Cybercrime and computer-related offences are becoming increasingly difficult to investigate. One of the reasons is that these cases are typically international in nature.
The Australian Institute of Criminology outlines some of the key impediments to the successful investigation of transnational high tech crime.
What are the key challenges in international cybercrime investigations?
Online technologies make it relatively simple to disguise/misrepresent one’s true identity, or to make use of someone else’s identity.
Extradition requires not only that an appropriate treaty exist between the two countries concerned, but also that the conduct in question be criminalised in both the referring and receiving country. In the case of computer crime, this is often not the case.
For example in one notable case a student in the Philippines was alleged to have sent out the so-called ‘Love Bug’ virus, which infected Microsoft Windows operating systems and cost billions of dollars of global damage. The student was arrested, but the creation and release of a computer virus was not proscribed by Philippines law at the time, so extradition to the United States was not possible.
Choosing an appropriate jurisdiction
The nature of cybercrime is such that offences can be committed from anywhere in the world, with offenders and victims often located in different countries. This raises questions concerning in which jurisdiction proceedings should be taken, and whether extradition will be required.
Search and seizure
Further challenges are presented in international cybercrime investigations relating to gathering digital evidence. Accessing computers remotely via the internet may require a warrant in order to be legally conducted. Warrants may need to be simultaneously executed in different countries in order to ensure that suspects do not collaborate in the alteration or destruction of evidence.
A difficult problem facing cybercrime investigators concerns data that have been encrypted by accused persons who refuse to provide the decryption key or password.
Access to encrypted data may be achieved by installing a key logging program onto a computer (without the knowledge of the accused) to detect the password used for decryption. In Australia, the Surveillance Devices Bill (No. 2) 2004 may enable police to apply for warrants to install key logging programs remotely.
Another recourse is the Australian Cybercrime Act 2001 (Cth), which provides a maximum penalty of six months’ imprisonment for failure to comply with a magistrate’s order to provide such information to investigating officials (see s 3LA, Criminal Code Act 1995 (Cth) and s 201A, Customs Act 1901 (Cth)).
Mutual assistance treaties facilitate international criminal investigations, providing a legal basis for authorities in one country to obtain evidence for criminal investigations at the request of authorities in another country.
Obtaining evidence in cybercrime cases through mutual assistance can be slow and ineffective, with typical response times ranging from 6-24 months. Often, in order for an effective investigation to be conducted, searches need to take place immediately in order to preserve evidence held on servers.
Logistical and practical barriers
International investigations can also present a range of practical problems for those involved, including:
- Inconvenient time differences
- The need for translation of documents
- The requirement for interpreters, which can be expensive and slow down investigations
What are some potential solutions to these challenges?
Harmonisation of laws
The adoption of international conventions will aid prosecutions, improve mutual assistance and make it easier to extradite offenders.
This is already starting to occur with:
- United Nations Convention Against Transnational Organised Crime – commenced 29 September 2003.
- Convention on Cybercrime (Budapest Convention) – adopted by the Committee of Ministers of the Council of Europe on 8 November 2001, and commenced on 18 March 2004.
Improving technical capabilities
Successful investigation of international cybercrime also requires adequate forensic and technical expertise, which suggests a need for the development of training programs and investigative software tools. International training programs could be developed and expertise could be shared between countries.
Finally, there needs to be greater sharing of information between investigators, within both the public and private sectors. This already occurs in the public sector but openness also needs to be encouraged in the private sector, even where commercial competitive interests may be at stake.