Global Harmonization of Cybercrime Legislation The Road to Geneva

1
Global Harmonization of Cybercrime Legislation
The Road to Geneva

• Chief Judge Stein Schjolberg
• steins_at_mosstingrett.no
• 
  www.cybercrimelaw.net
• 
  www.globalcourts.com
• European Network Forensic and Security
  Conference
• (ENFSC)
  
• Heerlen, The Netherlands, October
  15-17, 2008

2
The Background

• The Ribikoff Bill (1977)
• OECD Analysis of Legal Politics (1986)
• Council of Europe Recommendation on
  computer-related crime (1989)
• Council of Europe Recommendation on Criminal
  Procedural Law (1995)
• Council of Europe Convention on Cybercrime (2001)

3
World Summit on the Information Society (WSIS)

• United Nations General Assembly (2001)
• International Telecommunication Union (ITU)
• Geneva 2003 Phase One
• Tunis 2005 Phase Two
• Action Line 5 Building confidence and security
  in the use of information and communication
  technologies (ICTs)

4
Global Cybersecurity Agenda (GCA)

• Launched on May 17, 2007
• Seven main strategic goals
• Strategic goal no. 1 The elaboration of
  strategies for the development of a model
  cybercrime legislation that is globally
  applicable and interoperable with excisting
  national and regional legislative measures.
• www.itu.int/osg/csd/cybersecurity/gca/

5
High-Level Expert Group (HLEG)

• Established in October 2007
• Five Work Areas
• Legal Measures
• Technical and Procedural Measures
• Organizational Structures
• Capacity Building
• International Cooperation

6
HLEG Meetings and outputs

• The First HLEG Meeting October 2007
• The First Ad-hoc Meeting January 2008
• The Second Ad-hoc Meeting- April 2008
• The Second HLEG Meeting May 2008
• The Third HLEG Meeting June 2008
• The Strategic Reports delivered June 2008
• The Recommendations-delivered June 2008

7
The Recommendations for the ITU Secretary General

• Chairmans Report August 2008
• Five Set of Recommendations
• Legal measures
• The Tunis WSIS Agenda
• Paragraph 40
• Paragraph 42

8
Recommendations on Legal Measures

• 1 Convention on Cybercrime-ratification/acceding
  to, guideline, reference
• 2 Minimum implementations
• 3 New technological developments
• 4 On-line games Second Life
• 5 Spam, identity theft, preparatory acts
• 6. Data espionage, pornography to minors

9
Recommendations on Legal Measures (cont.)

• 7 New Challenges Voice over IP
• 8 Data Retention
• 9 Terrorist misuse of Internet
• 10 New challenges for law enforcement
• 11 New challenges for prosecutors
• 12 Challenges for human rights
• 13 Global conference for regional organizations
  on cybersecurity and cybercrime
• Civil Matters

10
The Global Legal Framework

• United Nations
• International Telecommunication Union (ITU)
• Council of Europe
• G-8 Group of States
• European Union
• Asian Pacific Economic Cooperation (APEC)
• Organization of American States (OAS)
• Commonwealth Model Legislation
• Association of Southeast Asian Nations (ASEAN)

11
United Nations

• General Assembly Resolutions
• International Telecommunication Union (ITU)
• United Nations Office on Drugs and Crime
• UN Crime Congresses
• www.unodc.org

12
Council of Europe

• The Convention on Cybercrime (2001)
• Signed not followed by ratification 22
• Ratification/acceding 23 States
• Additional protocol
• conventions.coe.int

13
2001 Convention on Cybercrime

• Implementation as
• Ratification
• Accession
• Guideline
• Reference

14
G-8 Group of States

• Subgroup of High-Tech Crime (1997)
• Meeting in Washington D.C. (2004)
• Meeting in Sheffield (2005)
• Meeting in Moscow (2006)
• Meeting in Munich (2007)
• Hokkaido Toyako Summit (7-9 July 2008)
• www.g7.utoronto.ca

15
European Union

• Council Framework Decision 2005/222/JHA on
  attacks against information systems (2005)
• Article 2 Illegal access to Information Systems
• Article 3 Illegal system interference
• Article 4 Illegal data interference
• Expert meeting on cybercrime (November 2007)
• Amending Council Framework Decision 2002/475/JHA
  on Combating Terrorism to include public
  provocation, recruitment and training (2008)
• www.europa.eu

16
Asia Pacific Economic Cooperation (APEC)

• Ministerial Meeting (2002)
• APEC TEL e-Security Task Group (2005)
• APEC-ASEAN Workshop (Manila 2007)
• APEC Tel Workshop on Policy and Technical
  Approaches against Botnet (Tokyo 2008)
• APEC Tel Chairs Report to the Ministerial Meeting
  (Bangkok 2008)
• www.apectelwg.org

17
Organization of American States (OAS)

• Group of experts on cybercrime (1999)
• The Madrid Meeting, (2005)
• Expert Group Meeting, February 2006
• Meeting of Ministers of Justice, June 2006
• Meeting of Ministers of Justice, June 2007
• Fifth Meeting of Group of Experts on Cyber-crime,
  November 2007
• Meeting of Ministers of Justice, June 2008
• www.oas.org./juridico/english/cyber.htm

18
Commonwealth Model Legislation

• A Model Law at the Conference of Ministers (2002)
• Computer and Computer Related Crimes Act
• Adapt framework legislation compatible with other
  Commonwealth countries
• www.thecommonwealth.org

19
Association of Southeast Asian Nations (ASEAN)

• ASEAN-China Strategic Partnership (2003)
• The Bangkok Meeting (2004)
• ASEAN Regional Forum Statement (2006)
• Ministerial Meeting, Brunei Darussalam (2007)
• ASEAN Chiefs of Police Conference, Brunei
  Darussalam, (May 2008)
• www.aseansec.org

20
Other International Organizations

• OECD www.oecd.org
• NATO www.nato.int
• African Union www.africa-union.org
• The Arab League www.arableagueonline.org
• Shanghai Cooperation Organization (SCO)
  www.sectsco.org

21
Substantive Criminal Law

• Illegal access
• Illegal interception
• Data interference
• System interference
• Misuse of devices
• Computer-related forgery
• Computer-related fraud
• Child Pornography

22
Special Issues

• Attacks against Critical Information
  Infrastructures
• Terrorist misuse of Internet
• Spam
• Online games
• Misuse of devices
• Identity Theft
• Phishing and other preparatory acts

23
Preparatory conducts prior to attempted acts

• The production, possession, sale, or
  otherwise making available computer data or
  systems, especially suitable as a remedy for
  criminal conducts in a computer system or
  network, when committed intentionally, shall be
  punished as a preparatory conduct to criminal
  offences.

24
Procedural law

• General principles
• Expedited preservation of stored computer data
• Expedited preservation of traffic data
• Production order
• Search and seizure of stored computer data
• Real-time collection of traffic data
• Interception of content data

25
Special Issues

• Voice over IP
• Key loggers
• Data Retention
• Encryption
• Jurisdiction

26
Protection of Individual Rights

• Universal Declaration on Human Rights
• International Covenant on Civil and Political
  Rights
• Council of Europe Convention for the Protection
  of Human Rights and Fundamental Freedoms
• Convention on Cybercrime Article 15

27
Court Case Laws

• Standardization of Supreme Court decicions
• Integration Retrieval Systems
• Search Technology Solutions

28
www.cybercrimelaw.net

• Global Legal Framework
• Global National Law Survey
• Harmonizing National Legal Approaches on
  Cybercrime
• Supreme Court decisions around the world
• Terrorism in Cyberspace Myth or reality (June
  2007)
• Global Harmonization of Cybercrime Legislation
  The Road to Geneva (October 2008)

29
Conclusion

• Those who fail to anticipate the future are in
  for a rude shock when it arrives
• Professor Peter Grabosky
• Australia