Transcript Crime over the Internet

Perspectives for an effective
European-wide fight against
cybercrime
Anne Flanagan
Institute for Computer and Communications Law
Centre for Commercial Law Studies, Queen Mary, University of London
Introductory Remarks

Transnational crime
– Substantive & procedural harmonisation



EU: ‘First Pillar’, ‘Third Pillar’ & the Lisbon Treaty
Sanction & remedies
Policing cyberspace
– Public & private law enforcement

The role of intermediary service providers
– Council of Europe Guidelines for Co-operation (2008)
– Controlling content & monitoring communications

Safeguarding rights
Sanction and remedy

Sentencing
– statutory minimums, judicial discretion

Cyber Security Enhancement Act of 2002
– ‘aggravating circumstances’


e.g. EU Framework Decision, art. 7
Restraint orders
– Collard [2004] EWCA Crim 1664


“..prohibited from owning, using, possessing or having any access to any personal
computer, laptop computer or any other equipment capable of downloading any
material from the Internet…”
Compensation
– Civil enforcement, e.g. 18 U.S.C. § 1030(g)
Policing cyberspace

Public law enforcement
– Industrial-scale & organised crime

e.g. US Landslide investigations & the UK 7000
– Local, national & international policing structures

e.g. reporting crimes
– International co-operation

e.g. www.virtualglobaltaskforce.com
– ‘Operation PIN’
– community policing in cyberspace: ‘simply another public
place’
Policing cyberspace
– Interaction with private sector

Exchanging information
– e.g. Single Points of Contact (SPOCs)
– Prosecution expertise

And judicial training
– Pro-active intervention?

To ‘attack’ online resources
Policing cyberspace

Private law enforcement
– private prosecutions

e.g. Federation Against Software Theft (FAST)
– investigative & reporting functions


e.g. Computer Emergency Response Team (CERT)
e.g. Internet Watch Foundation
– vigilantes

e.g. US v Jarrett 338 F.3d 339 (Va., 2003)
– an ‘unholy alliance’?
Protected data


Biggest challenge for computer forensics in the
21st Century
– Access & conversion protections
Obtaining access
– Requirement to provide in intelligible form
– Requirement to hand over ‘key’



“any key, code, password, algorithm or other data”
Failure to disclose in ‘a national security case’: 5 years
Self-incrimination?
– S and A [2008] EWCA Crim 2177
Criminals and actors

Perpetrator
– a criminal type?
– motivation, opportunity & skill


From ‘script-kiddies’ to ‘überhackers’
Inchoate offences
– Attempt, conspiracy & incitement



Demanding supply
Misuse of devices, e.g. Convention, art. 6
Intermediaries
– communications service provider

limitations on liability
Intermediary liability

Service providers as gatekeepers
– User-generated content


indecent or obscene, encouragement of terrorism……
Electronic commerce Directive (00/31/EC)
– ‘mere conduit’, ‘caching’ & ‘hosting’


‘actual knowledge’
Duties to report?
– Monitoring and action


LVMH v Google (2009)
Commission review
– Content aggregation, search engines, linking
Controlling illegal content

Notice and take-down (in jurisdiction)
– Terrorism Act 2006, s. 3 ‘internet activity’


Liability for endorsement
Blocking access (out jurisdiction)
– e.g. Internet Watch Foundation




database of URLs for child sexual abuse images
Voluntary, but with threat of mandation
International reach, e.g. Google & Yahoo!
Web-based traffic, but not P2P & other services
– Problem of collateral interference

e.g. Wikipedia & Scorpions ‘Virgin Killers’
Monitoring communications

Interception of content
– For law enforcement purposes

e.g. Airline bombers, Madrid bombers
– For commercial purposes


Phorm & behavioural targeted advertising
Accessing communications data
– Attributes: Traffic, usage, location & subscriber data

e.g. 21/7 bombers (?) – from London to Italy
– Data retention: 6-24 months (Directive 06/24/EC)

Google agreement with EU
Safeguarding Rights

European Convention on Human Rights
– Fair trial (art. 6), privacy (art. 8) & freedom of
expression (art. 10)


‘chilling effect’
Derogations
– In accordance with the law

Legal certainty
– Applicable interest

i.e. national security
– Necessity and proportionality
Concluding remarks