10-04-2012, 12:01 PM
Cyber Crime . . . and Punishment Archaic Laws Threaten Global Information
McConnell-cybercrime.pdf (Size: 288.89 KB / Downloads: 25)
Overview
The growing danger from crimes committed against computers, or against information on
computers, is beginning to claim attention in national capitals. In most countries around the
world, however, existing laws are likely to be unenforceable against such crimes. This lack of
legal protection means that businesses and governments must rely solely on technical measures
to protect themselves from those who would steal, deny access to, or destroy valuable
information.
What’s Different About Cyber Crime?
Undeterred by the prospect of arrest or prosecution, cyber criminals around the world
lurk on the Net as an omnipresent menace to the financial health of businesses, to the trust of
their customers, and as an emerging threat to nations’ security. Headlines of cyber attacks
command our attention with increasing frequency. According to the Computer Emergency
Response Team Coordination Center (CERT/CC), the number of reported incidences of security
breaches in the first three quarters of 2000 has risen by 54 percent over the total number of
reported incidences in 1999.1 Moreover, countless instances of illegal access and damage around
the world remain unreported, as victims fear the exposure of vulnerabilities, the potential for
copycat crimes, and the loss of public confidence.
Poor Information Security Reduces the Competitiveness of Nations
In our August 2000 report, Risk E-Business: Seizing the Opportunity of Global EReadiness,
McConnell International rated mid-level economies’ capacity to participate in the
digital economy.3 In considering nations’ information security, the report evaluated public trust
in the security of information processed and stored on networks in each country. In this context,
information security included:
The Cyber Crime Laws of Nations
Based on its findings in the E-Readiness study, and in the wake of the Philippines
inability to prosecute the student responsible for the “I Love You” virus, McConnell
International surveyed its global network of information technology policy officials to determine
the state of cyber security laws around the world. Countries were asked to provide laws that
would be used to prosecute criminal acts involving both private and public sector computers.
Law Is Only Part of the Answer
Extending the rule of law into cyberspace is a critical step to create a trustworthy
environment for people and businesses. Because that extension remains a work in progress,
organizations today must first and foremost defend their own systems and information from
attack, be it from outsiders or from within. They may rely only secondarily on the deterrence
that effective law enforcement can provide.
Conclusions
1. Reliance on terrestrial laws is an untested approach. Despite the progress being made in
many countries, most countries still rely on standard terrestrial law to prosecute cyber crimes.
The majority of countries are relying on archaic statutes that predate the birth of cyberspace and
have not yet been tested in court.
2. Weak penalties limit deterrence. The weak penalties in most updated criminal statutes
provide limited deterrence for crimes that can have large-scale economic and social effects.
3. Self-protection remains the first line of defense. The general weakness of statutes
increases the importance of private sector efforts to develop and adopt strong and efficient
technical solutions and management practices for information security.