With rapidly developing technologies, expanding globalisation and access to the internet, cybercrime has become increasingly prevalent throughout the years. Eurojust and Europol’s European Cybercrime Centre (EC3) identify the key challenges for law enforcement in combating cybercrime in a recent report (“the Report”). These challenges fall into five main areas:
- loss of data;
- loss of location;
- challenges associated with national legal frameworks;
- obstacles to international cooperation; and
- challenges of public-private partnerships.
Whilst the report focuses on these cybercrime issues in the context of the EU, cybercrime is an inherently cross-border crime and the information presented is highly relevant globally.
Loss of data
The challenges relating to loss of data include data retention; internet governance-related challenges; encryption; and crypto-currencies.
There is no consistent global approach by private companies to retain data that supports criminal investigations. This may result in the loss of leads by law enforcement and affect the ability to effectively prosecute cybercrimes.
Internet governance-related challenges
The challenge of the loss of data is also felt from the widespread implementation of Carrier Grade Network Address Translation (CGN) technologies by internet service providers. CGN technology has led to a serious online capability gap in law enforcement efforts to investigate and attribute crime. This is a highly technical consideration, and a detailed explanation can be found in the report.
WHOIS is a publicly available database of the owners of domain names, which provides a starting point in many cybercrime investigations to identify online criminal infrastructure. The Report states that “WHOIS information is also used by many public and private entities to protect consumers, critical infrastructure and intellectual property rights. Therefore, if such key information is no longer directly available, the public interest and the rule of law online are significantly harmed, and efforts to address cybercrime and improve cybersecurity are undermined.”
Encryption is commonly used by cybercriminals to evade law enforcement, hiding relevant data and communications evidence. A growing number of Electronic Service Providers implement encryption by default in their services, and an increasing number of encryption tools are publicly available. This makes the lawful interception of communication sometimes technically impossible, and seriously hampers cybercrime investigations.
Crypto-currencies such as Bitcoin continue to be exploited by cybercriminals, accompanied by increased use of tumbler/mixer services and crypto-currency exchangers which further complicate cybercrime investigations.
Additional challenges have been presented by the rise of other more privacy-focused cryptocurrencies, such as Monero. Law enforcement knowledge of and experience in how to investigate, trace and seize crypto-currencies is often limited to Bitcoin.
Loss of location
The use by criminals of encryption, crypto-currencies and the dark web have made it increasingly difficult for law enforcement to establish the location of the perpetrator, criminal infrastructure or electronic evidence. This raises complex considerations around which country has jurisdiction, and the legal framework for collection of evidence or the use of special investigatory powers. Due to the growing use of cloud-based storage data may also be physically located in different jurisdictions, presenting further challenges for law enforcement.
Challenges associated with national legal frameworks
Differences between international legislative instruments and domestic laws, particularly regarding the criminalisation of conduct and provisions to investigate cybercrime and gather electronic evidence, seriously impede the international criminal investigation and prosecution of cybercrime.
Obstacles to international cooperation
Key obstacles to international cooperation relate to challenges in the areas of mutual legal assistance and responding to large-scale cyber attacks.
Mutual Legal Assistance (MLA)-Related Challenges
The collection of evidence is often highly time-sensitive, and the MLA process is perceived as being too slow to effectively exchange evidence to facilitate criminal investigations.
Challenges in Responding to Large-Scale Cyber Attacks
Large-scale cyber attacks such as WannaCry have demonstrated the challenges for international cooperation in effectively responding to these events, which can affect a wide range of industries across multiple geographic regions. The Report posits that there is a need for “improved international cooperation, streamlining of activities, and clearly defined procedures with specific roles and responsibilities.”
Challenges of Public-Private Partnerships
Key challenges of public-private partnerships relate to legal framework; jurisdiction; and challenges associated with new and emerging technologies.
Cooperation between law enforcement and the private sector is vital in combating cybercrime, gathering evidence and increasing security. However, “little consensus exists on the legal framework that is required to facilitate effective and trust-based cooperation with the private sector, while at the same time regulating legal and transparency issues surrounding that cooperation.”
Cybercriminals exploit jurisdictional boundaries to avoid detection and prosecution, making it difficult and time-consuming for law enforcement to collect evidence from Electronic Service Providers, which are often established in many different countries.
Challenges Associated with New and Emerging Technologies
The increasing misuse of technology to facilitate cybercrimes has resulted in an incredible volume of seized data to be analysed as part of criminal investigations, which may cause significant delays. These challenges are likely to be exacerbated with further technological developments, for example in the areas of artificial intelligence and 5G.
Cybercrime is an increasingly complex problem presenting multiple challenges in the detection and prosecution of cybercriminals, and mitigation of their malicious activities.