In this age of hyper-connectivity, cybercrime is a global problem. An online fraud, the dissemination of illegal pornography, or an invasive hack on a government website can be committed from anywhere, and target victims on the other side of the globe.
Given the enormous reliance of virtually all companies and governments on technology, the potential consequences of cybercrime can have global repercussions.
We need only consider the recent cyber attack named “WannaCry“, which released ransomware into thousands of computer systems globally. Once a system was compromised, the malware would encrypt all available files and threaten to only release them upon payment of a ransom amount.
Included in the targeted organisations were government departments such as the Russian Interior Ministry and the United Kingdom’s National Health Service (NHS), as well as large international organisations including several car manufacturers and FedEx in the United States.
Although it appears at the moment that there have been no far-reaching consequences, outcomes could have been much worse, particularly in the case of the NHS. Numerous hospitals reportedly had to reduce to skeleton staff and turn people away at emergency departments, which had the potential to endanger people’s lives.
WannaCry has demonstrated conclusively how easy it is for a cyber attack to “go global”, and most concerningly, that another, more malicious outbreak could be just around the corner. It is clear that the international law enforcement community needs to focus on a coherent approach to dealing with cybercrime.
Key issues facing international lawmakers
In February 2013, the United Nations Office on Drugs and Crime released a draft Comprehensive Study on Cybercrime which focused on the international response required to tackle cybercrime.
The study identified several key factors which need to be addressed before an international response to cybercrime can be truly effective.
- Fragmentation and excessive diversity in cybercrime laws, particularly in relation to procedural processes and the requirement for one member state to provide cooperation to the law enforcement of another. A further concern in this area are conflicting approaches from legislators as to the seriousness of various cybercrimes, the investigative powers of law enforcement, and the admissibility of certain types of evidence.
- Even where cooperation exists as a practice, response times are often insufficient given the near instantaneous nature of cybercrime.
- Lack of consensus about evidence “location.” A need to focus on law enforcement being able to obtain extraterritorial data without dealing with unnecessary bureaucratic delays, or facing issues with inadmissibility of evidence because the information was obtained online without appropriate permission from the source country.
- Insufficient technical support available to traditional prosecutors and legal systems to deal with cybercrime.
- Lack of consensus on how cybercrimes should be dealt with internationally.
These issues remain despite the fact that at the time of the study’s publication, 82 countries had already executed or ratified a binding cybercrime document. But given that there are currently 193 member states in the UN, with a wide range of resources, legal principles, and financial solvency, these issues are not surprising and will likely be ongoing.
What positive steps are being taken to deal with cybercrime?
At the highest level, international human rights law can punish abuse of freedom of expression where it relates to the online publication of material which is incitement to genocide or terrorism, hatred constituting incitement to discrimination, hostility or violence, and war propaganda.
For cybercrimes of a different nature, the study acknowledges that although it is not essential for penalties internationally to be uniform, it is crucial that certain countries are not seen as “soft” on cybercrime, and recognised to be havens for online criminal activity. In order to demonstrate the seriousness of any given offence, it is essential that there be at least some parity in the penalties applied for cybercrimes.
Ultimately, sovereign countries have the right to legislate internally as they see fit, including developing their own penalty structures and guidelines. The study does demonstrate however that cybercrime is perceived in the international community as being an issue that requires international attention.
The creation of various international and regional legal instruments within the European Union, the Shanghai Cooperation Organisation, various African intergovernmental organisations, the UN and the League of Arab States has already taken place, the majority of which focus on concepts set out in the Council of Europe Cybercrime Convention.
Although there are still many hurdles remaining before the international approach to cybercrime becomes truly cohesive, there have been many steps taken in the right direction by legislators and law enforcement around the world.
Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.
Contact us if you require assistance.