Cybercrime |
Cybercrime is a broadly used term to describe criminal activity committed on computers or the Internet. Some of it is punishable by the laws of various countries, whereas others have a debatable legal status.
=Definition=
There has been some disagreement as to whether crimes involving the presence of one or more computers should necessarily be classified as computer crime. On the one hand, some news reporters and journalists have seemed, at times, to suggest that any crime involving the presence of a computer is ipso facto a computer crime. On the other hand, there are those who have argued that there is nothing special about crimes that involve computers. Gotterbarn (1990) criticized much of the earlier media hype surrounding computer-related crimes, claiming that the crimes involving computers are not necessarily in need of a special category. Other authors, such as Deborah G. Johnson (1985) also defended the view that crime is crime-whether it is committed with or without the use of a computer- suggesting that crimes involving computers are not qualitatively different from crimes in which no computer is present.
Li Xingan (2005) claims that computer crime is not a single type of crime different from other crimes. Rather, nearly all kinds of crimes can be committed through computers. Cybercrime is neither one independent crime, nor a category of crime in the strict sense. Only because the involved crimes are more or less related to the computer systems, they are called cybercrime in a general term. It sometimes indicates one kind, sometimes one category of computer crime. There exist diversified terms, such as cybercrime, computer crime, crime by computer, computer-assisted crime, computer-related crime, computer abuse, computer misuse, etc. These terms are habitually used interchangeably (Li Xingan 2005).
There has been a great deal of dispute among experts on just what constitutes a cybercrime, lacking of internationally recognized definition. Li Xingan (2005) concludes that one reason is the rapidly changing state of computer technology. Some experts believe that computer crime is nothing more than ordinary crime committed by high-tech computers and that current criminal laws on the books should be applied to the various laws broken, such as trespass, larceny, and conspiracy. Others view cybercrime as a new category of crime requiring a comprehensive new legal framework to address the unique nature of the emerging technologies and the unique set of challenges that traditional crimes do not deal with, such as jurisdiction, international cooperation, intent, and the difficulty of identifying the perpetrator. Part of the uncertainty comes from the fact that criminals make use of computers in the course of committing nearly any crime. Computer crime can involve criminal activities that are traditional in nature, which are generally subject everywhere to criminal sanctions, or create a host of potentially new misuses or abuses that may be criminal as well. Sensu stricto, computer crime is defined as the crime in which computer is utilized as tool or means, i.e. crime by computer, which was the original form of the complicated computer crime. A narrower definition limits computer crime to one that can be carried out only through the use of computer technology. In a broader sense, computer crime is defined as crime targeted against computer or by means of computer.
Sensu lato, computer crime is equals to computer misuse or abuse. In an extremely broad sense, the US Department of Justice (DOJ) defines computer crime broadly as any violations of criminal law that involve knowledge of computer technology for their perpetration, investigation or prosecution. Some experts have suggested that the Department of Justice s definition could encompass a series of crimes that have nothing to do with computers. While the example may stretch the boundaries of logic, it demonstrates the difficulties inherent in attempting to describe and classify computer criminality. In 1979, the US Department of Justice publication partitioned computer crime into three categories: computer abuse, the broad range of international acts involving a computer where one or more perpetrators made or could have made gain and one or more victims suffered or could have suffered a loss; computer crime, illegal computer abuse [that] implies direct involvement of computers in committing a crime; and computer-related crime, any illegal act for which a knowledge of computer technology is essential for successful prosecution. FBIs definition is that crimes where the computer is a major factor in committing the criminal offence. Others have focused on those crimes where knowledge of a computer system is essential to commit the crime , or simply where there is use of a computer to facilitate or carry out a criminal offence. Project Trawler defines computer crime as an offence in which a computer network is directly and significantly instrumental in the commission of the crime. Computer connectivity is the essential characteristic. Dan Koenig defines cybercrime as a criminal offence that has been created or made possible by the advent of computer technology, or a traditional crime which has been so transformed by the use of a computer that law enforcement investigators need a basic understanding of computers in order to investigate the crime.
Take the US federal legislation as an example, Congress has approached computer crime as both traditional crime committed by new methods and as crime unique in character requiring new legal framework. For example, Congress has amended the Securities Act of 1933 to include crimes committed by a computer. However, Congress has also enacted a comprehensive new computer fraud and abuse section that can easily be amended to reflect changes in technology and computer use by criminals. In fact, the US Congress has enacted statutes that widen the scope of traditional crimes to specifically include crimes involving computers, or categorize them as entirely separate offences. For example, the main federal statutory framework for many computer crimes is the Computer Fraud and Abuse Act (CFAA). The statute is structured with an eye to the future so that it can be easily amended to reflect changes in technology and criminal techniques. The statute has already been amended several times to close unintended loopholes created by judicial interpretation. In its current form, the statute is very broad in scope, reflecting the governments resolve to combat cybercrime at every level.
Either the concept of computer misuse and abuse, computer crime, computer attacks, computer-related crime, or crime by computer are the same to describe the crime phenomenon. Either the term computer or Internet is closely related to information. Information, hidden behind the appearance of some substantial equipment, is the real one that is involved in the crimes from time to time. Which of these formulations is appropriate for a particular legal system may depend on the meaning of these words in related laws, how the network crimes law defines them, and the way in which a court of that country is likely to interpret them. There is no doubt among the authors and experts who have attempted to arrive at definitions of computer crime that the phenomenon exists. However, the definitions that have been produced tend to relate to the study for which they were written. The scope of cybercrime is quite broad, comprise both new crime utilizing computer system and new forms of tradition crimes adopting computer system. The question of whether or not cybercrime is a valid threat has been posed ever since the origination of the idea. BloomBecker argues that computer crime should be defined in the way centered by conscience that offers society the greatest security against oppression by computer use or computer abuse. He defines computer system crime as any crime involving inappropriate interference with rights or other assets resulting from computer system use.
Li Xingan (2005)proposes a new classification method. According to the relationship between the cybercrimes and the traditional crimes, cybercrimes can be divided into cybercrimes as the substitutes of traditional crimes and cybercrimes as the complements of traditional crimes. The occurrence and increase of the former groups of crimes depend on the costs compared with the traditional crimes. When the costs of the cybercrimes are lower than the traditional crimes, the cybercrimes will increase, vise versa. The occurrence and increase of the latter group of crimes, however, depend on the costs compared with traditional crimes committed by other means. When the costs of the traditional crimes committed by the means of computers and networks is lower, this kind of crimes will increase, vise versa. In this sense, the cybercrimes turn out to be traditional crimes facilitated by computers and networks. They are just the same things.
=Theoretical classifications=
The variety of criminal activity which can be committed with or against information systems is surprisingly diverse. It is often difficult to classify a crime in one of the categories; many computer crimes fall into both. In academia, most scholars tend to classify cybercrimes based on the broad sense of the concept. Others prefer the strict sense. Gellstein and Kamal group the most common form of attacks on information systems in four categories of offences, including network-related, data-related, access-related and computer-related. D. S. Wall posits four categories of cybercrime, including cybertrespass, cybertheft, cyberobscenity and cyberviolence. According to the different aspects of security the crime breach, Icove et al divide computer crimes into four categories, including breaches of physical security, breaches of personnel security, breaches of communications and data security, breaches of operations security.
Philip R. Reitinger classifies cybercrime into three general categories, including the computer as a mere container of evidence, the computer is an instrumentality in the commission of a traditional offence, and computerised information or information technology is itself the object of the crime. In the first case, the computer as a mere container of evidence, the role of substantial criminal law should mainly be increase the possibility of dual criminality so that there are no safe havens for network-related crime. In the second case, traditional crime committed using computers or networks should generally be punished when committed online just as it would be punished if committed in the physical world. The basic elements of any traditional offence, such as fraud, will remain the same. The computer is just a new means of committing the offence, just as mail fraud was a new means of committing fraud at one point in history, and there is often no reason to treat it differently. We need a criminal sanction to deter and punish the crime, just as in the physical world. Therefore, criminal statutes covering traditional crime should be drafted or amended to cover online activity also, or, if this cannot be easily done, new statutes covering traditional crime committed online should be drafted to include elements analogous to the elements in the traditional crime statutes. When traditional crime presents a greater harm to society because it is committed online, that crime should entail a heavier punishment, where possible through neutral means such as measuring the actual damage done. Where the use of a computer or network inherently increases the risk or harm to society, criminal provisions should impose a greater or new punishment for such use unless the additional risk or harm is already addressed through neutral means. In the third case, criminal sanctions should where necessary deter costly anti-social conduct. The presence of technical or other solutions that could prevent the harm from network-related crime does not obviate the need for criminal sanctions.
Some other scholars classify cybercrimes according to the roles of computers in crimes. The early studies classified computer crime into two categories, i.e., crimes in which computer is used as a tool, crimes in which computer is used as a target. Later, in light of this classification standard, there derived more categories from it. For instances, computers as targets, computers as storage devices, computers as communications tools. Most jurisdictions seem to classify computer crimes into crimes where the computer is the object of the crime, where it is subject of the crime, such as in spreading viruses, and where it is an instrument of the crime to commit traditional offences, such as fraud, blackmail. Carter puts forth four general types of computer crimes, i.e. target, instrumentality, incidental to other crimes, associated with the prevalence of computer. In crimes computer as the target, including theft of intellectual property, theft of marketing information, or blackmail based on information gained from computerized files, sabotage of intellectual property, marketing, pricing, or personnel data or sabotage of operating systems and programs, and unlawful access to criminal justice and other government records. In crimes computer as the instrumentality of the crime, including fraudulent use of automated teller machine (ATM) cards and accounts; theft of money from accrual, conversion, or transfer accounts; credit card fraud; fraud from computer transactions, such as stock transfers, sales, or billings; and telecommunications fraud. In computer is incidental to other crimes. The crime could occur without the technology; however, computerisation helps the crime to occur faster, permits processing of greater amounts of information, and makes the crime more difficult to identify and trace, including money laundering and unlawful banking transactions, BBSs supporting unlawful activity, organized crime records or books, and bookmaking. In crimes associated with the prevalence of computers, including software piracy or counterfeiting, copyright violation of computer programs, counterfeit equipment, black market computer equipment and programs, and theft of technological equipment.
Some other arguments suggest classifications based on empirical studies on most frequent actual criminal phenomenon, such as Herman T. Tavani, proposing strict boundaries of computer crime and limiting it to piracy of software, electronic break-ins, and computer sabotage.
=Forms of cybercrime=
*Denial-of-service attack *Hacking *Writing and releasing a virus (computing) or trojan horse (computing)s *Cyberterrorism *Information warfare *Cyberstalking and online harassment *Fraud and identity theft, including Phishing *Virtual crime, such as the theft of virtual property
Some crimes that are offline but are committed through, or facilitated by, the use of computers can be classified as a cybercrime, such as money laundering.
=Applicable laws=
*The Computer Misuse Act 1990 in the United Kingdom.
*The USA Federal Computer Intrusion Laws
Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
Homeland Security Act of 2002 (Amendments)
USA Patriot Act
Federal Criminal Code Related to Computer Intrusions:
18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices
18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers
18 U.S.C. § 1362. Communication Lines, Stations, or Systems
18 U.S.C. § 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications
18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access
18 U.S.C. § 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information
U.S. Sentencing Guidelines that Relate to Computer Intrusions
U.S. Sentencing Commission s Proposed Amendments to the Guidelines that Relate to Computer Intrusions (Effective November 1, 2003)
*The Russian Criminal Code
Unauthorized access to computer information (Article 272 of the Criminal Code)
Creation, use and distribution of detrimental computer programs (Article 273 of the Criminal Code).
Violation of operating rules of a computer, a system of computers or a computer network (Article 274 of the Criminal Code)
*Finland Penal Code Chapter 38 Section 8
*Japan Unauthorized Computer Access Law
Law No. 128 of 1999 (in effect from February 3, 2000)
Federal legislation:THE CYBERCRIME ACT 2001
478.1 Unauthorised access to, or modification of, restricted data
Privacy Act 2000, effective as of January 1, 2000:
Section 10:
§ 52. Administrative Penalty Clause
The Belgian Parliament has in November 2000 adopted new articles in the Criminal Code on computer crime, in effect from February 13, 2001. The four main problems of computer forgery, computer fraud, hacking and sabotage are made criminal offences. This unofficial text in english is based on a June 2000 version.
IV. COMPUTER HACKING
Article 550(b) of the Criminal Code:
Law no. 9,983 of July 14, 2000 has been adopted covering provisions:
ENTRY OF FALSE DATA INTO THE INFORMATION SYSTEM.
Art. 313-A.
UNAUTHORIZED MODIFICATION OR ALTERATION OF THE INFORMATION SYSTEM.
Art. 313-B.
Canadian Criminal Code Section 342.1
Law on Automated Data Processing Crimes no. 19.223, published June 7, 1993.
Telecommunication Ordinance: Section 27A: Unauthorized access to computer by telecommunication:
Section 161: Access to computer with criminal or dishonest intent.
Criminal Code
§ 182 - Impairing and endangering the operation of public utility facilities.
§ 249 - Unauthorized use of other people s articles.
§ 257a - Damaging and misusing records in information stores.
Penal Code Section 263
Criminal Code:
§ 269: Destruction of programs and data in a computer.
§ 270: Computer sabotage.
§ 271: Unauthorized use of computers, computer systems and networks.
§ 272: Damaging or interferes with computer network connections.
§ 273. Spreading of computer viruses.
Penal Code, in effect since March 1, 1993
Chapter III: ATTACKS ON SYSTEMS FOR AUTOMATED DATA PROCESSING
Article 323-1
Article 323-2
Article 323-3
Article 323-4
Penal Code
Section 202a. Data Espionage:
Section 303a: Alteration of Data
Section 303b: Computer Sabotage
Criminal Code Article 370C§2:
Penal Code Section 300 C:Computer Fraud.
Criminal Damage Act, 1991
Section 5
Penal Code § 228 Section 1
The Information Technology Act Chapter XI - Offences
The Computer Law of 1995, Section 4
Penal Code Article 615 ter: Unauthorized access into a computer or telecommunication systems
-615 quater: Illegal Possession and Diffusion of Access Codes to Computer or Telecommunication Systems
-615 quinquies: Diffusion of Programs Aimed to Damage or to Interrupt a Computer System
Criminal Law Section 241: Arbitrarily Accessing Computer Systems
The Act of July 15th, 1993, relating to the reinforcement of the fight against financial crime and computer crime.
Section VI - concerning certain infractions in computer material.
Article 509-1
COMPUTER CRIMES ACT 1997
PART II OFFENCES
CHAPTER 426
ELECTRONIC COMMERCE ACT
AN ACT to provide in relation to electronic commerce and to provide for matters connected therewith or ancillery thereto.
PART VIII
COMPUTER MISUSE
Unlawful access to, or use of, information.
The Information Technology (Miscellaneous Provision) Act 1998
Act No. 18 of 1998
Penal Code Section 369A.
Penal Code Part 9
Chapter II
Articles 211 bis 1
Articles 211 bis 2
Article 211 bis 4
Criminal Code Article 138a
Penal Code § 145
Penal Code § 151 b
Penal Code § 261
Penal Code § 291
Penal Code:
Article 267
Article 268
Article 269
Criminal Information Law of August 17, 1991
Chapter 1 Article 7
REPUBLIC ACT NO.8792
AN ACT PROVIDING FOR THE RECOGNITION AND USE OF ELECTRONIC COMMERCIAL AND NON-COMMERCIAL TRANSACTIONS, PENALTIES FOR UNLAWFUL USE THEREOF, AND OTHER PURPOSES
PART V: FINAL PROVISIONS
Sec. 33. Penalties.
Chapter 50A: Computer misuse Act.
Unauthorised access to computer material.
Section 3
THE ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT of July 31 2002 (Act No. 25, 2002)
CHAPTER XIII
CYBER CRIME
Unauthorised access to, interception of or interference with data.
Penal Code
Title X CRIMES AGAINST PRIVACY, THE RIGHT TO FREEDOM FROM INJURY TO REPUTATION AND DOMESTIC PRIVACY
CHAPTER 1 Dicovery and revelation of secrets:
Article 197
SECTION 1 ON FRAUD
Article 264 no.2
Penal Code Chapter 4, Section 9 c
Penal Code Article 143bis: Unauthorized access to data processing system.
Penal Code Section 525/a
=References=
COE. Convention on Cybercrime, Budapest, 2001.
Li, Xingan. Cybercrime: An Introduction, Joensuu, July 2005.
Schjolberg, Stein. THE LEGAL FRAMEWORK - UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS PENAL LEGISLATION IN 44 COUNTRIES (Updated April 7, 2003), at http://www.mosstingrett.no/info/legal.html.|
|