As technology has evolved to be used in all aspects of our private lives and across government and business, the scope and reach of cybercrime has dramatically increased.
Cybercrimes can be committed from anywhere and have global impacts. Cybercrime is considered to be “borderless,” meaning it can be extremely difficult to investigate and prosecute.
The scope of cybercrime
Cybercrime refers to illegal activities committed using a computer or other forms of technology. As set out in the Australian Cyber Security Centre’s 2016 Threat Report, common cybercrime activities include:
- Ransomware, which quite literally “kidnaps” files and holds them to ransom, and similar types of online extortion.
- Identity-related crime including identity theft for personal gain or assuming a fake identity in order to carry out a deception.
- Cyber terrorism, which can include disrupting or destroying computer networks or systems of organisations or governments.
- Destroying or altering websites.
- Espionage, intending to obtain state or corporate secrets.
- The use of credential-harvesting malware, which baits unsuspecting users into providing personal details such as pin numbers to cyber criminals.
- The distribution of illegal material such as child pornography or extremely violent pornography.
How can a crime be borderless?
All of these types of crimes can be committed remotely, without the need for perpetrator and victim to be co-located or even, in some circumstances, to have any contact at all with each other. This lack of interaction is one of the reasons why cybercrime is considered to be borderless.
The other main factor contributing to cybercrimes being borderless is the move away from the usual system of crime, detection and punishment in a global arena.
In most “traditional” cases, how and where a crime occurred is fairly straightforward – the victim and the perpetrator are usually in the same geographical location, and crimes generate physical evidence. Cybercrimes can be orchestrated in a living room in Austria, yet have victims located in countries as far away as Uruguay and Japan. Physical evidence gives way to digital evidence, which can be much harder to track across different jurisdictions.
Even once the crime has been traced back and the perpetrator identified (which can be very difficult depending on the level of skill applied in the commission of the crime), the next challenge is determining how the crime should be prosecuted.
Is the action against the law in both the state of origin of the perpetrator and the country where the victim resides? How is information shared between two or more jurisdictions and legal systems? Which state runs the prosecution – the state in which the perpetrator resides or the state in which the victim is resident? How can internet service providers be compelled by police from another country to provide evidence of a potential offence? The list of potential issues arising from crimes occurring in different countries is near endless.
With many countries having recognised the potential consequences of disparate international treatment of cybercrime, as discussed in the Comprehensive Study on Cybercrime released by the United Nations Office on Drugs and Crime in February 2013, there is now increasing consensus in legislation. Nonetheless, we are certainly a long way from uniformity in the international approach towards cybercrime.
Investigating and prosecuting cybercrime internationally can be extremely difficult, giving cybercrime its reputation of being “borderless.” However, the ease with which cybercrime can be committed, and the potential global consequences, mean that it is essential for government and law enforcement agencies to find common ground in dealing with these activities.