Understanding cybercrime: Phenomena, challenge …

1 09/2012 Understanding cybercrime : phenomena , challenges AND LEGAL RESPONSE September 2012 Understanding cybercrime : phenomena , challenges AND LEGAL RESPONSECYBERCRIMES eptember 2012telecommunication Development SectorPrinted in SwitzerlandGeneva, 2012 International Telecommunication UnionTelecommunication Development BureauPlace des NationsCH-1211 Geneva Understanding cybercrime : phenomena , challenges and legal response September 2012 The ITU publication Understanding cybercrime : phenomena , challenges and legal response has been prepared by Prof.

2 Dr. Marco Gercke and is a new edition of a report previously entitled Understanding cybercrime : A Guide for Developing Countries. The author wishes to thank the Infrastructure Enabling Environment and E-Application Department, ITU Telecommunication Development Bureau. This publication is available online at: ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Understanding cybercrime : phenomena , challenges and legal response i Table of contents Page Purpose.

3 Iii 1. Introduction .. 1 Infrastructure and services .. 1 Advantages and risks .. 2 Cybersecurity and cybercrime .. 2 International dimensions of cybercrime .. 3 Consequences for developing countries .. 4 2. The phenomena of cybercrime .. 11 Definitions .. 11 Typology of cybercrime .. 12 Development of computer crime and cybercrime .. 12 Extent and impact of cybercrime offences .. 14 Offences against the confidentiality, integrity and availability of computer data and systems .. 16 Content-related offences .. 21 Copyright and trademark related offences .. 27 Computer-related offences.

4 29 Combination offences .. 33 3. The challenges of fighting cybercrime .. 74 Opportunities .. 74 General challenges .. 75 Legal challenges .. 82 4. Anti- cybercrime strategies .. 97 cybercrime legislation as an integral part of a cybersecurity strategy .. 97 A cybercrime policy as starting point .. 98 The role of regulators in fighting cybercrime .. 101 5. Overview of activities of regional and international organizations .. 114 International approaches .. 114 Regional approaches .. 123 Scientific and independent approaches .. 144 The relationship between regional and international legislative approaches.

5 144 The relationship between international and national legislative approaches .. 145 6. Legal response .. 169 Definitions .. 169 Substantive criminal law .. 177 Digital evidence .. 225 Justisdiction .. 234 Procedural law .. 238 International cooperation .. 266 Liability of Internet providers .. 280 7. [Keyword Index] .. Error! Bookmark not deUnderstanding cybercrime : phenomena , challenges and legal response iii Purpose The purpose of the ITU report Understanding cybercrime : phenomena , challenges and Legal Response is to assist countries in Understanding the legal aspects of cybersecurity and to help harmonize legal frameworks.

6 As such, the report aims to help developing countries better understand the national and international implications of growing cyberthreats, to assess the requirements of existing national, regional and international instruments, and to assist countries in establishing a sound legal foundation. This report provides a comprehensive overview of the most relevant topics linked to the legal aspects of cybercrime and focuses on the demands of developing countries. Due to the transnational dimension of cybercrime , the legal instruments are the same for developing and developed countries.

7 However, the references used were selected for the benefit of developing countries, in addition to a broad selection of resources provided for a more in-depth study of the different topics. Whenever possible, publicly available sources were used, including many free-of-charge editions of online law journals. The report contains six main chapters. After an introduction (Chapter 1), it provides an overview of the phenomena of cybercrime (Chapter 2). This includes descriptions of how crimes are committed and explanations of the most widespread cybercrime offences such as hacking, identity theft and denial-of-service attacks.

8 An overview of the challenges is also provided, as they relate to the investigation and prosecution of cybercrime (Chapters 3 and 4). After a summary of some of the activities undertaken by international and regional organizations in the fight against cybercrime (Chapter 5), it continues with an analysis of different legal approaches with regard to substantive criminal law, procedural law, digital evidence, international cooperation and the responsibility of Internet service providers (Chapter 6), including examples of international approaches as well as good-practice examples from national solutions.

9 This publication addresses the first of the seven strategic goals of the ITU Global Cybersecurity Agenda (GCA), which calls for the elaboration of strategies for the development of cybercrime legislation that is globally applicable and interoperable with existing national and regional legislative measures, as well as addressing the approach to organizing national cybersecurity efforts under ITU-D Study Group 1 Question 22/1. Establishing the appropriate legal infrastructure is an integral component of a national cybersecurity strategy. The related mandate of ITU with regard to capacity building was emphasized by Resolution 130 (Rev.)

10 Guadalajara, 2010) of the ITU Plenipotentiary Conference, on Strengthening the role of ITU in building confidence and security in the use of information and communication technologies. The adoption by all countries of appropriate legislation against the misuse of ICTs for criminal or other purposes, including activities intended to affect the integrity of national critical information infrastructures, is central to achieving global cybersecurity. Since threats can originate anywhere around the globe, the challenges are inherently international in scope and require international cooperation, investigative assistance, and common substantive and procedural provisions.