Darius Whelan,
Faculty of Law,
UCC
CIT
March 2014
Prosecuting Cybercrime and
Regulating the Web
Current State of Cybercrim...
• Council of Europe Cybercrime
Convention
• Extradition
• Forensic examination of computers
• ‘Trojan Horse’ Defence
• Reg...
• Cybercrime covers:
– Offences where the computer is
the target of the offence, e.g.
unauthorised access and illegal
tamp...
4
Council of Europe
Cybercrime Convention
5
Cybercrime
Convention
2001
• Negotiated and signed by many
members of Council of Europe + USA,
Canada, Japan, South Afri...
6
Elements of
the
Convention
• List of crimes which each country
must enact into law
• Requires each participating nation ...
7
List of Crimes in Convention (1)
• Illegal access
• covers electronic trespass or hacking
• Illegal interception
• elect...
8
List of Crimes in Convention (2)
• Misuse of Devices
• production / sale / procurement / importation/
distribution of to...
9
Copyright -
Article 10
• The infringements must occur on a
“commercial scale”.
• How large must the copyright
infringeme...
10
24/7
Network –
Article 35
• A network of high tech
specialists available 24 hours
per day, seven days per week
for obta...
11
• Brief Mentions of Human Rights:
– Article 15 - the powers and procedures exercised under
Section 2 [procedural Articl...
12
Commentary
• Appears to be supported by large
corporations, e.g. those concerned
about software copyright violations.
•...
13
• Contrasts with past approach of Council of Europe,
which normally has strong human rights protections
in its document...
14
• Framework Decision on Attacks on Information Systems
(2005)
– Was to be implemented by March 2007
– July 2008: Commis...
Proposed
Directive
• New proposal for Directive on Attacks
against Information Systems, Sept.
2010
• COM(2010) 517 final
15
16
Extradition
• Extradition Treaties:
– Normally an activity must be
a crime in both the
requesting and requested
states
17
Dual
Crimina...
18
• ‘Love Bug’ virus incident
– Alleged perpetrator (Onel de Guzman) could not
be extradited from Philippines.
– Canadian...
19
• Accused may be extradited when visits another country
– Vladimir Levin case (1994-97)
– Re Levin [1997] UKHL 27; [199...
20
• Julio Cesar Ardita
– 21 year old Argentinian
– 1995 Sniffer re Harvard users
– Accessed Dept of Defense etc.
– Extrad...
21
“Invita” case - Vasily Gorshkov & Alexy Ivanov
• Russian hackers - Undercover operation – FBI agents
posed as reps of s...
22
Forensic Examination of
Computers
23
• Digital evidence is intangible
• Also volatile
– When Windows is booted up, this destroys 4 million
characters of evi...
From Pilipinas Anti-Piracy Team
25
• May be long delays in forensic examination of computers due
to volume of computers to be examined
• Chain of custody ...
26
• Often three images are made of a hard drive:
– Master copy as evidence
– Copy used for analysis by police
– Copy give...
27
Sharon Collins Trial 2008
• Conspiracy to Murder
• E-mail evidence central to trial
Image source - sligotoday.ie
28
Trojan Horse Defence
29
Image source – goodreads.com
• Trojan Horse virus / malware: A virus / malware program which
presents itself as routine, useful, or interesting in orde...
31
Aaron Caffrey Case (2003)
• Aaron Caffrey, aged 19, charged re computer attack on
Port of Houston's web-based systems i...
32
• Forensic examination of Caffrey's PC found attack tools
but no trace of Trojan infection.
• Case hinged on whether ju...
• Defendants may raise Trojan Horse defence in all
sorts of cybercrime cases, inc. cases on possession
of child abuse imag...
34
Regulability of the
Internet
Lawrence Lessig
Image source – Rootstrikers on vimeo.com
• Lessig, The Search for a Moose
• http://blip.tv/lessig/the-search-for-a-moose-2131975
Art. I, Section 8, clause 8 of U.S. Constitution:
The Congress shall have power … to promote the Progress of
Science and u...
EU Charter of
Fundamental
Rights
Article 17
Right to property
1. Everyone has the right to own, use, dispose of
and bequea...
Wikimedia Commons -
http://en.wikipedia.org/wiki/File:Wikipedia_Blackout_Screen.jpg
Image source –
Lessig, Free
Culture
Image
source –
Lessig, Free
Culture
Image source – Lessig, Free Culture
Image source – Lessig, Free Culture
Source – New
York Times.
Image –
Lucas
Jackson,
Reuters
Cartoon by Paul
Conrad.
Copyright
Tribune Media
Services Inc.
Included in
Lessig, Free
Culture
46
Aspects of Online
Defamation Law
0 Defamation is civil matter, not criminal
0 Criminal libel abolished by Defamation Act 2009
0 ‘Libel tourism’ phenomenon ...
Hosting Defence
0 E-Commerce Directive (Directive 2000/31/EC)
0 S.I. No. 68 of 2003
0 Article 14 (paraphrased):
0 The serv...
Betfair Case
0 Mulvaney v Sporting Exchange (2013)
0 Forums/ Chatrooms operated by Betfair
0 Bookmakers alleged libel by f...
Autocompletes
50
0 Metropolitan International Schools v Designtechnica &
Google (2009)
0 English case suggesting Google not liable for
auto...
52Image Source – Mark Collier - http://www.theopenalgorithm.com/seoleaks/google-in-irish-court/
53
Darius Whelan – d.whelan@ucc.ie
Twitter: @dariuswirl
LLM in Intellectual Property and E Law programme:
www.ucc.ie/en/law-p...
Upcoming SlideShare
Loading in …5
×

Prosecuting Cybercrime and Regulating the Web

1,128 views

Published on

‘Prosecuting Cybercrime and Regulating the Web’, at seminar on the current State of Cybercrime and Cyberwar seminar, organised by the MA in Journalism with New Media class, in conjunction with CIT Development Office, Cork Institute of Technology, March 2014

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,128
On SlideShare
0
From Embeds
0
Number of Embeds
20
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Prosecuting Cybercrime and Regulating the Web

  1. 1. Darius Whelan, Faculty of Law, UCC CIT March 2014 Prosecuting Cybercrime and Regulating the Web Current State of Cybercrime and Cyberwar seminar, organised by the MA in Journalism with New Media class, in conjunction with CIT Development Office, Cork Institute of Technology, March 2014
  2. 2. • Council of Europe Cybercrime Convention • Extradition • Forensic examination of computers • ‘Trojan Horse’ Defence • Regulability of the Internet • Aspects of online defamation law 2 Summary
  3. 3. • Cybercrime covers: – Offences where the computer is the target of the offence, e.g. unauthorised access and illegal tampering with systems – Traditional offences such as theft, fraud and forgery, that are committed by means of computers • May involve identity theft, phishing, Denial of Service attacks, botnets, malware, possession of child abuse images / child pornography, etc., etc. 3
  4. 4. 4 Council of Europe Cybercrime Convention
  5. 5. 5 Cybercrime Convention 2001 • Negotiated and signed by many members of Council of Europe + USA, Canada, Japan, South Africa • Ratified by 42 states so far, including UK, Denmark, France, Netherlands, Norway, USA, Australia, Japan • Not yet ratified in Ireland
  6. 6. 6 Elements of the Convention • List of crimes which each country must enact into law • Requires each participating nation to grant new powers of search and seizure to its law enforcement authorities • Requires law enforcement in every participating country to assist police from other participating countries by cooperating with “mutual assistance requests” from police in other participating nations “to the widest extent possible” • Optional Protocol on Hate Speech
  7. 7. 7 List of Crimes in Convention (1) • Illegal access • covers electronic trespass or hacking • Illegal interception • electronic invasion of privacy / burglary prohibiting unauthorised intrusions resulting in the appropriation of data • Data Interference • System Interference • denial of service attacks and dissemination of viruses and other malicious codes
  8. 8. 8 List of Crimes in Convention (2) • Misuse of Devices • production / sale / procurement / importation/ distribution of tools to be used in committing the four categories above • Forgery • Fraud • Copyright infringement and related offences • Child Pornography
  9. 9. 9 Copyright - Article 10 • The infringements must occur on a “commercial scale”. • How large must the copyright infringement be to be considered “commercial”? • Standard of originality necessary to establish copyright protection varies considerably across jurisdictions
  10. 10. 10 24/7 Network – Article 35 • A network of high tech specialists available 24 hours per day, seven days per week for obtaining both technical and legal advice and assistance
  11. 11. 11 • Brief Mentions of Human Rights: – Article 15 - the powers and procedures exercised under Section 2 [procedural Articles] are subject to conditions and safeguards under domestic laws on human rights and liberties, the ECHR, the United Nations International Covenant on Civil and Political Rights and other applicable international human rights instruments. – Such safeguards shall incorporate the principle of proportionality. – Also: a paragraph relating to the right to the protection of personal data in the Preamble
  12. 12. 12 Commentary • Appears to be supported by large corporations, e.g. those concerned about software copyright violations. • Severely criticised by human rights groups, e.g. because it does not include sufficient privacy or data protection provisions. • Also drafts were criticised by the Parliamentary Assembly of the Council of Europe and the Art 29 Working Group.
  13. 13. 13 • Contrasts with past approach of Council of Europe, which normally has strong human rights protections in its documents, e.g. – European Convention on Human Rights 1950 – Strasbourg Convention on Data Protection 1981. • Note for example that states are not obliged to pass laws requiring that computer systems be secure (which is part of the Data Protection regime.) • This might help to prevent unauthorised access, and benefit data protection at the same time.
  14. 14. 14 • Framework Decision on Attacks on Information Systems (2005) – Was to be implemented by March 2007 – July 2008: Commission noted that Ireland had not yet implemented FD – Bill on current list of Bills for drafting: • Criminal Justice (Cybercrime) Bill – “Publication Expected – Not possible to indicate at this stage”
  15. 15. Proposed Directive • New proposal for Directive on Attacks against Information Systems, Sept. 2010 • COM(2010) 517 final 15
  16. 16. 16 Extradition
  17. 17. • Extradition Treaties: – Normally an activity must be a crime in both the requesting and requested states 17 Dual Criminality
  18. 18. 18 • ‘Love Bug’ virus incident – Alleged perpetrator (Onel de Guzman) could not be extradited from Philippines. – Canadian News Story: • www.tinyurl.com/LW6560-50 From cbsnews.com
  19. 19. 19 • Accused may be extradited when visits another country – Vladimir Levin case (1994-97) – Re Levin [1997] UKHL 27; [1997] AC 741 – Attack against Citibank by young Russian – No extradition treaty – Visited England for exhibition – Extradited to USA – Disks being operated based in USA From peoples.ru
  20. 20. 20 • Julio Cesar Ardita – 21 year old Argentinian – 1995 Sniffer re Harvard users – Accessed Dept of Defense etc. – Extradition refused to USA – no dual criminality – But later travelled to USA voluntarily, pleaded guilty to lesser charge
  21. 21. 21 “Invita” case - Vasily Gorshkov & Alexy Ivanov • Russian hackers - Undercover operation – FBI agents posed as reps of security firm ‘Invita’ – invited them to Seattle • Then they were arrested in Seattle (having recorded their passwords first using keyloggers.) • Investigators copied data and preserved it until warrant obtained. • Afterwards they informed the Russian authorities. • Hackers argued the remote cross-border search was unconstitutional. • Court held relevant computers not protected (outside USA, not the property of a U.S. resident) • No seizure as data remained unaltered.
  22. 22. 22 Forensic Examination of Computers
  23. 23. 23 • Digital evidence is intangible • Also volatile – When Windows is booted up, this destroys 4 million characters of evidence • Defence arguments: – Accused was not author of evidence in question – Evidence was tampered with – Unreliability of computer programs created inaccuracies in output, e.g. bugs, defective code
  24. 24. From Pilipinas Anti-Piracy Team
  25. 25. 25 • May be long delays in forensic examination of computers due to volume of computers to be examined • Chain of custody must be maintained • Risky to allow any access to computer by other witnesses • Use of standardised forensic practices is advisable, e.g. in UK guidelines from Association of Police officers
  26. 26. 26 • Often three images are made of a hard drive: – Master copy as evidence – Copy used for analysis by police – Copy given to accused
  27. 27. 27 Sharon Collins Trial 2008 • Conspiracy to Murder • E-mail evidence central to trial Image source - sligotoday.ie
  28. 28. 28 Trojan Horse Defence
  29. 29. 29 Image source – goodreads.com
  30. 30. • Trojan Horse virus / malware: A virus / malware program which presents itself as routine, useful, or interesting in order to persuade victims to install it on their computers. Once installed, it steals or harms system data in some way. • Trojan Horse Defence – Accused claims a virus / Trojan horse infected their PC and this was what caused evidence of criminal activity to be on the PC • Some Other Dude Did It Defence – Accused claims somebody else engaged in the criminal activity using their PC (e.g. by remotely accessing their PC) 30
  31. 31. 31 Aaron Caffrey Case (2003) • Aaron Caffrey, aged 19, charged re computer attack on Port of Houston's web-based systems in September 2001. • Prosecution and defence both agreed attack was launched from Caffrey's home PC, based in the UK. • Prosecution claimed it was result of misdirected attack by Caffrey against fellow chat-room user. • Caffrey claimed evidence was planted on his machine by attackers who used an unspecified Trojan horse program to gain control of his PC and launch the assault. Image source – bbc.co.uk
  32. 32. 32 • Forensic examination of Caffrey's PC found attack tools but no trace of Trojan infection. • Case hinged on whether jury accepted defence argument that Trojan could wipe itself • Jury decided Caffrey was not guilty of unauthorised computer modifications
  33. 33. • Defendants may raise Trojan Horse defence in all sorts of cybercrime cases, inc. cases on possession of child abuse images (child pornography) • Judge / jury will have to decide whether defence applies on the facts • Note related “caching” defence – if child abuse images found only in browser cache, did defendant knowingly possess them? • May depend on his/her level of technical knowledge 33
  34. 34. 34 Regulability of the Internet
  35. 35. Lawrence Lessig Image source – Rootstrikers on vimeo.com
  36. 36. • Lessig, The Search for a Moose • http://blip.tv/lessig/the-search-for-a-moose-2131975
  37. 37. Art. I, Section 8, clause 8 of U.S. Constitution: The Congress shall have power … to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.
  38. 38. EU Charter of Fundamental Rights Article 17 Right to property 1. Everyone has the right to own, use, dispose of and bequeath his or her lawfully acquired possessions. No one may be deprived of his or her possessions, except in the public interest and in the cases and under the conditions provided for by law, subject to fair compensation being paid in good time for their loss. The use of property may be regulated by law in so far as is necessary for the general interest. 2. Intellectual property shall be protected.
  39. 39. Wikimedia Commons - http://en.wikipedia.org/wiki/File:Wikipedia_Blackout_Screen.jpg
  40. 40. Image source – Lessig, Free Culture
  41. 41. Image source – Lessig, Free Culture
  42. 42. Image source – Lessig, Free Culture
  43. 43. Image source – Lessig, Free Culture
  44. 44. Source – New York Times. Image – Lucas Jackson, Reuters
  45. 45. Cartoon by Paul Conrad. Copyright Tribune Media Services Inc. Included in Lessig, Free Culture
  46. 46. 46 Aspects of Online Defamation Law
  47. 47. 0 Defamation is civil matter, not criminal 0 Criminal libel abolished by Defamation Act 2009 0 ‘Libel tourism’ phenomenon – plaintiffs may seek to sue in a country where only a small number of readers viewed the material 47
  48. 48. Hosting Defence 0 E-Commerce Directive (Directive 2000/31/EC) 0 S.I. No. 68 of 2003 0 Article 14 (paraphrased): 0 The service provider is not liable for the information, on condition that: a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information 0 This shall not apply when the recipient of the service is acting under the authority or the control of the provider 48
  49. 49. Betfair Case 0 Mulvaney v Sporting Exchange (2013) 0 Forums/ Chatrooms operated by Betfair 0 Bookmakers alleged libel by forum members 0 Betfair sought to rely on hosting defence 0 Clarke J – Betfair could rely on hosting defence (preliminary issue) 0 [Gambling exception to Directive did not apply as forums not directly connected to gambling part of site] 49
  50. 50. Autocompletes 50
  51. 51. 0 Metropolitan International Schools v Designtechnica & Google (2009) 0 English case suggesting Google not liable for autocompletes 0 However, facts may vary: in some cases, Google may be held to be a publisher of the autocomplete results 51
  52. 52. 52Image Source – Mark Collier - http://www.theopenalgorithm.com/seoleaks/google-in-irish-court/
  53. 53. 53
  54. 54. Darius Whelan – d.whelan@ucc.ie Twitter: @dariuswirl LLM in Intellectual Property and E Law programme: www.ucc.ie/en/law-postgrad/taughtprogrammes/ Creative Commons Ireland: www.creativecommonsireland.org 54

×