Cyber-crime is described as criminal activity executed using a computer or the web directed at computers or an ICT system. It is a criminal act that occurs in a cyber-space and is punished by enactments (law).
The most important and the commonest form of cyber-crime is hacking.
Ideally, hacking is stealing one’s identity and critical data, violating privacy, committing forgery or fraud, et al.
The ITRC (identity theft resource center) reported that in 2015 alone, more than 170 million private accounts suffered from security breaches.
Developed nations such as the US are partnering with governments across the world to cement the capacity of institutions to mitigate criminal acts committed in cyberspace through training, sharing of information and public participation.
One such movement is the Budapest Convention on Cybercrime that urges all the interested governments to join. The main objective of the convention is to formulate a framework for defining cybercrime, how to mitigate cybercrime, and how to protect offenders of cybercrime.
In modern society, cyber-crime is a serious global issue that needs a concerted worldwide response.
Laws against cyber-crimes or simply cyber-crime laws consist of regulations affiliated to computer offenses, web and communication offenses, unauthorized access, dispense of obscene content, cyberbullying, interference with computer systems, technology offenses, and information offenses among others.
Whereas the web and digital industry are potential arenas of making quick money, it’s also an avenue for committing criminal activities.
Laws against cyber-crimes are enacted regulations that spell the offenses and repercussions regarding those crimes. The laws are meant to provide an architecture for effective and timely diagnosis, inquiry and execution of cyber-crimes.
Cybercrime legislation defines the standards of admissible conduct of computer and web users; formulates socio-legal penalties for cyber-crime perpetrators; secures web users; generally minimizes and averts abuse of people, information, computer systems, and architecture; and particularly protects rights and freedoms of individuals; assist inquiry and execution of cyber-crime related cases, and builds cooperation among various countries in regard to cyber-crime.
The laws stipulate the acceptable codes of conduct when using the web, computers and other digital systems.
Cyber-crime laws lay down the actions to be taken by the public, government authorities and private institutions concerning cyber-crime cases; criminal procedures and the infrastructure to use when a cyber-crime occurs.
There are three well-known laws regarding cyber-crime:
Substantive cyber-crime law
Procedural cyber-crime law
Preventive cybercrime law
Different countries have different laws and regulations regarding cybercrime.
For instance, the US has substantive cybercrime laws that forbid criminal acts like hacking, illicit infiltration to computer systems, obscene content like pornography, identity theft, et al.
A criminal action must be comprehensively outlined in and forbidden by legislation. It is against the law to prosecute and punish a person who allegedly committed an act not prescribed by the law.
In substantive cyber-crime laws, both the rights and responsibilities of all the legal subjects including individuals, institutions, and countries are stated.
Governments and relevant institutions are required to take the correct actions when controlling and mitigating cyber-crimes and most importantly, respect human rights.
Substantive laws are formulated from statutes and ordinances that are passed by city/municipal councils, regions, federal laws as well as court decisions.
In some states/nations, rather than formulating new legislation against cyber-crime, the existing national laws or codes of conduct are amended by adding new clauses that address the criminal act(s).
Regarding this practice, using ICT unlawfully, for example, to perpetrate a crime is criminalized separately, that is, if the crime committed forgery using unlawful access to an ICT system, the act would be treated as two crimes simultaneously.
Substantive laws consist of legislation that forbids certain types of the criminal act and penalizes anyone who does not comply with them.
Substantive cybercrime laws are guided by the “substance” of the criminal act, like elements such as forbidden conduct and mental element.
Various countries criminalize different offenses by selecting the type of elements that characterize a particular crime.
Alternatively, different countries will criminalize a particular offense but the enactments would vary.
For instance, cyber-crime laws enacted to criminalize illicit access to ICT systems and stealing information from computer networks differ among various countries.
Regarding substantive cyber-crime law, countries are obliged to criminalize unauthorized infiltration, illicit interception, interference of information and computer systems, forgery and fraud, device misuse, copyright infringement, corporate liability, and obscene content.
It’s remarkable that the above-mentioned provisions or their combination enfold the majority of what makes cyberspace criminal acts today as they’ve been developed in a technology-neutral way.
It’s noteworthy to understand two critical things.
First, domestic application of cybercrime laws will often occur when the crime is in the public domain for prosecution, as there have been uncountable cases of cyberspace criminal acts that are regarded as minor offenses and their impact are considered too minor to inquire and prosecute. Yet, these crimes have a substantive effect worldwide, thus they should be subjects to cyber-crime legislation.
Second, in a case where the staunch justification for the illegalization of a specific behavior is missing in the law, the chances of moral over-illegalization to arise are high. Regarding this, human rights legislation is a critical tool when it comes to assessing cybercrime laws.
These are the cyber-crime laws that stipulate the procedures followed when applying substantive laws as well as the regulations that enforce them.
One notable section of the Procedural Cybercrime Law is the “criminal procedure” that constitutes exhaustive instructions on how to handle a suspected, accused or sentenced individual.
Procedural laws constitute provisions such as investigation and prosecution powers, regulations of affirmation and criminal process relating to information collection powers, searching and seizing powers, as well as information conservation and information retention.
Since procedural cyber-crime law is essentially a procedure/process law, it consists of phases:
Jurisdiction
Investigation
Collection of evidence
Jurisdiction
Jurisdiction is the ability/power of a country/institution/authority to perform law enforcement and punish the violation of the law.
It is the sovereignty that a state/country has on exercising authority within its borders.
Under jurisdictive power, an inquiry into cyber-crimes is conducted by law enforcers and the cyber-crime cases are adjudicated by the courts.
While the sovereignty of a state does not go beyond its borders, cyber-space does not have geographical boundaries.
Consequently, countries are allowed to apply numerous factors when determining the type of jurisdiction to carry out on some cyber-crimes.
For instance, the country of origin of the criminal.
Under the procedural cyber-crime law, countries have the power to arrest, prosecute, and sentence their citizens even though the nationals are not within their countries.
In another case, the victim’s nationality is used when declaring jurisdiction over a certain criminal activity.
The law permits a country to execute jurisdiction where a criminal act committed in another country interfered with the security/interests of the country that is in search of jurisdiction.
Lastly, any country is permitted to formulate jurisdiction over some multinational offenses like savageries that affect human beings regardless of territorial boundaries, if the country where the criminal act was perpetrated is either unable or not committed to prosecuting them.
Procedural cyber-crime laws stipulate specialized powers that cover both the access to data required and protections to make sure that the information is gathered in accordance with the right legal orders and retrieved to a level/degree that is permitted by the law.
For instance, a government agency may be requiring a telecom service provider to disclose the information in their database that is electronically stored for not more than 180 days, the agency will follow the warrant provided by procedural cyber-crime law to execute this order.
Nevertheless, protections are not obeyed by all the countries.
For example, Turkey revised its internet laws to oblige web service enablers to keep user information and avail it to the relevant agencies when needed without obtaining a legal order.
Also, in 2015, the Tanzanian government provided the police with an unrestricted authority to investigate and prosecute cyber-crime.
Most importantly, the authorities and processes formulated to carry out investigations and legal actions on cyber-crime must conform to human rights.
Digital evidence consists of data retrieved from ICT, computer networks and/or digital systems and used to facilitate approval or disapproval of a cyber-crime.
Procedural cybercrime law stipulates regulations regarding identification, gathering, examination, and circulation of digital evidence.
Digital evidence is used to support or disapprove a suspected criminal, determine the rationale, location, and behavior of the perpetrator, and decide the culpability of the criminal.
The procedure applied to ascertain the suitability of digital evidence in courts is governed by rules of evidence.
The regulations dictate the way digital evidence is passed through documentation, collection, preservation, transmission, analysis, storage, and protection ascertain its suitability.
For it to be admitted in national courts, it must pass authentication and integrity tests.
Nevertheless, there has never been standardized rules of evidence for all countries. Ergo, there is a need to harmonize these rules because cyber-crimes are trans-national and affect digital systems across the globe.
Preventive Cybercrime Laws are aimed at mitigation and control of cyber-crime.
Information protection laws, as well as cyber-security laws, are focused on mitigating material damage and reducing vulnerability by cyber-attackers.
Other preventive laws assist the relevant mitigation agencies to detect, inquire and prosecute crimes related to cyberspace by providing the necessary machinery, procedures, and instructions.
The present state of cyber-crime legislation is not up to standards. This is because hackers are using the latest technology to conceal their criminal acts. Also, corrupt government officials are collaborating with cyber-criminals to “purchase their innocence,” which is a big blow to cyber-security.
Acodez is a leading website design and web development company in India offering all kinds of web design and development services at affordable prices. We are also a renowned Digital Marketing Agency providing services like SEO, SEM, SMM, PPC, etc. and all other kinds of digital marketing services. For further information, please contact us today.
Looking for a good team
for your next project?
Contact us and we'll give you a preliminary free consultation on the web & mobile strategy that'd suit your needs best.
Rithesh Raghavan, Co-Founder, and Director at Acodez IT Solutions, who has a rich experience of 16+ years in IT & Digital Marketing. Between his busy schedule, whenever he finds the time he writes up his thoughts on the latest trends and developments in the world of IT and software development. All thanks to his master brain behind the gleaming success of Acodez.
