SlideShare a Scribd company logo
1 of 22
Download to read offline
INVESTIGATING
CYBERCRIME AT THE
UNITED NATIONS
DR IAN BROWN, OXFORD UNIVERSITY
@IANBROWNOII / OII.OX.AC.UK
UNODC COMPREHENSIVE
STUDY ON CYBERCRIME
General Assembly resolution 65/230
requested the Commission on
Crime Prevention and Criminal
Justice to establish an open-ended
intergovernmental expert group, to
conduct a comprehensive study of
the problem of cybercrime and
responses to it by Member States,
the international community and the
private sector, including the
exchange of information on national
legislation, best practices, technical
assistance and international
cooperation.
STUDY TEAM
Steven Malby, Robyn Mace, Anika Holterhof,
Cameron Brown, Stefan Kascherus, Eva
Ignatuschtschenko (UNODC)
Ulrich Sieber, Tatiana Tropina, Nicolas von zur
Mühlen (Max Planck Institute for Foreign and
International Criminal Law)
Ian Brown, Joss Wright (Oxford Internet Institute)
Roderic Broadhurst (Australian National
University)
Kristin Krüger (Brandenburg Institute for Society
and Security)
COSTS OF CYBERCRIME
SCOPE
“As the world moves into a hyper-
connected society with universal internet
access, it is hard to imagine a „computer
crime‟, and perhaps any crime, that will not
involve electronic evidence linked with
internet connectivity. Such developments
may well require fundamental changes in
law enforcement approach, evidence
gathering, and mechanisms of international
cooperation in criminal matters.” (p.x)
PROCESS
Salvador Declaration on Comprehensive Strategies for
Global Challenges: Crime Prevention and Criminal Justice
Systems and Their Development in a Changing World (2010)
UN GA resolution 65/230 (2010)
1st session of intergovernmental expert group (Vienna 17-21
Jan 2011) approved topics and methodology
(UNODC/CCPCJ/EG.4/2011/3)
Information gathering H1 2012
2nd session (Vienna 25-28 Feb 2013)
PROCESS
Topics selected: (1) Phenomenon of cybercrime; (2)
Statistical information; (3) Challenges of cybercrime; (4)
Common approaches to legislation; (5) Criminalization; (6)
Procedural powers; (7) International cooperation; (8)
Electronic evidence; (9) Roles and responsibilities of service
providers and the private sector; (10) Crime prevention and
criminal justice capabilities and other responses to
cybercrime; (11) International organizations; and (12)
Technical assistance.
UNODC developed questionnaires for Member States (69
responded), IGOs (11), private sector (40) and academic
institutions (16). Also undertook extensive interviews and
comparative legal analysis
INTERNATIONAL
INSTRUMENTS
“82 countries have signed and/or ratified a binding cybercrime
instrument…multilateral cybercrime instruments have influenced national
laws indirectly, through use as a model by non-States parties, or via the
influence of legislation of States parties on other countries.” (p.xix)
NATIONAL APPROACHES
Investigative measures (cyber-specific, general, both,
none) p.xxii
Offences (cyber-specific, general, both, none) p.xx
JURISDICTION
In many countries, provisions reflect the idea that the „whole‟
offence need not take place within the country in order to
assert territorial jurisdiction. Territorial linkages can be made
with reference to elements or effects of the act, or the
location of computer systems or data utilized for the offence
Where they arise, jurisdictional conflicts are typically
resolved through formal and informal consultations between
countries
Country responses do not reveal, at present, any need for
additional forms of jurisdiction over a putative „cyberspace‟
dimension. Rather, forms of territoriality-based and
nationality-based jurisdiction are almost always able to
ensure a sufficient connection between cybercrime acts and
at least one State
EXTRA-TERRITORIAL
EVIDENCE
Key issue for further international cooperation (p.xxv)
ACCESSING CLOUD DATA
CoE CC §32: “A Party may, without the authorisation of
another Party…access or receive, through a computer
system in its territory, stored computer data located in
another Party, if the Party obtains the lawful and
voluntary consent of the person who has the lawful
authority to disclose the data to the Party through that
computer system.”
KEY FINDINGS
(a) …divergences in the extent of procedural powers and international cooperation
provisions may lead to the emergence of country cooperation „clusters‟ that are not
always well suited to the global nature of cybercrime
(b) Reliance on traditional means of formal international cooperation in cybercrime
matters is not currently able to offer the timely response needed for obtaining volatile
electronic evidence.
(c) …the role of evidence „location‟ needs to be reconceptualized, including with a view
to obtaining consensus on issues concerning direct access to extraterritorial data by
law enforcement authorities
(d) Analysis of available national legal frameworks indicates insufficient harmonization
of „core‟ cybercrime offences, investigative powers, and admissibility of electronic
evidence. International human rights law represents an important external reference
point for criminalization and procedural provisions;
(e) Law enforcement authorities, prosecutors, and judiciary in developing countries,
require long-term, sustainable, comprehensive technical support and assistance for the
investigation and combating of cybercrime;
(e) Cybercrime prevention activities in all countries require strengthening, through a
holistic approach involving further awareness raising, public-private partnerships, and
the integration of cybercrime strategies with a broader cybersecurity perspective.
OPTIONS
Model provisions (on core cybercrime acts; investigative
powers; jurisdiction; international cooperation)
Limited or comprehensive multilateral agreements
Technical assistance
CORE CYBERCRIME ACTS
(i) The provisions could maintain the approach of existing
instruments regarding offences against the confidentiality,
integrity and accessibility of computer systems and data;
(ii) The provisions could also cover „conventional‟ offences
perpetrated or facilitated by use of computer systems, only
where existing criminalization approaches are perceived not to
be sufficient;
(iii) The provisions could address areas not covered by existing
instruments, such as criminalization of SPAM;
(iv) The provisions could be developed in line with the latest
international human rights standards on criminalization,
including in particular, treaty-based protections of the right to
freedom of expression;
(v) Use of the provisions by States would minimize dual
criminality challenges in international cooperation;
INVESTIGATIVE POWERS
(i) The provisions could draw on the approach of existing
instruments, including orders for expedited preservation of
data, and orders for obtaining stored and real-time data;
(ii) The provisions could offer guidance on the extension of
traditional powers such as search and seizure to electronic
evidence;
(iii) The provisions could offer guidance on the application
of appropriate safeguards for intrusive investigative
techniques based on international human rights law,
including treaty-based protections of the right to privacy;
JURISDICTION
(i) The provisions could include bases such as those derived
from the objective territoriality principle and the substantial
effects doctrine.
(ii) The provisions could include guidance for addressing
issues of concurrent jurisdiction.
INTERNATIONAL
COOPERATION
(i) The provisions would focus on practical cooperation
mechanisms that could be inserted in existing instruments
for the timely preservation and supply of electronic evidence
in criminal matters;
(ii) The provisions could include obligations to establish
electronic evidence fast response focal points and agreed
timescales for responses;
MULTILATERAL
AGREEMENT ON EVIDENCE
i) By way of complementarity to existing international cooperation
treaties, such an instrument could focus primarily on a mechanism for
requesting expedited preservation of data for a specified time period;
(ii) The instrument may also include specific cooperation provisions for
further investigative measures, including supply of stored data, and
real-time collection of data;
(iii) The scope of application would need to be defined, but should not
be limited to „cybercrime‟ or „computer-related‟ crime;
(iv) The instrument could require response within a specified time
period and establish clear focal point to focal point communication
channels, building upon rather than duplicating existing 24/7 initiatives;
(v) The instrument could include traditional international cooperation
safeguards, as well as appropriate human rights exclusions;
COMPREHENSIVE
MULTILATERAL AGREEMENT
(i) The instrument could include elements from all of the
options above in a binding, multilateral form;
(ii) The instrument could draw on existing core
commonalities across the current range of binding and non-
binding international and regional instruments;
TECHNICAL ASSISTANCE
(i) Technical assistance could be delivered based on
standards developed through model provisions as set out in
the options above;
(ii) Technical assistance could be delivered through a focus
on multi-stakeholder delivery, including representatives from
the private sector and academia.
NEXT STEPS
22nd Session of the Commission on Crime Prevention and
Criminal Justice took note of study, requested Secretariat to
translate and disseminate, and expert group to continue
efforts
Council of Europe Cybercrime Convention Committee is
developing optional protocol on transborder access to data
Ongoing battles at ITU and elsewhere in UN system over
Internet governance

More Related Content

What's hot

Cyberspace and Digital Diplomacy
Cyberspace and Digital DiplomacyCyberspace and Digital Diplomacy
Cyberspace and Digital DiplomacyKenny Huang Ph.D.
 
Cybercrime Deterrence and International Legislation: Evidence from Distribute...
Cybercrime Deterrence and International Legislation: Evidence from Distribute...Cybercrime Deterrence and International Legislation: Evidence from Distribute...
Cybercrime Deterrence and International Legislation: Evidence from Distribute...MIS Quarterly
 
Floundering towards EU information law
Floundering towards EU information lawFloundering towards EU information law
Floundering towards EU information lawblogzilla
 
Internet Governance Model in Taiwan
Internet Governance Model in TaiwanInternet Governance Model in Taiwan
Internet Governance Model in TaiwanKenny Huang Ph.D.
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?blogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Chinatu Uzuegbu
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internetmoldovaictsummit2016
 
Presentation on hadopi laws
Presentation on hadopi lawsPresentation on hadopi laws
Presentation on hadopi lawsbsookman
 
Cyber crime legislation part 1
Cyber crime legislation part 1Cyber crime legislation part 1
Cyber crime legislation part 1MohsinMughal28
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Fine-Grained Censorship Mapping
Fine-Grained Censorship MappingFine-Grained Censorship Mapping
Fine-Grained Censorship MappingJoss Wright
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataRenato Monteiro
 
Privacy impact assessment
Privacy impact assessmentPrivacy impact assessment
Privacy impact assessmentSpringer
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...
Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...
Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...David Rozas
 
Pal gov.tutorial6.session9.cybercrime
Pal gov.tutorial6.session9.cybercrimePal gov.tutorial6.session9.cybercrime
Pal gov.tutorial6.session9.cybercrimeMustafa Jarrar
 
Wikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetWikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetVincy
 

What's hot (20)

Cyberspace and Digital Diplomacy
Cyberspace and Digital DiplomacyCyberspace and Digital Diplomacy
Cyberspace and Digital Diplomacy
 
Cybercrime Deterrence and International Legislation: Evidence from Distribute...
Cybercrime Deterrence and International Legislation: Evidence from Distribute...Cybercrime Deterrence and International Legislation: Evidence from Distribute...
Cybercrime Deterrence and International Legislation: Evidence from Distribute...
 
Floundering towards EU information law
Floundering towards EU information lawFloundering towards EU information law
Floundering towards EU information law
 
Internet Governance Model in Taiwan
Internet Governance Model in TaiwanInternet Governance Model in Taiwan
Internet Governance Model in Taiwan
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
CTO Cybersecurity Forum 2013 Alexander Seger
CTO Cybersecurity Forum 2013 Alexander SegerCTO Cybersecurity Forum 2013 Alexander Seger
CTO Cybersecurity Forum 2013 Alexander Seger
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
 
Presentation on hadopi laws
Presentation on hadopi lawsPresentation on hadopi laws
Presentation on hadopi laws
 
Cyber crime legislation part 1
Cyber crime legislation part 1Cyber crime legislation part 1
Cyber crime legislation part 1
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
 
Fine-Grained Censorship Mapping
Fine-Grained Censorship MappingFine-Grained Censorship Mapping
Fine-Grained Censorship Mapping
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal Data
 
Privacy impact assessment
Privacy impact assessmentPrivacy impact assessment
Privacy impact assessment
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...
Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...
Ostrom’s crypto-principles? Towards a commons-based approach for the use of B...
 
Pal gov.tutorial6.session9.cybercrime
Pal gov.tutorial6.session9.cybercrimePal gov.tutorial6.session9.cybercrime
Pal gov.tutorial6.session9.cybercrime
 
Wikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetWikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internet
 

Similar to Investigating cybercrime at the United Nations

33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crimeIshitaSrivastava21
 
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Kangai Maukazuva, CGEIT
 
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...Cameron Brown
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaMohammed Mahfouz Alhassan
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Klamberg
 
Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Klamberg
 
Cloud Services and the "Marco Civil"
Cloud Services and the "Marco Civil"Cloud Services and the "Marco Civil"
Cloud Services and the "Marco Civil"ATMOSPHERE .
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1MalikPinckney86
 
CYBOK: Law and Regulation webinar slides.pdf
CYBOK: Law and Regulation webinar slides.pdfCYBOK: Law and Regulation webinar slides.pdf
CYBOK: Law and Regulation webinar slides.pdfHari319621
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
An insight view of digital forensics
An insight view of digital forensicsAn insight view of digital forensics
An insight view of digital forensicsijcsa
 

Similar to Investigating cybercrime at the United Nations (20)

33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
 
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
 
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
 
2627 8105-1-pb
2627 8105-1-pb2627 8105-1-pb
2627 8105-1-pb
 
File000114
File000114File000114
File000114
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
 
Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225
 
Cloud Services and the "Marco Civil"
Cloud Services and the "Marco Civil"Cloud Services and the "Marco Civil"
Cloud Services and the "Marco Civil"
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
 
Cyber law and cyber-crime
Cyber law and cyber-crimeCyber law and cyber-crime
Cyber law and cyber-crime
 
Cyber-Law and Cyber-Crime
Cyber-Law and Cyber-CrimeCyber-Law and Cyber-Crime
Cyber-Law and Cyber-Crime
 
CYBOK: Law and Regulation webinar slides.pdf
CYBOK: Law and Regulation webinar slides.pdfCYBOK: Law and Regulation webinar slides.pdf
CYBOK: Law and Regulation webinar slides.pdf
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Cyber Crimes.pdf
Cyber Crimes.pdfCyber Crimes.pdf
Cyber Crimes.pdf
 
CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
 
An insight view of digital forensics
An insight view of digital forensicsAn insight view of digital forensics
An insight view of digital forensics
 

More from blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managersblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloudblogzilla
 
Can the law control Digital Leviathan?
Can the law control Digital Leviathan?Can the law control Digital Leviathan?
Can the law control Digital Leviathan?blogzilla
 
Regulating code
Regulating codeRegulating code
Regulating codeblogzilla
 
Data protection redress in the UK
Data protection redress in the UKData protection redress in the UK
Data protection redress in the UKblogzilla
 

More from blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managers
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
 
Can the law control Digital Leviathan?
Can the law control Digital Leviathan?Can the law control Digital Leviathan?
Can the law control Digital Leviathan?
 
Regulating code
Regulating codeRegulating code
Regulating code
 
Data protection redress in the UK
Data protection redress in the UKData protection redress in the UK
Data protection redress in the UK
 

Recently uploaded

UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 

Recently uploaded (20)

UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 

Investigating cybercrime at the United Nations

  • 1. INVESTIGATING CYBERCRIME AT THE UNITED NATIONS DR IAN BROWN, OXFORD UNIVERSITY @IANBROWNOII / OII.OX.AC.UK
  • 2. UNODC COMPREHENSIVE STUDY ON CYBERCRIME General Assembly resolution 65/230 requested the Commission on Crime Prevention and Criminal Justice to establish an open-ended intergovernmental expert group, to conduct a comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector, including the exchange of information on national legislation, best practices, technical assistance and international cooperation.
  • 3. STUDY TEAM Steven Malby, Robyn Mace, Anika Holterhof, Cameron Brown, Stefan Kascherus, Eva Ignatuschtschenko (UNODC) Ulrich Sieber, Tatiana Tropina, Nicolas von zur Mühlen (Max Planck Institute for Foreign and International Criminal Law) Ian Brown, Joss Wright (Oxford Internet Institute) Roderic Broadhurst (Australian National University) Kristin Krüger (Brandenburg Institute for Society and Security)
  • 5. SCOPE “As the world moves into a hyper- connected society with universal internet access, it is hard to imagine a „computer crime‟, and perhaps any crime, that will not involve electronic evidence linked with internet connectivity. Such developments may well require fundamental changes in law enforcement approach, evidence gathering, and mechanisms of international cooperation in criminal matters.” (p.x)
  • 6. PROCESS Salvador Declaration on Comprehensive Strategies for Global Challenges: Crime Prevention and Criminal Justice Systems and Their Development in a Changing World (2010) UN GA resolution 65/230 (2010) 1st session of intergovernmental expert group (Vienna 17-21 Jan 2011) approved topics and methodology (UNODC/CCPCJ/EG.4/2011/3) Information gathering H1 2012 2nd session (Vienna 25-28 Feb 2013)
  • 7. PROCESS Topics selected: (1) Phenomenon of cybercrime; (2) Statistical information; (3) Challenges of cybercrime; (4) Common approaches to legislation; (5) Criminalization; (6) Procedural powers; (7) International cooperation; (8) Electronic evidence; (9) Roles and responsibilities of service providers and the private sector; (10) Crime prevention and criminal justice capabilities and other responses to cybercrime; (11) International organizations; and (12) Technical assistance. UNODC developed questionnaires for Member States (69 responded), IGOs (11), private sector (40) and academic institutions (16). Also undertook extensive interviews and comparative legal analysis
  • 8. INTERNATIONAL INSTRUMENTS “82 countries have signed and/or ratified a binding cybercrime instrument…multilateral cybercrime instruments have influenced national laws indirectly, through use as a model by non-States parties, or via the influence of legislation of States parties on other countries.” (p.xix)
  • 9. NATIONAL APPROACHES Investigative measures (cyber-specific, general, both, none) p.xxii Offences (cyber-specific, general, both, none) p.xx
  • 10. JURISDICTION In many countries, provisions reflect the idea that the „whole‟ offence need not take place within the country in order to assert territorial jurisdiction. Territorial linkages can be made with reference to elements or effects of the act, or the location of computer systems or data utilized for the offence Where they arise, jurisdictional conflicts are typically resolved through formal and informal consultations between countries Country responses do not reveal, at present, any need for additional forms of jurisdiction over a putative „cyberspace‟ dimension. Rather, forms of territoriality-based and nationality-based jurisdiction are almost always able to ensure a sufficient connection between cybercrime acts and at least one State
  • 11. EXTRA-TERRITORIAL EVIDENCE Key issue for further international cooperation (p.xxv)
  • 12. ACCESSING CLOUD DATA CoE CC §32: “A Party may, without the authorisation of another Party…access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”
  • 13. KEY FINDINGS (a) …divergences in the extent of procedural powers and international cooperation provisions may lead to the emergence of country cooperation „clusters‟ that are not always well suited to the global nature of cybercrime (b) Reliance on traditional means of formal international cooperation in cybercrime matters is not currently able to offer the timely response needed for obtaining volatile electronic evidence. (c) …the role of evidence „location‟ needs to be reconceptualized, including with a view to obtaining consensus on issues concerning direct access to extraterritorial data by law enforcement authorities (d) Analysis of available national legal frameworks indicates insufficient harmonization of „core‟ cybercrime offences, investigative powers, and admissibility of electronic evidence. International human rights law represents an important external reference point for criminalization and procedural provisions; (e) Law enforcement authorities, prosecutors, and judiciary in developing countries, require long-term, sustainable, comprehensive technical support and assistance for the investigation and combating of cybercrime; (e) Cybercrime prevention activities in all countries require strengthening, through a holistic approach involving further awareness raising, public-private partnerships, and the integration of cybercrime strategies with a broader cybersecurity perspective.
  • 14. OPTIONS Model provisions (on core cybercrime acts; investigative powers; jurisdiction; international cooperation) Limited or comprehensive multilateral agreements Technical assistance
  • 15. CORE CYBERCRIME ACTS (i) The provisions could maintain the approach of existing instruments regarding offences against the confidentiality, integrity and accessibility of computer systems and data; (ii) The provisions could also cover „conventional‟ offences perpetrated or facilitated by use of computer systems, only where existing criminalization approaches are perceived not to be sufficient; (iii) The provisions could address areas not covered by existing instruments, such as criminalization of SPAM; (iv) The provisions could be developed in line with the latest international human rights standards on criminalization, including in particular, treaty-based protections of the right to freedom of expression; (v) Use of the provisions by States would minimize dual criminality challenges in international cooperation;
  • 16. INVESTIGATIVE POWERS (i) The provisions could draw on the approach of existing instruments, including orders for expedited preservation of data, and orders for obtaining stored and real-time data; (ii) The provisions could offer guidance on the extension of traditional powers such as search and seizure to electronic evidence; (iii) The provisions could offer guidance on the application of appropriate safeguards for intrusive investigative techniques based on international human rights law, including treaty-based protections of the right to privacy;
  • 17. JURISDICTION (i) The provisions could include bases such as those derived from the objective territoriality principle and the substantial effects doctrine. (ii) The provisions could include guidance for addressing issues of concurrent jurisdiction.
  • 18. INTERNATIONAL COOPERATION (i) The provisions would focus on practical cooperation mechanisms that could be inserted in existing instruments for the timely preservation and supply of electronic evidence in criminal matters; (ii) The provisions could include obligations to establish electronic evidence fast response focal points and agreed timescales for responses;
  • 19. MULTILATERAL AGREEMENT ON EVIDENCE i) By way of complementarity to existing international cooperation treaties, such an instrument could focus primarily on a mechanism for requesting expedited preservation of data for a specified time period; (ii) The instrument may also include specific cooperation provisions for further investigative measures, including supply of stored data, and real-time collection of data; (iii) The scope of application would need to be defined, but should not be limited to „cybercrime‟ or „computer-related‟ crime; (iv) The instrument could require response within a specified time period and establish clear focal point to focal point communication channels, building upon rather than duplicating existing 24/7 initiatives; (v) The instrument could include traditional international cooperation safeguards, as well as appropriate human rights exclusions;
  • 20. COMPREHENSIVE MULTILATERAL AGREEMENT (i) The instrument could include elements from all of the options above in a binding, multilateral form; (ii) The instrument could draw on existing core commonalities across the current range of binding and non- binding international and regional instruments;
  • 21. TECHNICAL ASSISTANCE (i) Technical assistance could be delivered based on standards developed through model provisions as set out in the options above; (ii) Technical assistance could be delivered through a focus on multi-stakeholder delivery, including representatives from the private sector and academia.
  • 22. NEXT STEPS 22nd Session of the Commission on Crime Prevention and Criminal Justice took note of study, requested Secretariat to translate and disseminate, and expert group to continue efforts Council of Europe Cybercrime Convention Committee is developing optional protocol on transborder access to data Ongoing battles at ITU and elsewhere in UN system over Internet governance

Editor's Notes

  1. http://www.unodc.org/documents/treaties/organized_crime/EGM_cybercrime_2011/UNODC_CCPCJ_EG4_2011_3/UNODC_CCPCJ_EG4_2011_3_E.pdf
  2. (1)  An individual located in country A with control over cloud data. Access may be obtained either because (i) the individual consents; or (ii) authorities make use of an existing live connection from the individual’s device. (2)  An individual located in country B with control over cloud data. Access may be obtained due to the consent of the individual. (3)  The cloud service provider in country B. Access may be obtained either because (i) the cloud service provider consents; or (ii) data access credentials have been obtained by law enforcement. (4)  The cloud service provider’s offices in country A. Access may be obtained through local informal arrangements between law enforcement and the cloud service provider.