| UN Web Site | UN Website Locator |
|
 | |
 |
 |
| |
|
|
||||||||||||||||||||
Module 3: Cyber crime and Security
III. Legislative and policy considerations in efforts to address cyber crime and security issues
Is there a need to establish laws, policies or rules to govern cyber crime and security issues?
| Country | Law(s) |
|---|---|
| Australia | Crimes Act 1914 (Part VIA), Sections 76B, 76D |
| Austria | Privacy Act 2000 (effective as of January 1, 2000) |
| Belgium | The Belgian Parliament in November 2000 adopted new articles in the Criminal Code (effective from 13 February 2001) Article 550(b) |
| Brazil | Law no. 9,983 of 14 July 2000, Art. 313-A & B |
| Canada | Canadian Criminal Code Section 342.1 |
| Chile | Law on Automated Data Processing Crimes no. 19.223, published 7 June 1993 |
| China | Decree No. 147 of State Council of the Peoples Republic of China, 18 February 1994. Computer Information Network and Internet Security, Protection and Management Regulations, (approved by State Council 11 December 1997, and published 30 December 1997) |
| Hong Kong, China | Telecommunication Ordinance |
| Denmark | Penal Code (Section 263) |
| Estonia | Estonian Criminal Code (Sections 269 to 273) |
| Finland | Penal Code Chapter 38 (Section 8) |
| France | New Penal Code, in effect since 1 March 1993 Chapter III (Articles 323-1 to 323-4) |
| Germany | Penal Code Section 202a, 303a, Section 303b |
| Greece | Criminal Code Article 370C§2 |
| Hungary | Penal Code (Section 300 C) |
| Ireland | Criminal Damage Act, 1991 |
| Iceland | Penal Code (§ 228 Section 1) |
| India | Information Technology Act 2000 (No. 21 of 2000) |
| Israel | The Computer Law of 1995, |
| Italy | Penal Code (Article 615) |
| Japan | Unauthorized Computer Access Law, Law No. 128 of 1999 (in effect from 3 February 2000) |
| Latvia | The Criminal Law (Section 241) |
| Luxembourg | The Act of 15 July 1993, relating to the reinforcement of the fight against financial crime and computer crime |
| Malaysia | Computer Crimes Act 1997 |
| Malta | Electronic Commerce Act (Sections 337 (C) (1) to 337 (F) (1) |
| Mauritius | Information Technology (Miscellaneous Provision) Act 1998 (Act No. 18 of 1998), Penal Code (Section 369A) |
| Mexico | Penal Code Part 9 (Chapter II) |
| Netherlands | Criminal Code (Article 138a) |
| New Zealand | Crimes Amendment (No. 6) Bill is introduced (Section 305ZE & 305ZF) |
| Norway | Penal Code (§ 145, 151 b, § 261 & § 291) |
| Pakistan | Electronic Transactions Ordinance 2002 |
| Poland | Penal Code (Article 267 to 269) |
| Portugal | Criminal Information Law of 17 August 1991 |
| Philippines | Republic Act No. 8792, or the e-Commerce Law |
| Singapore | Computer misuse Act |
| South Africa | The South African Law Commission published a Discussion Paper on Computer-related crime. |
| Sweden | The Data Act of 1973 (amendments in 1986 and 1990) |
| Switzerland | Penal Code (Article 143bis) |
| Turkey | Penal Code (Section 525/a) |
| United Kingdom of Great Britain And Northern Ireland | Computer Misuse Act 1990 |
| United States of America | Federal legislation (updated 15 April 2002) US code: title 18 |
| Venezuela | Special Statute Against Computer Related Crimes (Published in Official Gazette of Bolivarian Republic of Venezuela, 30 October 2001) |
Do existing laws support the preservation and use of electronic evidence of cyber crimes? Is procedural law aligned with substantive law? What challenges face cyber crime enforcers?
Note the challenges to international as well as State prosecution of cyber crimes, as classified by the United States Department of Justice:
- Technological challenges – While it is possible to trace an electronic trail, the task has become very difficult because of the skill and technology that allow near-absolute anonymity for the cyber-culprit.
- Legal challenges – Laws and other legal tools to combat crime lag behind the rapid changes afforded by technology.
- Resource challenges – These refer to the problem of lack of sufficient experts or the lack of adequate budget for new technologies as well as for the training of personnel
Innovative practices for combating cyber crime can be found everywhere. Here are a few:
- In Japan, the 2005 “Antiphishing Japan” campaign was launched to protect consumers against fraudsters using a fake website to get credit card details.
- Similarly, in the fall of 2005, the United States Federal Trade Commission and public and private sector partners launched “OnGuard Online”, a multimedia and interactive consumer education campaign to help consumers stay safe online. The comprehensive website of the campaign, available in both English and Spanish, uses straightforward, plain-language materials to help computer users be on guard against Internet fraud and secure their computers and to protect their personal information.
- In Austria, videos were shown in 2004 on information screens in underground railway stations to inform consumers about the Internet, indebtedness and prize draws.
The transnational nature of cyber-crimes requires international cooperation on laws and jurisdiction. International cooperation is important because cyber crimes do not respect State, sovereign or national borders.
- The
41-nation Council of Europe approved a convention on cyber crime.
The treaty provides for the coordinated criminalization of the
following:
- Offences against the confidentiality, integrity and availability of computer data and systems, such as illegal access, illegal interception, data or system interference, and illegal devices;
- Computer-related offences like computer-related forgery and computer-related fraud;
- Content-related offences like child pornography; and
- Copyright-related offences.
The treaty also urges its members to enter into cooperative efforts, through mutual assistance, extradition agreements and other measures, in order to combat cyber crime.
- Similarly,
the Asia Pacific Economic Cooperation (APEC) has endorsed the
following action items to combat the growing threat of cyber crime:
- Immediate enactment of substantive, procedural and mutual assistance laws to cyber security;
- Making cyber crime laws as comprehensive as those proposed in the Council of Europe Cyber Crime Convention;
- Assistance between and among economies in developing threat and vulnerability assessment capabilities;
- Security and technical guidelines that can be used by governments and corporations in their fight against cyber crime; and
- Outreach programmes to economies and consumers regarding cyber security and cyber ethics. This year, APEC has embarked on a project that aims to train judges and prosecutors in handling cyber crime cases. This is aimed at familiarizing the legal system with the nuances of cyber crime so that more successful prosecutions may happen.
- In the Association of South-East Asian Nations (ASEAN), member countries have agreed to create an ASEAN Network Security Coordination Centre that will help combat cyber crimes and cyber terrorism. Computer emergency response teams have also been established in each ASEAN country to serve as early warning systems against viruses and illegal network intrusions. ASEAN CERTs Incident Drills (ACID) have been conducted to test the preparedness of the various CERTs.
- An
excellent example of collaboration in the effort to enhance network
security and address cyber crimes is the Asia-Pacific Computer
Emergency Response Team. Its mission in the Asia-Pacific Region
involves the following activities:
- Enhance regional and international cooperation on information security,
- Jointly develop measures to deal with large-scale or regional network security incidents,
- Facilitate information sharing and technology exchange, including information security, computer virus and malicious code among its members,
- Promote collaborative research and development on subjects of interest to its members,
- Assist other CERTs in the region to conduct efficient and effective computer emergency response, and
- Provide inputs and recommendations to help address legal issues related to information security and emergency response across regional boundaries.
 |