Prevention of Electronic Crimes Bill 2007 By Zahid U. Jamil Barrister-at-law www.jamilandjamil.com

This slideshow was prepared and presented by Zahid Jamil at The Second Floor on 7 th Sept 2007 It is very difficult to convey the message simply through slides but pay careful attention to the BOLD text which have been deliberately highlighted and need to be fully understood

This slideshow was prepared and presented

by Zahid Jamil at

The Second Floor

on 7 th Sept 2007

It is very difficult to convey the message simply through slides

but pay careful attention to the BOLD text which have been deliberately highlighted and need to be fully understood

Electronic Transactions Ordinance 2002

Electronic Transactions Ordinance 2002

36. Violation of privacy information.— gains or attempts to gain access to any information system with or without intent to acquire the information Gain Knowledge Imprisonment 7 years Fine Rs. 1 million

36. Violation of privacy information.—

gains or attempts to gain access

to any information system with or without intent

to acquire the information

Gain Knowledge

Imprisonment 7 years

Fine Rs. 1 million

Data Protection Act Data Confidentiality Law

Data Protection Act

Data Confidentiality Law

37. Damage to information system, etc.— alter, modify, delete, remove, generate, transmit or store information to impair the operation of, or prevent or hinder access to,information knowingly not authorised Imprisonment 7 years Fine Rs. 1 million

37. Damage to information system, etc.—

alter, modify, delete, remove, generate,

transmit or store information

to impair the operation of,

or prevent or hinder access to,information

knowingly not authorised

Imprisonment 7 years

Fine Rs. 1 million

“ Cyber Stalking ” (a) communicate obscene , vulgar, profane, lewd, lascivious , or indecent language, picture or image; (b) make any suggestion or proposal of an obscene nature; (c) threaten any illegal or immoral act; (d) take or distribute pictures or photographs of any person without his consent or knowledge ; (e) display or distribute information in a manner that substantially increases the risk of harm or violence to any other person, commits the offence of cyber stalking. How can anyone of the above provisions help in defining Cyber Stalking? This provision needs substantive work or deletion.

“ Cyber Stalking ”

(a) communicate obscene , vulgar, profane, lewd, lascivious , or indecent language, picture or image;

(b) make any suggestion or proposal of an obscene nature;

(c) threaten any illegal or immoral act;

(d) take or distribute pictures or photographs of any person without his consent or knowledge ;

(e) display or distribute information in a manner that substantially increases the risk of harm or violence to any other person, commits the offence of cyber stalking.

How can anyone of the above provisions help in defining Cyber Stalking? This provision needs substantive work or deletion.

“ electronic” includes electrical, digital, magnetic, optical, biometric, electro-chemical, wireless or electromagnetic technology; ?

“ electronic” includes electrical, digital, magnetic, optical, biometric, electro-chemical, wireless or electromagnetic technology;

?

14. Spamming .—(1) Whoever transmits harmful, fraudulent , misleading, illegal or unsolicited electronic messages in bulk to any person without the express permission of the recipient, or causes any electronic system to show any such message or involves in falsified online user account registration or falsified domain name registration for commercial purpose commits the offence of spamming.

14. Spamming .—(1) Whoever transmits harmful, fraudulent , misleading, illegal or unsolicited electronic messages in bulk to any person without the express permission of the recipient, or causes any electronic system to show any such message or involves in falsified online user account registration or falsified domain name registration for commercial purpose commits the offence of spamming.

“ spoofing ” establishes a website , or sends an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source with intent to gain unauthorized access to commit further offence or obtain their valuable information which later can be used for any unlawful purposes is said to commit the offence of spoofing. This is phishing! (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

“ spoofing ”

establishes a website , or sends an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source with intent to gain unauthorized access to commit further offence or obtain their valuable information which later can be used for any unlawful purposes is said to commit the offence of spoofing.

This is phishing!

(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

“ malicious code” Explanation: includes but not limited to a computer program or a hidden function in a program that damages data or compromises the electronic system’s performance or uses the electronic system resources without proper authorization , with or without attaching its copy to a file and is capable of spreading over electronic system with or without human intervention including virus, worm or Trojan horse. Code performing functions unintended or unauthorized functions NOT COMPATIBLE WITH INT’L DEFINITIONS

“ malicious code”

Explanation: includes but not limited to a computer program or a hidden function in a program that damages data or compromises the electronic system’s performance or uses the electronic system resources without proper authorization , with or without attaching its copy to a file and is capable of spreading over electronic system with or without human intervention including virus, worm or Trojan horse.

Code performing functions unintended or unauthorized functions

NOT COMPATIBLE WITH INT’L DEFINITIONS

Council of Europe Convention on Cyber Crimes Budapest Convention 23.11.2001

Council of Europe

Convention on Cyber Crimes

Budapest Convention

23.11.2001

Data damage.— (1) Whoever with intent to cause damage to the public or any person , damages any data is said to commit the offence of data damage. Data Interference Budapest Convention interference-centric policy rather than damage-centric.

Data damage.— (1) Whoever with intent to cause damage to the public or any person , damages any data is said to commit the offence of data damage.

Data Interference

Budapest Convention interference-centric policy rather than damage-centric.

System damage.— (1) Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system by inputting, transmitting, damaging or deteriorating any data is said to commit system damage. System Interference

System damage.— (1) Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system by inputting, transmitting, damaging or deteriorating any data is said to commit system damage.

System Interference

Electronic fraud.— (1) Whoever for gain interferes with data or electronic system to induce any person to enter into a relationship or with intent to deceive any person, which act or omission is likely to cause damage or harm to that person or any other person , commits electronic fraud. intentionally and without right, the causing of a loss of property to another by: a. any input, alteration, deletion or suppression of computer data, b. any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another.

Electronic fraud.—

(1) Whoever for gain interferes with data or electronic system to induce any person to enter into a relationship or with intent to deceive any person, which act or omission is likely to cause damage or harm to that person or any other person , commits electronic fraud.

intentionally and without right, the causing of a loss of property to another by:

a. any input, alteration, deletion or suppression of computer data,

b. any interference with the functioning of a computer system,

with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another.

Electronic forgery.— (1) Whoever for gain interferes with data or electronic system, with intent to cause injury to the public or to any person , or to support any claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud, commits electronic forgery, regardless of the fact that the data is directly readable and intelligible or not. without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible.

Electronic forgery.— (1) Whoever for gain interferes with data or electronic system, with intent to cause injury to the public or to any person , or to support any claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud, commits electronic forgery, regardless of the fact that the data is directly readable and intelligible or not.

without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible.

Corporate liability.— A corporation shall be held liable for a criminal offence committed on its instructions or for its benefit . The corporation shall be punished with fine not less than one hundred thousand rupees. International Investment, FDI, Foreign MNCs

Corporate liability.— A corporation shall be held liable for a criminal offence committed on its instructions or for its benefit . The corporation shall be punished with fine not less than one hundred thousand rupees.

International Investment, FDI, Foreign MNCs

6. Terrorism. --- (1) In this Act, “terrorism” means the use or threat of action where: (a) the action falls within the meaning of sub-section (2), and (b) the use or threat is designed to coerce and intimidate or overawe the Government or the public or a section of the public or community or sect or create a sense of fear or insecurity in society; or (c) the use or threat is made for the purpose of advancing a religious, sectarian or ethnic cause. (2) An “action” shall fall within the meaning of sub-section (1), if it: (a) involves the doing of anything that causes death; (b) involves grievous violence against a person or grievous bodily injury or harm to a person; (c) involves grievous damage to property; (d) involves the doing of anything that is likely to cause death or endangers a person’s life;

6. Terrorism. ---

(1) In this Act, “terrorism” means the use or threat of action where:

(a) the action falls within the meaning of sub-section (2), and

(b) the use or threat is designed to coerce and intimidate or overawe the Government or the public or a section of the public or community or sect or create a sense of fear or insecurity in society; or

(c) the use or threat is made for the purpose of advancing a religious, sectarian or ethnic cause.

(2) An “action” shall fall within the meaning of sub-section (1), if it:

(a) involves the doing of anything that causes death;

(b) involves grievous violence against a person or grievous bodily injury or harm to a person;

(c) involves grievous damage to property;

(d) involves the doing of anything that is likely to cause death or endangers a person’s life;

(e) involves kidnapping for ransom, hostage-taking or hijacking; (f) incites hatred and contempt on religious, sectarian of ethnic basis to stir up violence or cause internal disturbance; (g) involves stoning, brick-bating or any other forms of mischief to spread panic; (h) involves firing on religious congregations, mosques, imambargahs, churches, temples and all other places or worship, or random firing to spread panic, or involves any forcible takeover of mosques or other places of worship; (i) creates a serious risk to safety of the public or a section of the public, or is designed to frighten the general public and thereby prevent them from coming out and carrying on their lawful trade and daily business, and disrupts civic, life; (j) involves the burning of vehicles or any other serious form of arson; (k) involves extortion of money (“bhatta”) or property; (l) is designed to seriously interfere with or seriously disrupt a communications system or public utility service; (m) involved serious coercion or intimidation of a public servant in order to force him to discharge or to refrain from discharging his lawful duties; or (n) involves serious violence against a member of the police force, armed forces, civil armed forces, or a public servant.

(e) involves kidnapping for ransom, hostage-taking or hijacking;

(f) incites hatred and contempt on religious, sectarian of ethnic basis to stir up violence or cause internal disturbance;

(g) involves stoning, brick-bating or any other forms of mischief to spread panic;

(h) involves firing on religious congregations, mosques, imambargahs, churches, temples and all other places or worship, or random firing to spread panic, or involves any forcible takeover of mosques or other places of worship;

(i) creates a serious risk to safety of the public or a section of the public, or is designed to frighten the general public and thereby prevent them from coming out and carrying on their lawful trade and daily business, and disrupts civic, life;

(j) involves the burning of vehicles or any other serious form of arson;

(k) involves extortion of money (“bhatta”) or property;

(l) is designed to seriously interfere with or seriously disrupt a communications system or public utility service;

(m) involved serious coercion or intimidation of a public servant in order to force him to discharge or to refrain from discharging his lawful duties; or

(n) involves serious violence against a member of the police force, armed forces, civil armed forces, or a public servant.

Cyber Terrorism .— (1) Any person, group, organization, or faction who, with terroristic intent utilizes, or accesses or causes to be accessed a computer or computer network by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act shall be guilty of a crime of cyber terrorism. “ After reading this document I am seriously thinking of shutting down our operations here in Pakistan and leaving. ”

Cyber Terrorism .— (1) Any person, group, organization, or faction who, with terroristic intent utilizes, or accesses or causes to be accessed a computer or computer network by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act shall be guilty of a crime of cyber terrorism.

“ After reading this document I am seriously thinking of shutting down our operations here in Pakistan and leaving. ”

Explanation: For the purposes of this section, terroristic intent means to act with the purpose to alarm, frighten, disrupt, harm , damage , or carry out an act of violence against a large segment of the population, or Government or entity associated therewith. Explanation: For the purposes of this section, a terroristic act includes , but is not limited to : (1) Altering by addition, deletion, or change or attempting to alter information that may result in the imminent injury, sickness, or death to any portion of the public at large.

Explanation: For the purposes of this section, terroristic intent means to act

with the purpose to alarm, frighten, disrupt, harm , damage , or carry out an act of violence against a large segment of the population, or Government or entity associated therewith.

Explanation: For the purposes of this section, a terroristic act includes , but is not limited to :

(1) Altering by addition, deletion, or change or attempting to alter information that may result in the imminent injury, sickness, or death to any portion of the public at large.

(2) Transmission or attempted transmission of a harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity. Aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed. Stealing or copying, or attempting to steal or copy secure or classified information or data necessary to manufacture any form of chemical, biological, or nuclear weapon, or any other weapon of mass destruction. (5) Whoever commits the offence of cyber terrorism and causes death of any person shall be punished with death or imprisonment for life and in any other case he shall be liable for imprisonment of either description for a term which may extend to ten years. or with fine not less than ten million rupees or with both.

(2) Transmission or attempted transmission of a

harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity.

Aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed.

Stealing or copying, or attempting to steal or copy secure or classified information or data necessary to manufacture any form of chemical, biological, or nuclear weapon, or any other weapon of mass destruction.

(5) Whoever commits the offence of cyber terrorism and causes death of any person shall be punished with death or imprisonment for life and in any other case he shall be liable for imprisonment of either description for a term which may extend to ten years. or with fine not less than ten million rupees or with both.

Agency Powers After obtaining search warrant [NO GROUNDS]: access inspect any electronic system use any such electronic system to search any data access to any information, code or technology, encrypted data

Agency Powers

After obtaining search warrant

[NO GROUNDS]:

access inspect any electronic system

use any such electronic system to search any data

access to any information, code or technology, encrypted data

require any person where: reasonable cause to suspect, any electronic system is or has been used; or reasonable technical and other assistance as require any person to such decrypt information obstruction one year imprisonment one hundred thousand rupees

require any person where:

reasonable cause to suspect, any electronic system is or has

been used; or

reasonable technical and other assistance as

require any person to such decrypt information

obstruction

one year imprisonment

one hundred thousand rupees

Real-time collection of traffic data The Federal Government compel service provider within its existing or required technical capability to collect or record to co-operate with law enforcement or counter- intelligence agency in the collection or recording of traffic data or data, in real-time Safeguards, how long, circumstances etc?

Real-time collection

of traffic data

The Federal Government compel service provider

within its existing or required technical capability to collect or record to

co-operate with law enforcement or counter- intelligence agency

in the collection or recording of traffic data or data, in real-time

Safeguards, how long, circumstances etc?

Retention of traffic data Service provider retain its traffic data: minimum 90 days Federal Government may extend the period to retain such date as and when deems appropriate Service providers shall retain the traffic data by fulfilling all the requirements of data retention and its originality as provided under Electronic Transaction Ordinance 2002

Retention of traffic data

Service provider retain its traffic data:

minimum 90 days

Federal Government may extend the period

to retain such date as and when deems appropriate

Service providers shall retain the traffic data by fulfilling all the requirements of data retention and its originality as provided under Electronic Transaction Ordinance 2002

Information and Communication Technologies Tribunal Federal Government shall appoint Chairman and members of the Tribunal Qualifications : 2 years as District Judge, 10 years High Court, Special knowledge of legislation and professional experience of not less than ten years in the field of telecommunication and information technologies

Information and Communication Technologies Tribunal

Federal Government shall appoint

Chairman and members of the Tribunal

Qualifications :

2 years as District Judge,

10 years High Court,

Special knowledge of legislation and professional experience of not less than ten years in the field of telecommunication and information technologies

Civil Jurisdiction Criminal Jurisdiction Oust Courts PTA and ECAC decisions heard by Tribunal PTA + IT + Cyber Crime Tribunal

Civil Jurisdiction

Criminal Jurisdiction

Oust Courts

PTA

and

ECAC decisions heard by Tribunal

PTA + IT + Cyber Crime Tribunal

NO RIGHT TO CHALLENGE

NO

RIGHT

TO CHALLENGE

EXAMPLE: investigating agency seizing the computer adding incriminating evidence (pornography) possibly framing accused no protection under Draft Act to ensure security of his data / IPR to ensure State produces in Court what was actually in the PC

EXAMPLE:

investigating agency seizing the computer

adding incriminating evidence (pornography)

possibly framing

accused no protection under Draft Act

to ensure security of his data / IPR

to ensure State produces in Court what was actually in the PC

Council of Europe Convention on Cyber Crimes Budapest Convention 23.11.2001

Council of Europe

Convention on Cyber Crimes

Budapest Convention

23.11.2001

PREAMBLE …… proper balance between the interests of law enforcement and respect for fundamental human rights , 1966 United Nations International Covenant on Civil and Political Rights , as well as other applicable international human rights treaties, Right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;

PREAMBLE

…… proper balance between the interests of law enforcement and respect for fundamental human rights ,

1966 United Nations International Covenant on Civil and Political Rights , as well as other applicable international human rights treaties,

Right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;

Article 15 – Conditions and safeguards Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law , which shall provide for the adequate protection of human rights and liberties , including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights , and other applicable international human rights instruments, and which shall incorporate the principle of proportionality .

Article 15 – Conditions and safeguards

Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law , which shall provide for the adequate protection of human rights and liberties , including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights , and other applicable international human rights instruments, and which shall incorporate the principle of proportionality .

Such conditions and safeguards shall, as appropriate in view of the nature of the power or procedure concerned, inter alia, include: judicial or other independent supervision, grounds justifying application, and limitation on the scope and the duration of such power or procedure. Country shall consider the impact of the powers and procedures upon the rights, responsibilities and legitimate interests of third parties .

Such conditions and safeguards shall, as appropriate in view of the nature of the power or procedure concerned, inter alia, include:

judicial or other independent supervision,

grounds justifying application, and

limitation on the scope and

the duration of such power or procedure.

Country shall consider the impact of the powers and procedures upon the rights, responsibilities and legitimate interests of third parties .

UK- Regulation of Investigatory Powers Act 2000 - SAFEGUARDS Disclosure of protected information proportionate to what is sought to be achieved by its imposition Necessary on Grounds : ( a) in the interests of national security; (b) for the purpose of preventing or detecting crime; or (c) in the interests of the economic well-being of the United Kingdom.

UK- Regulation of Investigatory Powers Act 2000 - SAFEGUARDS

Disclosure of protected information

proportionate to what is sought to be achieved by its imposition

Necessary on Grounds :

( a) in the interests of national security;

(b) for the purpose of preventing or detecting crime; or

(c) in the interests of the economic well-being of the United Kingdom.

Must give notice & Warrant : (a) in writing or produces a record of its having been given; (b) describe the protected information; (c) specify the matters; (d) specify the office, rank or position held by the person giving it; (f) time by which the notice is to be complied with; and (g) set out the disclosure that is required by the notice and the form and manner in which it is to be made; time specified for the purposes of paragraph (f) must allow a period for compliance which is reasonable in all the circumstances.

Must give notice & Warrant :

(a) in writing or produces a record of its having been given;

(b) describe the protected information;

(c) specify the matters;

(d) specify the office, rank or position held by the person giving it;

(f) time by which the notice is to be complied with; and

(g) set out the disclosure that is required by the notice and the form and manner in which it is to be made;

time specified for the purposes of paragraph (f) must allow a period for compliance which is reasonable in all the circumstances.

description of communications single set of premises addresses, numbers, apparatus or other factors, or combination of factors, that are to be used for identifying the communications that may be or are to be intercepted Duration Cancellation/Challenge

description of communications

single set of premises

addresses, numbers, apparatus or other factors, or combination of factors, that are to be used for identifying the communications that may be or are to be intercepted

Duration

Cancellation/Challenge

Protected Retained Destroyed Number of persons to whom disclosed Any breach actionable – ie. Can recover loss!

Protected

Retained

Destroyed

Number of persons to whom disclosed

Any breach actionable – ie. Can recover loss!

the number of persons to whom any of the material or data is disclosed or otherwise made available, the extent to which any of the material or data is disclosed or otherwise made available, the extent to which any of the material or data is copied, and the number of copies that are made, is limited to the minimum that is necessary for the authorised purposes.

the number of persons to whom any of the material or data is disclosed or otherwise made available,

the extent to which any of the material or data is disclosed or otherwise made available,

the extent to which any of the material or data is copied, and

the number of copies that are made, is limited to the minimum that is necessary for the authorised purposes.

UNITED STATES CODE ANNOTATED TITLE 18. CRIMES AND CRIMINAL PROCEDURE CHAPTER 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS

UNITED STATES CODE

ANNOTATED TITLE 18.

CRIMES AND CRIMINAL PROCEDURE

CHAPTER 121

STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS

Requirements for court order only if governmental entity offers: specific and articulable facts showing reasonable grounds to believe that contents of electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation. Quash or Modify Court order on a motion made promptly by the service provider: if the information or records requested are unusually voluminous in nature or compliance with such order otherwise would cause an undue burden on such provider.

Requirements for court order

only if governmental entity offers:

specific and articulable facts

showing reasonable grounds to believe that

contents of electronic communication,

or the records or other information sought,

are relevant and material to an ongoing criminal investigation.

Quash or Modify Court order

on a motion made promptly by the service provider:

if the information or records requested are unusually voluminous in nature or

compliance with such order otherwise would cause an undue burden on such provider.

CUSTOMER CHALLENGE Within 14 days after notice by the governmental entity to the subscriber or customer file a motion to quash such subpoena or vacate such court order, with copies served upon the governmental entity and with written notice of such challenge to the service provider

CUSTOMER CHALLENGE

Within 14 days after notice

by the governmental entity

to the subscriber or customer

file a motion to quash such subpoena

or vacate such court order,

with copies served upon the governmental entity and with written notice of such challenge to the service provider

Court or Department or Agency determines violation of this law and the court or circumstances surrounding the violation raise serious questions about whether or not an officer or employee of the United States acted willfully or intentionally with respect to the violation , department or agency shall, upon decision of court promptly initiate a proceeding to determine whether disciplinary action against the officer or employee is warranted.

Court or Department or Agency

determines violation of this law and the court or

circumstances surrounding the violation raise serious questions about whether or not an officer or employee of the United States acted willfully or intentionally with respect to the violation ,

department or agency shall, upon decision of court promptly initiate a proceeding to determine whether disciplinary action against the officer or employee is warranted.

INTERNATIONAL CO-OPERATION foreign government, Interpol or other international agency with whom it has or establishes reciprocal arrangements But what if no reciprocal arrangement? Cyber criminal can forum shop!

INTERNATIONAL CO-OPERATION

foreign government, Interpol or other international agency

with whom it has or establishes reciprocal arrangements

But what if no reciprocal arrangement?

Cyber criminal can forum shop!

(5) The Federal Government may refuse to accede to any request made by such foreign government, Interpol or international agency if the request concerns an offence which it considers a political offence or an offence connected with a political offence, or that execution of the request is likely to prejudice its sovereignty, security, order public or other essential interests.

(5) The Federal Government may

refuse to accede

to any request made by such foreign government,

Interpol or international agency

if the request

concerns an offence which it considers

a political offence or

an offence connected with a political

offence, or that execution of the request is likely to

prejudice its sovereignty, security, order public

or other essential interests.

Council of Europe Convention on Cyber Crimes Budapest Convention 23.11.2001

Council of Europe

Convention on Cyber Crimes

Budapest Convention

23.11.2001

Signatures: 34 Albania Armenia Austria Belgium Bulgaria Croatia Cyprus Denmark Estonia Finland France Germany Greece Hungary Iceland Ireland Italy Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Slovenia Spain Sweden Switzerland Ukraine Republic of Macedonia United Kingdom _________________________________________________________________________________________ Canada Japan South Africa United States

Signatures: 34

Albania Armenia Austria

Belgium Bulgaria Croatia

Cyprus Denmark Estonia

Finland France Germany

Greece Hungary Iceland

Ireland Italy Luxembourg

Malta Moldova Netherlands

Norway Poland Portugal

Romania Slovenia Spain

Sweden Switzerland Ukraine

Republic of Macedonia United Kingdom

_________________________________________________________________________________________

Canada Japan South Africa

United States

WHAT IS REQUIRED? Harmonious/Compatible Legal Regime Harmonious/Compatible Definitions of offences Harmonious/Compatible Powers,Protections Real time, Immediate, Flexible Cooperation between International agencies

WHAT IS REQUIRED?

Harmonious/Compatible Legal Regime

Harmonious/Compatible Definitions of offences

Harmonious/Compatible Powers,Protections

Real time, Immediate, Flexible Cooperation between International agencies

Only 20% Compatible With the rest of the World

Only

20%

Compatible

With the rest of the World

(FedCIRC) Federal Computer Incident Response Center CERT/CC US-CERT Information Sharing and Analysis Centers in the US, www.cert.org EuroCERT European Network and Information Security Agency AusCERT ICC Commercial Crime Services, UK

(FedCIRC)

Federal Computer Incident Response Center

CERT/CC

US-CERT

Information Sharing and Analysis Centers in the US, www.cert.org

EuroCERT

European Network and Information Security Agency

AusCERT

ICC Commercial Crime Services, UK

QUESTIONS www.jamilandjamil.com

QUESTIONS

www.jamilandjamil.com