Research in Cybercrime - Essay Example

CYBER CRIME Cyber Crime Summary: Information is the new mantra that spells success in the modern world Intellectual capital is important and the use of business worldwide webs spells power*2. The emergence of the Internet has globalized the business environment and dissolved boundaries between nations, giving rise to issues of legal boundaries of digital property.*3 It has also led to unprecedented corporate losses due to financial fraud and theft of confidential information.*4 But the most ominous development has occurred in the field of cyber terrorism, offering terrorists an expanded platform from which to propagate their ideas and launch their attacks.*5 Draconian legal measures adopted by Governments to combat the threat of terrorism have been criticized for their negative impact upon the civil rights of ordinary citizens, but this does not spell victory for terrorists. Introduction: The Internet has been described as “a decentralized, global medium of communication comprising a global web of linked networks and computers.*6 The importance of seizing the advantages of the electronic medium are acknowledged by the Australian Government , especially Queensland.*7 But the rise of the Internet presents new challenges, apart from the increased facility of copying which threatens Intellectual property rights.*8 The evolution of the electronic medium for transacting business creates a complex set of legal issues that are at variance with established legal precedents. Challenges are posed to confidentiality of financial information exchanged over the net and the security risks due to ease in money laundering and misappropriation.*9 The Electronic Transactions Act of 1999 (Commonwealth) was framed to introduce a national regulatory system of legislation for e-commerce activity.*10 But the most serious ramifications are the proliferation of cyber terrorist activity. The 9/11 attack on the World Trade Center wreaked an unprecedented level of destruction and the attention of the world was drawn sharply to the dangers posed by the terrorist threat. The Cyber threat of terrorism: According to Jessica Sterne, terrorism is not the kind of enemy that can be combated on an all out open combat basis*11. She defines terrorism as “a kind of virus, which spreads as a result of risk factors at various levels: global, interstate, national and personal."*12 Increasing globalization has seen Internet use widening to encompass a new sphere of activities facilitated through the electronic medium.*13 The pervasiveness of Cyberspace results in the availability of large quantities of information which can be a weapon of control in the wrong hands*13a. This has resulted in a “new terrorism” - no longer restricted to state sponsored terrorist activity, but including transnational religious fervor that sanctions the use of extreme violence, with individual terrorist elements spreading threat in order to achieve their own selfish political or other ends.*14 It’s now possible to achieve individually, using minimal resources, a range and scope of terror generating activity that would have previously necessitated the availability of a vast amount of resources and several people. Since most commercial and Government activity has now become e-based, terrorists can cause a great deal of damage by hacking into the databases of Government organizations, because information technology and the use of the Internet “creates vulnerabilities that can be exploited by individuals, organizations and states.”*15. According to Hoffman, this form of electronic terrorism and criminal activity seeks out civilian and Governmental targets and may not necessarily be driven by the achievement of political goals*16. Information and communication technology (ICT) is used by unscrupulous individuals to distort or modify information or to spread terrorist propaganda in a manner that is likely to disrupt the normal functioning of a Government/country and create terror and panic through the weapon of threat. Such cyber crimes involve combat with an unseen enemy, anonymous in the e-maze of the Internet, who is at an unspecific geographic location that cannot be determined and may not be organized in the traditional hierarchical framework which law enforcement agencies are familiar with, so that the focus of the attack becomes indeterminate. An American Government Report released in 1997 has articulated the threat from cyber terrorist criminals as follows: “Today the right command sent over a network to a powered generating stations control computer could be just as effective as a backpack full of explosives, and the perpetrator would be harder to identify and apprehend … A personal computer and a simple telephone connection to an Internet Service Provider anywhere in the world are enough to cause a great deal of harm”.*17 Cyber terrorist activity and the problem of regulation: The regulation of cyberspace activity therefore presents a problem that does not conform to the traditional framework of law. Lawrence Lessig has identified the regulation of cyberspace through law, norms, markets and architecture17a. In the case of cyber terrorist websites, it is the availability of the target market that has resulted in the proliferation of such activity. Norms will affect the kind of product that is traded in the cyber marketplace*17b and the norms governing the operation of terrorist websites are conditioned by the common beliefs shared by terrorists and the facility to cheaply and effectively reach out to millions of people. But the biggest advantage offered by the cyber architectural framework is the relative anonymity and the facility of secret communication as articulated by a pro-Nazi net user; “all my comrades and I, none of whom I have ever met face to face, share a unique camaraderie…..irrespective of nation identity or state borders.”*18 According to the Simon Weisenthal Center in Los Angeles where websites are constantly being monitored, there are about 51 websites currently in existence which openly advocate terrorism and have chosen to set up their sites outside the United States to avoid prosecution.*19 In a similar manner, Islamic fundamentalist groups like Hamas and the United Islamic Students Association in Europe, also operate out of unspecified locations, spreading their militant message through the use of the web.*20 Other examples of terrorist elements who use their websites as the tools for propaganda and the dissemination of threats among other criminal activities are Aum Shinrikyo that was responsible for the terrorist gas bombings in a Tokyo subway and Hizballah.*21 To regulate and control such activity, Lessig’s framework proposes code as the most pervasive and effective constraint in Cyberspace.*21a Law is just one of the aspects of the four modalities of regulation, functioning as the silent, implied threat of punitive action for violation of the norms and rules governing cyberspace.*21b “The architecture of cyberspace is neutral”*21c, therefore it can be molded to function as a regulatory mechanism through the implementation of code that limits and restricts online activity. Governments control cyberspace architecture to quite an extent through legislation, while ISPs, through the judicious use of code regulate user activity to some extent.*21d Government Initiatives and Legislation: Today, the term “terrorism” is specifically used to refer to an act or threat to violence which is calculated to instill fear in non combative victims for the purpose of achieving political ends.22 In recognition of the importance of monitoring the electronic medium to organize pre-emptive measures against terrorist attacks, the U.S. Patriot Act of 2001 has expanded the scope of criminal surveillance activity to detect potential terrorist threats*23. For example, Section 216 of the Act enables the use of “pen register” and “trap and trace” devices to monitor the content of communications. Enhanced surveillance measures have also been introduced in wireless and Internet communications.*24. Section 201 authorizes wire tap surveillance of communications in the case of suspicion of possession of chemical weapons, while Section 202 has an enhanced list of violations which will now be construed as felonies under section 1030, where any kind of attempt at unauthorized access to a Government computer will also be included*25. Section 103 also introduces much more wide ranging measures that permit the disclosure of information that is secured through wire tap surveillance to all Government, federal and criminal investigation authorities.*26 Although some refinement is associated with the Act, there are several cases that have already come up in the Courts, involving the abuse of fundamental Constitutional rights of American Arab and Asian citizens. For example in the case of Jose Padilla v. George Bush, Donald Rumsfeld, et al *27, the Federal authorities were able to charge Padilla merely on the basis of a suspicion that he was plotting to smuggle a bomb into the United States, while fundamental Constitutional rights require the production of proof of direct involvement of the suspect in illegal activity. In its judgment, the Court ordered that Padilla could not be prevented from meeting with his lawyers. The U.S. Court of Appeals also rejected the argument that the U.S. born Padilla could be held on the basis that he was an enemy combatant.*28 Since terrorist activity targets Government systems, the United States has “air gapped” some of its systems such as those used by the CIA , the FBI and the FAA wherein the systems are physically disconnected from the Internet, so that it becomes inaccessible to outside hackers.*29 A national strategy to secure Cyberspace and render it free from terrorist hacking and defacing is underway via the President’s critical Infrastructure Board. A top secret project known as Project Echeleon, has been initiated by the National Security Agency in the United States, with almost unlimited authority to tap into and access information.*30 This project is a combined intelligence effort of five countries – United States, Canada, Britain, Australia and New Zealand and was initiated after the Second World War. It works through the collection of data from five satellites that are positioned around the globe, with each nation responsible for monitoring a particular zone and tapping into electronic communications.*31 This could be a powerful tool against terrorism, but there have been allegations, especially from Europe, that the powerful spying system is being utilized for political and commercial dealings rather than to combat terrorism.*32 In Australia, the Insurance Council of Australia estimates that cyber crime costs companies about $3 trillion a year.*33 Policy initiatives such as Critical Infrastructure protection group and Gateway Certification Guide are some of the measures that have been taken up by the Australian Government.*34 A trusted information sharing network was also set up by the Australian Government in 2002.*35 The Cyber Crime Act 2001 (Cth) became operational in 2002 and adds a new section 10.7 to the criminal Code Act (Cth), specifically addressing the issues of computer generated crimes such as unauthorized access or modification of data.*36 The Act introduces amendments to increase powers of investigatory authorities to search and seize electronic data, so that the mere possession or production of data with the intent to commit a cyber offense will constitute grounds for prosecution. In March of 2005, new anti terror emergency legislation amendments further expanded existing legislation by empowering authorities to act against people suspected of terrorist activity.*38 The Conflict with individual rights: In Britain, legislation introduced by Government to increase surveillance powers of law enforcement authorities, allowing them to access the communications records of telephone and Internet users, has been contested by Jim Gamble of the National crime Squad as having the potential to attract claims of illegality under the Human Rights Act*39. The Regulation of Investigatory Powers Act of 2000 in conjunction with anti-terror legislation has been deemed to be intrusive in the field of human rights and opponents have charged that there is a need to strike a better balance between protecting the privacy of individual citizens vis a vis catching and prosecuting terrorists.”*40 The existing provisions of legislation passed immediately after the 9/11 incident was itself an encroachment of individual privacy, however law enforcement authorities are looking for more teeth in the law to tackle the issue of cyber terrorism and to regulate cyber architecture to control terrorist activity. Concerns have been also expressed about the encroachment of the U.S. Patriot Act and anti terrorism measures into the First, Fourth, Fifth and Sixth amendment guarantees that have been provided under the Constitution of the United States.*41 The Jose Padilla case in particular, has raised the issue of the validity of the “enemy combatant” clause associated with the Patriot Act. A person may be classified as an enemy combatant on the mere suspicion of involvement in terrorist activity and Federal authorities can charge him in a military Court rather than a civilian Court, which in turn deprives the accused of the fundamental rights guaranteed in the Civil courts. This was the case with U.S. born Padilla, suspected of involvement with the Al-Qaeda and charged as an enemy combatant. But the majority Court opinion turned down the grounds, stating that Padilla could not be held as an enemy combatant and tried in military Courts.*42 The Supreme Court’s verdict was also in favor of Padilla*43. As a result, Padilla’s habeas petition was recently deemed to be moot, in view of President Bush’s order transferring Padilla from military custody to civil custody.*44 The wide ranging provisions of the Patriot Act have been challenged by opponents as being violative of individual rights, in that they enable law enforcement authorities to procure confidential personal information about individuals from sources such as libraries and electronic surveillance.*45 The major issue that many opponents have raised in the context of draconian anti-terrorism legislation relates to the provisions to arrest and detail people merely on grounds of suspected involvement in terrorist activity.*46 Extended search and seize provisions are also violative of individual freedom and the right to liberty and property. In Australia, the necessity for the new draconian measures, which will imbue law enforcement authorities with more wide ranging powers to arrest and detain individuals suspected of involvement in terrorist activity, have themselves been questioned by people such as Andrew Lynch.*47 Since existing legislation already makes it an offense to prepare or train for a terrorist attack, further measures to restrict individual freedoms even more appears unnecessary and unjustified. Some amendments have been made to the legislation to tone it down, yet there is little doubt that it will have a significant impact upon individual liberty and freedom, since the draconian legislation favors law enforcement authorities rather than individuals.*48 In the United States, new provisions of the anti-terrorism law makes it a crime for U.S. citizens to provide any kind of support to organizations or persons who have been designated as “terrorist” by the Government, denies visa to foreign nations on the basis of grounds of suspected involvement with terrorist groups, restricts the ability to plead for political asylum and deprives aliens of the rights to due process, providing Federal authorities the power to use secret information gathered about an individual or citizen as a basis to prosecute him*49 The new legislation also repeals the Edwards amendment, passed earlier, barring the FBI from opening up investigation of activities protected under the First Amendment. Moreover, Workplace surveillance has been introduced in many corporations in order to gain access to e-mails sent by employees, which could be related to terrorist activity. Applying Lessig’s four phase framework of cyber architecture, this regulatory activity is carried out through the manipulation of cyber architecture code, such that Government and private employers are able to monitor and regulate undesirable cyber activity. However this has given rise to the issue of invasion of privacy of the employees. According to Andrew Murray, “people have come to regard e-mail and the Internet as their private space. If they feel someone is violating this space, even legally, its bound to create friction.”*50 “Privacy is a guaranteed human right -- at home and at work” and “workplace monitoring is an unnecessary infringement on that right.”*51 But this poses a particularly difficult problem, since individual privacy that is guaranteed by the Constitution may be misused by some individuals to sponsor and promote terrorist activity over the Net. In essence, the cumulative effect of all these new measures and expanded powers that have been given to law enforcement authorities is that the privacy of individuals has been severely compromised. The innocent-unless-proven-guilty basis upon which the law views individuals is changing under the revised draconian legislation into a guilty-until-proven innocent policy, which is seriously violative of the Fifth Amendment to the U.S. Constitution.*52 Further, the draconian measures in effect restrict the freedom of American citizens to interact freely with others, by making it a crime to provide any kind of support to organizations/persons deemed to be “terrorist”.*53 In a similar way, the Constitution of the Commonwealth of Australia also provides for freedom and civil liberties of its citizens. The Privacy Act of 1988 (Cth)*54 was designed specifically to protect citizens in the Australian economy against an infringement of their rights to privacy by private sector organizations, but recent legislation permits the Government and law enforcement authorities to violate the privacy of citizens and their civil liberties. Have the terrorists won the war on terror? From the above, it may be seen that new legislation does indeed impact upon individual liberties. In cases such as that of Jose Padilla, the actions of the Government have been dismissed by the Courts as violative of constitutional rights to freedom. Through the imposition of cyber restraints and manipulation of code to regulate cyber activity, the Government is rendering cyber architecture less plastic and flexible. Is this justified? Terrorists now have access to Cyber weapons such as TEDs, RF munitions, TEMPEST monitoring devices and electromagnetic bombs in addition to the uploading of malicious viruses*55. By hacking into the access codes for control of weapons and missile systems, or locations such as the World Trade Center, terrorists can create havoc – long distance and unidentified. The ultimate purpose of a terrorist attack is to generate fear in the mind of the victim. The cyber medium is therefore uniquely suited to generate such terror through the threat of an unseen, unanticipated attack from a faceless enemy. According to the President’s Report on critical infrastructure protection, “In Cyberspace, national borders are no longer relevant. Electrons do not stop to show passports. Potentially serious cyber attacks can be conceived and planned without detectable logistic preparation. They can be invisibly reconnoitered, clandestinely rehearsed, and then mounted in a matter of minutes or even seconds without revealing the identity and location of the attacker”*56 When dealing with a situation so critical, where substantial, crippling damages can be inflicted through the arbitrary actions of terrorists, it is vital that strong and effective action be taken by Governments to implement a functional framework for regulation of cyberspace architecture. After 9/11, there have been 20 further attacks, not counting the ones in Afghanistan or Iraq, but Jihadi organizations have become decentralized and the strength of their operations reduced to localized levels*57. No further attacks by the Al Qaeda are comparable in the level of destruction achieved in that single attack of 9/11. Terrorist bases in several countries have been dismantled.*58. The Al Qaeda leader Osama Bin Laden is in hiding and many of the kingpins of the terrorist network have been apprehended. The FBI in the United States, was not successful pre-9/11 in preventing terrorist attacks, being hampered by lack of funds, but post 9/11, the FBI is effectively carrying out its strategy of prevention.*59 Through manipulation of cyberspace architecture and increased surveillance, online activity is being regulated. The restrictive immigration laws have ensured that the likelihood of a large scale attack is defused, since before the 9/11 attack, nineteen Al Qaeda members entered the United States for the sole purpose of carrying out their destructive act. The United States Government reports that over 150 terrorists have been caught and several bomb blast attacks were foiled by the prompt action of anti terrorist forces.*60 Countries of the world have come together in an unprecedented unity of purpose to combat terrorism worldwide. Cyber terrorist activity has resulted in manipulation of the architecture of code to affect the constraints of law*60a. In view of the impact on individual liberties, perhaps lawmakers need to consider modifications of the law to reinstate the values that have been displaced by the emerging architecture of cyberspace as shaped by terrorists. But this cannot be equated to a victory for terrorists. Their goal is to generate fear in the minds of victims, but the attitude of the Governments and the actions that have been taken so far have contributed towards lessening the fear in the minds of potential victims in the United States and Australia. There must be more emphasis on preserving individual liberties but the scale and depth of terrorist cyber activity vis a vis Governmental controls imposed on cyber architecture is not of a magnitude that justifies the conclusion that the terrorists have won the war. Bibliography * ABC Report (2005). “Govt introduces anti-terrorism legislation.” The Australian Broadcasting Corporation 7:30 Report Transcript. Michael Brissenden – Reporter. [Online] Available at: http://www.abc.net.au/7:30/content/2005/s1497388.htm * ACLU v Reno 929 F Supp 824 (ED Pa 1996). * Bernadette E. Lynn (2000) “Intellectual Capital: Unearthing Hidden Value by Managing Intellectual Assets” Ivey Bus. J., Jan.-Feb, at pp 48. Also see Stephan Bernhut (2001). “Measuring the Value of Intellectual Capital” Ivey Bus. J., Mar.-Apr, at pp 16 * BuzzFlash Interview (May 4, 2004): Jessica Sterne: Terror in the name of God: Why Religious Militants Kill” Ecco, Harper Collins Publishers. [Online] Available at: http://www.buzzflash.com/interviews/04/05/int04024.html * CSI Report (2002). “Cyber Crime bleeds U.S. Corporations survey shows; financial losses from attacks climb for third year in a row.” Computer Security Institute. [Online] Available at: http://www.gocsi.com/press/20020407.jhtml;jsessionid=0D022NHCYGL3IQSNDBECKH0CJUMEKJVN?_requestid=411185; accessed 12/19/2005 * “Cyberterrorism. (2002). [Online] Available at: http://ntrg.cs.tcd.ie/undergrad/4ba2.02/infowar/terrorism.html * Conry-Murray, Andrew (2001): Special report – the Pros and Cons of Employee surveillance, Network Magazine, retrieved from URL: http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId =8703003&classroom= > on December 18, 2005 * Donald Rumsfeld v. Jose Padilla (United States Supreme Court - Case No. 03-1027) * Electronic Transactions Act 1999 (Cth); Electronic Transactions Act 2000 (NSW); Electronic Transactions (Victoria) Act 2000 (Vic); Electronic Transactions (Queensland) Bill (introduced 3rd April 2001) * Fitzgerald Anne and Fitzgerald Brian (2002) “Cyber Law: cases and materials on the Internet, Digital Intellectual property and e-commerce”, Sydney: Prospect Publishing, Butterworths.ch 13, pg 53-54 * Freech, Louis. (2004). “Targeting Al Qaeda” Opinion Journal from the Wall Street Journal Editorial page. [Online] Available at: http://www.opinionjournal.com/editorial/feature.html?id=110004943; accessed 12/21/2005 * Green, Joshua (2001). “The myth of cyberterrorism.” [Online} Available at http://www.washingtommonthly.com/festures/2001/0211.green.html * Greenleaf, Graham. (1998). ”An end note on regulating Cyberspace: architecture vs Law?” University of NSW Law Journal 52. [Online] Available at: http://www.austlii.edu.au/au/journals/UNSWLJ/1998/52.html; accessed 12/28/2005 * Grabosky, Peter and Stohl, Michael. (2003). “Cyberterrorism” Reform, 82, pp 8-13. [Online] Available at htto://www.alrc.gov.au/reform/summaries/82.htm * “Hate Crime on the Internet” (1998). International Police Review. January/February, pp 28 * Hoffman, Bruce. (1998). “Inside Terrorism” London” Victor Gollancz * Jenkins, Brain Michael. (2005). ”Four years after 9/11, War on terror slogs on” RAND Commentary. [Online] Available at: http://www.rand.org/commentary/091105SDUT.html; accessed 12/21/2005 * Jose Padilla v. George Bush, Donald Rumsfeld, et al. (U.S. Dist. Court, Southern Dist. of New York - Case No. 02-4445) * Jose Padilla v. Donald Rumsfeld (U.S. Court of Appeals - Second Circuit - Case Nos. 03-2235, 03-2438) * Jose Padilla v. Commander C.T. Hanft, USN (District of South Carolina - Case No. 2:04-2221-26AJ and U.S. Court of Appeals for the Fourth Circuit), December 9, 2005 * Kleim, M. J. Jnr. (1995). “On Tactics and Strategy for USENET “ [Online] Available at: bb748@FreeNet. Carlton. CA * Kushner, Harvey, W. (1998). The Future of Terrorism: Violence in the New Millenium. London: Sage * Lessig, Lawrence (1999) “Code and other laws of Cyberspace” Basic Books * Lessig, Lawrence. (1999). “The Law of the Horse: What Cyber law might teach” , pp 508-509 [Online] Available at: http://www.lessig.org/content/articles/works/finalhls.pdf; accessed 12/28/2005 * Millar, Stuart. (2002). “Snooping system is illegal, say Police”. The Guardian, December 18. [Online] Available at: http://www.guardian.co.uk/uk_news/story/0,3604,861903,00.html; accessed 12/21/2005 * Press Service Report (2005). “Over 150 terrorists captured, car bomb attacks foiled.” American Forces Press Service. July 7. [Online] Available at: http://www.whitespringsnews.com/showarticle.php?filez=./news/20050707102307.news; accessed 12/21/2005 * Report Summary of the Presidents Commission on Critical Infrastructure Protection, dated 10/13/1997, pp 3. [Online] Available at: http://www.pecip.gov/summary.html * Research Note (2003-4). “Computer crime and compromised commerce”, pp 5 [Online] Available at: http://www.aph.gov.au/library/pubs/rn/2003-04/04rn06.pdf; accessed 12/21/2005 * Sekhon, Vijay. (2003). "The Civil Rights of "Others": Antiterrorism, the Patriot Act, and Arab and South Asian American Rights in Post-9/11 American Society". Texas Journal On Civil Liberties & Civil Rights. 8(1): 117. * Shapiro, Carl &. Varian, Hal R. (1999) “Information Rules: A Strategic Guide to the Network Economy 2” * Sterne, Jessica ( 2003 ) “Terror in the name of God: Why Religious Militants Kill” Ecco, Harper Collins Publishers * Stohl, Michael: (1988).”Demystifying terrorism: The myths and realities of contemporary political terrorism.” In Stohl, Michael (1988). “The Politics of terrorism” New York: Marcel Drecker, Inc * “Terrorism Law is major setback for civil liberties” Center for national Security Studies. [Online] Available at: www.cdt.org/policy/terrorism/cnss_habeas.html * The Islamic Students website: http://www.tawheed.org/newsnviews * Thurow, Lester C (2000). “Building Wealth: New Rules for Individuals, Companies and Nations in a Knowledge-Based Economy” Harper Business ed : 116-25 * The Smart State, http://www.thepremier.qld.gov.au/smartstate/index.htm * “The USA Patriot Act”: Accessed 09/14/2005 from URL: http://www.epic.org/privacy/terrorism/usapatriot/ * “The Constitution of the United States of America.” (1977). The Fifth Amendment. U.S. Government Printing Office * The Privacy Act of 1988 (Cth) [Online] Available at: www.privacy.gov.au/ACT/privacyact/index.html; accessed 12/20/2005 * The Cyber Crime Act (2001). [Online] Available at: http://www.findlaw.com.au/Legislation/legislaitondoc.asp?id=10830 * 1996 Canadian Security Intelligence Service Public Report, Part IV (Information technology). [Online] Available at: http://www.csis-scrs.gc.ca/eng/publicrp/publ1996 e.html * Zimmerman, Eileen (2002): HR must know when employee surveillance cross the line, Workforce, February 2002, pp. 38-4 Read More