CYBER HACKING CRIMES: A COMPARATIVE STUDY AMONG AMERICAN, BRITISH AND INTERNATIONAL ACTS AND REGULATIONS
In today’s world Information and communication technologies are growing at a fast pace. Internet use and the need for connectivity has become an integral part of everyday life and virtually all modern services such as electricity supply, military services, transportation infrastructure, and logistics, have become almost completely dependent on ICTs (Casey 2002, 161). ICT applications have provided various beneficial advantages to the modern societies including poverty reduction, facilitating achievement of developmental needs, improved health, increased productivity, improved quality of goods and services, increased flow of information, among many others (ITU 2009, 6). However, alongside the many benefits, the widespread use and high dependence on ICTs has introduced many novel and serious threats especially since most essential services including electricity and water supply, traffic control, elevators, telephones, air conditioning, cars, and so on all depend on the proper functioning of ICTs (Casey 2004, 16). Thus, infiltration of information infrastructure and the general internet connectivity has the potential to cause dire consequences to the society (Bohn et al. 2004, 764).
In the recent past, the world has witnessed serious attacks against information technologies some of which have had serious implications to the victims involved. Online fraud and cyber hacking take place every day and on a large scale (Panjwani et al. 2005, 57). Hacking and computer viruses have especially become major potential threats to the security of information systems across the world. According to a survey by the UK (UK Audit Commission Report 1991, 11), it was realized that the amount of financial loss caused by hacking increased 300-fold over a three-year period. Currently, it has been projected that the UK economy loses an estimated £27 billion from cyber hacking every year (Erickson 2008, 45). This clearly underscores the need to develop a comprehensive framework to effectively protect information systems. Even though computer hacking is loosely referred to as a computer crime in some countries computer hacking is legal since there is no existing legislation criminalizing the behaviour. This portrays the big problem that arises in seeking to prosecute offenders in cases involving several countries (Harrison et al. 2002, 16).
In order to curb cyber hacking, promoting cyber security is an integral step towards securing a country’s, and by extension the global world, security and economic well-being (Vacca 2005, 98). For any country to achieve this, appropriate national legislative framework need to be laid down aimed at preventing, preparing, responding and recovering from criminal acts perpetrated within ICTs. Apart from efforts at the national level, there is also the need for cooperation and coordination with other countries at the international and regional level. Thus, formulation of national legal frameworks should be accorded a comprehensive approach (ITU 2007, 6). This is grounded on the fact that cyber hacking concerns are global in nature and its implications transcend beyond borders thus demanding a coherent strategy incorporating the efforts of all stakeholders and different initiatives in a framework that promotes international cooperation (Kellerman 2005, 198).
To this end, the World Summit concerning Information Society (WSIS) in the Tunis Agenda for the Information Society included provisions §§ 108-110 which introduced the idea of multi-stakeholder implementation of its Geneva Plan of Action at the international level, and especially Action Line C5 (WSIS) which aimed at improving the cyber security. Developing a comprehensive cyber security system requires formulating appropriate substantive criminal law provisions, which criminalize acts of computer hacking (Gercke 2006, 41). This is mainly because the existing provisions of the criminal code, which mainly deals with physical crimes, may not adequately cover criminal acts occurring within the internet system. Therefore, it is important to analyse the existing national laws with the aim of identifying any possible gaps. Once the substantive criminal legal provisions are put in place, the law enforcement authorities will need to be equipped with the necessary tools to enable them investigate cybercrimes and acquire enough evidence to apprehend the criminals involved taking into consideration that these crimes can be committed from any part of the world (Reinhart 2012, 4).
The challenges facing cyber hacking are highly connected to the international dimension of these crimes. The illegal content will have passed through several countries before reaching its intended recipient or the illegal content may be stored in one country while causing damage in another (Clark 2005, 18). In seeking to curb the crimes, close cooperation between the involved countries is paramount. Today, mutual legal assistance agreements existing between nations are faced with complex, highly formal, and mostly time consuming procedures, which do not envision computer related investigations. This paper argues that in order to curb the ever-increasing cases of cyber hacking legislative cooperation between the various global nations is paramount. This paper will however restrict itself to the two nations under analysis namely America and Britain. This is against the backdrop of the recent international case where Britain refused to extradite Mr Gary, a British National accused of hacking into the American military information (O’Connell 2012, 134). Various studies have been conduct on the legal framework existing in regard to cybercrimes and hacking at the national, regional and international level (Sterling 1993, 54). Some research studies have also analysed the effectiveness of the existing legal framework in addressing cyber hacking. This research study aims at bringing a new element to these studies by evaluating the effect of disharmony of national laws on the overall level of cyber hacking crimes at the global level with particular attention being given to America and Britain jurisdictions.
- SIGNIFICANCE OF STUDY
This study is aimed at identifying the various gaps existing within the legislative framework regulating cyber hacking in both America and Britain, which makes it difficult for these countries to prosecute and punish offenders of cyber hacking crimes, which are trans-boundary in nature. The study will be able to come up with a common solution through which these countries can fight cyber hacking on the same front. The study will also be important to policy makers in guiding their future national, regional, and international legislation.
- PROBLEM OF THE STUDY
Over the last decade, cybercrimes have been on the increase causing untold damage to nations. Generally, these attacks occur between nations. In 2010, Iran’s nuclear program was halted by malicious cyber-attacks, which could have been done by Americans and the Israelis in the comfort of their own countries. Then there was the Burma first election gone awry. In 2011, evidence of a cyber-attack program in China rumoured to have been sanctioned by the Government directed at the US. The Snowden case where Edward Snowden infiltrated the US information system and then sought asylum in Russia is still fresh in our mind. The question that arises is how can a country prevent itself from these cyber-attacks? The effect of cyber-attacks cannot be understated, as they have been known to cause huge financial losses not to mention increased security threats. Against this backdrop, finding a common ground through which countries can fight cyber-attacks together cannot be gain stated. This paper aims at identifying the gaps existing between the America and Britain countries and how they can come together to seal these gaps and attain cooperation in the fight against cybercrimes.
- ELEMENTS OF THE PROBLEM
The elements of the problems are:
has the different national legislation of US and UK on cybercrimes contributed
to the increased trans-boundary cyber-attacks?
- What gaps exist in the national legislation of the US and UK on cybercrimes that poses challenges in the fight against cyber hacking for the two nations?
- What can be done to harmonize the existing legal frameworks of the two countries for effective fight of cyber hacking?
- To what extent has the international laws and regulations failed to bring harmony and cooperation of these countries in terms of cyber hacking laws?
- The fragmentation and lack of harmonization of national legislation of the US and UK countries in regard to cybercrimes has led to increased cyber-attacks in both countries.
- The National legislation of both countries is faced with lack of clear definitions of cyber hacking crimes and mode of collecting electronic evidence and prosecuting offenders, which makes it difficult to fight cyber-attacks.
- Developing a comprehensive and harmonized legal framework based on the spirit of mutual cooperation and using accurate verifiable data would be a huge step towards reduction of cyber-attacks.
- Increased fragmentation of international instruments, which are motivated by individual political forces and power plays, has been a major reason why cooperation among nations in the fight against cyber-attacks has not been realized.
- LITRETURE REVIEW
This part of the paper will analyse six research studies by various scholars touching on the legal framework regulating cyber hacking nationally, regionally and internationally. Due to the unavailability of studies relating to cyber hacking as an aspect of cybercrime it has necessitated the review of studies involving cybercrime as a general concept, which are the majority, and trying to derive the relevant findings from these studies touching on our debate. In particular, the paper will draw its arguments from research study by Bruce Sterling, The Hacker Crackdown: Law and Disorder on the Electronic Frontiers. The subject of study for Sterling was the 1990 Operation Sundevil, which caused a crackdown of the US’s computer underground. In this work, Sterling seeks to analyse the four principle parties who caused the crackdown, i.e. the hackers, telecommunication companies, civil liberties, and law enforcement officials (1993, 78). The writer then discusses the mechanisms employed by law enforcement officers such as the Secret Service and the police to bring perpetrators to justice, including the trial of Neidorf Craig. He also discusses the protections offered by the First Amendment in the context of cyber hacking. Sterling’s recommendations are that even in seeking to apprehend cyber hacking offenders, the right to privacy protected by law should not be violated by police investigating these crimes. He also suggests that all the participants should come together in cooperation against cyber hacking.
The work of Sciglimpaglia, Computer Hacking: A Global Offense, will also inform the argument advanced in our research paper. Sciglimpaglia talks of the various challenges facing law enforcement officers in seeking to prosecute cyber hacking crimes due to inconsistent or inexistent legislative framework. He describes a case of cyber hacking where the police had suspects in custody but they could not proceed to ensure they are punished due to lack of a proper legislative framework (1990, 32). The writer recommends for adoption of international measures as well as legal frameworks, both nationally and internationally to ensure punishment of offenders, and prevention of global hacking. He also recommends that existing legal frameworks should keep pace with the rapidly advancing technology to avoid being outpaced by cyber hacker.
Another article that will be analysed in literature review is the work of Jason V. Chang, Computer Hacking: Making the Case for a National Reporting Requirement. The writer is advocating for a computer hacking reporting system by organizations. He argues that the existing legislative framework in US, including the Computer Fraud and Abuse Act, have failed in deterring potential computer hackers from omitting these atrocities (2007, 43). The study finds that efforts to bring these perpetrators to justice have been highly in effective since only a small percentage is caught and prosecuted at any given time. Further, when it comes to organizations, they fail to disclose to the public any previous incidences of hacking to avert negative publicity. He therefore suggests that Congress enact laws that would ensure organizations report these cases for two main reasons; first, to warn persons whose information has been compromised; and secondly, to aid in investigations.
Nest we analyse an article by Gabriella Coleman, Phreaks, Hackers, and Trolls: The Politics of Transgression and Spectacle. Coleman offers a comprehensive analysis of these three types of cybercrimes, identifying the connecting factor between them. He laments at how this group of cyber offenders have now started forming into underground organizations joining efforts to terrorize the public. Coleman analyses the motives, the characteristics, and history of these criminals and their criminal behaviour (2012, 35). He also discusses the ethical, legal and political questions arising from the actions of these offenders. He argues that despite the various motives that may exist for these offenders, there is usually a politically connected reason for their actions. He states that these, usually young individuals, carry brains that if used responsibly can have remarkably positive effects to the universe. His recommendation is that these people should use their skills in positive actions other than causing harm. He however warns against being too trustworthy of these people as they can cause devastating effects.
We also look at the work of Richard Downing, Thinking through Sentencing in Computer Hacking Cases: Did the US Sentencing Commission Get it Right? In this work, Downing feels that the factors considered by courts to sentence the traditional crimes do not in most cases include all the factors that courts should be considering while sentencing computer hackers (2007, 134). He argues that some of the factors that courts consider such as right to privacy and threats to economic structures are incapable of proper quantification in monetary terms. He argues that due to the increasing cases of cyber hacking, law enforcers need to come up with ways to effectively deter future crimes. He argues that for cyber hacking crimes which ordinarily take long to catch and apprehend an offender, it means that there is need for severe punishment to increase the level of apprehension for effective deterrence (2007, 36). He recommends a sentencing that is more severe as compared to other offences for effective deterrence.
Lastly, this study will derive its argument from the study by Hathaway et al., which discusses the law applicable and how relevant the law of war is to cyber-attacks. It also analyses the existing legal framework globally addressing cyber-attacks. The study argues that the existing legal frameworks are not adequate in responding to cyber-attacks. For instance, the law of war is only applicable in cases involving armed conflict. In addition, the existing national and international legal frameworks are so fragmented to adequately address cyber-attacks (2012, 987). The paper proposes a more comprehensive legal structure to effectively address the issue of cyber-attacks. Countries need to wake up and update their legislative instruments to meet the new complex threats. For instance, the US may be able to fight this battle by expanding its domestic laws to apply abroad as well as developing some countermeasures where appropriate. However, even then, there is little that a country can achieve alone and therefore the paper recommends for global cooperation between nations.
The main gap existing in the existing body of research in this area is that there is almost no research on the issue of cyber hacking as a concept distinct from the general topic of cybercrimes. This paper is aimed at sealing this gap by providing a research study concentrating specifically on cyber hacking as a separate aspect of the general concept of cybercrimes. The study will particularly analyse the national legislation of the US and UK that specifically deals with cyber hacking as well as regional and international instruments and regulations that govern these two countries’ cyber laws on hacking.
- METHODOLOGY OF STUDY
Foremost, the study will be involved in coming up with various study topics which include; the level of cyber-attacks; the nationality of offenders in those attacks; the ability of a country to investigate and prosecute the offenders of the other country; the national legislation in place hindering such processes; the probability of harmonization of these laws; etc. (O’Connell 2007, 97). These will then be formed into a questionnaire, which will be sent to various respondents, which will be scientifically sampled, from selected individuals working for major organizations, government agencies, ICT personnel, etc. Data will be analysed using various scientific methods such as the comparative legal analysis. Other methods such as use of information from the social media will also be used where appropriate.
- SUGGESTED CONTENT
- Chapter 1: Cybercrimes and Hacking:
This will include the Definition of the term Hacking and Cybercrimes, the History of cyber hacking, Purpose of Hacking, the difference between Hackers and Crackers, Types of Hackers, Types of Hacking which includes; Website Hacking, Email Hacking, Network Hacking Password Hacking, Online banking Hacking and Computer Hacking. It will also analyse Hacker attack methods such as Methods used by hackers to collect information, Damages, Classification of hackers based on moral arguments, and so on.
- Chapter 2: Legal Analysis
This part will analyse all the Acts, codes, regulations and court decisions relating to cyber hacking within the American and Britain jurisdictions as well as the Legal instruments at the international and regional level dealing with cyber hacking to which these countries are party to. The study will be a comparative analysis of the laws of these two countries to identify any gaps and recommend on the way forward to bring about harmonization. The things to be analysed include; criminal behaviour, Criminal intent (general and/ or private) and Punishment provided by these laws.
- Chapter 3: Legal Response
- Digital evidence: this will analyse the challenges faced by investigators in collecting digital evidence, the admissibility of digital evidence in courts of these countries, and methods through which these countries can formulate their laws to allow extraterritorial access to data relating to cyber hacking.
- The conflict of jurisdiction over these crimes: what are some of the jurisdiction issues that arise in seeking to prosecute cyber hacking crimes and how can these countries amend their legislations to correct this dilemma.
- TIME TABLE
Data collection using the questionnaires and any other method employed will be done within a period of three months from 1st June to 30th August. Thereafter, data will be analysed and results obtained within another three months, which makes a total of six months for the entire research period.
Bohn, J, Coroama, V, Langheinrich, M, Mattern, F and Rohs, M. (2004) Living in a World of Smart Everyday Objects – Social, Economic & Ethical Implications, Journal of Human and Ecological Risk Assessment, Vol. 10, page 763 et seq.
Casey, E. (2002), Error, Uncertainty, and Loss in Digital Evidence: International Journal of Giordano, Scott M. (2006) Electronic Evidence and the Law, Information Systems Frontiers, Vol. 6, No. 2, page 161.
Casey, E. (2004) Digital Evidence and Computer Crime: The admissibility of Electronic evidence in court: fighting against high-tech crime, Cybex: available at: www.cybex.es/agis2005/elegir_idioma_pdf.htm.
Chang, J. (2007) Computer Hacking: Making the Case for a National Reporting Requirement, The Berkman Center for Internet & Society; Research Publication No. 2004-07
Clark, T. (2005) Storage Virtualisation Technologies for Simplifying Data Storage and Management, Addison-Wesley: Longman Publishing Co., Inc.
Coleman, G. (2012) Phreaks, Hackers, and Trolls: The Politics of Transgression and Spectacle, New York University Press: New York, London.
CRS Report for Congress on the Economic Impact of Cyber-Attacks, April 2004, page 10, available at: www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf.
Daubert v. Merrell Dow Pharmaceutical, Inc. 509 U.S. 579, (1993) 113 S. Ct. 2786, available at: http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=509&invol=579.
Downing, R. (2007) Thinking through Sentencing in Computer Hacking Cases: Did the US Sentencing Commission get it Right, Mississippi Law Journal, Vol. 76, pp. 923-948
Erickson, J. (2008) Hacking: The Art of Exploitation, 2nd Revised Ed., Daly California: No Starch Press, US.
Gercke, M. (2006) The Slow Wake of a Global Approach against Cybercrime, Computer Law Review International, p. 141.
Harrison, W., Aucsmith, D., Geuston, G., Mocas, S., Morrissey, M. and Russelle S. (2002) A Lesson learned repository for Computer Forensics, International Journal of Digital Evidence, Vol. 1, No. 3, page 1.
Hathaway, O., Crootof, R., Levits, P., Nix, H., Nowlan, A., Perdue, W., and Spiegel, J. (2012) The Law of Cyber-Attack, California Law Review.
IBM survey, published 14.05.2006, available at: www-03.ibm.com/industries/consumerproducts/doc/content/news/pressrelease/1540939123.html.
ITU (2009) ICT Applications and Cybersecurity Background Note to the 2009 Pacific ICT, Ministerial Forum held in Tonga 17-20 February 2009.
ITU (2007) Cybersecurity Work Programme to Assist Developing Countries 2007-2009 (2007), available at: www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-cybersecurity-work-programme-developing-countries.pdf.
Kellerman, T. (2005) Technology risk checklist, Cybercrime and Security, IIB-2, page 1.
O’Connell, M. (2007) Cyber-Crime hits $ 100 Billion in 2007, ITU News related to ITU Corporate Strategy, available at: www.ibls.com/internet_law_news_portal_view_prn.aspx?s=latestnews&id=1882.
O’Connell, M. and Arimatsu, L. (2012) Cyber Security and International Law, Chatham House Publishers, London.
Panjwani, S., Tan, S., Jarrin K., and Cukier, M. (2005) An Experimental Evaluation to Determine if Port Scans are Precursors to an Attacks, Online-Community Hacker Watch
Reinhart, C. (2012) Penalties for Computer Hacking, ORL Research Report: Connecticut, US.
Sciglimpaglia, Robert J. (1991) Computer Hacking: A Global Offense, Pace International Law Review, Vol. 3, issue 1.
Sterling, B. (1993) The Hacker Crackdown: Law And Disorder on the Electronic Frontier, Bantam; Reprint Edition
UK Audit Commission Report: Survey of Computer Fraud & Abuse, 1991
Vacca, R. (2005) Computer Forensics: Computer Crime Scene Investigation, 2nd Edition, ACM London, England.
WSIS Action Line C5 Building confidence and security in the use of ICTs: available at www.itu.int/wsis/c5/