Transcription
Comprehensive Studyon CybercrimeDraft—February 2013
Front cover photo credits (left to right): iStockphoto.com/TommL iStockphoto.com/mikewesson iStockphoto.com/polygraphus
UNITED NATIONS OFFICE ON DRUGS AND CRIMEViennaComprehensive StudyonCybercrimeDraftFebruary 2013UNITED NATIONSNew York, 2013
United Nations,February2013.OfficeAll rightsreservedCopyright2013, UnitedNationson Drugsandworldwide.CrimeACKNOWLEDGEMENTSThis report was prepared for the open-ended intergovernmental expert group on cybercrime by ConferenceSupport Section, Organized Crime Branch, Division for Treaty Affairs, UNODC, under the supervision ofJohn Sandage (Director, Division for Treaty Affairs), Sara Greenblatt (Chief, Organized Crime Branch), andGillian Murray (UNODC Senior Focal Point for Cybercrime and Chief, Conference Support Section).Study team:Steven Malby, Robyn Mace, Anika Holterhof, Cameron Brown, Stefan Kascherus, Eva Ignatuschtschenko(UNODC)Consultants:Ulrich Sieber, Tatiana Tropina, Nicolas von zur Mühlen(Max Planck Institute for Foreign and International Criminal Law)Ian Brown, Joss Wright(Oxford Internet Institute and Cyber Security Centre, University of Oxford)Roderic Broadhurst(Australian National University)Kristin Krüger(Brandenburg Institute for Society and Security)DISCLAIMERSThis report is a draft prepared for the second meeting of the open-ended intergovernmental expert group oncybercrime and should not be cited without permission of UNODC. This report has not been formally editedand remains subject to editorial changes.The contents of this report do not necessarily reflect the views or policies of UNODC or contributoryorganizations and neither do they imply any endorsement.The designations employed and the presentation of material in this report do not imply the expression of anyopinion whatsoever on the part of UNODC concerning the legal status of any county, territory or city or itsauthorities, or concerning the delimitation of its frontiers and boundaries.
CONTENTSABBREVIATIONS . vINTRODUCTION . ixKEY FINDINGS AND OPTIONS. xiEXECUTIVE SUMMARY . xviiCHAPTER ONE: CONNECTIVITY AND CYBERCRIME .11.1.The global connectivity revolution. 11.2.Contemporary cybercrime . 41.3.Cybercrime as a growing challenge . 61.4.Describing cybercrime. 11CHAPTER TWO: THE GLOBAL PICTURE . 232.1. Measuring cybercrime . 232.2. The global cybercrime picture . 252.3. Cybercrime perpetrators . 39CHAPTER THREE: LEGISLATION AND FRAMEWORKS.513.1. Introduction – The role of law . 513.2. Divergence and harmonization of laws . 563.3. Overview of international and regional instruments . 633.4. Implementing multilateral instruments at the national level . 72CHAPTER FOUR: CRIMINALIZATION . 774.1. Criminalization overview. 774.2. Analysis of specific offenses . 814.3. International human rights law and criminalization . 107iii
CHAPTER FIVE: LAW ENFORCEMENT AND INVESTIGATIONS . 1175.1. Law enforcement and cybercrime . 1175.2. Investigative powers overview . 1225.3. Privacy and investigative measures . 1345.4. Use of investigative measures in practice . 1425.5. Investigations and the private sector . 1445.6. Law enforcement capacity . 152CHAPTER SIX: ELECTRONIC EVIDENCE AND CRIMINALJUSTICE . 1576.1. Introduction to electronic evidence and digital forensics . 1576.2. Capacity for digital forensics and electronic evidence handling . 1626.3. Cybercrime and the criminal justice system. 1686.4. Criminal justice capacity. 1726.5. Capacity building and technical assistance . 178CHAPTER SEVEN: INTERNATIONAL COOPERATION . 1837.1. Sovereignty, jurisdiction and international cooperation . 1837.2. Jurisdiction . 1897.3. International cooperation I – formal cooperation. 1977.4. International cooperation II – informal cooperation. 2087.5. Extra-territorial evidence from clouds and service providers. 216CHAPTER EIGHT: PREVENTION .2258.1. Cybercrime prevention and national strategies . 2258.2. Cybercrime awareness . 2348.3. Cybercrime prevention, the private sector and academia. 239ANNEX ONE:ACT DESCRIPTIONS . 257ANNEX TWO:MEASURING CYBERCRIME. 259ANNEX THREE:PROVISIONS OF INTERNATIONAL AND REGIONALINSTRUMENTS . 267ANNEX FOUR:THE INTERNET . 277ANNEX FIVE:METHODOLOGY . 283iv
LIST OF ABBREVIATIONSLIST OF NSCURLUSBVGTWEFComputer Emergency Response TeamComputer Security Incident Response TeamEuropean Convention for the Protection of Human Rights and FundamentalFreedomsEuropean Court of Human RightsEuropean UnionEuropean Police OfficeGroup of EightGross domestic productHuman Development IndexInternational Covenant on Civil and Political RightsSecond Optional Protocol to the International Covenant on Civil and Political Rights,aiming at the abolition of the death penaltyInternational Convention on the Elimination of All Forms of Racial DiscriminationInternational Covenant on Economic, Social and Cultural RightsUnited Nations International Convention on the Protection of the Rights of AllMigrant Workers and Members of Their FamiliesInformation and communications technologyInternational Criminal Police OrganizationInternet protocolInternet service providerInformation technologyInternational Telecommunication UnionNear field communicationOptional Protocol to the Convention on the Rights of the Child on the sale of children,child prostitution and child pornographyPeer-to-peerShanghai Cooperation OrganisationShort message serviceAgreement on Trade Related Aspects of Intellectual Property RightsUnited Nations Educational, Scientific and Cultural OrganizationUnited Nations Office on Drugs and CrimeUnited Nations Security CouncilUniform Resource LocatorUniversal serial busVirtual global taskforceWorld Economic Forumv
List of international and regional instruments and short namesAfrican Union, 2012. Draft Convention on the Establishment of a Legal Framework Conductive toCybersecurity in Africa (Draft African Union Convention).Common Market for Eastern and Southern Africa (COMESA), 2011. Cybersecurity Draft ModelBill. (COMESA Draft Model Bill).The Commonwealth, 2002. (i) Computer and Computer Related Crimes Bill and (ii) Model Law onElectronic Evidence (Commonwealth Model Law).Commonwealth of Independent States, 2001. Agreement on Cooperation in Combating Offencesrelated to Computer Information (Commonwealth of Independent States Agreement).Council of Europe, 2001. Convention on Cybercrime and Additional Protocol to the Convention onCybercrime, concerning the criminalisation of acts of a racist and xenophobic naturecommitted through computer systems (Council of Europe CybercrimeConvention/Protocol).Council of Europe, 2007. Convention on the Protection of Children against Sexual Exploitation andSexual Abuse (Council of Europe Child Protection Convention).Economic Community of West African States (ECOWAS), 2009. Draft Directive on FightingCybercrime within ECOWAS (ECOWAS Draft Directive).European Union, 2000. Directive 2000/31/EC of the European Parliament and of the Council oncertain legal aspects of information society services, in particular electronic commerce, in theInternal Market (EU Directive on e-Commerce).European Union, 2001. Council Framework Decision 2001/413/JHA combating fraud andcounterfeiting of non-cash means of payment (EU Decision on Fraud andCounterfeiting).European Union, 2002. Directive 2002/58/EC of the European Parliament and of the Councilconcerning the processing of personal data and the protection of privacy in the electroniccommunications sector (EU Directive on Data Protection).European Union, 2005. Council Framework Decision 2005/222/JHA on attacks againstinformation systems (EU Decision on Attacks against Information Systems).European Union, 2006. Directive 2006/24/EC of the European Parliament and of the Council onthe retention of data generated or processed in connection with the provision of publiclyavailable electronic communications services or of public communications networks (EUDirective on Data Retention).European Union, 2010. Proposal COM(2010) 517 final for a Directive of the European Parliamentand of the Council on attacks against information systems and repealing Council FrameworkDecision 2005/222/JHA (EU Directive Proposal on Attacks against InformationSystems).European Union, 2011. Directive 2011/92/EU of the European Parliament and of the Council oncombating the sexual abuse and sexual exploitation of children and child pornography, andreplacing Council Framework Decision 2004/68/JHA (EU Directive on ChildExploitation).International Telecommunication Union (ITU)/Caribbean Community (CARICOM)/CaribbeanTelecommunications Union (CTU), 2010. Model Legislative Texts on Cybercrime/e-Crimesvi
LIST OF ABBREVIATIONSand Electronic Evidence (ITU/CARICOM/CTU Model Legislative Texts).League of Arab States, 2010. Arab Convention on Combating Information Technology Offences(League of Arab States Convention).League of Arab States, 2004. Model Arab Law on Combating Offences related to InformationTechnology Systems (League of Arab States Model Law).Shanghai Cooperation Organization, 2010. Agreement on Cooperation in the Field of InternationalInformation Security (Shanghai Cooperation Organization Agreement).United Nations, 2000. Optional Protocol to the Convention on the Rights of the Child on the saleof children, child prostitution and child pornography (United Nations OP-CRC-SC).vii
Page left intentionally blank
INTRODUCTIONINTRODUCTIONGeneral Assembly resolution 65/230 requested the Commission on Crime Prevention andCriminal Justice to establish an open-ended intergovernmental expert group, to conducta comprehensive study of the problem of cybercrime and responses to it by MemberStates, the international community and the private sector, including the exchange ofinformation on national legislation, best practices, technical assistance and internationalcooperation.In its resolution 65/230, the General Assembly requested the Commission on CrimePrevention and Criminal Justice to establish, in line with paragraph 42 of the Salvador Declarationon Comprehensive Strategies for Global Challenges: Crime Prevention and Criminal Justice Systemsand Their Development in a Changing World, an open-ended intergovernmental expert group, toconduct a comprehensive study of the problem of cybercrime and responses to it by Member States,the international community and the private sector, including the exchange of information onnational legislation, best practices, technical assistance and international cooperation, with a view toexamining options to strengthen existing and to propose new national and international legal orother responses to cybercrime.1In its resolution 67/189, the General Assembly noted with appreciation the work of theopen-ended intergovernmental expert group to conduct a comprehensive study of the problem ofcybercrime and encouraged it to enhance its efforts to complete its work and to present the outcomeof the study to the Commission on Crime Prevention and Criminal Justice in due course.The first session of the expert group was held in Vienna from 17 to 21 January 2011. At thatmeeting, the expert group reviewed and adopted a collection of topics and a methodology for thestudy.2The collection of topics for consideration within a comprehensive study on cybercrimeincluded the problem of cybercrime, legal responses to cybercrime, crime prevention and criminaljustice capabilities and other responses to cybercrime, international organizations, and technicalassistance. These main topics were further divided into 12 sub-topics.3 Within this Study, thesetopics are covered in eight Chapters: (1) Connectivity and cybercrime; (2) The global picture; (3)Legislation and frameworks; (4) Criminalization; (5) Law enforcement and investigations; (6)Electronic evidence and criminal justice; (7) International cooperation; and (8) Prevention.The methodology for the study tasked the United Nations Office on Drugs and Crime withdeveloping the study, including developing a questionnaire for the purposes of informationgathering, collecting and analyzing data, and developing a draft text of the study. Informationgathering in accordance with the methodology, including the distribution of a questionnaire toMember States, intergovernmental organizations and representatives from the private sector and123General Assembly resolution 65/230, Annex.E/CN.15/2011/19(1) Phenomenon of cybercrime; (2) Statistical information; (3) Challenges of cybercrime; (4) Common approaches to legislation; (5)Criminalization; (6) Procedural powers; (7) International cooperation; (8) Electronic evidence; (9) Roles and responsibilities ofservice providers and the private sector; (10) Crime prevention and criminal justice capabilities and other responses to cybercrime;(11) International organizations; and (12) Technical assistance.ix
academic institutions, was conducted by UNODC, from February 2012 to July 2012. Informationwas received from 69 Member States with regional distribution as follows: Africa (11), Americas (13),Asia (19), Europe (24), and Oceania (2). Information was received from 40 private sectororganizations, 16 academic organizations and 11 intergovernmental organizations. Over 500 opensource documents were also reviewed by the Secretariat. Further details on the methodology arecontained at Annex Five to this Study.Member State responses to the Study questionnaire (green) and Internet penetration (blue)Source: Study questionnaire responses and UNODC elaboration of MaxMind GeoCityLiteAs required by General Assembly resolution 65/230, this Study has been prepared with aview to ‘examining options to strengthen existing and to propose new national and internationallegal or other responses to cybercrime.’ The mandate comes within the context of a number of othermandates and activities related to cybercrime and cybersecurity within the United Nations system.4In this respect, the focus of the Study is limited to the crime prevention and criminal justice aspects ofpreventing and combating cybercrime.The Study represents a ‘snapshot’ in time of crime prevention and criminal justice efforts toprevent and combat cybercrime.It paints a global picture, highlighting lessons learned from current and past efforts, andpresenting possible options for future responses. While the Study is, by title, a study on ‘cybercrime’,it has unique relevance for all crimes. As the world moves into a hyper-connected society withuniversal internet access, it is hard to imagine a ‘computer crime’, and perhaps any crime, that willnot involve electronic evidence linked with internet connectivity. Such developments may wellrequire fundamental changes in law enforcement approach, evidence gathering, and mechanisms ofinternational cooperation in criminal matters.4Including work in the context of developments in the field of information and telecommunications in the context of internationalsecurity. See A/RES/66/24.x
KEY FINDINGS AND OPTIONSKEY FINDINGS AND OPTIONSGeneral Assembly resolution 65/230 requested the intergovernmental expert group toconduct a comprehensive study of the problem of cybercrime with a view to examiningoptions to strengthen existing and to propose new national and international legal or otherresponses to cybercrime. This Part presents the key findings from the Study together withsuch options.Key findings The key findings from the Study concern issues of: the impact of fragmentation at international level and diversity of national cybercrimelaws on international cooperation a reliance on traditional means of formal international cooperation in criminal mattersinvolving cybercrime and electronic evidence for all crimes the role of evidence ‘location’ harmonization of national legal frameworks law enforcement and criminal justice capacity cybercrime prevention activitiesThe Study examined the problem of cybercrime from the perspective of governments, theprivate sector, academia and international organizations. The results are presented in eight Chapters,covering internet connectivity and cybercrime; the global cybercrime picture; cybercrime legislationand frameworks; criminalization of cybercrime; law enforcement and cybercrime investigations;electronic evidence and criminal justice; international cooperation in criminal matters involvingcybercrime; and cybercrime prevention.Key findings in these areas are presented below and further expanded upon in theExecutive summary that follows this Part:(a)Fragmentation at the international level, and diversity of national cybercrime laws, maycorrelate with the existence of multiple instruments with different thematic and geographicscope. While instruments legitimately reflect socio-cultural and regional differences,divergences in the extent of procedural powers and international cooperation provisions maylead to the emergence of country cooperation ‘clusters’ that are not always well suited to theglobal nature of cybercrime;(b)Reliance on traditional means of formal international cooperation in cybercrime matters is notcurrently able to offer the timely response needed for obtaining volatile electronic evidence.As an increasing number of crimes involve geo-distributed electronic evidence, this willbecome an issue not only for cybercrime, but all crimes in general;(c)In a world of cloud computing and data centres, the role of evidence ‘location’ needs to bereconceptualized, including with a view to obtaining consensus on issues concerning directaccess to extraterritorial data by law enforcement authorities;xi
(d)Analysis of available national legal frameworks indicates insufficient harmonization of ‘core’cybercrime offences, investigative powers, and admissibility of electronic evidence.International human rights law represents an important external reference point forcriminalization and procedural provisions;(e)Law enforcement authorities, prosecutors, and judiciary in developing countries, require longterm, sustainable, comprehensive technical support and assistance for the investigation andcombating of cybercrime;(f)Cybercrime prevention activities in all countries require strengthening, through a holisticapproach involving further awareness raising, public-private partnerships, and the integrationof cybercrime strategies with a broader cybersecurity perspective.Options to strengthen existing and to propose new national andinternational legal or other responses to cybercrime Options to strengthen existing and to propose new national and international legal or otherresponses to cybercrime include: Development of international model provisions Development of a multilateral instrument on international cooperation regardingelectronic evidence in criminal matters Development of a comprehensive multilateral instrument on cybercrime Delivery of enhanced technical assistance for the prevention and combating ofcybercrime in developing countriesThe options presented are informed by responses of countries to a question in the Studyquestionnaire regarding options that should be considered to strengthen existing and to proposenew national and international legal or other responses to cybercrime, as well as by the key findings.In response to this question, countries proposed a range of possibilities. The majority ofoptions suggested related to areas such as: harmonization of laws; accession to existing internationalor regional cybercrime instruments; the development of new international legal instruments;strengthening mechanisms for international cooperation and obtaining of extraterritorial evidence inpractice; and capacity building for law enforcement and criminal justice institutions.1Many countries highlighted that an expedited mechanism for international cooperationprocedures in criminal matters involving cybercrime should be developed. Some countries proposedthat this could be through the strengthening of existing informal police-to-police networks. Othercountries proposed that this could be achieved by further development of existing formalinternational cooperation channels, including bilateral and multilateral agreements. Some countriesemphasized that all options should be implemented in line with international human rightsstandards, including rights to freedom of expression and to privacy.1Study cybercrime questionnaire. Q11.xii
KEY FINDINGS AND OPTIONSSome countries recommended that accession to the Council of Europe CybercrimeConvention would promote international cooperation and harmonization of national cybercrimelaws. Some countries recommended that a new international legal instrument on cybercrime shouldbe developed. Other countries recommended that harmonization of legislation could be promotedthrough the development of international model legal provisions at the United Nations level.A number of countries recommended that international standards should be developed onlaw enforcement investigations concerning extraterritorial data, including with a view to clarifyingthe relationship of such investigations with national sovereignty principles.A number of countries suggested that technical assistance for law enforcement, prosecutorialand judicial authorities in the area of preventing and combating cybercrime should be strengthened.On the basis of proposals made by Member States and the key findings, the Study finds that optionsto strengthen existing and to propose new national and international legal or other responses tocybercrime may include one or more of the following:(a) The development of international model provisions on criminalization of core cybercrime acts,with a view to supporting States in eliminating safe havens through the adoption of commonoffence elements:(i)The provisions could maintain the approach of existing instruments regarding offencesagainst the confidentiality, integrity and accessibility of computer systems and data;(ii) The provisions could also cover ‘conventional’ offences perpetrated or facilitated by use ofcomputer systems, only where existing criminalization approaches are perceived not to besufficient;(iii) The provisions could address areas not covered by existing instruments, such ascriminalization of SPAM;(iv) The provisions could be developed in line with the latest international human rightsstandards on criminalization, including in particular, treaty-based protections of the right tofreedom of expression;(v) Use of the provisions by States would minimize dual criminality challenges in internationalcooperation;(b) The development of international model provisions on investigative powers for electronicevidence, with a view to supporting States in ensuring the necessary procedural tools forinvestigation of crimes involving electronic evidence:(i)The provisions could draw on the approach of existing instruments, including orders forexpedited preservation of data, and orders for obtaining stored and real-time data;(ii) The provisions could offer guidance on the extension of traditional powers such as searchand seizure to electronic evidence;(iii) The provisions could offer guidance on the application of appropriate safeguards forintrusive investigative techniques based on international human rights law, including treatybased protections of the right to privacy;xiii
(c) The development of model provisions on jurisdiction, in order to provide for common effectivebases for jurisdiction in cybercrime criminal matters:(i)The provisions could include bases such as those derived from the objective territorialityprinciple and the substantial effects doctrine.(ii) The provisions could include guidance for addressing issues of concurrent jurisdiction.(d) The development of model provisions on international cooperation regarding electronicevidence, for inclusion in bilateral or multilateral instruments, including a revised United NationsModel Treaty on Mutual Legal Assistance, in line with suggestions in the Discussion Guide for theThirteenth Congress on Crime Prevention and Criminal Justice:(i)The provisions would focus on practical cooperation mechanisms that could be inserted inexisting instruments for the timely preservation and supply of electronic evidence incriminal matters;(ii) The provisions could include obligations to establish electronic evidence fast response focalpoints and agreed timescales for responses;(e) The development of a multilateral instrument on international cooperation regarding electronicevidence in criminal matters, with a view to providing an international mechanism for timelycooperation to preserve and obtain electronic evidence:(i)By way of complementarity to existing international cooperation treaties, such aninstrument could focus primarily on a mechanism for requesting expedited preservation ofdata for a specified time period;(ii) The instrument may also include specific cooperation provisions for further investigativemeasures, including supply of stored data, and real-time collection of data;(iii) The scope of application would need to be defined, but should not be limited to‘cybercrime’ or ‘computer-related’ crime;(iv) The instrument could require response within a specified time period and establish clearfocal point to focal point communication channels, building upon rather than duplicatingexisting 24/7 initiatives;(v) The instrument could include traditional international cooperation safeguards, as well asappropriate human rights exclusions;(f) The development of a comprehensive multilateral instrument on cybercrime, with a view toestablishing an international approach in the areas of criminalization, pr
The Commonwealth, 2002. (i) Computer and Computer Related Crimes Bill and (ii) Model Law on Electronic Evidence (Commonwealth Model Law). Commonwealth of Independent States, 2001. Agreement on Cooperation in Combating Offences related to Computer Information (Commonwealth of Independent States Agreement). Council of Europe, 2001.
