Combating Cyber Crime - the UAE and the UK Laws - Research Proposal Example

RESEARCH PROPOSAL COMBATING CYBER CRIME: A COMPARATIVE STUDY OF THE UNITED ARAB EMIRATES AND THE UNITED KINGDOM LAWS By ABDULRHMAN ALALI Table of Contents 1.0.Introduction 3 2.0.Literature Reviews 5 2.1.Understanding the nature of cybercrime in UAE and UK 5 2.2.UAE and UK laws on cybercrime 6 3.0.Research Questions 12 4.0.Research Aim 12 5.0.Research Objectives 12 6.0.Design and Methods 13 7.0.Study Population 14 8.0.Intervention 14 9.0.Theoretical Framework 15 10.0.Why the research is worth doing 15 11.0.Anticipated contribution to new knowledge 17 12.0.The gaps identified from previous studies 18 13.0.Proposed Timetable 19 14.0.Reference Lists 21 15.0.Appendix 1 24 1.0. Introduction Crime has revolutionized, along with it are the modified methods of doing it. In as much as there are improvements in the ways people are interacting online, so is the sophistication in cybercrime. One of the rapidly changing issues in the aspect of the society is communication. Computer has transformed the way society communicates and internet has done a lot to propagate the process. Unfortunately, it has become even easier to commit a crime with internet compared to physically robbing a bank. This brings the concept of cybercrime. Before embarking on the tenets of the term, it is necessary to conceptualise the idea by first addressing pertinent issues or terms related to it. Cybercrime has become real threat that even forced the forty three members of the Council of Europe to come up with international Treaty so as to regulate cybercrime. In her research, Magnin (2001) brings two aspects that constitute the crime. The first involves a situation where there is direct interference with networking or the computer. A good example of this is what happened with Jerry Schneider when he was ripped of computers that were belonging to PT and T in 1971. The other aspect of the crime is the indirect where a person is manipulated to alter or change the computer system without the consent or understanding that they are in the process of taking this action. This example can also be attributed to what Jerry Schneider did regarding his Dan Rather TV Show “60 minutes” in 1976---robbing one of the banks as the audiences were watching. As developments continue to be witnessed, cybercrime activities depend on other inventions. For instance, the possibility of misusing internet is necessitated by the invention of malicious programmes such as worms, Trojans and viruses. When these programmes are allowed to run with or without the consent of computer used then there is likelihood of harmful activities running around. Cybercrime is therefore not an activity that cycles around the aforementioned ‘malicious programmes’ but wide array of other activities. In so speaking, there are a wide range of offences that can be committed using communication technology. Coming back to the meaning of cybercrimes, Heath (2008) argues that the term is twofold; firstly, it can mean offences committed by the use of technologies like offences against computer data and systems. Secondly, it can be old offences that are committed by the use of new technology. In such cases, there are networked computers and other devices that facilitate the commission of the crime. In an increasingly globalized world, the level of computer related crimes within and across nations is reaching higher proportions. From this perspective, cybercrime has been related, through different studies as computer related crimes (Kouri, 2004). Therefore cybercrime within the context of computer related crimes means crimes that are network generated especially the Internet. In as much, countries vastly affected by this vice have strong criminal laws that punish its offenders. One issue though that is not clear is how these criminal laws operate and differ from one country to another. In a vibrant country, there is a need to harmonise criminal laws so that they reflect international standards. Furthermore, changes in technology should always trigger criminal laws and as Ryan and Shpantzer (2005) put it, one needs to appreciate criminal laws from other countries so as to deal with its internal cybercrimes. There have been complains from contemporary scholars who argue that criminal laws of United Arabs Emirates and British that are supposed to handle cybercrime are traditional and criminals will escape punishment since there are no specific rule to handle specific crime (Ryan and Shpantzer 2005; James and Thomas 2007). Research on legal frameworks regarding the two countries on cybercrime is still not clear. In fact, just a few exist but still, they fail to compare court proceedings and jurisdictions. This is what makes this research important and different. However, there are a lot that need to be understood as far as cybercrime in the two countries is concerned. From this understanding, this research proposal therefore contends to critically analyse legal approaches in combating cybercrime in United Arabs Emirates and United Kingdom. The first step lies on the shoulders of legislative bodies in each country vis-à-vis cybercrime cases handled. This will be done through a topic ‘legal approaches in combating cybercrime: comparing British and UAE laws.’ Although the topic stands to be the general area of study in this research, analysis of concluded court cases in UAE and United Kingdom with cohorts and case-control studies contributing to the current knowledge on the ever arising cybercrime cases. 2.0. Literature Reviews 2.1. Understanding the nature of cybercrime in UAE and UK Studies conducted previously regarding the topic show that there are different types of cybercrimes (Patnaik, 2004). The first group that conducted their research in United Kingdom and Arabian show that one aspect of the crime are the individuals with ideology of hitting their target with minimal risk---meaning they are very cautious about threatening the targets. Populi (2009) adds that this group of criminals is only concerned with spreading of computer viruses or hacking systems. Within the context of UAE and UK, this group has been targeting business and financial institutions (Mills, 2008). On the other hand, the second group is ill or greed-motivated with the aim of acting on the crime for financial gains and therefore they have to target financial institutions such as banks and e-commerce sites where such financial benefits can be accrued. For instance, in January 2008, this group launched a cybercrime on United Arab Bank that was head quartered in Sharjah. In the process, the criminals invaded the online banking site and stole hundreds of the personal identification numbers linked to customers’ ATM cards. The criminals turned the data over to associates who then used the stolen PINs to encode ATMs and withdrew $1.6 from unsuspecting accounts. Contemporary scholars such as Soumyo (2012) have identified the third group of cybercrime that now endangers security in UAE and UK. This group is made of organized crime mafias and hostile government whose aim is to target physical or economical destruction. A fascinating report published in UK by a credit agency showed that organized crime mafias and hostile government activities conducted online is on the rise and most of these crimes are not punished (Journal of Crime, Criminal Law and Criminal Justice, 2013). This shows that although the UK is credited with having developed the internet, it is faced by serious threats of cybercrimes. 2.2. UAE and UK laws on cybercrime Studies on legal approaches in dealing with cybercrime in United Arabs Emirates and United Kingdom have continued to provide array of data regarding the directions the two countries have adopted. Large bodies of well documented literary evidences have argued about how British and UAE criminal law compare when dealing with cybercrime. To begin with United Arabs Emirates, laws dealing with cybercrime is not as old as United Kingdom. UAE introduced a new federal legislation that was directed towards dealing with increased cybercriminal activities that have been experienced in her major regions. This is where Jaishankar (2008) begins his comparative analyses regarding the legislative frameworks from the two countries. He makes such comparison by looking at the reviewed UK Computer Misuse Act 1990 (CMA) and the Emirates’ law of 2006 on The Prevention of Information Technology Crimes (PITC) and concludes that British and UAE do not have any clear legislation on cybercrime which is even becoming dynamic by the day. To conceptualise his argument, Jaishankar tries to examine the definition of the two legislative frameworks vis-à-vis the scope and nature of cybercrime. Therefore to him, the legislatives have historical foundations which do not reflect a crime in which a computer is the tool for the commission of the crime. In as much, at least two scholars have tried to work with the aspect of ‘historical foundations’ to understand the underpinnings of the legislative frameworks in the two countries as argued by Jaishankar. Fienberg and Kadane (2008) first bring the aspect of features of cybercrime. In so speaking, they explain that cybercrimes have unique distinguishing features that make it impossible to tell the superior legislative structure dealing with it. A good example they give is that the use of internet and other networked activities make it difficult to compare both the United Arab Emirates and United Kingdom’s laws because such comparisons brings jurisdictional questions regarding the most appropriate place for legal proceedings. In different research that supported Jaishankar is that of Heath (2008) who also finds that United Arabs Emirates was the first country if compared with British to adopt criminal laws dealing with the crime. Actually, Heath’s arguments have been heavily criticised by scholars who believe that there are no tangible evidence to lay such claims (Fienberg and Kadane 2008; Soumyo 2012). Comparing the UK Computer Misuse Act 1990 and the 2012 UAE Federal Law No. 2 of 2012 Concerning Combating Information Technology Crimes (the New Law), all information that are published online in both UK and UAE have been granted legal protection (Choi, 2006). This actually extends to all credit card numbers, information, all data and electronic payment methods as well as bank account details. While this is one way the laws are related, Flewitt and Rosie (2005) bring a different approach. They argue that UK law which was recently amended in accordance with the European Convention on cybercrime differs significantly with UAE’s Federal Law No 2 of 2006 on the Prevention of Information Technology Crimes. While the UK law which was recently amended in accordance with the European Convention protect all data from unauthorised access or misuse by means of information technology, UAE criminal procedures law also shares the same but allows a 'victim' of a crime (including by inference, a breach of the New Law), to pursue their civil rights before the criminal courts where that victim has suffered damage as a result of the crime. While this forms the third comparison, Brem (2001) also brings another interesting finding regarding the criminal laws of the two countries. Arguing from the perspective of Qatari Pena Law and Forgery and Counterfeiting Act 1981of UK, he explains that both laws contain certain levels of prohibition with regard to disclosing data especially on medical examinations. Inman and Rudin (2009) add that this makes it hard for both countries to combat cybercrime related to the areas prohibited especially areas in which a breach of the laws could result in a civil claim by a private individual. This is also what is supported in United Nations Resolution (2005) research adding that both laws prohibit the breach of an individual's privacy by online means and "publishing statements or information even if they were correct and real" (p. 47). Actually, UK Computer Misuse Act 1990 reads in part, “An Act to make provision for securing computer material against unauthorized access or modification; and for related purposes” (p.23). In classifying cybercrimes in comparative laws within UK and UAE, Casey (2002) identifies that UAE has no specific law with regard to cybercrimes. However, crimes related to internet are enshrined in Section 5 of Part 3 of penal law and UAE legislature set these crimes under the title of Computer Crimes. Article 370-387 Qatari Penal law (11-2004) specifically explains what juries are supposed to do with regard to Crimes against properties. Applegate (2002) relates this with amendments to the Computer Misuse Act that was introduced in the Police and Justice Act 2006. While the amendment fails to define what exactly cybercrime is, illegal access to a computer system, alteration or suppression of computer and altering or suppressing computer data are some of the aspects that amended Act explains. Unlike Qatari Penal law (11-2004) which focuses mainly on cybercrime done to business activities, Kotadia (2004) explains that UK CMA not only identifies three specific offenses within its definition of a cybercrime but also its judicial model of cybercrimes classification---something excluded in Qatari Penal law (11-2004). In a comprehensive research done by United Nations Resolution (2005) shows that three countries in Arabia regions including United Arabs Emirates have adopted elaborated electronic laws since 2000. However, compared to United Kingdom, these laws do not comprehend the whole aspect of cybercrime laws as it only concentrate on issues such as electronic signatures and electronic contracts. Actually, United Nations Resolution (2005) does not show how these laws compare with United Kingdoms but admits that there still lack of specific laws in both countries that deal with cybercrimes and what is available is ‘shoddy’ in Criminal Procedures Law. A different twist of event relates to the Cyber Security Forensics Workshop, Information Communications Technology (ITU) Regional Workshop for Cyber security and Critical Infrastructure Protection (CIIP) which was held in February 2008 bring an interesting comparison with United Kingdom’s legislature on dealing with cybercrimes (Leyden, 2010). This workshop was tasked with the responsibility of redressing UAE’s cybercrime legislation so as to look into threats in cyberspace as well as dealing with cyber-attacks. This was also the same issue discussed during the 15th GCC e-government and e-Services forums held in Dubai 2009 (Sales and Folkman, 2010). However, during the forums, cabinet of UAE issued a cybercrime law which was supposed to enhance limit crimes and enhance information security. This had the same framework with UK Computer Misuse Act 1990 which was supposed to combat illegal access to websites as well as invading personal privacy through the misuse of mobile phone cameras which have the potential of harming others that use different information and communication technology. On contrary, Tapscott (2008) argues that still in UAE, PITC Emirates’ law (2-2006) that deals with cybercrime have 29 articles and have been classified according to areas of concern. How do the two criminal laws compare in terms of judicial proceedings? Researchers have documented this in a different ways. For instance, Kouri (2004) calls it, ‘A Judicial model of cybercrimes classification’ (p.47). Basically, according to UK CMA, the crime is dealt with according to the law but sometimes there can be modifications of language and terms to suit a particular scenario. Taking a case study, Wilkins (2009) refers to recent charges on Ryan Cleary based on his cybercrime on governments and companies. During the proceedings, the judge argued that chapter II, Section 1, Title 5, Article 13 of the Cybercrime Convention was modified so as to ensure that measures given to the suspect commensurate the criminal offences established in accordance with Articles 2 through 11. And such crimes are punishable by proportionate, effective and dissuasive sanctions, which include deprivation of liberty. An important factor that needs to be considered while comparing legislatives of the two countries is that United Arabs Emirates can be considered as a federal country due to its seven states that make it up. Therefore according to Wilkins (2009) this federalism makes UAE to have civil law as well as sharia law when dealing with cybercrimes. To this regard, one aspect of cybercrime that make no sense under UK law does in UAE and vice versa. On the other hand, agrees with this finding but adds that in as much as UK and UAE laws differ based on federalism nature of UAE, the country is yet to accept the compulsory jurisdiction of the ICJ as seen with United Kingdom. That is, in attempt to combat cybercrime, UAE just enacted the UAE Federal Law No (2) of 2006 in an attempt to prevent information regarding technology crimes. In a related study, Fienberg and Kadane (2009) compare the Police Act which actually amended the Computer Misuse Act and Article 2 of UAE Federal Law. Beginning with the Article 2, actually this is the part of legislation in UAE that criminalises the authorised access to a site. On the other hand, Police Act is first supposed to lengthen penalties under its Section 1. Secondly, just like Article 2 of UAE Federal Law Section 1 of Police Act criminalises offer or supply of information likely to commit a computer crime. Basically, what is argued in this case is that for both laws to prosecute an individual they first need to establish owner of the information and the purported crime. Conversely, Casey (2002) fails to discuss how distribution of the information that purports to harm is tracked therefore making it difficult to predict the person who distributed or committed the crime. To underscore the above statement is the recent ruling on a court case involving Ibrahim Baggili. Justice Minister Dr Hadef Jua'an Al Daheri admitted that there are still loopholes in the law and sometimes it does not cover crimes such as someone stealing passwords. He adds, “When we face such cases, we try to relate them to an existing law. But in some cases we cannot criminalise the offence,” (Soumyo, 2012 p.58). 3.0. Research Questions To help direct the efforts to test the hypothesis, collect data, critically read, and evaluate the sources, the research questions will; 1. How do United Arabs Emirates and United Kingdom laws compare when dealing with cybercrime? 2. What are the comparative cybercrime strategies between the United Kingdom and United Arabs Emirates? 4.0. Research Aim The main of this research is to critically compare legal approaches used in United Arabs Emirates and United Kingdom dealing with cybercrime. United Arabs Emirates and United Kingdom operate with established legal frameworks that differ and compare significantly when dealing with cases of cybercrime. 5.0. Research Objectives a. To critically compare quantitative and qualitative data from respondents interviewed from United Arabs Emirates and United Kingdom with a view to integrating such with literature reviews (see appendix 1). Such data will also compare court proceedings from British and United Arabs in relation to cybercrime. This will integrate my findings, literatures reviewed as well as the jurisdictions from the two countries. b. The literatures reviewed show that there is level of discrepancies when dealing with victims of cybercrime. To this regard, the research will establish reasons why laws in United Arabs Emirates and United Kingdom’s punish the same offence differently especially when amendments to Qatari Penal law and UK Computer Misuse Act 1990. c. To carryout investigation on the extend the criminal laws from UAE and UK are committed to dealing with crime owing to the increasing number of cases as reported during Cyber Security Forensics Workshop, Information Communications Technology (ITU) Regional Workshop for Cyber security and Critical Infrastructure Protection (CIIP) forums. d. To effectively assess the effectiveness of cybercrime strategies by looking at the number of cases handled vis-à-vis mitigated cases. 6.0. Design and Methods The research process will be transnational in nature meaning that is will be time consuming as well as costly to collect and gather both the primary and secondary data. Owing to this, the research will adopt the framework suggested by (Tapscott, 2008) which will be to review the secondary literature obtained online and from libraries. Further to this, the research will therefore obtain data needed from official government websites regarding the United Arabs Emirates as well as United Kingdom especially the information on efforts the governments are making to combat cybercrime. In doing this, the main method that the research will adopt in collecting the needed data will be critical review and analyses of already existing literatures. To make the process achieve the objective of the research, the research will embark on selection of relevant materials that will be used in the study. This will encompass assessment of the reliability and credibility of the materials identified. In so doing, only materials that will not be more than ten years old will be selected and used as case studies. Further to this, this materials and resources selected will be the ones dealing with legal frameworks on how to fight cybercrime in United Arabs Emirates and United Kingdom. Most of these materials will be selected from international organisations like United Nations, Seminars as well as government official websites. These materials will thereafter followed by strategic review of the selected materials as well as in-depth analysis and comparison of the materials. 7.0. Study Population Basing this research on Chair´s Report of the Telecommunications and Information Working Group presented to the Seventh APEC Ministerial Meeting in Bangkok on April 23, 2008, there is at least one case of the cybercrime in every group of 20 institutions. Since this research will be using interviews and questionnaires to gather data, sample population will be essential (see appendix 1). With this in mind, the research intends to work with approximately 40 individuals working in government institutions such as courts and have direct information on cybercrime laws and how they combat the crime. 8.0. Intervention The instrument used for the study will include pre-programmed survey laptop for the visits in the institutions/companies. The device is a Convertible Classmate PC with screen resolution of 1024*600 and a battery life of five hours. Information gathered from interviews, closed and open ended questionnaires from the 40 individuals will be stored as XML file and encrypted for confidentiality. 9.0. Theoretical Framework Based on traditional theories related to crime have found some deficiencies in explaining cybercrime. In as much theories such as space transition have been developed which can now explain behaviours related to cybercrime. Space transition theory in particular argues that individuals having a higher propensity to commit physical crime are also likely to engage in cybercrime related crimes which they would not commit in physical space (Jaishankar, 2008). In addition to this, unlike what happens in physical space, individuals are likely to come together in cyberspace with an intention of committing crimes while those with closed society are prone to cyber related crimes compared to individuals from open society (Sales and Folkman, 2010). Comparing this with the research topic, the theory therefore posits that there is need for clearer strategies as well as more understanding regarding fight against cybercrime. Basing on the global nature of internet, international collaboration would be more effective in helping the already established laws in fighting the cybercrimes. 10.0. Why the research is worth doing Before highlighting the anticipated contribution of the research to new knowledge, it is important to first establish contributions of internet to the people of United Arabs Emirates and United Kingdom. To begin with, there have been a lot of changes in the world since the discovery of internet in 1990s therefore becoming a vital factor that defines globalization in the 21st century. It is for this reason that Mills (2008) argues that there are various activities taking place online that justify reasons for critical review of laws protecting cybercrime as well as need to protect effective use of internet. First, environment in United Arabs Emirates and United Kingdom use internet for e-commerce purposes. In this respect, the internet has been preferred when carrying high profile transactions which continue to enable banks and firms to sell their products online. In addition to this, development of virtual market through the use of online or internet transactions has revolutionized trade and commerce in the world making more and more companies operating in UAE and UK to require specific or collective of specific laws that can help handle cybercrime. Populi (2009) adds that companies in UAE and UK have recently been starting to find an easy way to overcome the previous foreign market entry barriers through online transactions due to the emerging cybercrime activities. This suggests a need for comprehensive legal measures that can effectively integrate what is practiced in both countries. Contemporary studies such show that UAE and UK use internet to support virtual social networks (Tapscott, 2008). That is, through the internet, people have been able to associate and share with one another. Giving examples, myspace.com and facebook are examples of the social networks that need comprehensive legal frameworks so as to protect people from cybercrime. In other words, sharing of culture that fosters understanding between different races in the UAE and UK there is a reason why laws guiding cybercrime in UAE and UK need to be compared. Besides, the two countries share a lot in terms of education and educational forums. That is, students from both countries travel to either country to further or continue their studies as well as attending educational forums. Much of this programmes are conducted online therefore internet is promising future revolution in the education sector of the two countries. Owing to the above argument it means that without clear comparisons on how laws in Saudi Arabia and United Kingdom combat cybercrime, all gains made through the use of information and communication technology will soon fade away---main reason why both countries should have clear legal frameworks that fight cybercrimes. Based on the above importance, this research is therefore worth doing since it will be providing an insight in the legal frameworks adopted and establish how aspects of the laws compare in both countries. Furthermore, as these laws are undertaken by UAE and UK, there seems to be discrepancies therefore there is a need to find effectiveness of these laws so that each country can adopt the most effective ones. 11.0. Anticipated contribution to new knowledge Unlike argument presented in previous researches reviewed, this research add new value since it will explain space transition theory which shows that individual prone to commit psychical space crimes have a higher propensity of committing cyberspace crimes. Secondly, other than the research conducted by Heath (2008) this will be the second to compare the newly amended UAE Federal Law No (2) of 2006 and the Police Act which actually amended the Computer Misuse Act thus bringing new dimension especially when space transition theory is integrated. Lastly, the third group of cybercrime which is organized crime mafias and hostile government arose after the enactment UAE Federal Law No (2) of 2006 and the Police Act. Therefore this research will establish how the two laws attempt to deal with the crime. 12.0. The gaps identified from previous studies Previous studies on the same topic have identified several issues with regard to laws that control cybercrimes in United Arabs Emirates and United Kingdom. In as much, some of these researches such as Flewitt (2005) only show the serious threat posed by cybercrime with regard to business activities or international collaboration but fail to embark on laws that can effectively deter such crimes. For instance, understanding these laws need clear integration of space transition theory which has actually failed these researches in understanding the relationship between ability to commit physical space crime and the propensity of committing cybercrimes. Secondly, the term cybercrime is quite general. That is, there are several crimes that sum up cybercrime. This is exactly what previous researches have failed to delink---failing to break down elements of cybercrime so that each can be compared with a given laws that govern it. For instance, research such as Kotadia (2004) identify that cybercrime common in United Arabs Emirates and United Kingdom include online blackmailing, forgery, embezzlement and theft but fails to recognize that while laws in United Arabs Emirates are general in approaching these kinds of crimes, there are specific sections within Computer Misuse Act 1990 (CMA) and Police and Justice Act 2006 which deal with specific crimes as listed above. The general explaination of cybercrime fails to understand specific sections of the two laws thus denying the understanding that cybercrime is the consequence of information technology infrastructure which includes illegal access, interception, and interference with the data, interference systems, and others. Furthermore, there are myriad of changes that are brought about by information and technology. These changes call for constant revolution and or overhaul of traditional criminal laws which are not able to deal with modern cybercrimes. This is the area where previous studies have err especially when comparing the two laws. The point is criminal laws need to adapt to changes or respond to the increasing number of criminal cases related to cyber. However, there has been lack the needed amendments of the Computer Misuse Act 1990 (CMA) and Police and Justice Act 2006 and Federal Law No 2 of 2006. Actually the last amendment done to these laws was in 2006 yet much as changed. In light of this fact, previous studies only compare these laws and cases of cybercrimes but fail to factor in new developments in cybercrimes and how the laws try to adopt. Lastly, United Kingdom and United Arabs Emirate are two economic power houses in Europe and Asia thus worth comparing in terms of laws that combat cybercrime. However, previous researches fail to understand that the UK is credited with having developed the internet and therefore has one of the oldest legal frameworks in Europe that deal with cybercrime. Working with practical example, it is because of the long existing laws in United Kingdom that it came up with strategies that have been enacted in the constitution to fight cybercrime. On the other hand, UAE is relatively a young rapidly goring economy which is just in the course of developing regulatory framework and rules to fight cybercrime. This is actually one of the comparative aspects that even latest researches such as Sales and Folkman (2010) fail to recognize. 13.0. Proposed Timetable Activity to be completed Year 2013 - 14 October March Year 2014 April Sept Year 2014-15 October March Year 2015 April Sept Year 2015-16 October March Year 2016 April Sept Select topic , readers and obtain literature Basic understanding of thesis and research orientation Development of research proposal Introduction Literature review Secondary research Completing first draft Develop research methods which will be the review of secondary literature Supplying of questionnaires and interview questions Data collection Data compilation Analysis findings and results Submit final revise draft Submission thesis report 14.0. Reference Lists Applegate, J. (2002). Million invested in fighting cybercrime around the world. The National Association of Chiefs of Police Brem, S. (2001). Some ethical considerations and resource for analyzing online discussion. Discourse Processes, 32, 191-213 Casey, E. (2002). Error, Uncertainty and Loss in Digital Evidence. International Journal of Digital Evidence, 1(2). Choi, K. (2006). An empirical assessment of an integrated theory of cyber-crime victimization. American Society of Criminology. Fienberg, S.E. and Kadane, J.B (2009). The presentation of Baysian Statistical Analyses in Legal Proceedings. The Statician, 32: 88-98. Flewitt, R. (2005). Conducting research with young children: some ethical considerations. Early Child Development and Care, 175(6), pp. 553–565. Heath, N. (2008). Europe to get cybercrime alert system. Retrieved 14th March 2009 from http://www.silicon.com/publicsector/0,3800010403,39355302,00.htm Inman, K. and Rudin, N. (2009). Principles and practices of criminalistics: the profession of forensic science. Florida: CRC Press LLC. James M. Thomas, (2007). “The Computer Fraud and Abuse Act: A Powerful Weapon vs. Unfair Competitors and Disgruntled Employees,” 2 In-House Defense Quarterly, Chicago. Journal of Crime, Criminal Law and Criminal Justice Koninklijke, Brill NV (2013). Printed in the Netherlands, Vol. 13/3, p. 436. Kotadia, M. (2004). Skills not money needed to fight cyber rime. Retrieved 14th March 2009 from http://news.zdnet.co.uk/security/0,1000000189,39155138,00.htm Kouri, K. (2004). Cybercrime fighters: Feds fighting cyber crime. Retrieved 14th March 2009 from http://www.crime-research.org/news/30.12.2004/874/ Leyden, J. (2010). Enforcement is key to fighting cybercrime. Retrieved 14th March 2009 from http://www.theregister.co.uk/2004/07/02/cma_reform_analysis/ Magnin, C. (2001). The 2001 Council of Europe Convention on cyber-crime: an efficient tool to fight crime in cyber-space? Santa Clara University, 2001 Mills, E. (2008). Fighting cybercrime in an economic downturn. Retrieved 14th March 2009 from http://news.cnet.com/8301-1009_3-10119287-83.html Patnaik, R. (2004). Vulnerability of children through cybercrimes. American society of Criminology Populi, V. (2009). Threat of cybercrime continues to increase. The National Association of Chiefs of Police Ryan, DJ. & Shpantzer, G. (2005). Legal Aspects of Digital Forensics. DC: The George Washington University. Available from: http://www.danjryan.com/Legal%20Issues.doc Sales, B.D., & Folkman, S. (2010). Ethics in research with human participants. Washington, DC: American Psychological Association. Soumyo D. (2012). Developing Policies for Cybercrime: Some Empirical Issues, Eurropean. Tapscott, D. (2008). Growing Up Digital. The Rise of the Net Generation. New York McGraw- Hill. United Nations Resolution (2005). includes that: “In determining the strength of new legislation, States should be encouraged to be inspired by the provisions of the Council of Europe Convention on Cybercrime. Wilkins, H. (2009). Computer talk: Long-Distance Conversations by Computer. Written Communication, 8(1). 15.0. Appendix 1 QUESTIONAIRE CYBERCRIME LEGISLATION QUESTIONS FOR UAE AND UK Does your country have a current Policy on cybercrime? Yes ___ No ___ If yes, please list and attach copies of all such policy documents, preferably in electronic format if possible. If No, please set the reasons why there is not a policy on cybercrime in your country? ____________________________________________________________ __________________________________________________________ Does cybercrime have a designated legislation or it is covered by general legislation? Please list and attach copies of all such legislation, preferably in electronic format if possible. In which of the following areas does your country have existing cybercrime legislation in place? Substantive cybercrime laws Illegal access to a computer system Illegal access (to a computer system) refers to acts where the offender enters parts or the whole of a computer system without authorisation or justification. This is for example the case if the offender circumvents a firewall and breaks into the computer system of a bank. The term computer system may be interpreted in a broad manner and also include smart phones, wireless router and external storage devices. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Illegal data acquisition of computer data Illegal acquisition of computer data refers to acts where the offender obtained computer data (e.g. by copying them) without authorization. This is for example the case if the offender, who is working for a company, without authorization, copies files to take them with him. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Illegal interception of data Illegal interception of computer data refers to acts where the offender is obtaining computer data during a – in general non-public - transmission process. This is for example the case if the offender is recording transmissions within a wireless network. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Illegal data interference Illegal data interference refers to acts where the offender interferes with stored computer data – e.g. by deleting, suppressing or modifying them. This is for example the case if malicious software changes the configuration of a computer system to prevent an identification of the presents of such software by an anti-virus solution or deletes files on the affected computer system. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Illegal system interference Illegal system interference refers to acts where the offender is hindering the functioning of a computer system. This is for example the case if the offender is submitting so many requests to a computer system that it can’t respond to legitimate requests anymore (so called “denial-of-service attack”). Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Production/Distribution of tools to commit computer crime Production, distribution, possession, etc. of illegal computer tools refers to acts, where the offender develops or distributes hard- or software solutions that can be used to carry out computer or Internet-related offences. This is for example the case if the offender develops a software to automate denial-of-service attacks. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Fraud and computer-related fraud Computer-related fraud refers to an interference with computer- or data processing processes with the intent of procuring an economic benefit. This is for example the case if the offender modifies a software used by a bank to redirect money transfer processes to his own account. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Falsification of documents, computer-related forgery Computer-related forgery refers to acts where the offender interferes with computer data – that are used for legal purposes - in a way, that they result in inauthentic data. This is for example the case if the offender modifies an authentic mail from a financial institution and sends it out to various recipients. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Identity-related crime Identity-related crime refers to acts where the offender transfers, possesses or uses means of identification of another person with the intent to commit, aid or abet any unlawful criminal activity. This is for example the case if an offender, who obtains credit card information from a victims computer system sells such data or uses it to mislead investigations while committing a crime. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Child pornography Computer-related production, distribution, possession, etc. of child abuse material refers to acts where the offender produces/interacts with electronically stored child abuse material. This is for example the case if an offender downloads a digital picture showing the sexual abuse of a child. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: SPAM Sending of SPAM refers to acts where an offender is sending out messages to a large number of recipients without authorization or request. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Offences related to an investigation Crimes safeguarding investigations refers to acts where the offender interferes with an investigation by violating certain safeguards. This can for example be the case if a provider was requested to keep confidential that he received an order to intercept the communication of a suspect but he informs the suspects about this issue. Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible. Substantive criminal law. Do you believe that any of the above offences should NOT be criminalized? If you believe that one or more offences should not be criminalized, please specify if they should not be criminalized at all or if the criminalization should be restricted: Procedural cybercrime law/s for example authority to preserve and obtain electronic data from third parties, including internet service providers; Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: authority to intercept electronic communications; Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: authority to search and seize electronic evidence, Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: seizing computer systems and equipment Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: Procedural instrument The successful investigation of crimes requires that law enforcement agencies have the ability to use specific investigation instruments. Do you believe that law enforcement should NOT have the ability to use any of the following instruments? If you believe that one of more instruments should not be available please specify if they should NOT be available at all or if the application should be restricted (e.g. to specific offences): Activating a computer system of a suspect Searching for data on the suspects computer and storage devices Seizing computer systems and equipment Instead of seizing the hardware making copies of relevant data Ordering somebody who is not the suspect but has special knowledge about the functioning of a computer system or the location of specific data (such as a system administrator) to support the investigation Interception of content data of a suspect (such as e-mails) Recording traffic data of the suspect (such as the address of a website that the suspects visits) Using advanced remote forensic tools (such as keyloggers) International Cooperation and Mutual legal assistance related to cyber-crime: Yes ___ No ___ If yes, please list and attach copies of all such legislation, preferably in electronic format if possible: __________________________________________________________________ __________________________________________________________________ What are the top 3 or top 5 Cybercrime offenses that your country suffers from most? What are the main problems with regard to a successful investigation/prosecution of Cybercrime in your country. Does your country have any concrete experiences with respect to strengthening the relationship between the authorities responsible for investigating and/or prosecuting cyber-crimes, and internet service providers that may be shared with other States as a best practice in this area? Yes ___ No ___ If yes, please explain: Has your country identified, created, or established a unit or entity specifically charged with dealing cyber-crimes incident response (e.g. CERT)? Yes ____ No ___ If yes, please provide the following information: The exact name of the unit/entity: The institution to which the unit/entity belongs: The number of officers or experts in the unit/entity: The regional and international organizations that unit/entity collaborate with: Has your country identified, created, or established a unit or entity specifically charged with directing and developing the investigation of cyber-crimes? Yes ___ No ___ If yes, please provide the following information: _____________________________________________________________________ The exact name of the unit/entity: The institution to which the unit/entity belongs: The number of officers or investigators in the unit/entity: The regional and international organizations that unit/entity collaborate with: If such a unit/entity has been created or established, are its functions dedicated exclusively to the investigation of cyber-crimes? Yes ___ No ___ If no, what other types of offenses or crimes is this unit/entity responsible for investigating and/or prosecuting? __________________________________________________________________________________________________________________________________________ Has your country identified, created, or established a unit or entity specifically charged with directing and the prosecution of cyber-crimes? Yes ___ No ___ If yes, please provide the following information: ___________________________________________________________________________________________________________ The exact name of the unit/entity: _______________________________________________ The institution to which the unit/entity belongs: ____________________________________ The number of prosecutors or judicial officials in the unit/entity: ______________________ The regional and international organizations that unit/entity collaborate with: ____________________________ If such a unit/entity has been created or established, are its functions dedicated exclusively to the prosecution of cyber-crimes? Yes ___ No ___ If no, what other types of offenses or crimes is this unit/entity responsible for prosecuting? __________________________________________________________________________________________________________________________________________ Has your country identified, created, or established a specific court for the trials of cybercrimes? Yes ___ No ___ If yes, please provide the following information: ______________________________________ _____________________________________________________________________ The exact name of the court: _______________________________________________ The institution to which the court belongs: ____________________________________ The number of judges and experts in the court: ____________________________ The regional and international organizations that court collaborates with: ____________________________ If such a court has been created or established, are its functions dedicated exclusively to the trials of cybercrimes? Yes ___ No ___ If no, what other types of offenses or crimes is this court responsible for trying? Are there any challenges (legal, technical and institutional) faced by your country in developing frameworks for cybercrime and critical information infrastructure protection (CIIP)? Yes __ No ___ If yes, please identify them. Are there any barriers and constraints (legal, technical and institutional) in your country that affect the development of cybercrime legislation framework and critical information infrastructure protection (CIIP) for tackling cybercrime? Yes ___ No ___ If yes, please identify them. Read More