The introduction of the Internet signaled the beginning of a new age of how humans perform their business. Technology advancements have allowed a person in the Arctic to video chat with a colleague in the most distant region of the African continent. Furthermore, large amounts of data can be stored in online libraries, eliminating the need for a conventional hard copy. Companies and governments have gained greatly from this technical development because it allows them to perform operations in a quick and simple manner. The unique thing about technology is that it is available to all and sundry regardless of their geographic location. However, this has brought with it numerous challenges especially the rise of cyber-crime offending. This new type of crime perpetrated in the cyber domain has escalated in the last decade, with law enforcement agencies unable to cope with the changes. These cyber criminals have proven to be very intelligent and able to comprehend the complexities involved with technology. The police need to be like these cyber criminals, in the sense that they should be able to adapt with the dynamism of technology to deal with cyber-crime offending.
Keywords: cyber domain, technological advancement.
Fighting Cyber-Crimes; Overcoming Jurisdictional and
Inadequate Expertise Challenges
There are 657 million Internet users worldwide and this number is poised to significantly increase in the near future (Palmer, 2013). This has caused online criminality to become so prevalent and made it be a priority in the American criminal justice system (Curran, 2011). The results of these cyber-crimes have caused huge financial loss that amounts to billions of dollars. Congress has passed several portions of legislations but with the ever-dynamic technological advancements, offenders are able to circumvent these tough laws. The primary objective of this research paper is to deconstruct cyber-crimes and delineate the main challenges involved in dealing with them. Thus, the globalization of technological advancements is forcing law enforcement agencies to modify policies in order to deal with the impact of the new breed of crimes and criminals.
The Role of Law Enforcement Agencies
The role of law enforcement agencies involves interplay of several players. They include, the police, the judiciary and several departments found within the executive. The input of each player is very critical in ensuring security and normalcy in the society. The next section will put into context these roles and how the system operates.
The Law Enforcement System
In the American jurisdiction, police officers have the overall mandate for investigating criminal activity and enjoy considerable independence from other state organs (Brown, 2015). In practice, law enforcement personnel usually commence investigation at a point in time when an alleged crime has been reported. Judges are also involved in this interplay of roles since they are bestowed with the oversight power by the enabling laws especially in the investigation phase where the activities of the police are proven to violate the Rights and fundamental freedoms of suspects (Fox, 2015). Legally speaking, police officers are supposed to seek a warrant from a judge. The responsibility of the police includes interviewing witnesses, victims, and suspects. The information obtained is typically stored or documented in a brief or case file. By practice, police officers can initiate charges and present the case in a court of law in situation where the individual has been accused of a lesser offence. However, in serious criminal cases the law mandates police officers to liaise with a prosecutor who has the mandate to determine which charges can be ascribed to the acts of the suspects, if any (Brown, 2015). Although, the law extensively requires police officers to collect and secure evidence, in some states the prosecutor can play an advisory role concerning the evidence-gathering phase. From there, the prosecutor proceeds and presents the charges in a hearing session before the judge for confirmation and approval.
The American jurisdiction substantially leans towards the common law tradition. In this kind of a system, the defense counsel is obligated to advise clients. He is responsible for giving legal counsel when the client is being interrogated by the police and largely representing them in courts (Menon & Teo, 2012). The defense counsel also search for evidence and brings to court expert witnesses to prove an allege fact which requires technical expertise in the investigative phase. Criminal proceedings in the United States possess an adversarial nature that gives the defense counsel a reasonable opportunity to examine the evidence that will be used by the prosecutor. Legalistically, the “discovery” or the “disclosure” process regulates the interplay between the defense and the prosecution concerning the sharing of evidence.
Another issue that arises in the hearing proceedings in the court is the admissibility of evidence. It entails a myriad of complexities; at the continuation of the trial, the prosecutor and the defense counsel are the chief protagonist. The responsibility of the judge is to listen with neutrality to the presentation of facts by both sides as he instructs the panel of jury on matters pertaining to law. The trial period tends to be lengthy because of strict requirements where witnesses ought to give evidence via “live testimony” to the court. In this phase, the party that calls the witness is supposed to examine them and in legal parlance, termed as “examination-in-chief.” Consequently, the opposing side is also given the chance to cross-examine the witness. After finishing, the same party that called the witness in court is again given the opportunity to re-examine the witness. Ideally, the above process goes on until all witnesses have tendered their testimony. Being inherently an adversarial system, the parties are driven with the urge to win. Therefore, this aspect triggers the parties involved to analyze all evidence carefully and make persuasive arguments. As the case unfolds, so does the truth, as the judge and the jury follow the hearings keenly.
However, there are cracks within this adversarial system because the ability to uncover evidence normally relies on the available resources of the opposing parties that in most instances are imbalanced (Imeson, 2015). By dint of the law, every party involved is entitled to legal representation that they can afford. They are variation as to the level of access to forensic facilities, with the police able to access them easily. This contrasts greatly with the defendant’s access to forensic facilities. Legal scholars have termed this legal imbalance as “an economic presumption of guilt.” The risk behind this inequity is that police officers may be reluctant to disclose exculpatory evidence.
The Influence of Technological Innovations and Advancements
Technological innovations are credited for revolutionizing every aspect of human beings. Traditionally, people used to store information in hard copies but advancement in technology has made it possible for humans to store data online. As of today, majority of the people do store their information online. Companies or governments have adapted with the changing times. Although these tons of data are stored online, they are protected using passwords and other forms of encryption. Digitalizing everything has put people and businesses at risk since hackers can have access to this network and steal valuable information (Fox, 2015). Essentially, technological innovations and advancements have triggered cyber security threats.
There is a great deal of variation among different professions involved in cyber security pertaining to the precise definition of a cyber-crime. This is because national security experts, criminologists, lawyers, police and technical experts have a different understanding as to what exactly is cyber-crime (Birchfield, 2015). As a result, getting a uniform and a universal definition remains a daunting task. Cyber-crimes semantics lays down technical and legal phenomenon that outlaws criminal activity correlated to the domain of the cyber (Ginovsky, 2012). The activity identified here is utterly distinct to “unethical” behavior that inherently is not tantamount to a “criminal conduct”. The processes of the criminal justice system can only be employed if the alleged act is proscribed by law. The US ascribes to the principle of nullum crimen sine lege which stipulates that for a behavior to be prosecuted it must be proscribed by law (Lemieux, 2015). For a conduct to be deemed as a cyber-crime the following components must exist:
Information and communications technology aids the commission of the alleged act;
The act draws motivation from intent to commit harm to an organization or person;
The harm commissioned or intended revolved around conducts that cause interference or damage to either tangible or intangible property possessed by a person or organization;
The above act appears to be criminalized either in the accused or victims jurisdiction.
Arising from this premise, cyber-crime resembles greatly traditional crimes; the point of departure is that in this case cyber domains are used as avenues to perpetrate them (Lemieux, 2015). Ideally, such a definition complies with the requirements of legal interpretation tailored for criminal offenses. The legislature should apply keenness to avert a situation of coming up with sui generis legal categories of cyber crimes offenses by enacting legislations that tend to address the changes in the technological world. Instead, the legislature develops laws that broadly encompass changes in technology within the relevant categories of criminal conduct.
Solving Cyber Crime
Research indicates that most cyber-crime cases are usually not reported although they constitute most of the criminal court cases. In 2005, the National Survey of Prosecutors reported that approximately two-thirds of the prosecutors’ offices in the US dealt with a cyber crime in one way or the other (Scott, 2015). The most rampant offenses were credit card fraud, identity theft and child pornography. The dynamic technological environment, which keeps changing, has triggered the U.S. Congress to enact several legislations within a short duration. The Identity Theft Enforcement and Resolution Act of 2008 was primarily signed into law to amend the Computer Fraud and Abuse Act (Imeson, 2015). The 2008 Act sought to deal with issues pertaining to fraud and illegal access to information. Further, the Copyright Act of 1976 was amended by the Copyright Act of 1992; its purpose was to widen the range of the law to safeguard all holders of copyright. Initially, the law used to cover only those individuals that recorded movies, sound or software.
For a copyright offender to be liable for a felony under the Copyright Act of 1992, it must be proven that he or she had distributed or reproduced approximately 10 pieces of phonographic records or unauthorized copies within a period of 180 days (Shaerpour, Dehghantanha & Ramlan, 2014). In the same breadth, the Act requires that the piece should have a retail value of $2500. Arguably, if the requirements are not fulfilled the offense shall amount to a misdemeanor. There are also legislations that have been put in place to ensure individuals who exploit children are prosecuted and punished. This kind of laws has undergone a series of changes in the recent years. The rationale for the successive amendments is to ensure that the first Amendments Rights tailored for the offenders are not in any way jeopardized. For example, Child Pornography Protection Act of 1996, the Child Internet Protection Act of 2000, and the Adam Walsh Protection and Safety Act of 2006 is some of the Acts that are precisely enacted to insulate underage from the reach of internet predators (Droege, 2012).
There is also the Computer Fraud and Abuse Act (CFAA), which is the most used legislation prohibiting the crime of computer hacking. There are several organizations which are tasked with the responsibility of identifying, and apprehending individuals suspected of committing cyber-crimes. The Department of Homeland Security (DHS) in conjunction with other relevant federal agencies is obligated to perform criminal investigations meant to disrupt and overcome cyber criminals (Palmer, 2013). Also, the DHS has the role of recruiting and training of technical experts in the field of cyber domain, come up with standardized methods and best practices and tools for cyber response. Indeed, the US has adapted itself to the evolving technological advancement in terms of legislations and agencies to deal with the ever-increasing cyber criminals.
One notable agency apart from DHS is the US Secret Service which is chiefly responsible for the maintenance of Electronic Crimes Task Forces which specializes in the identification of cyber criminals beyond the territorial of the United State (Droege, 2012). These cyber criminals are usually deemed to be connected to computer-related crimes including data breaches, bank fraud, and cyber intrusions. Since the inception of the Secret Service Cyber Intelligence Section, they have successfully apprehended several notorious international cyber criminals who have costed retail and financial institution losses amounting to $600 million (Ginovsky, 2012).
The National Computer Forensic Institute is managed by the Secret Service. The institute is very important in the fight against cyber criminals, in that, they provide cyber training and information to judges, prosecutors and police officers. Another important agency is the U.S. Immigration and Customs Enforcement (ICE), which together with the Cyber Crimes Center (C3) and the Homeland Security Investigations are required to provide computer, related technical services to help combat local and international cyber-crimes. The C3 is composed of the Computer Forensics Unit, Child Exploitation Investigations Unit and the Cyber Crimes Unit. It is well equipped with the latest technological tools to give technical assistance to all governmental organs responsible for the combat of cyber-crime both at the local and international level. The C3 has a fully-fledged computer forensics laboratory, which specifically deals with digital evidence recovery and provides relevant training in computer and computer investigative and forensic.
Types of Cyber Crimes Punishment
Ideally, cyber-crimes punishment varies depending on the classification. It is important to note that some of these classification and penalties vary depending with the state in which the cyber-crime was committed. The main categories of cyber-crimes include theft and abuse, fraud and intellectual property.
This is one of the main crimes to rise in the Internet age. It simply refers to the infringement of the copyright laws. It involves producing copies of items that are copyrighted and subsequently selling them or giving out. Essentially, online pirated items include books, music, and movies. Piracy crimes can attract a fine of $250,000 or five years imprisonment together with a conviction of a felony (Lemieux, 2015).
Data Theft and Illegal Access
Data theft and illegal access to computer systems in most instances go hand in hand. Although, they contain two main differences: the former entails illegally obtaining data from people or businesses while the latter involves taking information from government owned computers. The two crimes can attract a prison sentence of one year while multiple offenses can attract a twenty-year jail term (Menon & Teo, 2012).
Legislation governing children protection usually revolves around their personal privacy and protecting them from exploitation. Specifically, The Children’s Online Protection and Privacy Act stipulate that all public places that have computers accessible to children, must ensure that that they have put in place measures to keep away children from accessing objectionable content while retaining their privacy during the usage of the computers (Greiman & Bain, 2013). One can be imprisoned for 30 years for uploading pornographic images or videos of minors just for a single offense. Repeated offenses can attract a thirty-five-year jail sentence.
Online fraud is where an individual or a party fraudulently obtains personal information or money through false pretense (Palmer, 2013). Such acts attract punishments that vary in nature depending on the magnitude of the fraud. The most common type of online fraud is identity theft where a person falsely carries himself as another person with an intention of using their personal information (bank accounts, mailing addresses, and social security numbers) to obtain money or making purchases (Palmer, 2013). Ideally, legislations governing identity theft fall under the domain of the states. The effect of this is that penalties for such crimes depend on the state where the act was committed.
The Challenges of Detecting Cyber Criminals
Detecting cyber criminals can be a daunting task for the law enforcement agencies. The faceless and anonymous nature of these criminals complicates things. In other traditional criminal offenses, identifying perpetrators is very easy since victims are able to describe them in detail or even the police have their bio-data. The faceless nature of cyber criminals gives them confidence and psychological comfort that it would be difficult for law enforcement agencies to locate and apprehend them (Stevenson, 2013). Communities often misunderstand the aspects of cyber-crime offending and the ability of the police to arrest the culprits. Furthermore, one can hardly hear the public reporting the cyber-crimes, and if they do, it is in low proportion. This tendency is because of the public doubting the capacity of the police instituting investigations pertaining to cyber-crime offending. Apart from the incapacity aspect, the public also holds the belief that law enforcement agencies are significantly intrusive and inflexible. Victims do not have that inherent motivation to report cyber-crimes mainly because the prosecutor may not put their case to trial, and if they do, it will be publicized to boost the standing of the department or the prosecutor involved.
Actually, on the flip side, one would not be wrong to state that to some extent victims contribute to the inability to detect cyber-criminals. If the victim does not want to report the incidence, how will the law enforcement agency deal with the situation? Some victims simply brush off these crimes claiming that the magnitude is very trivial to trigger the attention of the police. In the same note, victims are not aware of the reporting mechanisms regarding cyber-crime offending. Inability of the victims to come forward to report such incidences greatly undermines the response capacity of the police officers. Internet Service Providers have also contributed widely to this underreporting, and as a result, Congress has intimated that they might come up with new laws to force these internet service providers (ISPs) to bring to the attention of the law enforcement agencies any suspicious activity within the domain of their network ( Imeson, 2015). The result of the underreporting is that cyber-crimes hugely become less visible.
Obfuscation and encryption is another aspect that makes it difficult for cyber offenders to be detected. In instances where the police have invaded a certain premise in exercise of the search and seizure warrants they might not be able to locate the devices at a particular crime scene. The devices used to store information such as flash, wireless storage and mobile SSDs can be hidden in other household appliances making it hard for the police to access information that could assist in detecting cyber criminals. If the investigators are able to get these devices, do you think it will be easy to obtain the information stored inside? No, the reason being these storage devices contain encodings that act as security measure barring anyone except the owner from being a party to the information inside them. In situations where encodings have not been used and access becomes very easy, in such circumstances criminals have gone a notch higher by using steganography (Shaerpour, Dehghantanha, & Ramlan, 2014). This entails disguising information in the ordinary files as audio recordings, documents and graphic images. In certain situations, when the cyber criminals realize that the law enforcement agencies are able to counter steganography with the use of “steganalysis” they then opt to combine steganography with cryptography, thereby, defeating the law enforcement agencies (Fox, 2015).
Public access has also been used by offenders to perpetuate their mobility, and escape surveillance. Arguably, the advancement of technology has allowed for the lease and subleasing of domains or IP addresses. This makes investigation of cyber-crime very complex as the entity identified as being the registered owner of a particular IP address or domain, in real sense might not be the one who controls the domain when the crime is reported to have happened. Identification of endpoints on the internet has been convoluted especially with the rampant usage of the Serial Line Internet Protocol (SLIP), Classless Inter-Domain Routing (CIDR) and Dynamic Host Configuration Protocol (DHCP) (Birchfield, 2013).
Cyber offenders normally thrive in these complexities knowing well that most of the law enforcement agencies are not familiar with the ever-changing technology. The usage of network protocols such as VPN tunneling, Internet Protocol Security (IPSec), Secure Sockets Layer et cetera aids in hiding network traffics (Birchfield, 2013). For many years, tight encryption has posed a great challenge to relevant authorities investigating crime offending and apprehending the culprits.
These agencies immensely emphasize on issuing warnings against the use of encryption mainly because when an offender has mounted a serious encryption, interception and seizing of data devices becomes impossible. At times, offenders might be coerced to reveal some kind of passphrases to the police when interrogated. However, this depends on the type of criminal offending involved. A good example is when a suspect is alleged to be connected with child abuse materials, in this instance, they tend to be uncooperative because of the serious punishments awaiting them in law. For instance, humiliation and shame before the public, registration as a sex offender and imprisonment (Droege, 2012).
The police have failed miserably in applying the element of surprise when apprehending cyber-crime offenders. This technique has been proven very effective in other jurisdictions especially when the offender’s gadget, remote connections are identified to be active and the data stored appears to be in a decrypted form. Best practices have shown that the American courts ought to adapt with the changing times by making it possible for police to get court orders to compel offenders to divulge decryption keys. Then, if a suspect fails to obey the above court order then he or she should be liable for jail terms. It is either up to Congress or up to the courts to find the best mechanism to guide this process to adapt to the changing times.
The Barriers that Might Appear
The main barriers involved in prosecuting cybercrime offenses include jurisdictional issues and lack of technical expertise among the relevant law enforcement agencies. These jurisdictional issues mainly involve conflicting laws among nations. Where the laws are in agreement, cooperation is required to bring the perpetrators to book. However, in most instances, states fail to cooperate. A good example is the Julius Assange case.
The advent of the Internet ushered in a different way of doing business. The main advantage of “setting up” business on the Internet is that one is able to sell his or her commodity beyond the local level. Arguably, the global audience is able to access what the person is offering on his or her domain. It has been a common adage that an individual can be everywhere in a blink of an eye. This easiness of communication tends to raise a very important legal question, perhaps if an individual registers a website in his home server and permit access to it regardless of the geographic location does he submit himself to the laws of every country? Which law will apply when a conflict arises on the Internet? In the US jurisdiction, the apex court has been very mute concerning the impact of the Internet about personal jurisdiction. Usually, before courts decide whether to listen to a matter they must establish that they have personal jurisdiction over the individuals. Since the Supreme Court is mute on the issue of cyberspace jurisdiction, lower court decisions will be helpful in delineating the issue.
Most decisions in the lower courts have intimated that the mere creation and hosting of a website accessible to all and sundry does not necessarily imply that a person can be subjected to all jurisdictions within the US (Latté, 2015). However, courts have not shied away in expressing themselves that they can assume jurisdiction over a non-resident defendant in a situation whereby he or she had contacts with the forum state through the avenue of the Internet. Such decisions have been held in Maritz v Cyber gold and CompuServe Inc. v Patterson, and Zippo Manufacturing v Zippo Dot Com in these three cases, the internet engagement level with the forum state surpassed those of a passive website. In Maritz, the website owned by the defendants, required people to subscribe in order to send and receive information concerning the services of the company. The defendant had distributed the company’s information to at least a hundred of its users in the forum state. The court observed in its ruling that although the company carried itself as though they maintained a passive website its real objective was to enable access to all Internet users with geographic location being of less concern to the defendant.
In CompuServe, the defendant conducted business with the plaintiff company with the knowledge that the entity was located in Ohio. As matter of fact the conflict emerged due to contacts with the state where the website was hosted. In Zippo, the site owned by the defendants required site users to give their address details so that they could receive news service. The operators of the site knowingly engaged in business with the forum state residents that were the headquarters of the plaintiff. Looking keenly at the decisions of the courts in the US, a state can exercise personal jurisdiction over a person in another state as long as the individual conduct has substantial effect on the receiving state to require due process of the law.
However, at the international level, this kind of approach significantly bores a lot of challenges. Specifically because of the conflict of laws involved. Under the international legal regime, some conducts are so grave that they attract concurrent jurisdiction for instance crimes against humanity and genocide. Although, many countries have enacted laws to combat cyber-crimes, an equal number still lack a regime to deal with the issue. Consequently, it becomes an uphill task to prosecute cyber criminals where there are no legislations and most importantly cooperation between countries (BBC, 2013). To illustrate this point, the case of the Philippine hacker, the brain behind the “love letter virus” released in the year 2000 indeed shows that if cyber criminals are to be prosecuted, legal regime that proscribes such acts are necessary (Stevenson, 2013).
The hacker unleashed the virus to all parts of the globe, which caused unprecedented loss. In the US, the damage was quantified to amount to billions of dollars. During this occurrence, neither the US nor the Philippine could initiate criminal proceedings against the hacker because the forum country lacked a legislation that criminalizes cyber-related offenses. This points out that prosecuting multi-jurisdictional crime such as cyber-related ones is not an easy task especially if there are no legislation in place and cooperation between countries.
The French have tried to cure these jurisdictional issues by using the policy avenue. For instance, in 2008, an Internal Affairs Minister introduced new measures that the government will use in combating cyber-related crimes. Which involved “extending the websites blacklist and pushing for computer online investigations, without the permission of the country of the hosting company” (Virga, 2015, p. 34) However, the last part of the measure was not realistic and did not take into considerations the global legal and political arrangement. Would it be in order for the French government to launch surveillance on a foreign website without the permit of the host government? Technically, such a process would be murky and risky for the French government.
Inadequate Expertise Challenge
The reporting of cyber-crimes has increased in the recent years, with that in mind, one expects to see the escalation of the conviction rates. However, that has not been the case because a number of investigations and prosecutions have failed to yield the expected results. This unintended outcome has primarily been attributed to the inadequate expertise among relevant stakeholders most importantly the law enforcement agencies (Stevenson, 2013). Technology is not a simple field, it involves an interplay of complexities, which keeps on changing every time. If judges, prosecutors, jurors, police officers and investigators are able to understand the intricacies surrounding technology then it will have a domino effect on the conviction rates. In other words, conviction rates would increase if these players would grasp the complexities of technology.
If law enforcement agencies are not fully equipped with the required technical expertise, it would still be a fruitless exercise even if the laws pertaining to cyber-crime are strengthened. Most of these cyber-related crimes are well conceived and sophisticated which requires police to have high level of technical expertise to deconstruct the modus operandi (Palmer, 2013). The saying “rubbish in, rubbish out” illustrates the risky tendency of conscripting police officers that are untrained to deal with cyber-crime offending. America needs to recruit proven leadership to intelligently oversee forensic and investigative areas responsible for dealing with cyber offending (Scott, 2015). It is unfortunate that bureaucrats who traditionally do not possess requisite technical knowledge are often the ones who are picked to fill these positions in the judiciary, the police, and other relevant law enforcement agencies.
If investigators would want to defeat these cyber adversaries, it is high time they think like them. Since these criminals are always flexible in imbibing technological change. So also, investigators should borrow a leaf from them in order to understand the technical underpinnings of the cybercrime offending (Palmer, 2013). Essentially, research indicates that technology is very requisite in improving the capacity of police officers to collect distinct evidence that can be used in cybercrime offending cases. However, the human side becomes paramount in the area of cyber-crime inquiry in deconstructing and determining the relevance of ESI. The police are mandatorily expected to give meaning to information, which is critical in supporting case theories. As a result, deductive and inductive reasoning is required of these investigators in establishing the sequence of events and truths (Imeson, 2015).
Activities That Will Help To Reduce the Rates Of Cyber Crimes
Reporting cyber-crimes will help law enforcement agencies track and apprehend these offenders. However, when victims are silent, the offenders will continue perpetrating the offenses since no one is there to deter them. Reporting eventually deters cyber criminals because they know that their actions will lead to their arrest and attracts legal consequences (Ginovsky, 2012). Education and training can also help reduce the rates of cyber-crimes especially on employees by sensitizing them on the cul