Global Perspectives on                                   Cybercrime                                             Eddan Katz...
International Efforts to                               Harmonize Cybercrime                  • Council of Europe (CoE): Con...
Defining Cybercrime                  • Computer Crime                         • “any illegal act for which knowledge of com...
Unauthorized Access                  • define a computer system as a protected                       environment and make c...
Mens Rea: Guilty Mind                  • automation of processing and transmission                  • complex operation of...
Convention on Cybercrime                  • Illegal Access - infringing security measures, intent of obtaining data       ...
CoE Cybercrime Convention                   Explanatory Report                  • legitimate and common activities inheren...
Guidelines for the Cooperation between Law                Enforcement and Internet Service Providers Against              ...
Information Intermediaries                  • Hosting Providers                  • Internet Service        • Search Engine...
Privacy                  • Notice/Disclosure/Collection                  • Choice/Consent                  • Access       ...
Access to Knowledge                  • Innovation                         • Open Infrastructure                         • ...
Open Innovation                  • End-to-End Principle   • Granularity                  • Interoperability       • Freedo...
Domestic Economic Growth                  • Translation                  • Adaptability to Local Customs                  ...
Thank you.                  • Eddan Katz                         • eddan@eff.orgWednesday, December 29, 2010               ...
Upcoming SlideShare
Loading in …5
×

Thainetizennetwork globalcybercrime 07272009

395 views
358 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
395
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Thainetizennetwork globalcybercrime 07272009

  1. 1. Global Perspectives on Cybercrime Eddan Katz International Affairs Director Electronic Frontier Foundation Thai Netizen Network Public Forum Bangkok, Thailand July 27, 2009Wednesday, December 29, 2010 1
  2. 2. International Efforts to Harmonize Cybercrime • Council of Europe (CoE): Conference on Criminological Aspects of Economic Crime - Strasbourg (1976) • U.S. Justice Department: Criminal Justice Resource Manual (1979) • First Interpol Training Seminar for Investigators of Computer Crime - Paris (1981) • Organization for Economic Cooperation and Development (OECD): Committee for Information and Communications Policy (ICCP) Recommendations (1986) • G-8 Senior Experts on Transnational Organized Crime: High Tech Subgroup (1998) • Association of Southeast Asian Nations (ASEAN): Ministerial Meeting on Transnational Crime (AMMTC) (2004) • International Telecommunications Union (ITU) Global Cybersecurity Agenda (2007)Wednesday, December 29, 2010 2
  3. 3. Defining Cybercrime • Computer Crime • “any illegal act for which knowledge of computer technology is essential for a successful prosecution.” US DoJ • “any illegal, unethical or unauthorized behavior relating to the automatic processing and the transmission of data.” OECD Rec. • updating technical means of prosecuting existing crimes committed using a computer • new crimes where computer is object of crime • Internet JurisdictionWednesday, December 29, 2010 3
  4. 4. Unauthorized Access • define a computer system as a protected environment and make control of access to this environment a protected right • normal operations and exceptions • Security Research • Quality Assurance • Lack of harm or damage • Legitimate Use • Anti-Competitive BehaviorWednesday, December 29, 2010 4
  5. 5. Mens Rea: Guilty Mind • automation of processing and transmission • complex operation of computer systems • computer as subject of crime • Worms - viruses that self-replicate • Trojan Horses - contain hidden malicious code • Logic Bombs - activate at specific time • Sniffers - network analyzers • functionality of code lacks specific intentWednesday, December 29, 2010 5
  6. 6. Convention on Cybercrime • Illegal Access - infringing security measures, intent of obtaining data • Illegal Interception - interception, without right, by technical means, of non-public transmission • Data Interference - damage, deletion, deterioration, alteration, suppression • System Interference - inputting, transmitting, damaging, deleting, deteriorating, altering, or suppressing • Misuse of Devices - production, sale, procurement for use, import, distribution, making available; designed or adapted primarily for offense • Computer-Related Forgery - inauthentic data, intent to defraud • Computer-related Fraud - causing of a loss of property to another personWednesday, December 29, 2010 6
  7. 7. CoE Cybercrime Convention Explanatory Report • legitimate and common activities inherent in the design of networks, or legitimate and common operating or commercial practices should not be criminalized. (38) • must be the specific (i.e. direct) intent that the device is used for the purpose of committing any of the offences. (76) • Liability arises for aiding or abetting where the person who commits a crime established in the Convention is aided by another person who also intends that the crime be committed. (119) • there is no duty on a service provider to actively monitor content to avoid criminal liability under this provision. (119) • A service provider does not incur liability by virtue of the fact that a crime was committed on its system by a customer, user or other third person, because the term "acting under its authority" applies exclusively to employees and agents acting within the scope of their authority. (125)Wednesday, December 29, 2010 7
  8. 8. Guidelines for the Cooperation between Law Enforcement and Internet Service Providers Against Cybercrime - Council of Europe (2008) • written procedures, information sharing, culture of cooperation, formal partnerships (10-13) • protect fundamental rights of citizens - civil, political, & human rights (14) • enforcing domestic & international data protection & privacy (15) • procedures, training, technical resources, designated personnel (17-21) • standardizing requests, specificity and accuracy requirements (25-27) • ISPs encouraged to report offenses. not obligated to monitor (42) • ensure that customer data and personal information not disclosed (51-52)Wednesday, December 29, 2010 8
  9. 9. Information Intermediaries • Hosting Providers • Internet Service • Search Engines Providers • Participative Web Platforms • Domain Name Registrars • Virtual Worlds • Financial • Distributed Computing Intermediaries • Auction Platforms and • Social Networks eCommerce actorsWednesday, December 29, 2010 9
  10. 10. Privacy • Notice/Disclosure/Collection • Choice/Consent • Access • Security/Integrity • Enforcement/Redress • mandatory disclosure of personal information • public-private space distinction • content of communications • specificity of warrantWednesday, December 29, 2010 10
  11. 11. Access to Knowledge • Innovation • Open Infrastructure • Collaborative Production • Development • Economic Growth • Individual AutonomyWednesday, December 29, 2010 11
  12. 12. Open Innovation • End-to-End Principle • Granularity • Interoperability • Freedom to Tinker • Creative Destruction • Distributed Responsibility • Level Playing Field • Self-Organizing Community • Collaborative Production • Reputation Economies • Modularity • CorrectabilityWednesday, December 29, 2010 12
  13. 13. Domestic Economic Growth • Translation • Adaptability to Local Customs • Network Effects • Open Standards • Skill DevelopmentWednesday, December 29, 2010 13
  14. 14. Thank you. • Eddan Katz • eddan@eff.orgWednesday, December 29, 2010 14

×