The Emergence and the Impact of Cybercrime International Law Essay

4/24/2014 The Emergence And The Impact Of Cybercrime International Law Essay

http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php 1/9

ukessays.com

http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php

The Emergence And The Impact Of Cybercrime International

Law Essay

Need help? ☎ 0115 966 7955

INTRODUCTION

The Internet with its unique advantage

of anonymity and speed is like a double

edged sword. While it promotes free

expression and forms a large part of our everyday life, it also provides an asylum for the perpetration of all

types of Cybercrimes.

Every day, new cybercrimes emerge, Phishing, hacking, botnets, ATM hacking, Identity theft, Stock price

manipulation, hacking cars to mention a few. Also we hear terms like Cyber threat, cyber terrorism, cyber

This is made more difficult by the fact that while the internet may be borderless for the cybercriminals, law

enforcement agents must consider the boundaries and the sovereignty of other nations. As a result, the

different legal systems and the disparities in the laws of various nations often present major obstacles to

the fight against cybercrime.

The existence of an International treaty on cybercrime is a fundamental pre-requisite for the combat

against cybercrime. This law should ideally set out the offences and make adequate provisions for

investigations and prosecutions, as well as jurisdiction. The importance of this cybercrime treaty is

illustrated by the “love bug” virus of 2000 which inflicted damage in 20 countries, while the perpetrator a

Philippine, suffered no harm for his actions because there was no cybercrime legislation in place in the

Philippine.

The awareness of the impact of cybercrime has spurred many regional and International initiatives in the

area of cybercrime amongst which has emerged the Council of Europe Convention on Cybercrime

2001(The Convention). The Council of Europe (CE) was convinced of the need to pursue a common

criminal policy with the aim of protecting the society against cybercrime inter alia, by the adoption of an

appropriate legislation and by encouraging International co-operation, hence the Convention on

Cybercrime.

The Convention which came into force in July 2004 currently has 47 signatories including non member

states, out of which 30 countries have ratified the Convention. Considering the need for a global treaty on

Cybercrime, in other to be better positioned against the anonymity, speed, and the transnational or the

borderless nature of the internet, this essay considers how well the Council of Europe’s Convention on

Cybercrime might serve as a model for global legislation in the field of computer crime, considering the

Substantive provisions, the procedural provisions and the provisions relating to International Cooperation.

It analyses the merits and demerits of the convention and its effect on the global fight against cybercrime. It

also considers other factors which affect the effective implementation of the Convention.

THE CONVENTION

The Council of Europe’s Cybercrime Convention is a binding International treaty and a historic milestone in

the fight against cybercrime and has been recognised as the leading treaty in the area of computer crime.

http://www.ukessays.com/

http://www.ukessays.com/essays/law/the-emergence-and-the-impact-of-cybercrime-international-law-essay.php



The Convention though negotiated under the aegis of the Council of Europe, had four non European

countries who participated in the drafting and negotiations and it is open to all countries for signature and

ratification. Many scholars have argued that it is a regional initiative meant for the members of the Council

of Europe, and will always be a European Convention, though other countries may want to use it as a

guideline or reference for the development of their own legislation, by adopting its principles in accordance

with their own legal system and practice. However the participation of the four non European countries;

United States, Canada, Japan and South Africa in the negotiations and drafting portrays the intention for

international implementation of the Convention.

The Convention aims at preventing illegal intrusion into the

works of computer systems. The convention was necessary in

other to dissuade acts against the confidentiality, integrity and

availability of computer systems, networks and data by the

criminalization of such conducts, and the adoption of sufficient

powers to combat such offences, the efficient detection,

investigation and prosecution of such offences and an

effective International co-operation. The drafters took into

cognisance the efforts of other International organisations in

the field of cybercrime and also the existence of similar treaties between the Council of Europe member

states and other states, stressing that the Convention on Cybercrime is intended to supplement these

other Conventions in criminal investigations and proceedings relating to computer systems and data, and

the collection of evidence of criminal offences in electronic data.

In the 1990s when the Convention was negotiated and drafted, it seemed to address the major computer

crimes prevalent in that era. Although the drafters had made the provisions quite broad, possibly to

accommodate issues that might emerge in the future, it is clear that presently (9 years since the

Convention opened for signature) with the rapid growth of the Internet and ICTs, cybercrimes have

expanded much more than the Convention can accommodate in its current state.

THE SUBSTANTIVE CRIMINAL PROVISIONS

The Convention deals with four kinds of cybercrimes; Hacking of computer systems and violations of

network security, Computer related fraud, child pornography and the infringement of Copyright and related

rights. It also makes provisions for sanctions and penalties.

Hacking or Hacktivism has

The Convention could also bring in provisions to criminalise cyber attacks against Information

Infrastructures. ICTs have blurred the lines between cybercrime and cyber terrorism. The Estonian attack is

one of such examples and there is therefore need for the protection of critical Information Infrastructure as

part of society’s protection against cybercrime and cyber terrorism. The provisions of the Council of

Europe Convention on the prevention of terrorism 2005 (especially articles 5-7) come in handy.

The provisions of the Convention are wide and provide a lot of flexibility and discretion for member states

in the drafting of their own laws. It provides the minimum consensus for offences, and parties in adopting

their own measures may exclude “petty or insignificant” misconducts and criminalise other conducts which

they deem relevant. They may also impose other conditions for criminal liability to attach with respect to

specific offenses. This flexibility allows different parties to adapt the provisions in accordance with their own

legal systems as is consistent with most international treaties.

There is however a lack of clarity in the definition of the offences and certain key definitions necessary for

interpreting the provisions are very broad. In the provision for sanctions, parties are to adopt “effective,

proportionate and dissuasive” sanctions. On one hand, this provision may be providing the legal obligation



for parties to make use of online enforcement tools or adopt other effective measures in symmetry to their

existing criminal law. On the other hand, it may result into conflicting terms, definitions and provisions by

different nations which may lead to an excessively lenient criminal legislation in some states or major

inconsistencies among national regulations. This may have detrimental effects as criminals may direct their

attacks through tolerant legal systems and focus their activities on the most vulnerable victims. In other

words, undermining the essence of the Convention which is, the harmonisation of the elements of the

various offences, in the domestic criminal substantive laws of nations and connected provisions in

cybercrime.

The expectation is not so much the unification or exact

correspondence of national legislation, but rather to tackle

frictions and inconsistencies among national laws. Relativity

on the definitions will most likely reduce the loopholes and

inconsistencies among national legislations and prevent

scenarios whereby a crime cannot be prosecuted because the

perpetrator is resident in a country which does not criminalize

the conduct or criminalises it but as a minor offence. The

Convention should be able to provide the minimum sanction

or penalty for each of the offences to serve as a guideline for parties.

The Convention is not dynamic which has led to lacunae in the provisions and there is a need to update it

to accommodate emerging issues. Issues such as phishing, spam, identity theft, crime in the virtual world

and social networks, amongst others are not covered as nominate crimes, although some may be

subsumed into other categories. Provision should also be made for the criminalization of preparatory acts

prior to the attempt at committing the established offences. The Convention could also bring in provisions

to criminalise cyber attacks against critical Information Infrastructures. ICTs have blurred the lines between

cybercrime and cyber terrorism. The Estonian attack is one of such examples and there is need for the

protection of critical Information Infrastructure as part of society’s protection against cybercrime and cyber

terrorism. The provisions of the Council of Europe Convention on the prevention of terrorism 2005

(especially articles 5-7) come in handy.

Copyright and related Offences

Article 10 of the convention provides for offences relating to the infringement of Copyright and related

rights. The provision criminalises the infringement of copyright and related rights but did not specifically

provide for other intellectual property offences like infringement of trademarks. Critics have argued that

provisions relating to Intellectual property rights should not be included in the Convention as it is already

meaningfully addressed in other Treaties like WIPO and TRIPS. Further, some countries especially in Asia

do not have traditions on Copyright legislation as covered by Art 10 of the Convention and as such

provisions relating to copyright and related rights should not be included in a global protocol as a measure

to be implemented by all parties.

The action by several countries, including the European Union, US, Canada and Japan amongst others in

the negotiation of an Anti-Counterfeiting Trade Agreement (ACTA) also questions the success of the

Copyright provisions of the Convention. ACTA will establish a new legal framework with its own governing

body which countries can sign or join voluntarily. The non European countries that played a major role in

the drafting of the Convention are also playing a major role in the negotiation for ACTA. ACTA will be made

up of three primary components; International cooperation, enforcement practices and legal framework for

the enforcement of intellectual property rights. It aims to provide an international framework which will

improve the enforcement of IP rights.

Since the Convention contains a provision dealing with the infringement of copyright and related rights,



why the negotiation of a new agreement instead of an amendment of the provisions contained in the

Convention? Bearing in mind that some of the participating states are signatories to the convention. The

answer could be the inadequacy of the provision relating to copyright and related rights, the unsatisfactory

rate of ratification of the Convention by more countries or the realisation that the provisions relating to

copyright should not be part of the Convention or some other political or economic reason.

According to the European Union, they didn’t negotiate ACTA

through any of the existing structures because a free standing

agreement will provide the most flexibility for interested

countries. Considering the ultimate objective of ACTA which is

to improve IPR enforcement in large emerging economies like

China and Russia (who are not signatories to the Cybercrime

Convention), the motive for ACTA may lean towards economic

or political interest.

Be that as it may, article 10 of the convention should be updated to reflect all infringements of IPR.

Whether or not provisions for Copyright and related rights should be part of the Convention depends on

whether Copyright and other related offences can be committed through the use of a computer system and

on the internet.

Child Pornography

Basically all forms of child pornography are criminalised by article 9 of the convention. Some countries like

the US already had laws prohibiting child pornography before the Convention. The convention extended

the prohibitions to electronic transmissions of child pornography thereby making virtual child pornography

unlawful. Arguments against virtual child pornography, has been refuted on the grounds that it will be

difficult to differentiate between those who use real children and computerized images.

Notwithstanding, the Convention gives the parties the discretion to either or not criminalise virtual child

pornography and mere possession. As a result, some countries criminalise mere possession regardless of

intent to distribute while in some countries like Russia, mere possession is not illegal. Furthermore, parties

have the discretion to determine the age of a child which must be between 16 and 18 years.

The developments of ICTs have escalated child pornography and in turn have spurred many international

and regional responses. The issue of child pornography has been an agenda in various International

forums. At a session of the Internet Governance Forum (IGF 2010), child pornography was discussed

extensively and many of the participants representing different countries and regions of the world

applauded the provisions of child pornography contained in the Convention on Cybercrime and advocated

for more countries to become signatories to the Convention for a unified fight against cybercrime.

The substantive criminal provisions of the Convention brought together for the first time the consensus of

criminal conducts on the internet and is replicated (with some few additions in some cases) in almost all

cybercrime laws in the world both national, regional and international. For a Convention to be successful in

achieving its desired goal and encourage ratification by a large number of nations, it is imperative that only

the offences which are prohibited by a general consensus should be included in the Convention. This was

the issue with the "Additional Protocol to the Convention on cybercrime, concerning the criminalisation of

acts of a racist and xenophobic nature committed through computer systems”. It did not form part of the

Convention but was drafted as a separate instrument, because many members including the US objected

to its provisions as contrary to their Fundamental human rights laws.

PROCEDURAL PROVISIONS AND INVESTIGATIVE POWERS

The Convention requires parties to establish the power and the procedures for criminal investigations and



prosecutions. Such powers should enable Law enforcement

officers with the help of Internet Service Providers (ISP) where

necessary to preserve expeditiously, computer data or traffic

data stored in a computer system to avoid being lost, order

the production of data, search computer systems or its

component for stored data, seize, copy or remove any such

data and record or collect real time transmissions of any

content and data traffic.

The scope of the provisions covers not only the criminal offences established by the Convention, but other

criminal conducts committed using a computer system as well as the “collection of evidence in an electronic

form” in relation to any crime. It follows that the provisions will apply to all criminal activities which use and

benefit from ICTs and as such have a wide application. Due to the speed of ICTs, evidence of cybercrime

consists mainly of digital information which is ephemeral in nature and can be easily altered, lost or

deleted. Therefore swift action in the collection and preservation of digital evidence is very important.

Broadly speaking, the investigative powers envisaged by the convention transcend cybercrimes and will

cover most criminal activities. For instance, in a kidnap investigation, it may be necessary to seize and

analyse the suspect’s computer or mobile phone in order to collect electronic evidence. The collection of

Content and traffic data according to Article 20 and 21 should only be employed for serious crimes and

what constitutes serious crime is at the discretion of the parties.

Critics have challenged these provisions especially the collection of traffic and content data on the basis

that it intercepts personal communications and as such a violation of the right to privacy and

communication. They argue that the procedural provisions of the Convention extend beyond the scope of

the offences, does not make adequate provisions or guarantees for the protection of human rights and

fundamental due process, and gives the parties the power to establish both the conditions for exercising

the powers of investigation and prosecution and the safeguards against them and place no substantial

constraints on the law enforcement agencies which will inevitably lead to violations of rights and

privacy. Even ISPs decried the provisions as placing a burden on them.

Nevertheless the protection of Human rights is guaranteed by article 15, which requires parties to ensure

that these powers of investigation and prosecution are subject to the law protecting human rights and

liberties. This involves both the human rights protection in the domestic laws of the parties, and other

international obligations which the party has undertaken. This means that each party is still bound by its

Human rights laws and obligations even in the investigation of crimes contained in the Convention. Parties

are also mandated to establish a judicial or Independent supervision as a check and lay out the limitations

on the scope and duration of the investigatory powers.

In the face of the criticisms, one might reason that personal

information are being hacked into constantly by criminals for

illegal purposes and it would not be worse to look into these

private communications in other to fight crime. That depends

of course from which perspective it is viewed and the concern

for the likelihood of abuse.

It is important that in the investigation and prosecution of

cybercrimes, the right balance should be struck between the

protection of the fundamental human rights of individuals and the effective prosecution of cybercrimes.

Practically, most of the challenges to the prosecution of cybercrimes come from the area of implementation

of the relevant law, collecting evidence in other nations, understanding technical evidence and issues of

extradition.



Jurisdiction

By the provisions of Article 22, Parties are to exercise jurisdiction in a particular offence when it is

committed in its territory or by its national or on board a ship or aircraft registered under the party. The

parties should where appropriate in a situation of jurisdictional conflict, where more than a party is claiming

jurisdiction for an offence contained in the convention, hold a consultation to determine which jurisdiction is

the most appropriate to prosecute the matter.

The provision failed to address adequately the resolution of jurisdictional conflict which is of fundamental

importance. Computers and networks are rarely subject to physical and spatial boundaries and together

with the nature of the internet, jurisdictional conflicts will most likely arise frequently. Therefore the method

of possible consultation between interested parties to resolve issues of jurisdiction without any further

guidelines will likely not resolve positive conflicts and may waste a lot of time which is of essence in the

investigation of cybercrimes. The provision provides no guideline or conditions for the resolution of the

conflict. In this regard, the 2005 European Union Framework Decision on attacks against information

systems went a step further to provide for a “mandatory consultation” as opposed to the Conventions

“Consultation where appropriate” and provides three criteria for determining jurisdiction as; the offenders

nationality, the place where the offence was committed and where the offender was apprehended. The

provision on jurisdiction should clearly set out the criteria for the conferment of jurisdiction over an alleged

cyber criminal in cases of jurisdictional conflicts. This will prevent the occurrence of issues of concurrent

jurisdiction and probably double jeopardy and provide specific conditions for the resolution of jurisdictional

conflicts.

Furthermore, “territorial notion” should be expanded to enable the prosecution of crimes irrespective of

whether the conduct occurred either in whole or in part in the prosecuting country’s territory, and also the

recognition of punishments successfully served in other jurisdictions. The admissibility of evidence lawfully

gathered from other countries in relation to International computer crimes should be part of a conclusive

and workable agreement on jurisdiction. This is important especially with cloud computing which allows the

transfer of digital data across national boundaries, where they can be stored on servers in any location

thus preventing access to the law enforcement who tries to collect evidence or investigate criminal

activities.

INTERNATIONAL COOPERATION

International cooperation is at the core of the fight against

cybercrime and is one of the issues challenging its effective

implementation. The transnational effect of cybercrimes, the

speed of the internet and the ever changing nature of ICTs

have made International cooperation very important, because

it aids expeditious actions which are very crucial to the

prosecution of cybercrime.

The scope of International cooperation under the Convention is wide. Generally parties should cooperate

and assist other parties “to the widest extent possible” in the process of investigations and proceedings.

This cooperation can come in two ways, either by extradition or by mutual assistance. Where there is an

issue which needs the international cooperation of parties, the parties involved will be guided by any

Extradition treaty or Mutual agreement which already exists between the parties. For the offences provided

in article 2-11 of the cybercrime convention, such an offence must be punishable by at least a maximum of

one year imprisonment to qualify for extradition under the existing framework. The Convention will only

come into play in cases of Extradition where no other extradition treaty exists between the parties.

Parties may require mutual assistance from other parties in respect of all investigatory and prosecution



provisions of the convention including the criminal conducts committed using a computer system and the

“collection of evidence in an electronic form” in relation to any crime. As a result, mutual assistance

between parties will apply to both cybercrimes and ordinary crimes, subject to various exceptions. On the

strength of mutual assistance, police can cross national boundaries to access servers in other countries

for data as long as it has the consent of the owner of the network systems.

Russia has been in opposition of this provision after the US police had gained access to the computers of

some Russian men accused of defrauding US banks in 2000. It has refused to sign the Cybercrime

convention saying that its reluctance to sign is based on the fact that it wants to preserve state sovereignty

and monopoly in the exercise of investigative powers based on the strength of its existing domestic laws

and procedures.

The provisions on international cooperation have received the greatest criticism of all the provisions of the

convention; from the scope of its application, to the level of assistance that the parties are required to give.

In the view of the critics, assistance to “the widest extent possible” could be stretched really far, and the

scope of assistance required by the convention involves a wide range of crimes not covered by the

convention, and does not provide adequate guarantees for due process and the protection of human

rights. They argue that the protection of the human right of privacy is fundamental and should not be

sacrificed at the altar of international cooperation. On the other hand, an international treaty requires some

amount of flexibility and a treaty with a strict obligation with regards to guarantees may discourage states

from adopting it and in the case of the Convention will jeopardise its main objective which is international

cooperation.

The lack of the requirement of dual criminality for granting

assistance was also highly criticised. The convention made no

specific provision for dual criminality except in Article 29 Para

3, where it exempted the application of dual criminality for the

expedited preservation of stored computer data. Following

from this, one may assume that other provisions where dual

criminality is not exempted requires dual criminality. Indeed

what the convention has done is to leave the basics of mutual

assistance to established national and international

agreements between the parties. Therefore in each case of mutual assistance, the parties are bound by

the traditional agreement on Mutual assistance between them, and if it requires dual criminality, then dual

criminality will apply.

As stated earlier, International Cooperation is very important to the fight against cybercrime. Its effect can

be in two ways. On one hand, it may deter countries who are very particular about their sovereignty from

becoming a party to the convention as is the case with Russia. On the other hand, it may eventually be the

factor that will motivate many states to ratify and implement the convention. This was the issue raised by

critics when Turkey became a signatory to the convention in November 2010. Turkey has a wider range of

cybercrimes in its law than that covered by the scope of the Convention and has imposed bans on some

internet sites like YouTube and Daily motion. Their signing of the convention was seen by many as a sort of

defence system which will give them access to international information and cooperation.

Another achievement by the Convention is the establishment of a network of national contact points which

will be available on a 24/7 basis for assistance and collection of evidence. The network is open to all

countries and 55 countries have joined so far. Parties are obliged to create such national points and equip

them adequately.

DIPLOMACY ISSUES



The Convention only becomes effective upon ratification and implementation. The implementation of the

Convention is very important. The Convention is in its 6th year since it came into force in 2004. Currently,

the US is the only non member of the Council of Europe who has ratified the Convention. Despite the

important role which it played during the negotiations and drafting of the Convention, it ratified the

Convention in 2006, five years after signature in 2001.

Within the Council of Europe, some members like Russia and Monaco have not signed the treaty, while

others like the UK, Poland, Austria, and Greece have signed, but have not ratified the convention. On the

global level, the level of implementation is very poor , and most of the countries with the highest number of

internet users have neither signed nor ratified the Convention.

Certain factors like Sovereignty, territoriality, human rights issue, Security, politics, international reputation

and economic issues influence the decision of states in becoming parties to international conventions.

Some authors are of the opinion that these issues play more prominent part in the implementation of the

Convention by member states rather than its legal enforceability. This is buttressed by the poor level of

ratification by countries, especially non European countries. The reason may be that states are reluctant to

sign a law which they were not part of the negotiations.

Generally the effectiveness of the convention may also be

affected by the mechanism of international law which is usually

slow. After the lengthy negotiations and drafting, states need

to ratify and then implement them into national laws . This

process may take some time and this factor needs to be taken

into consideration when judging the effectiveness of the

convention.

Albeit these problems, the Convention is a milestone in the

fight against cybercrime and serve as a model for other legislations in the field of computer crimes

including regional initiatives, national and international legislations. It is the only binding international

treaty on cybercrime and countries are urged to become parties to the convention in other to promote

international cooperation and eliminate the occurrence of safe havens for cybercriminals. A cybercrime

treaty needs to connect every country of the world. Much will not be accomplished when the most likely

countries from which criminals operate are left out.

Critics argue that the convention is a European Initiative meant for European states and have called for a

global treaty on cybercrime negotiated under the umbrella of the United Nations. At the 12th United Nations

Congress in Brazil in April 2010, a proposal for a treaty on global cybercrime was rejected. The EU and the

US strongly supported the idea that no new treaty was needed since the Convention on cybercrime has

been in place for 10 years. They reasoned that a new treaty would involve lengthy negotiations and will

take very long to resolve and is a further waste of time and resources in lengthy negotiations that might

not lead to a definite or a better conclusion. Another consequence of initiating a new negotiation for a

global convention is that it might have the effect of suspending the implementation of legislative reform

already in progress.

CONCLUSION

Cybercrimes pose a lot of challenges in the world today. The solution to the scourge of cybercrimes is an

effective international instrument which will foster international cooperation.

The Council of Europe’s Convention on Cybercrime is the only international treaty with the highest impact

in the area of cybercrime. Its impact is either directly on the signatories or indirectly on the countries who

have modelled their laws on the convention.



The Convention however needs to be updated to incorporate emerging issues and more countries need to

ratify the convention to make it more effective. Cybercriminals will not wait for nations to assemble and

negotiate a new treaty. There is a need for a binding law in force for the fight against cybercrime.

Therefore every country should be enticed to get involved and become a party to the convention.

While the convention exists, it is wise to hang on it pending the possible negotiation of a new global

cybercrime treaty.

Share This Essay

Did you find this essay useful? Share this essay with your friends and you could win £20 worth of Amazon

vouchers. One winner chosen at random each month.

Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays

website then please click on the link below to request removal:

Request the removal of this essay.

More from UK Essays

Need help with your essay?

We offer a bespoke essay writing service and can produce an essay to your exact requirements, written by

one of our expert academic writing team. Simply click on the button below to order your essay, you will see

an instant price based on your specific needs before the order is processed:

Order an Essay - via our secure order system!

http://www.ukessays.com/order/

Documents

The Emergence and the Impact of Cybercrime International Law Essay