Perspectives for an effective European-wide fight against cybercrime

1
Perspectives for an effective European-wide fight
against cybercrime

• Anne Flanagan
• Institute for Computer and Communications Law
• Centre for Commercial Law Studies, Queen Mary,
  University of London

2
Introductory Remarks

• Transnational crime
• Substantive procedural harmonisation
• EU First Pillar, Third Pillar the Lisbon
  Treaty
• Sanction remedies
• Policing cyberspace
• Public private law enforcement
• The role of intermediary service providers
• Council of Europe Guidelines for Co-operation
  (2008)
• Controlling content monitoring communications
• Safeguarding rights

3
Sanction and remedy

• Sentencing
• statutory minimums, judicial discretion
• Cyber Security Enhancement Act of 2002
• aggravating circumstances
• e.g. EU Framework Decision, art. 7
• Restraint orders
• Collard 2004 EWCA Crim 1664
• ..prohibited from owning, using, possessing or
  having any access to any personal computer,
  laptop computer or any other equipment capable of
  downloading any material from the Internet
• Compensation
• Civil enforcement, e.g. 18 U.S.C. 1030(g)

4
Policing cyberspace

• Public law enforcement
• Industrial-scale organised crime
• e.g. US Landslide investigations the UK 7000
• Local, national international policing
  structures
• e.g. reporting crimes
• International co-operation
• e.g. www.virtualglobaltaskforce.com
• Operation PIN
• community policing in cyberspace simply another
  public place

5
Policing cyberspace

• Interaction with private sector
• Exchanging information
• e.g. Single Points of Contact (SPOCs)
• Prosecution expertise
• And judicial training
• Pro-active intervention?
• To attack online resources

6
Policing cyberspace

• Private law enforcement
• private prosecutions
• e.g. Federation Against Software Theft (FAST)
• investigative reporting functions
• e.g. Computer Emergency Response Team (CERT)
• e.g. Internet Watch Foundation
• vigilantes
• e.g. US v Jarrett 338 F.3d 339 (Va., 2003)
• an unholy alliance?

7
Protected data

• Biggest challenge for computer forensics in the
  21st Century
• Access conversion protections
• Obtaining access
• Requirement to provide in intelligible form
• Requirement to hand over key
• any key, code, password, algorithm or other
  data
• Failure to disclose in a national security
  case 5 years
• Self-incrimination?
• S and A 2008 EWCA Crim 2177

8
Criminals and actors

• Perpetrator
• a criminal type?
• motivation, opportunity skill
• From script-kiddies to überhackers
• Inchoate offences
• Attempt, conspiracy incitement
• Demanding supply
• Misuse of devices, e.g. Convention, art. 6
• Intermediaries
• communications service provider
• limitations on liability

9
Intermediary liability

• Service providers as gatekeepers
• User-generated content
• indecent or obscene, encouragement of terrorism
• Electronic commerce Directive (00/31/EC)
• mere conduit, caching hosting
• actual knowledge
• Duties to report?
• Monitoring and action
• LVMH v Google (2009)
• Commission review
• Content aggregation, search engines, linking

10
Controlling illegal content

• Notice and take-down (in jurisdiction)
• Terrorism Act 2006, s. 3 internet activity
• Liability for endorsement
• Blocking access (out jurisdiction)
• e.g. Internet Watch Foundation
• database of URLs for child sexual abuse images
• Voluntary, but with threat of mandation
• International reach, e.g. Google Yahoo!
• Web-based traffic, but not P2P other services
• Problem of collateral interference
• e.g. Wikipedia Scorpions Virgin Killers

11
Monitoring communications

• Interception of content
• For law enforcement purposes
• e.g. Airline bombers, Madrid bombers
• For commercial purposes
• Phorm behavioural targeted advertising
• Accessing communications data
• Attributes Traffic, usage, location subscriber
  data
• e.g. 21/7 bombers (?) from London to Italy
• Data retention 6-24 months (Directive 06/24/EC)
• Google agreement with EU

12
Safeguarding Rights

• European Convention on Human Rights
• Fair trial (art. 6), privacy (art. 8) freedom
  of expression (art. 10)
• chilling effect
• Derogations
• In accordance with the law
• Legal certainty
• Applicable interest
• i.e. national security
• Necessity and proportionality

13
Concluding remarks