Internet Law and the Privacy Act 1988 - Assignment Example

Name) (Instructors’ name) (Course) (Date) (Name) (Instructors’ name) (Course) (Date) 3. Discuss the proposition that the Privacy Act 1988 (Cth) is drastically in need of amendments in the light of the technologies that enable personal information to be readily located, disseminated and accessed globally. On of the major polemics as regards cybercrime relates to its very definition. There is not consensus about that, as there is not consensus as regards the nature of cybercrime. The literature is abounding with definitions of cybercrime, which are sometimes almost identical, sometimes quite different (Bologna 27). As stated by the United Nations the term of cybercrime has been a topic for debate for the last 30 years and that the scholars have mainly concentrated in their articles on a three levels scheme: the computer as crime subject, the computer as crime object or the computer as crime instrument.. There were even opinions that the word cybercrime should be entirely deleted from the lexicon (Gordon and Ford 15). The original term of cybercrime, a media product, was restricted to hacking activities (Wall 10). Then, the concept of cybercrime, as Wall put it, meant “the occurrence of a harmful behavior that is somehow related to a computer”. Other definitions did not include only the illegal behaviours, but also the deviant behaviors (Yar 9). From a legal point of view, this kind of broader definition could not stand up though. When referring to cybercrime, despite the fact that is not offering a definition an interesting typology can be met in the provisions cybercrime Convention, for the moment the only binding international instrument of this kind by the literary material and also the major players in this field. According to the substantial provisions of the Convention, under the generic name of cybercrime there are subscribed the four following categories: offences against the confidentiality, integrity and availability of computer data and systems, computer-related offences, content-related offences, offences related to infringement of copyright and related rights. As regards the content-related offences, it has to be said that the list offered by the Convention and its Additional Protocol from 2003 is not an exhaustive one; other illicit behaviors were included by the specialized literature in this category. Definitions. An essential concept needs to be reminded here, as it helps in understanding the categories of crime that could be included generically under computer crimes and that is computer systems. “Computer system” means any group or device of related or interconnected device, which, pursuant to a program, performs data’s automatic processing. The Cybercrime Convention Committee (T-CY) stated in its 2006 Meeting Report that the term of computer system has to be understood as covering not only desktop computer systems, but also “developing forms of technology, including modern mobile telephones and personal digital assistants”. The lack of consistency as regards the definition of cybercrime was acknowledged also by the European Commission which admitted in its Communication Towards a General Policy on the Fight against Cybercrime that terms such as cybercrime, computer crime, high-tech crime or computer-related crime are regularly used interchangeably. In the same Communication, there are enumerated three categories of computer-crimes: traditional forms of crime (e.g. fraud and forgery) committed over electronic communication networks, publication of illegal content over electronic media and crimes unique to electronic networks (attacks against information systems, denial of service, hacking). Before this Communication was issued, there were different orientations even among the law enforcement agencies, the concept being used rather in media, academic world or among the criminal justice actors. Although the term is inserted in a document that has no normative value, but it is rather connected to the criminal policies in the area of practice and consequentially, this could be a sutiable foundation for future conceptual delimitation. Nature of cybercrime. Towards a plea, for its specificity. In the academic discourse, there are two orientations as regards the nature of cybercrime: one that has been launched by Grabosky Peter as “old wine in new bottles” and the second one that was entitled by Majid Yar as the “novelty of cybercrime”. The first one practically states that the causality of cybercrime can be easily explained by appealing to classical theories and that they are just old crimes committing by using new techniques. The second considers that computer crime is representing a totally new type of criminality that differs completely from the one committed in the real world. It is true that we are indeed in front of a new type of criminality, and its novelty comes from the environment involved. It is also true that the motivation of the cyber offenders does not differ too much from that of the other criminals (at least not in the present days) and that many of the cybercrimes. On the other hand, even these traditional crimes such as online fraud, are manifesting in a totally different way in the World Wide Web. If there were no differences, then there would be no challenge. The location where the crime takes place, the cyberspace, as we all call it today, creates many opportunities that cannot be encountered in real life issues. Two characteristics that confer its specificity come from the perceived anonymity and the transnational character. Of course, if one thinks of the transnational character, it can be met in an already classical organised crime, but not to the same degree. These traits make it difficult to identifying the offender or the place where he lives and obviously, much more difficult to prosecute him and consequently to apply a sentence. This is why the need for an international instrument is important and for adequate adjustments of the internal laws, but still this is not sufficient. Trends. If the motives to commit cybercrimes are no different from those that stay behind the ordinary crimes, whether they are greed, revenge challenge, adventure, the opportunities are always dynamic in this case. Bearing in mind this, it has to be said that designing some valid and effective policies against this phenomenon proves to be quite a difficult task. To offer just an example, the legislation proves to be most of the times some steps behind the evolution of the cyberspace threats. The last years major Internet threats, spam, spyware, phishing and pharming, are orientated to potential gains, taking advantage of the growth of E-commerce and do not follow the destructive pattern the classical viruses had not so long ago. Another trend is represented by the so-called blended threats which are mixing the characteristics of viruses, worms, Trojan Horses and malicious code. Phishing, the so-called novelty of year 2004 designed with the purpose to get personal information and to use that information for fraud and identity fraud, continued to spread in 2005 (Hunter 16), to use more and more sophisticated methods and evolved into the more difficult to detect pharming. New threats made their presence felt in 2006 and 2007. Starting from phishing schemes, more and more ID theft cases and financial fraud of banks were brought to the public attention. Additional to that, botnets, targeted attacks against governments and firms, web attacks, crimes committed in the virtual world (e.g. Second Life) were among the top threats of the year 2007 (Ifrah 4). These latter threats continued to manifest in 2008, as well. The phishing schemes which aim practically at gathering mostly financial data, but also personal data in general, not only continued to develop, but according to the data brought forward by the specialized literature, experienced a significant growth, ever since the economic crises has begun to make its presence felt (Brown, Eduards and Marsden 1). Of course, one should not leave behind the Internet fraud that although not considered a computer crime per se has found, due to the Internet characteristics, new forms of manifestation, the offenders changing their modus operandi from one year to another. For example, in 2008 the cybercriminals used extensively the already classical method of sending spam in order to commit identity theft, but the original element was represented by the fact that the unsolicited emails was allegedly coming from FBI officers or from a friend of the victim. Botnets are the threats envisaged by the law enforcement agencies which are striving to find solutions to effectively deal with such a phenomena. Another emerging problem is that of piracy. This is a very much controversial issue, because there are opinions that piracy related to software, music and films was incriminated as a consequence of corporate pressure and does contradict the free nature of the Internet. Lately, the P2P networks gave a lot of problems to the law enforcement agencies and not only for copy right issues but also because of child pornography. Responses. What criminal policies? The responses offered by the state and the society to the threat posed by cybercrime consist in elaborating a legislative framework able to cope with the new types of crimes committed on the Internet, creating new security solutions and educating the Internet users so that they could protect themselves and avoid becoming a victim. There are three layer approaches that need to be integrated in the transnational context of computer crimes. For that purpose to be fulfilled, concrete policies needed to be built up at national, regional and international level. What does really mean policing the Net today? Can the Internet be so easily regulated? Are we talking about law enforcement, about private actors trying to regulate the Internet? What are the major trends in this respect? What are the best solutions fit to deal with this? Kolinsky tries to define the classical model based on detention and punishment in opposition with what should be cyber-policing constructed on prevention strategies. If the classical model is based on the efforts of the professional law enforcement agencies, the cyber-policing should be the result of a combination between the activities of public and private organizations. It is interesting to be seen how this model of policing is able to protect the potential victims and leave behind the traditional model that keeps concentrating on the offender. The actual players involved in policing the cyberspace come from the private and public sector as well: the Internet users, the Internet Service Providers, corporate security organisations, state-funded public police and state-funded non-public police. Legislation When trying to solve the cybercrime problem, countries are confronted with several problems. Their legislation was not adopted according to the new requirements of the IT. Domestic solutions had to be adopted or the existing laws had to be adopted. Sometimes, there was no procedural provision that could have assured the efficiency of the investigations. The globalization of crime posed the problem of the cost of investigating and prosecuting transnational crime. That is why the authorities soon realized that the domestic regulations were not enough and consequently the intervention of international and regional organizations was necessary in this respect.The first initiative on computer crime was at European level, to be more precise, belonged to Council of Europe which organized in 1976 the Conference on Criminological Aspects of Economic Crime. In 1983 OECD appointed an expert committee to discuss computer-related crime and to see how changes should be brought to the Penal Codes. In 1990, UN gave a resolution on computer crime legislation and in 1994 was published the United Nations Manual on Prevention and Control of Computer-Related Crime. G8 built up in 1997 a Subgroup of High-Tech Crime and the same year they adopted in Washington Ten Principles in the Combat Against Computer Crime.In 1997, Council of Europe created the Committee of Experts on Crime in Cyber- Space. The European Commission, Council of EU, USA, Canada and Japan had the possibility to send a representative to CoE. This gave the opportunity of a rapid alignment of the CoE policies with those of G8. The co-operation was enhanced by the acting together of G8 and EU toward the “developments of a transnational network of actors”.The Cybercrime Convention adopted by the Council of Europe member states was created as a possible response to the global threat of cybercrime. It is in fact the only legal binding international instrument to tackle cybercrime and the result of several years of work. As previously mentioned, The Convention offers a classification of cybercrimes in four big categories: offences against the confidentiality, integrity and availability of computer data and systems, computer-related offences, content-related offences, offences related to infringements of copyright and related rights. An important part of the Convention is dedicated to the international aspects- international co-operation and to procedural measures. The transnational character of the computer crimes is one of the most problematic issues the law enforcement agencies have to face, as it will be shown further on. We are speaking about different jurisdictions and all the diversity that emerges from that. That is why the Convention tried by introducing the provisions related to international co-operation in computer cases to create some common standards and to fill up the gaps of the existing regional and international instruments in the field. The Convention raised also some critics, especially from the American opponents but not only, who considered it too largely formulated and contradicting the American constitutional provisions such as the First Amendment. There were also persons who contested the big secrecy under which the Convention was drafted and the fact that there was no prior consultation of the civil society. The Convention was signed also by non- member states of the Council of Europe. Among them, as lit emerged from the previous lines, USA which ratified the convention in 2006, after a long and controversial internal dispute. The fact that the Convention was signed also by countries from another continents would implicitly mean that it was intended to address the cybercrime issue globally. The next logical and legitimate question is if a regional organisation can assume such a task, bearing in mind that such an initiative is exposed to the risk of failure, as long as countries from other regions of the world would be reluctant to a regional initiative that does not come from their region. Reality vs fiction. In order to understand if cybercrime is a real threat or just a product of media, state or private actors, the following points are important for analysis, namely: ”the number of cyber crimes is growing and criminal activities are becoming increasingly sophisticated and internationalised”; “clear indications point to a growing involvement of organized crime groups in cybercrime”; ”however, the numbers of prosecutions on basis of cross-border law enforcement cooperation decrease”. These three points are revealing the main trends of the cybercrime phenomenon as seen by the law enforcement agencies at EU level. But are they true facts or they are just some myths launched by the press and the security industry and taken over by the LEAs as a justification for a serious of actions they elaborated? Can we currently speak about fear of cybercrime? We will try to answer to all that in the following pages. The Game of the Statistics The statistics have represented an important aspect in the global discourse about cybercrime. But what kind of statistics are we talking about? The Communication of the Commission states that the number of cybercrimes is growing. On what is that statement based? There is common knowledge about the lack of official statistics in this kind of field. Taking into account that computer-crimes have been introduced rather late as offences in the legislation on many countries, would be quite difficult to undertake longitudinal measures of crime, as these crimes have no past category to be compared with (Yar 13). In any case, accurate official statistics would offer a glimpse into the legal criminality. The most recent acknowledgement of the problem emerges from the Council conclusions of 27 November 2008 on a concerted work strategy and practical measures against cybercrime which invites member-states in the medium term to work towards developing statistical indicator. Of course, this would not represent a true to life image of cybercrime, being well known that this type of criminality is amongst the least reported, so the black figure of crime gets to very high percentages. But at least it would represent a starting point. A more realistic image could be achieved by undertaken relevant crime and victimization surveys, activity that is underdeveloped, as well. Currently, most of the statistics are issued by IT security companies, from the private sector, that is why the figures they produce are often contested on grounds that they are not corresponding to true facts and they are only feeding an emergent industry that needs to justify its very existence . Symantec in 2004 which said that the number of attacks blocked by their filters increased by 366% between July and December 2004 or the Internet Security Report issued by the same company in September 2007 which stated that “ in the first half of the 2007, 212, 101 malicious code threats reported to Symantec, which was a 185% increase over the second half of the 2006” (David 51). Another example connected with one of the countries often associated with the cybercrime phenomenon-Romania which finds itself always in the reports issued by different organizations or private entities involved in the IT security area. If we should stick to some more recent examples, Romania has been mentioned in the 2007 Internet Crime Report released by the Internet Crime Complaint Center Report as being on the 5th place in the world when it comes to fraud. The 2008 Symantec Security Report also has positioned Romania on the first place in Europe and on the 3rd place in the world among the countries that are hosting phishing sites. When these reports were released, the Romanian media hurried to bring them to the audience’s attention. All the televisions and major journals made of them the news of the day: nations of cyber criminals. The statistics taken over from the Symantec Report were interpreted wrongly and the news were sounding like the country with the greatest number of phishers from Europe. But this is not what the report said. What is the role played by media in this equation? Can we speak about a deliberately action of the media to create a fear of cybercrime? Is this just a part of big picture in which the myth of the Romanian hacker, cunning, highly intelligent, defrauding the poor westerners who in well faith tried to do on line transactions is brought to the attention of the Romanian reader? What is the line between reality and fiction? What should the mass- media do and what is actually doing? As Grabosky emphasised “Overreaction may still be a useful strategy for organisational maintenance. One way to get attention (and resources) is to convince the world that the doom is imminent”. But one just has to know exactly when to stop. And here comes the legitimate question how far the press has come with their stories. There is no doubt the press is offering some valuable inputs as for what are the main trends when speaking about cybercrime, what are the major offences that occur and the modus operandi of the cyber offenders. But as the media is too much concentrated on the sensational and how to get the prime time, sometimes these episodes are exaggerated and much more important elements are left behind, such as how to prevent computer-crimes, how to avoid becoming a victim. Important elements in the education of citizens can be gathered from the press, if the right articles are to be written. The press can contribute to the awareness raising of the Internet users and can represent a valuable actor in designing the prevention policies in the field. This is the right path the press should follow but for now it remains to be seen if the commercial would be left aside in order to follow this less spectacular direction. Cybercrime and transnational organised crime The concept of organized crime is much more disputed and controversial than that of cybercrime and my purpose here is not to bring to the surface all the polemics about it, but rather to discuss to what extent is cybercrime committed in an organized manner. Different typologies of transnational organized crime have been sketched by the experts in the field, considering the transnational organised crime as an entity, an activity or concentrating rather on the effects of the transnational character of this type of crime (Cockayne 85). Some years ago the economic profit as a motivation for committing computer-crime was rather rare, now it has become the common rule. It would be interesting to see if the proportion between organized cybercrime and cybercrime committed by individuals has not reversed in the last three, four years. At least the official figures would indicate such a reversal which would come as no surprise taking into account the high percentages of Internet fraud, ID theft and skimming, that due to their transnational modus operandi, need the presence of organized groups. What is important to be mentioned is the fact that there is an international legal framework that allows the states to bring to justice organised cyber criminals that are actioning in a borderless environment, namely the Internet. Sometimes, the Palermo Convention represents the only legal instrument that can be invoked, especially in circumstances when between the issuing and executing countries (which are to be found on different continents) there is no bilateral or regional treaty into force. Challenges for law enforcement agencies? There is no doubt that cybercrime raised a lot of problems for the law enforcement agencies. Should computer crimes have been common criminality, these challenges could not have appeared, so I guess that indirectly the issues the police and judiciary have to face when tackling cybercrime are clearly stating that we are taking about something really different compared with the traditional crime, something that needs special attention and special measures. There are a lot of discussions in the specialized literature as to what are the major challenges posed by cybercrime. Challenges deriving from procedural issues The Communication of the European Commission, previously mentioned, despite of an increase in the number of cybercrimes. Referring to this problem Wall put it in a very plastic way that the low prosecution rate is showing the absence of evidence or the evidence of the absence (Wall 13). He offers three possible explanations for this discrepancy: the exaggerated image created by enforcement agencies and the nature of the cybercrimes. The complexity of computer crimes is not allowing for reductionist answers. The chance for being prosecuted for computer hacking in the USA is placed at 1 in 10 000 (Bequai 13).As the above-mentioned examples, shows, there are countries especially those with a common law tradition where there is no principle of legality governing the prosecutorial phase; therefore, it will be no mandatory prosecution. The prosecution will rather take place in accordance with some very pragmatic criteria as related to the seriousness of the offence, value of the prejudice. The criminal investigation would depend on the resources available and to the degree of prioritization established by the law enforcement agencies. Another problem would be represented by the fact that cybercrime requires a high degree of specialisation among the police officers, prosecutors and even judges.The criminal investigation of computer crimes are circumvented to special requirements and techniques, starting from a computer search to preservation of computer data, real time collection of data etc. That means that for effective prosecution previous specialized training is needed. Some states already did that, others still need to develop valid training programs in this respect. Challenges coming from the transnational character The transnational character of cybercrime represents one of the greatest challenges ever to the law enforcement agencies. Internet has no borders and consequently the cyber criminals can act from their homes affecting the lives of people located on the other side of the planet. Without developing too much on it, it has to be said that transborder searches, positive conflict of jurisdictions and requests of mutual legal assistance in criminal matter can raise a lot a difficulties and can cause delays in solving cybercrime cases. The co-ordination between countries is in this context crucial, as long as we are talking about data extremely volatile and the classical channels of communication could in most of the times prove totally inefficient as timing and a response rate and with no effective solution developed up to now. It is important that organizations such as UN, who have become aware of the problem and now are trying to deal with this issue as effectively as possible. Recommendation As it was well noticed the initiative to harmonise the laws related to computer crimes came especially from well developed countries, mostly European countries or members of the G8 and this is definitely not enough (Sette 306). Due to the transnational dimensions of this type of criminality, it is of utmost importance to involve as much countries as possible in this harmonisation process and that means also developing countries where the IT market is still in an emergent phase.This is the only valid solution if the slogan no safe havens for cybercriminals should prove to be really back up by concrete actions. The Cybercrime Convention was a good starting point in this direction. Although the initiative of a regional organisation (Council of Europe), the Convention was open for signature for non-member states as well in the attempt to bring to a common nominator the legislation, procedural measures and provisions related to international co-operation at global level. Currently, the Council ofEurope is very much involved into a wide campaign of publicising the Cybercrime Convention on other continents, such as Africa, South America or Asia. On the other hand, the ratification process of the European countries that have signed the Convention in 2001 in Budapest is rather slow, there are still a significant number of member-states of the Council of Europe which have not ratified the Convention such as Great Britain and Spain. This is to some extent deligitimizing the Convention and makes the efforts to find new states interested in even greater as long as European level no propensity to speed up the process emerges. At the international level it was felt that a regional effort although accessible to non/European countries would not be sufficient. In this context, the International Telecommunication Union (ITU) is currently developing a programme called “ITU Global Cybersecurity Agenda” which is a multilayered agenda, one of its tasks being “the development of a model legislation on cybercrime”.Although this programme is currently work in progress, it is presenting a clear positive advantage in comparison with the Council of Europe initiatives, in the sense that developing countries are also participating into it and this can confer indeed a global coverage. Additional to that, UN is currently struggling to bring together a treaty on cybercrime which would be applicable world wide and which could correspond even to the visions of the states which are not party to the Council of Europe Convention. Despite the fact that it is too early to tell where the work of these organisations is heading, as it was well underlined, “the UN/ITU could support the standardization processes in the developing countries where the majority of the Internet users are located”( Gercke 10). In this context, the projects undertaken by ITU and UN could enjoy that global recognition that the Council of Europe could not possibly benefit up to now from due to its regional character and could develop an instrument able to be recognised and applied everywhere on the globe. But harmonising the legislation is obviously not enough. This article has showed what the major tendencies in the field are and how fast everything is changing. In this context, repression is not sufficient anymore. Prevention policies are another aspect that needs to be taken into consideration more and more not only by the LEAs but also by the private industry as it is more and more clear that the fight against cybercrime is a fight that needs to be fought by all of us together. Works Cited Brown, Eduards, and Marsden, C. Information Security and Cybercrime. available at http://papers.ssrn.com/sol3/papers.cfm?abstra ct_id=1427776 Carrabine, Lee, South, Cox and Plummer, K. Criminology. A Sociological Introduction, Routledge: London-New York,2004. Print Cockayne, J. Transnational Organized Crime: Multilateral Responses to a Rising Threat. Coping with Crisis, International Peace Academy, April 2007. Communication from the Commission to the European Parliament, the Council and the Committee of the Regions, Towards a general policy on the fight against cybercrime, COM(2007)267 final, Brussels, 22.5.2007, available at www.europa.eu Gercke, M. “National, Regional and International Legal Approaches in the Fight Against Cybercrime”. Journal of Information Law and Technology, Issue 1, 15 February 2008, pp. 7-14. Gercke, M. Understanding Cybercrime. A Guide for Developing Countries, Draft April 2009. available at www.itu.int Gordon, S. And Ford R., “On the definition and classification of cybercrime”. Journal in Computer Virology, n. 2, 2006, pp.13-20. Grabosky, P. N. “Virtual Criminality.Old Wine in New Bottles?”, in Legal Studies, vol.10, n. 2, 2001, pp. 243-249. rint Grabosky,P. “Editor's Introduction”, in CrimeLaw and Social Change, vol. 46, 2006, pp.185-187. Print Hughes L. A., DeLone G. J., “Viruses, Worms and Trojan Horses: Serious Crime, Nuissance or Both?”, in Social Science Computer Review, 2007, pp. 78-98. Hunter, P. “2005 IT Security Highlights- the day of the hacker amateur has gone, but there are still plenty of amateur users”, in Computer Fraud and Security, January 2006, pp. 13-17. Ifrah, L. Cybercrime: Current Threats and Trends. available at www.coe.int Internet Crime Complaint Center, 2008 Internet Crime Report,available at www.ic3.org Kozlovky N., A Paradigm Shift in Online Policing. Designing an Accountable Policing, available at http://crypto.stanford.edu/portia/pubs/articles/ K146964995.html Norman P., “Policing ‘high-tech’ crime within the global context: the role of the transnational policy networks”, in Wall D. (Edited by), Crime and the Internet, Routledge: London-New York, 2001, pp.184-194. Rogers, M. “Organized Computer Crime and More Sophisticated Security Controls: Which Came First the Chicken or the Egg”. Journal of Clinical Criminology. 1999, available at www.criminologia.org Schjolberg, S., Computer Related Offences: A presentation at the Octopus Interface 2004. Strasbourg 2004, available at www.coe.int Wall, D. “Cybercrimes and the Internet” , in Wall D. (Edited by), Crime and the Internet, Routledge: London-New York, 2001, pp. 1-17. Wall, D. Understanding Crime in the Information Age. Polity Press, 2007. Print Wall, D. “Cybercrime, Media and Insecurity: The Shaping of Public Perceptions of Cybercrime” in International Review of Law. Computers and Technology, Vol. 22, no. 1-2, 2008, pp. 45-63. Yar, M. Cybercrim and Society,Sage Publications. 2006. Print Read More