Teutas - Diritto & Tecnologia

Current solutions of criminal justice system’s intervention to cybersecurity threats show how the solutions of problems can become problems on their own and how not only cybersecurity threats and incidents cause problems but also a response to these problems by a criminal justice system as the most powerful system of crime control. But first, let us identify some paths of ICT entry to criminal justice systems across contemporary Western societies.

1. ICT and crime

ICT has generated (1) new forms of crime and accordingly provoked (2) a new criminal justice system’s response to this crime. (1) The challenge of the new forms of crime has raised a dilemma between “old wine new bottles” (Grabosky)[2] and “new wine no bottles” (Wall) approach in criminological theory. Today it seems that both are right (or wrong), but the new concepts of information, computers and networks have raised the last approach to the fore of criminological inquiry. New forms of crime have posed manifold substantive criminal law challenges. Taxonomies of cybercrimes are numerous today, but lawyers mainly refer to the most famous substantive criminal law taxonomy from the CoE Convention on Cybercrime that distinguishes integrity-related, computer related and content related cybercrime.

On the other hand criminal justice systems have responded to the new types of crime not only by adapting substantive criminal law provisions, but also by crime prevention strategies; today they include the use of CCTV and biometry (for instance automatic face recognition systems), internet service providers are under enhanced data retention obligations that cause general prevention effects etc. In addition, ICT has changed methods of reaction to the already committed crime. It has given rise to institutional rearrangements, for instance new police and prosecution forces are being introduced and e-justice concept (embodied, for instance, in videoconferencing and computer animation) is becoming more and more important. The methods of reaction to crime are experiencing a paradigmatic shift. Instead of public police that was once a central actor of the maintenance of order, new arrangements of order-maintenance has emerged that include a pleiad of new actors. We are witnessing an intensive public-private partnerships and “multi-agency cross-sector partnerships” (Wall). Actors like internet users’ organizations, virtual environment managers, network infrastructure providers, private corporate security personnel (for instance in banks), non-governmental non-police hybrids (like CERTs) and government non-police bodies (like customs) are acting by the side of public (governmental) police.[3] All of them form an order maintaining assemblage of cyberspace policing.

New response to crime has provoked also considerable procedural criminal law challenges. Digital forensics (also known as cyber or computer and network forensics) is becoming more and more important as society increasingly depends on digitised data. Electronic “footprints” are omnipresent but the agents of crime control still lack the expertise to collect intangible transient data, make sense of them and preserve them in a judicially appropriate form. Additionally, cross-border nature of cybercrime has enhanced jurisdictional challenges. Finally, rules of evidence are no longer appropriate safeguards for fundamental civil liberties as they were tailored for collecting physical evidence and eyewitness testimony.[4]

The question of major importance is thus today, how adequate are the measures adopted by criminal justice system to tackle cybercrime and/or what are the consequences of failing to act appropriately? Before answering to this question it is indispensable to assess the harm of cybercrime and compare its effects to the effects of criminal justice system’s “fight” against cybercrime. Which threatens us more: the problem (cybercrime) or the reaction to the problem (criminal justice system’s intervention)?

1. The problem of a “problem”: be afraid arguments

According to a report from the Council of Europe,[5] current trends in the field of cyber security are far from encouraging:

(1) Information societies worldwide are increasingly dependent on information and communication technologies and the growth of cybercrimes renders societies highly vulnerable.

(2) Malware (malicious codes and software, including viruses, worms, Trojan horses, spyware, bots and botnets) is evolving and spreading rapidly, and is being used among other things to commit ‘denial of service attacks’, identity thefts, frauds, money laundering etc.

(3) Spam now represents the vast majority of email traffic and is not only a nuisance but is increasingly a carrier of malware: in addition, spam messages are also appearing in new technologies (on mobile phones as SMSishing or internet phones as Vishing).

(4) Botnets are one of the central tools of organized cyber crime used for DoS attacks, identity thefts, phishing, as well as for the placing of adware and spyware etc.

(5) An underground service economy is developing (botnets are being leased to organised criminal groups).

(6) The threats are changing:  the mass, multi-purpose and global attacks by viruses, worms or spams which attracted so much public attention are being replaced by more targeted and smaller attacks on specific users, groups or organizations, seemingly with the aim of avoiding attention and pursuing instead a concerted economic purpose.

(7) The internet is misused for the sexual exploitation and abuse of children and human trafficking (child pornography in particular has attracted an increasing commercial interest).

(8) The risk of cyber-attacks against the critical information infrastructure (cyber-terrorism and cyber-war) is perceived to be on the increase.

(9) The use of P-2-P networks supposedly enables widespread copyright infringements.

(10) Finally, estimates of the material damage caused by cybercrime put the cost at around 50 milliard dollars a year.

If we accepted this report in its entirety the only possible conclusion is that cybercrime clearly and seriously threatens our information societies.

1. The problem of a “problem”: “but why?” arguments

The very concept of cybercrime is still a very vague notion. There are different types of “lenses” used to observe cybercrime, and consequently many contradictory “facts” about its scope as well as a variety of assessment of its dangerousness. The vast literature about the nature of cybercrime can be divided into a number of discourses. Wall,[6] for instance, identifies (1) the legislative discourse about cybercrime which attempts to define the rules that set boundaries for (un)acceptable behaviour, (2) the academic discourse that seeks to understand the phenomenon through computer science, information management, economics, and from the perspective of the socio-legal and criminological disciplines, (3) the expert knowledge that explores and seeks to understand trends in cybercrimes in order to provide explanations and inform solutions and (4) the popular/layperson’s discourse that reflects a “common sense-based” understanding of crime.

The problem we face today is that all these different discourses, approaches or narratives are incoherent, and their claims to knowledge often contradictory. Do acts labelled as “cybercrimes” really represent a “clear and present danger” to our “information societies” which in turn requires the machinery of the criminal justice system to be set in motion?

The trends listed above and the diverse phenomenology of cybercrime show, firstly, that the identification and analysis of cyber threats are still an arduous task. There are different forms of what we call “cybercrime”: some forms “only” use computers and networks as a means for committing conventional crime, while others focus primarily on computers, networks and data; some are computer crimes (the so-called first generation of cybercrime), others involve hacking (second generation) and some automated forms of cybercrime (third generation).[7]

Secondly, the list shows that the assessment of the danger of cybercrime is self-contradictory. According to the above mentioned report of the Council of Europe, which  is undoubtedly one of the most important forums for the protection of human rights, we should be afraid for the threat that the problems in this list pose to individuals; actually, very afraid.  But, many criminologists are warning us not to draw such conclusions.[8] They claim that this anxiety is being provoked, quite intentionally, by certain parties pursuing their economic interests and by others trying to make their voice heard in the process of reallocating public funds. For instance, the case of spam clearly shows us that the danger of cybercrime can be exaggerated. At the beginning of 2007 there were estimates that spam represented 80 percent of e-mail traffic in 2005, 95 percent in 2006 and that the system will reach its capacity in 2007.[9] This disaster has (thankfully) not occurred, but “anxiety-provokers” will quickly add that has been averted only due to the system’s ability to adapt; should this fail, we shall be in trouble. Perhaps the pessimists’ claim has some weight, but the performance data supplied by sources in criminal justice systems across Europe (i.e. statistics from police forces, prosecution services and criminal courts) give controversial evidence that the numbers of reported crimes as well as prosecuted and processed cases simply do not increase as quickly as some claim and fear; and moreover that they do not justify a verdict as dire as that which the Council of Europe’s report would have us reach. On the contrary, the numbers themselves are extremely low and contrast sharply with the non-numerical “situation analysis” the report offers.

---

Aggiungi questo articolo ai tuoi social bookmarks preferiti