ITU Model Cybercrime Law: Project Overview

Similar documents
ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012

LEGAL SOLUTION CYBERCRIME LEGAL SOLUTION LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL

Promoting Global Cybersecurity


Cybercrime and e-evidence: challenges and solutions.

MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

ITU/HIPPSA Technical Assistance on Cybercrime Law for the Republic of Rwanda, Kigali 11 th -12 th July 2013

Cybersecurity & Spam after WSIS: How MAAWG can help

Cybersecurity for ALL

PROJECT RESULTS Summary

10025/16 MP/mj 1 DG D 2B

International Cooperation in Cybercrime Investigations

UNODC tackling cybercrime in support of a safe and secure AP-IS

Overview on the Project achievements

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Role of 24/7 points of contact regarding MLA requests for computer data/e-evidence, Cooperation with competent authorities

A Criminal Intrudes into a Bank in Geneva Korean agents. Canadian agents make the arrest. Argentinian investigators. discover. attack came from Seoul

Framework for Cybersecurity in Nigeria

10007/16 MP/mj 1 DG D 2B

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

The commission communication "towards a general policy on the fight against cyber crime"

- To aid in the investigation by identifying. - To identify the proper ISP, webhosting. - To use in search warrant affidavits for to

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

National Communications Authority

Data Preservation Checklists

RESOLUTION 130 (Rev. Antalya, 2006)

Comprehensive Study on Cybercrime

Cybercrime Criminal Law Definitions and Concepts

RESOLUTION 130 (REV. BUSAN, 2014)

Legal, Ethical, and Professional Issues in Information Security

China and International Governance of Cybercrime

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Potential new global legal mechanisms on combatting cybercrime and global cyberattacks

Legal Foundation and Enforcement: Promoting Cybersecurity

RESOLUTION 45 (Rev. Hyderabad, 2010)

CYBERCRIME RESPONDERS TRAININGS

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014

REGIONAL AND INTERNATIONAL TRENDS IN INFORMATION SOCIETY ISSUES CYBERCRIME CHALLENGE

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

ASEAN s Cyber Confidence Building Measures

New Legal instruments for Cross-border Crime Investigation in EU

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

Thailand Initiatives and Challenges in Cyber Terrorism

G8 Lyon-Roma Group High Tech Crime Subgroup

UNODC. International Cooperation and Assistance in Cybercrime Matters

Professional Training Course - Cybercrime Investigation Body of Knowledge -

National Policy and Guiding Principles

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

Data Protection and Cybercrime Challenges

Caribbean Cyber Security: Not Only Government s Responsibility

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Cyber Security Roadmap

Draft Resolution for Committee Consideration and Recommendation

Computer Forensics US-CERT

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

Cybersecurity & Digital Privacy in the Energy sector

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

COMPUTER CRIME LAW PROFESSOR KERR

Cybersecurity, safety and resilience - Airline perspective

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

The cost of cybercrime the benefits of cooperation

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

CYBER CRIME LEGISLATION COURSE MALAYSIAN COMMUNCIATIONS AND MULTIMEDIA COMMISSION MALAYSIA

Guiding principles on the Global Alliance against child sexual abuse online

15412/16 RR/dk 1 DGD 1C

BRIEFING COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES. Geneva 18 April David Satola

Responding to Cybercrime:

CSM-ACE 2010 KUALA LUMPUR CONVENTION CENTRE OCTOBER 2010

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

ITU Telecommunication Development Sector Cybersecurity/CIIP Initiatives. Telecommunication

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

HARMONIZING NATIONAL LEGAL APPROACHES ON CYBERCRIME

E-Signature Law of Iraq no. ( 78) of 2012

EU policy on Network and Information Security & Critical Information Infrastructures Protection

DIGITAL AGENDA FOR EUROPE

2. Taking into account the developments in the next five years, which are the actions to be launched at the EU level?

OCTOPUS CONFERENCE COOPERATION AGAINST CYBERCRIME Workshop 1: Policies, activities and initiatives on cybercrime of international organisations

Package of initiatives on Cybersecurity

Consumer Rights in the Digital Age

Itu regional workshop

Garry Mukelabai Communications Authority Zambia

European Union Agency for Network and Information Security

Policy recommendations. Technology fraud and online exploitation

Japan s Cyber Diplomacy

Overview of ITU-D D Activities Related to Cybersecurity and Critical Information Infrastructure Protection

Developments in the field of information and

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

THE SOUTHEAST ASIA REGIONAL CENTRE FOR COUNTER-TERRORISM (SEARCCT)

Scope of the Member State mechanism

RESOLUTION 67 (Rev. Buenos Aires, 2017)

A1. Actions which have been undertaken by Governments

Cyber Security Strategy

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Commonwealth Cyber Declaration

Transcription:

ITU Model Cybercrime Law: Project Overview Jody R. Westby <cybmail@itu.int> ICT Applications and Cybersecurity Division Policies and Strategies Department, BDT International Telecommunication Union International Telecommunication Union

The International Legal Landscape Cybercrime, Privacy & Cyber Security Are Global Issues 233 Countries Connected to Internet; 1.2 Billion Online Users Cybercrime, Privacy & Security of Information Infrastructure Important to National & Economic Security Interests & Public Safety Industrialized Countries Addressing; Developing Countries Lagging International Legal Framework Highly Inconsistent Cyber Security Investigations & Response Impacted by Legal Differences in Cybercrime Laws 2

Cybercrime Laws Protect Citizens Help Protect Freedom of Expression, Human Rights, & Other International Rights Enhance Statutory & Constitutional Rights (rights to privacy, protections on search/seizure & self-incrimination) Help Ensure Citizen Use of ICTs, Access To & Exchange Of Information Strengthen Consumer Confidence Against Fraud 3

Cybercrime Laws Important to Developing Countries Confidentiality, Integrity, & Availability of Data & Networks Central to Attracting FDI and ICT Operations Protect Integrity of Government & Reputation of Country Keep Country from Becoming Haven for Bad Actors, Repositories of Data Instill Market Confidence & Certainty Regarding Business Operations Provide Protection for Protected Information & Facilitate Cross-Border Data Flows 4

Cybercrime Laws Important to Developing Countries cont d Protect Consumers & Assist Law Enforcement, Intelligence Gathering Deter Corruption & Fraud Increase National Security & Reduce Vulnerabilities Provide a Means for Prosecution and Civil Action for Cybercrimes Increase the Likelihood Electronic Evidence Will be Obtained 5

Computers Can Engage in Cyber Criminal Activities 3 Ways Can be Target of Offense: When Confidentiality, Integrity, & Availability of Data, Applications, Networks are Compromised Can Be Tool to Commit a Crime, Includes Fraud, Child Pornography, Conspiracy Can Be Incidental to a Crime But Have Significant Importance to Law Enforcement, Especially for Evidentiary Purposes 6

Consistent International Legal Framework is Emerging U.S., Europe, G8, OECD, Council of Europe are Global Leaders CoE Convention on Cybercrime EU Ministers of Justice adopted the Proposal for a Council Framework Decision on attacks against information systems on March 4, 2003. 7

Consistent International Legal Framework is Emerging cont d G8 Ten Principles to Combat High-Tech Crime Action Plan to Combat High-Tech Crime 24/7 Point of Contact Network (45 countries) OECD Guidelines for the Security of Information Systems & Networks APEC Cyber Security Strategy, APEC- ASEAN Joint Workshop 2007 8

Areas Highlighting Need for Harmonization Definitions & Scope Jurisdictional Provisions Substantive Provisions Procedural Provisions International Cooperation 9

Definition & Scope Vary in Definition, Form, and Penalties Industrialized Nations Laws Protect Computer & Communication Systems and Data Transiting & Residing In These Systems Cybercrime Laws Generally Apply To: Use of computers & Internet for illegal purposes (viruses, hacking, unauthorized acts) Crimes against communication systems Crimes facilitated by the use of a computer Wiretap, pen register, and trap and trace laws to protect privacy and facilitate investigations 10

Jurisdictional Issues Possible for Cyber Criminal to be Physically Located in One Country, Weave an Attack Through Multiple Countries & Computers, and Store Evidence on Servers in yet Another Country Victims May be All Over Globe, Jurisdiction Questionable Internet Borderless but Law Enforcement Must Stop at Borders Substantive & Procedural Laws of Countries May Conflict, Creating Evidentiary Issues Letters Rogatory & Multilateral Assistance Treaties (MLATs) Dual Criminality Requirements Very Problematic Needs to be Way to Secure Extradition; Extradition Treaties One Method 11

Substantive Provisions Illegal Access Illegal Interception Data Interference System Interference Misuse of Devices, Passwords Computer-Related Offenses (forgery, fraud, child pornography, infringements) Aiding & Abetting Corporate Liability 12

Procedural Provisions Laws Can Restrict Government Access to Real- Time Interception of Communications & Traffic Data (Wiretaps); Content is Protected More Than Traffic Data Laws Can Also Restricts Access to Stored Electronic Data Be Aware of Constitutional Protections & International Law Requirements Vary: Upon Court Order, Search Warrant, Subpoena 13 Jody R. Westby

Procedural Provisions cont d Actual Search & Seizure of Data Requires Skill Important to Follow Rules of Criminal Procedure, Protect Chain of Custody to Prove Integrity of Data, and Preserve it for Transport Best Practice Guides Available from U.S. Government, State Governments, Prosecutors, American Bar Association, Canada, & London Internet Exchange (LINX) 14

International Cooperation with Law Enforcement Cyberspace Has No Borders, But Law Enforcement, Diplomats, & Investigators Do Interpol and Europol are Important Global Links Interpol & Europol Do Not Investigate: Passes Requests from Country to Country Interpol has National Central Bureaus in Each Country 15

International Cooperation with Law Enforcement cont d Staffed by One of More Law Enforcement Agencies Interpol Actively Involved in Information Technology Crime (ITC) Through Working Parties of Experts Collection & Preservation of Evidence May be Difficult; Evidence May Be Useless in Court 16

Judicial & Statutory Common Protections for Live Interceptions Approval Should Be Obtained from Independent Official (Judge) Based on Written Application and Manifested in Written Order Approval Should Be Granted Only Upon Strong Factual Showing of Reason to Believe That the Target of the Search is Engaged in Criminal Conduct & Less Intrusive Methods Not Adequate Each Surveillance Order Should Cover Only Specifically Designated Persons or Accounts; Generalized Monitoring Should Not Be Permitted 17

Judicial & Statutory Common Protections for Live Interceptions cont d Rules Should Be Technology Neutral Scope & Duration of Interception is Limited to Only What is Necessary to Obtain Evidence In Criminal Investigations, Those Who Have Been Subject of Interception Should be Notified When Investigation Concludes (Whether Charged or Not) Personal Redress or Suppression of Evidence at Trial is Provided for Violations 18

Model Cybercrime Law Project American Bar Association Privacy & Computer Crime Committee (Section of Science & Technology Law) Produce Draft Law & Explanatory Comments Same/Similar Format as UNCITRAL Model Laws (Electronic Commerce & Electronic Signatures) ITU to Make Available to Developing Countries to Help Them Establish Legal Frameworks 19

Participants Multidisciplinary Industry, Policy Experts, Academicians, Government Personnel, Technical Experts, Attorneys) International (Canada, Germany, India, Israel, Latvia, Japan, Mexico, Nigeria, Sri Lanka, UK, US) No Cost to Participate, Open to Interested Persons 20

Approach Develop Matrix of Provisions of Laws (Council of Europe + 10 Developed Nations) Comparative Analysis of Laws Working Groups by Topic Areas Teleconferences (Skype) & Email Drafting Model Law & Explanatory Comments Review & Editing Across Working Groups Completion Date: March 1, 2008 21

Overall Goal: Develop Model Cybercrime Law that Will Promote Global Harmonization & Assist Developing Countries In Establishing Legal Frameworks for Cyber Security International Telecommunication Union

More Information ITU-D ICT Applications and Cybersecurity Division www.itu.int/itu-d/cyb/ Cybersecurity Resources and Activities www.itu.int/itu-d/cyb/cybersecurity/ ITU National Cybersecurity/CIIP Self-Assessment Toolkit www.itu.int/itu- D/cyb/cybersecurity/projects/readiness.html Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection www.itu.int/itu-d/cyb/events/ Cybersecurity Publications www.itu.int/itu-d/cyb/publications/ 23

More Information cont d ABA Privacy & Computer Crime Committee Publications International Guide to Combating Cybercrime International Guide to Privacy International Guide to Cyber Security Roadmap to an Enterprise Security Program FREE to people in developing countries: Send email to westby@mindspring.com ITU Cybercrime Model Law Toolkit www.itu.int/itu- D/cyb/cybersecurity/projects/cyberlaw.html 24

International Telecommunication Union Helping the World Communicate 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback