Regulating Cybercrime: Lecture Notes
Week 1: Cybercrimes
Lecture 1. 1 - Cybercrimes (1)
Outline
● Practical introduction to the course
● Introduction to cybercrime
○ What is cybercrime?
○ International character of cybercrime
○ Challenges in domestic substantial cybercrime law
● Substantive criminal law
○ Hacking
Literature
Principles of Cybercrime (J. Cough)
- Not necessary to know all legislation/cases referred to in book; merely use as
background information
- Most important to know differences existing between regulation of cybercrimes
and implementation of Convention on Cybercrime (necessary differences
between national law will be discussed during lectures)
What is cybercrime?
There are different views on its definition; however, there are some common
distinctions:
1. Offenses against computer/data systems
a. Where computer is target of criminal activity
i. Example: hacking
2. Existing offenses where computer is a tool used to commit offenses
a. Example: stalking
3. Offenses where computer is an incidental aspect of criminal activity
a. Provides for digital evidence; but fact that there is digital evidence does
not necessarily make it a cybercrime
i. Example: emails and other communications by offenders
Legal focus
● Convention on Cybercrime (CoC) (Budapest Convention)
○ Art. 1-9
○ Explanatory Report
○ Additional Protocol and Xenophobia and Racism
● Other international and supranational legal instruments
, ○ Example(s):
■ Directive 2013/40/EU on attacks against information systems
■ Council of Europe Convention on the protection of children against
sexual exploitation and sexual abuse (Lanzarote Convention)
● Examples of national cybercrime law
Challenges of cybercrime
1. Scale
a. Amount of people with Internet access is enormous; provides large pool
of potential offenders + victims
2. Accessibility
a. Technology is (almost) everywhere and (increasingly) easy to use;
accessible to both offenders + victims
i. Whilst some cybercrimes go beyond skills of an individual, there is
information available on how to execute criminal activity
1. Ex. Buying hacking program through dark web
3. Anonymity
a. Problem for all crimes but enhanced in cybercrime; criminals always find
ways to stay anonymous; more opportunities to do this in cybercrime
4. Portability and transferability
5. Global reach (international/cross-border character of cybercrime)
a. Either crime is committed in multiple countries or offenders collaborating
live in multiple countries or offenders commit crimes in another country
other than their habitual residences
i. This makes investigation difficult and demands cooperation for
which rules are needed
6. Absence of capable guardians (among which are effective substantive criminal
law)
a. Perceived risk of detection and prosecution
b. Effective regulation is a challenge faced by law enforcement
Global reach (international character of cybercrime)
Criminal law has a predominantly national approach
- National prosecution is based on:
- National jurisdiction rules
- Usually restricted to territorial jurisdiction in which offense is
committed
- National criminal offenses
- (Partly) national investigations
But cybercrime often has international aspects
,>Solution: rules on international cooperation are needed
● Gathering of information and evidence
● Extradition
● Transfer of proceedings and/or sentences
How can international cooperation be obtained?
>Treaties and other international legal instruments that entail:
- Obligations to establish criminal offenses
- Obligations on substantive law to prevent safe havens + encourage
possibility for mutual legal assistance (due to principle of double
criminality; activity must be criminal in the involved jurisdictions)
- Obligations to create powers to investigate
- Can prevent that crimes cannot be investigated due to lack of powers
- Ex. If country B needs country A for investigations, need
procedural rules in both to effectively do this
- Obligations to create jurisdiction
- Can prevent negative or positive jurisdiction conflicts
- Preventing situations in which either no country has jurisdiction or
several countries have jurisdiction
- Obligations regarding international cooperations
- Can make sure help will be effectuated
Convention on Cybercrime
CoC was the first binding international instrument addressing issues of cybercrime
adopted by Council of Europe on 23 November 2001, Budapest
- Intended to apply globally, not just to Members of Council of Europe; so it is
open to non-Member States
- Total number of ratifications: 68
CoC entails several obligations:
● Obligations to establish criminal offenses
● Obligations to create jurisdiction
● Obligations to create investigative powers
● Obligations regarding international cooperation
Approach of CoC
, >Through the harmonization of substantive (criminalizing conduct) and procedural law
(procedural tools) international cooperation is attained
Categorisation of offenses in CoC
1. Offences against confidentiality, integrity and availability of computer data and
systems (cybercrimes in narrow sense) (chapter 2, section 1, title 1)
a. Illegal accessing a computer system
b. Illegal interception of data
c. Data interference
d. Computer system interference
e. Misuse of devices
2. Computer-related or computer-assisted offenses (chapter 2, section 1, title 2)
a. Fraud
b. Forgery
3. Content-related offenses (chapter 2 section 1, title 3)
a. Child pornography
4. Offenses related to intellectual property rights and similar rights (chapter 2,
section 1, title 4)
Challenges in domestic substantive criminal law
The changing legislative environment: new crime —> new law?
● Prior to specific cybercrime laws using existing (or traditional) offenses were
used to prosecute cybercrimes
○ Unauthorized access as trespass
○ Impairment of data as criminal damage
But, applying existing laws cannot always be done successfully
Week 1: Cybercrimes
Lecture 1. 1 - Cybercrimes (1)
Outline
● Practical introduction to the course
● Introduction to cybercrime
○ What is cybercrime?
○ International character of cybercrime
○ Challenges in domestic substantial cybercrime law
● Substantive criminal law
○ Hacking
Literature
Principles of Cybercrime (J. Cough)
- Not necessary to know all legislation/cases referred to in book; merely use as
background information
- Most important to know differences existing between regulation of cybercrimes
and implementation of Convention on Cybercrime (necessary differences
between national law will be discussed during lectures)
What is cybercrime?
There are different views on its definition; however, there are some common
distinctions:
1. Offenses against computer/data systems
a. Where computer is target of criminal activity
i. Example: hacking
2. Existing offenses where computer is a tool used to commit offenses
a. Example: stalking
3. Offenses where computer is an incidental aspect of criminal activity
a. Provides for digital evidence; but fact that there is digital evidence does
not necessarily make it a cybercrime
i. Example: emails and other communications by offenders
Legal focus
● Convention on Cybercrime (CoC) (Budapest Convention)
○ Art. 1-9
○ Explanatory Report
○ Additional Protocol and Xenophobia and Racism
● Other international and supranational legal instruments
, ○ Example(s):
■ Directive 2013/40/EU on attacks against information systems
■ Council of Europe Convention on the protection of children against
sexual exploitation and sexual abuse (Lanzarote Convention)
● Examples of national cybercrime law
Challenges of cybercrime
1. Scale
a. Amount of people with Internet access is enormous; provides large pool
of potential offenders + victims
2. Accessibility
a. Technology is (almost) everywhere and (increasingly) easy to use;
accessible to both offenders + victims
i. Whilst some cybercrimes go beyond skills of an individual, there is
information available on how to execute criminal activity
1. Ex. Buying hacking program through dark web
3. Anonymity
a. Problem for all crimes but enhanced in cybercrime; criminals always find
ways to stay anonymous; more opportunities to do this in cybercrime
4. Portability and transferability
5. Global reach (international/cross-border character of cybercrime)
a. Either crime is committed in multiple countries or offenders collaborating
live in multiple countries or offenders commit crimes in another country
other than their habitual residences
i. This makes investigation difficult and demands cooperation for
which rules are needed
6. Absence of capable guardians (among which are effective substantive criminal
law)
a. Perceived risk of detection and prosecution
b. Effective regulation is a challenge faced by law enforcement
Global reach (international character of cybercrime)
Criminal law has a predominantly national approach
- National prosecution is based on:
- National jurisdiction rules
- Usually restricted to territorial jurisdiction in which offense is
committed
- National criminal offenses
- (Partly) national investigations
But cybercrime often has international aspects
,>Solution: rules on international cooperation are needed
● Gathering of information and evidence
● Extradition
● Transfer of proceedings and/or sentences
How can international cooperation be obtained?
>Treaties and other international legal instruments that entail:
- Obligations to establish criminal offenses
- Obligations on substantive law to prevent safe havens + encourage
possibility for mutual legal assistance (due to principle of double
criminality; activity must be criminal in the involved jurisdictions)
- Obligations to create powers to investigate
- Can prevent that crimes cannot be investigated due to lack of powers
- Ex. If country B needs country A for investigations, need
procedural rules in both to effectively do this
- Obligations to create jurisdiction
- Can prevent negative or positive jurisdiction conflicts
- Preventing situations in which either no country has jurisdiction or
several countries have jurisdiction
- Obligations regarding international cooperations
- Can make sure help will be effectuated
Convention on Cybercrime
CoC was the first binding international instrument addressing issues of cybercrime
adopted by Council of Europe on 23 November 2001, Budapest
- Intended to apply globally, not just to Members of Council of Europe; so it is
open to non-Member States
- Total number of ratifications: 68
CoC entails several obligations:
● Obligations to establish criminal offenses
● Obligations to create jurisdiction
● Obligations to create investigative powers
● Obligations regarding international cooperation
Approach of CoC
, >Through the harmonization of substantive (criminalizing conduct) and procedural law
(procedural tools) international cooperation is attained
Categorisation of offenses in CoC
1. Offences against confidentiality, integrity and availability of computer data and
systems (cybercrimes in narrow sense) (chapter 2, section 1, title 1)
a. Illegal accessing a computer system
b. Illegal interception of data
c. Data interference
d. Computer system interference
e. Misuse of devices
2. Computer-related or computer-assisted offenses (chapter 2, section 1, title 2)
a. Fraud
b. Forgery
3. Content-related offenses (chapter 2 section 1, title 3)
a. Child pornography
4. Offenses related to intellectual property rights and similar rights (chapter 2,
section 1, title 4)
Challenges in domestic substantive criminal law
The changing legislative environment: new crime —> new law?
● Prior to specific cybercrime laws using existing (or traditional) offenses were
used to prosecute cybercrimes
○ Unauthorized access as trespass
○ Impairment of data as criminal damage
But, applying existing laws cannot always be done successfully
