminals to go farther and possibly include a
cyber-law treaty,[17]
as practiced by the EC. As
a matter of fact, international legal instruments, which by definition
embody global consensus and/ or bind all member nations, could provide
countries with useful and creative tools for specific and defined areas of
cyber-crimes as international enforcement mechanisms: e.g., global
conventions, multilateral treaties (e.g., the Cyber-crime Treaty in the EU),
international laws, global standards (e.g., ITU and ISO) for confidence and
security, model uniform laws (e.g., UNITRAL), and model contracts/standard
terms. Recognizing
the need for confidence and security in the use of ICTs at a global level,
moreover, the World Summit on the Information Society (WSIS) led by the ITU
in 2003 has adopted that “…. A global culture of cyber security needs
to be promoted, developed and implemented in cooperation with all
stakeholders and international expert bodies. These efforts should be
supported by increased international cooperation. …” in its
Declaration of Principles.[18]
The WSIS has also adopted the Plan of Action including that “governments,
in cooperation with the private sector, should prevent, detect and respond
to cyber-crime and misuse of ICTs by: … considering legislation that
allows for effective investigation and prosecution of misuse; ….; and
encouraging education and raising awareness.”[19] In
view of the fact that cyber-crimes are growing at alarming rate, each
country by all stakeholders needs to have more pragmatic approaches (as
below) at national, regional and international levels: e.g., Ø
Raise
awareness of serious nature of the cyber-crimes for various target groups
from individuals, industries, and governments to specific enforcement
agencies. Ø
Revise,
enact and enforce national and international laws specifying various
substantive and procedural aspects of issues emerging from cyber-space:
i.e., cyber-crimes. Ø
Harmonize
different national laws to regulate and police the cyber-crimes in a
consistent and collective manner at various jurisdictional aspects. Ø Coordinate and cooperate between and among the law enforcement agencies of one’s own country as well as other countries concerned. Ø
Endeavor
to establish International Tribunals to regulate cyber cases or crimes
increased beyond national jurisdictions. To sum up, every stakeholder should be aware of and actively involve in preventing and solving together the destructive side of ICTs - i.e., cyber-crimes - with an appropriate balance between regulations and self-regulations subject to the different types of crimes in cyber-space, in order to optimize more creative side or benefits of ICTs, which will further transform the paradigms of our cultures, politics, and socio-economy beyond national jurisdictions in the interconnected world today.
* This is an abridged version of the paper prepared for TELCOM Asia 2004 held in Busan, Republic of Korea. Through this article, the author intends to raise awareness of growing cyber-crimes and eventually prevent or solve them. Notes [1]
Refer to a new EC guide on ‘Data Protection in the EU’ at http://europa.eu.int/comm/internal_market/en/media/dataprot. [2]
The Malaysian Government, Laws of Malaysia: Digital Signature Act
1997 (Act 562) and Subsidiary Legislation. [4]
ENISA will handle tasks involving risk assessment and management; follow
research and standardization development; help to raise awareness among
citizens, businesses and the public sector about common security threats
like viruses and vulnerabilities; and support EU policy development and
national initiatives. Andy Holiday, I.T.Vibe, November 26 2003. [5]
Ryu
Jin, “South Korea launches anti-cyber terror center”, at http://www.crime-research.org/news/20.02.2004/cyber_terrorism,
February 20,2004. [6]
“Online crackdown: 125 arrested in cyber fraud raid”, The Nation
(Thailand Daily Newspaper), November 22 2003, 5B [7]
Timofei
Saitarly, “India holds training for cyber policemen’, at http://www.crime-research.org/news/26.02.2004/86,
February 26,2004. [8]
PakistanLink,
at http://www.crime-research.org/eng/news/2004/01/Mess1901.html,
January 19, 2004. [10]
“Singapore takes war on terror to the Web”, ASIAMEDIA, November
25, 2003 [13]
Refer to http://www.itu.int
and “Network
security: Protecting our critical infrastructures”, by the ITU, Vision
of Information Society’, 2003. [14]
William E. Kennard (ex-FCC Chairman), "We can have openness and
competition by following the FCC's tradition of "unregulation"
of the Internet", A speech before the Federal Communications Bar,
Northern California Chapter, San Francisco, CA, July 20, 1999, http://www.fcc.gov. [16]
As for a new payment method, consumers can enter a four-digit pin number
every time a purchase is made. At http://news.
bbc.co.uk/go/pr/fr/-/2/hi/programmes/moneybox/3248010.shtm [17]
‘Suspected hacker may face extradition requests’ at http://www.cnn.com/2000/LAW/05/09/internat.hacking.law/ [18]
Doc.
WSIS-03/GENEVA/DOC/4, Declaration of Principles, WSIS, Geneva,
December 12, 2003. [19]
Doc.
WSIS-03/GENEVA/DOC/5, Declaration of Principles, WSIS, Geneva,
December 12, 2003. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
|