The Role of American Laws in Protecting Corporations From Cybercrime

Introduction

The US federal government considers cybercrime as one of the most critical threats to its security alongside terrorism (Cowley, 2012). In fact, the government considers cyber attacks a threat to the national security, which has prompted enactment of a number of laws.

Since 1985, America has established several statutes with an aim of protecting the federal and state governments, organizations, and the public from effects of internal and external cyber-attacks (Cowley, 2012). Companies are required to comply with certain laws in order to ensure that their computer and communications systems do not provide cyber criminals with an easy target to execute their crimes.

Although there is no single law that describes the specific way in which corporations should implement cyber security measures, a number of legislations seek to protect both the government and corporations from cybercrime. The purpose of this paper is to discuss legislation relevant to protecting corporations from cyber attacks, with a special reference to an organization dealing with management of equity fixed-income property and allocation of asset funds.

In October 2012, the American government issued a warning to organizations that the country might experience a possibility of what it calls ‘cyber Pearl Harbor’ (Cowley, 2012). It warns that foreign computer hackers are likely to let loose chaos on America’s transportation system, information systems, power grid, and financial networks.

However, it considers cyber havoc as the most probable and dangerous effect because most organizations do not have sophisticated measures to protect their intellectual property from cyber attacks.

Acts Protect Equity and Assets From Cybercrime

The Federal Computer Fraud and Abuse Act 1984

The Federal Computer Fraud and Abuse Act 1984 is the first statute in the United States of America to protect intellectual property from theft and other forms of cybercrime. The statute was originally enacted with an aim of prosecuting hackers and those attempting to hack or attack computers and information systems in financial organizations or institutions of the federal government.

Both organizations and the public sector have used this act to prosecute people who hack into their information systems. However, there are disagreements in courts over the use of the statute, which implies that the legislation is not effective for the financial institution in question to protect its intellectual property from cyber attacks (Cowley, 2012).

Economic Espionage Act

Being a financial institution dealing with figures and facts as its main item of trade, the company under discussion is likely to apply the Economic Espionage Act to prosecute people who attempt to hack into its information system or pose a threat to its intellectual property.

This statute states that any acts of theft, intentional receipt of trade secrets, and authorized copying of information or data is a crime that punishable under the law. It aims at criminalizing the theft of trade secrets, which protects governments, agents, and financial organizations (Fischer, 2012).

The Digital Millennium Copyright Act

The Digital Millennium Copyright Act is a statute in the United States of America that seeks to protect the government and organizations from cyber attacks by prosecuting IP theft. The statute considers theft of computer and computer systems’ identity as a crime. It seeks to protect organizations from people who fraud them of their intellectual property by illegally stealing the identity of their computers, internet services, and other parts of the information system.

Wiretap Act

By enacting the Wiretap Act, the federal government of the US aims at protecting privacy in communications between people in and out of organizations. The act criminalizes and seeks to prosecute people and organizations that attempt to involve in certain acts such as intentional or purposeful disclosure, intercept or use the contents of any wire, electronic or oral communication uses a device (Cowley, 2012).

The term device includes such objects as the computer, the internet, telephone, radio, and other items of electronic communication. In addition, the act provides civil and criminal penalties for people who violate these regulations. However, it has a number of exceptions to when the violations are legal.

Electronic Communications Privacy Act

Electronic Communications Privacy Act considers all writings, images, data, sound, transfer signals, and intelligence that are transmitted through wire, electromagnetic, radio, photo-optical or photoelectronic means as a property that needs protection. The statute sets down a number of requirements for arrests and search warrants.

Stored Communications Act

Stored Communications Act is the second title of the statute that seeks to protect communications held or on transit in electronic devices and channels such as the Internet and computers (Fischer, 2012).

The Electronic Communications Privacy Act of 1986

The Electronic Communications Privacy Act of 1986 is a federal statute in the United States of America that seeks to protect companies and public institutions from unauthorized access of government or corporation electronic communications. In fact, this statute is an extension of the Omnibus Crime Control and Safe Act of 1986 (Tunstall, 2011).

Conclusion

With respect to the above statutes, the company is obliged to comply with reporting regulations after it suffers a cyber attack or breach of its data. For instance, the SEC is involved in developing and publishing detailed guidelines that institutions need to follow when reporting events of cybercrime or breach of data.

They also need to use these guidelines when disclosing information related to these events in case the attacks are likely to cause some effect on the their data, clients, liquidity, losses, and business operations (Cowley, 2012). According to the regulations, disclosures must have specific content and in plain English (Tunstall, 2011). However, cybercrime disclosures are alarmingly infrequent in the United States, but it is important that the company comply with these rules and regulations (Kayman & Elbaum, 2012).

The law requires the company to comply with these laws in order to guarantee the customers, the public, and other organizations reasonable degree of security for their information. However, the size of the company, the industry to which it belongs, and the type of business it conducts determine how the company will comply with the law.

There are minimum legal requirements the company must fulfill in order to provide maximum security for the information that it values as its assets. For example, it is mandatory for the company to be registered as a private company, a public liability company or a corporation. Secondly, the company must provide information regarding its size, value, and nature of data as well as the number of customers it deals with.

Moreover, it is necessary for the company to ensure that customers are provided with an ability to access their data but provide security so that their data is protected from cybercriminals. Finally, it is necessary for the company to comply with the regulations on disclosure of information on cyber attacks to the relevant authorities, the prosecution, and the courts if the offenders are brought in court for an offense related to crimes against the company’s intellectual property (Tunstall, 2011).

References

Cowley, S. (2012). FBI Director: Cybercrime Will Eclipse Terrorism. Web.

Fischer, E. A. (2012). Federal laws relating to cybersecurity: discussion of proposed law revisions. Congressional Research Service. Web.

Kayman, S., & Elbaum, L. (2012). Ninth Circuit Fuels Employee Misappropriation Debate. New York Law Journal 2(3), 15-16.

Tunstall, M. K. (2011). Reporting Cyber Attacks and Data Security Breaches– Guidance from the SEC. New York: SEC.

Cybercrime, International Laws and Regulation

It is expected that by the year 2010, the number of networked devices will outnumber the global population by six to one, dramatically changing the modern conception of the Internet (UNODC 2013). The unlimited access to information and communication technologies greatly supports the freedom of speech and expression at the same time with presenting significant risks to the individual or financial integrity of its users. Currently, the majority of the vital services such as electricity or the supply of water are rooted in the smooth operation of communication technologies. This, in turn, presents a possibility of undermining the integrity of the technologies, causing harm to the society. However, apart from provoking a general disturbance, one may use informational technologies for personal and monetary gain.

Definition, Statistics, and Examples of Cybercrime

The definition of cybercrime varies depending on the aim of using the notion. The core of the term ‘cybercrime’ lies in the ‘limited number of acts against the confidentiality, integrity and availability of computer data or systems’ (UNODC 2013, p. 17). However, at the beginning of this assessment, it is crucial to mention that defining the term cybercrime is not as important as defining its scope as well as actions targeted at its investigation, prevention, and elimination (Reichel 2008).

According to the research conducted by Infosec Institute (2013), the average cost per victim of cybercrime globally constitutes $298 while the global price tag of just consumer cybercrime makes up approximately $113 billion. By analysing different countries and regions separately, it was found that cybercrime has no boundaries when it comes to global reach, although it depends on the level of technological integration, the severity of corruption in the country, as well as the availability of defense mechanisms that prevent the crime from occurring. The greatest cost of cybercrime is in the US ($38 billion), China ($37 billion), Europe ($13 billion), and Brazil ($8 billion) (Infosec Institute 2013).

The scope and the severity of cyberattacks grow exponentially with each year. For example, the 2015 attack on the UK phone and broadband provider TalkTalk (4 million customers) resulted in the compromisation of personal client information, which included names, postal and email addresses, phone numbers, and even credit card details (Ashford 2015). It is important to mention that this account of the data breach was third for the company; thus, the management did not take the issue of cybersecurity seriously even after two previous attacks.

International Laws on Cybercrime

The issue of cybercrime has increasingly become a concern for the global community because it is not restricted by geographic borders (Pakes 2010), and, therefore, cannot be controlled by governments separately. International legislation and enforcement are needed to address the problem of cybercrime and work towards minimising the impact of cybercrime and eliminating it once and for all. Although the problem of cyber attacks concerns many international authorities, it is hard to distinguish a set framework of globally enforceable laws that regulate cybercrime.

On the international level, the Group of Eight mandated that all law enforcement personnel should be professionally trained to detect and prevent cyber criminal activity. The United Nations General Assembly adopted two resolutions (in 2000 and 2002) on the use of information technologies with the criminal intent. However, the leading role in designing the international cybercrime legislation was played by the International Telecommunication Union (UN specialised agency), which facilitated the release of the Geneva Declaration of Principles, the Geneva Plan of Action (2003), as well as the Tunis Commitment and the Tunis Agenda (2005).

Regulation, Investigation, and the Prosecution of Cybercrime

The issue of regulating and punishing cybercrime on an international level has not been completely resolved yet due to the ‘differences in penal tolerance’ exhibited by the cultural and social peculiarities of different countries. For example, neo-liberal societies exhibit exclusionary attitudes towards criminals while corporatist societies, especially Scandinavian, pursue inclusive attitudes and see the need in helping criminals improve instead of imprisoning them (Nelken 2009). For this same reason, it is quite impossible to establish unifying cybercrime laws that will be mutually accepted by all international stakeholders. Nevertheless, it is important to discuss the most likely international bodies that should be responsible for the prosecution and the punishment of the cybercrime offenses.

When discussing cybercrime in the tradition of the common law, the police play a key role in investigating the crime independently (O’Connor 2012). When the police receive a cybercrime incident report, the key stage is determining whether a specific criminal law has been violated. While the principle of territoriality in crimes such as robberies or murders implies that a crime should be tried on the territory where it was committed, it is nearly impossible to make such a conclusion in information-based criminal offenses.

This happens because the crime usually occurs on one territory but in reality affects another. Therefore, many cybercriminals managed to evade the prosecution of their crimes due to the absence of unifying laws that can address the territorial and the technological characteristics of the offense. The majority of the cybercrimes, contrast to the violations of human rights and freedoms, do not invoke ‘the principle of universality’ as the key element for criminal jurisdiction (Broadhurst 2006). Moreover, the principle of sovereign equality that implies mutual respect to the lawmaking practices of other countries may also disrupt the process of prosecution and investigation of global cybercrimes.

As outlined by the research conducted by Brown (2015), there is a large range of barriers that limit the investigation, prosecution, and digital forensics interrogation of cybercrime. These barriers span across identification, access, wellbeing, liability, training, funding, admissibility, and other categories. To give an example, in the category of cybercrime identification, there is a great difficulty in attributing authorship or ownership to electronically stored information (Brown 2015). If it is impossible to identify to whom the stolen data belonged, the prosecution of cybercrime can be considered invalid.

Conclusion

To conclude, without a universally enforced law, a cross-jurisdictional conflict will become inevitable when prosecuting and investigating cybercrime. The international community should pay extra attention to addressing the following dilemma ‘what law should be applied to determine the legal effect of a person’s conduct when (s)he does an act in one state which produces harmful effects in another’ (Brown 2015, p. 61). Cases of cybercrime that require cooperation between different international stakeholders present a great challenge to investigating and prosecuting agencies that do not possess the necessary range of legal instruments to act upon cybercrime (Bermay & Godlove 2012).

The assessment of Cybercrime as a global issue has shown that the increase in technology-associated offenses is linked to the global stakeholders’ inability to establish universally applicable laws that will regulate the investigation and the prosecution of such crimes.

Reference List

Ashford, W 2015,, Web.

Bermay, F & Godlove, N, 2012, ‘Understanding 21st century cybercrime from the ‘common’ victim’. Criminal Justice Matters, vol. 89, no. 1, pp. 4-5.

Broadhurst, R 2006, ‘Developments in the global law enforcement of cyber-crime’, Policing: an International Journal of Police Strategies and Management, vol. 29, no. 3, pp. 408-433.

Brown, C 2015, ‘Investigating and prosecuting cyber crime: forensic dependencies and barriers to justice’, International Journal of Cyber Criminology, vol. 9, no. 1, pp. 55-119.

Infosec Institute 2013, , Web.

Nelken, D 2009, ‘Comparative criminal justice: making sense of difference’, European Journal of Criminology, vol. 6, no. 4, pp. 291-311.

O’Connor, V 2012, Common law and civil law traditions. International network to promote the rule of law, Web.

Pakes, F 2010 Comparative criminal justice, 2nd edn, Willan Publishing, Cullompton, UK.

Reichel, P 2008, Comparative criminal justice systems: A topical approach, 5th edn, Prentice Hall, Upper Saddle River, NJ.

UNODC 2013, , Web.

Cybercrime Victimization and Cyberbullying

Also known as research on the victims of different crimes, victimology is believed to be one of the youngest criminological disciplines. Here, victims are required to describe their involvement in a certain crime and identify themselves properly (Daigle, 2012). One of the biggest areas that are currently of interest to victimology is cyber-crime. Even though victimology is not custom-designed to deal with cybercrimes, it is evident that the new generation of criminals has to be pursued and punished (Arntfield, 2015). The target population outlined by the author is the majority of people who are susceptible to being victimized online. Some of the authors describe cybercrime victimization as a complex process that revolves around several lifestyle activities.

At the same time, the experts dealing with cybercrimes and cyber-crime victimization came to an important conclusion – there are two main types of victims when it comes to cybercrimes: those who have an unremitting role in the whole criminal process and those who are involved in wrongdoings only indirectly (Arntfield, 2015). There is also a small category of victims that do not fall into any of the categories described above. Similar to the classic concept of victimization, three key factors are contributing to cyber-crime victimization. Arntfield (2015) used meta-analysis to gather the data and learn about the factors mentioned above. These include the provocation, the ability to choose a pertinent victim, and the lack of protection displayed by the latter. Using these factors, we can describe the ideas that are included in Arntfield’s (2015) article and discuss them in detail.

First of all, he accurately dwells on the concept of roles of victims in the process of cyber victimization. In the age of technological revolution, we should not overlook the impact of victims on the development of such things as cyberbullying and cyber victimization. Digital attacks are majorly contingent on the victim’s model of behavior because the latter may serve as both a prognosticator and a facilitator of cybercrime (Arntfield, 2015). The article provides us with acceptable information regarding the existing research on the subject.

Arntfield (2015) concludes that more interdisciplinary approaches are required to develop a new cybervictimological framework to align cyber activities with the canons of a classic victimological context. The main strength of the article is the author of the article describing one of the existing frameworks that are based on the routine activities inherent in the criminological theory. Nonetheless, when Arntfield (2015) explains that different routine activities that are performed by the potential victims online are the biggest predictors of future cyberbullying activities, there may be a sign of bias. The reason for this is the fact that the author of the article sees them as the key contributors to the concept of victimization because the model of anti-social behavior is commonly tolerated within the online environment. The absence of appropriate supervision also plays a rather big role in victimology.

Of course, cyber-victimology is a relatively productive tool when it comes to predicting individual behavior and personality types. The main weakness of the article is the lack of information regarding the development of technologies around us that leads to a situation where the most complex offender profiles cannot be spotted for a rather long time. Regardless, we should be capable of dealing with the challenges that transpire due to the continuous technological modernization of the world around us. A sense of impunity pushes wrongdoers into new cybercrimes (Arntfield, 2015). Even sexual and relation addiction found their way online and can be met here and there daily (O’Sullivan, 2013). The author’s points are relatively persuasive, so we need to learn how to interact with each other, but the price of such interactions seems to be a bit too high for those individuals who are prone to displaying their potential to become a victim of cybercrimes.

References

Arntfield, M. (2015). Towards a cybervictimology: Cyberbullying, routine activities theory, and the anti-sociality of social media. Canadian Journal of Communication, 40(3), 371-388. Web.

Daigle, L. E. (2012). Victimology: A text/reader. Thousand Oaks, CA: Sage.

O’Sullivan, C. S. (2013). Sexual violence victimization of women, men, youth, and children. In R. C. Davis, A. J. Lurigio, & S. Herman (Eds.), Victims of crime (pp. 3-28). Thousand Oaks, CA: Sage.

Legal Issues Related to Cyber Crime Investigations

The legal issue of consent is quite an interesting topic for discussion. The main aspect of this concept is consent, which plays an important role in this process. To study this aspect, the Georgia vs case can be applied. Randolph, which affects the seizure of evidence without approval from the suspect. This work also explores what exceptions, in addition to the absence of a concent from a search warrant, can be applied to computers or other high-tech evidence.

Before proceeding to the consideration of cases related to digital information, it is necessary to understand what Georgia v. Rudolf case is. The accused was accused by his wife of using narcotic substances and the woman promised to provide evidence of the accusations that were in their common house. However, if the spouse consented to the search of the property, the man refused and resisted him. Thus, the police got access to the necessary evidence, which was later collected after receiving the order and the husband was accused of cocaine possession. However, the court ruled that since the wife had no recognized authority in the law to give consent, she gave the police no more grounds for justifying entry than they would have had in the absence of any consent at all. Thus, there was a violation of the Fourth Amendment, and the compensation claims of the state were not summed up to outweigh it.

The Fourth Amendment, which is the central legislative concept in this case, prohibits unreasonable searches and detentions. Moreover, it implies the issuance of search warrants only if they are issued by a court with sufficient grounds. However, research shows that “the Supreme Court has never explained what makes an expectation of privacy reasonable, and scholars regularly complain that this standard is incomprehensible and unworkable” (Tokson, 2020, p. 1). Therefore, if we apply this aspect to Internet technologies and electronic information of a person, the police cannot obtain this information without the direct consent of the accused. This also applies to the fact that the security authorities cannot follow the consent of the roommates or neighbors, since these proofs are not their personal property.

Moreover, thus, it can be concluded that the seizure of evidence is lawful with the permission of one person, when another, who will try to hide them and at the same time is present at the scene and clearly refuses to give consent illegally. The Fourth Amendment supports the fact of unauthorized actions for the uncoordinated acquisition of digital information and without a court order with the necessary amount of substantiated evidence.

Therefore, using the case of Georgia v. Rudolph (2006) as an example, it can be concluded that law enforcement agencies, with assistance, can seize the necessary evidence on electronic media without consequences for the Fourth Amendment. The Fourth Amendment gives people the right to be secure in their houses and papers (Garrett & Stoughton, 2017). This is an inherent right that balances the governments need to investigate criminal activity while preventing unnecessary and unwarranted police intrusions. However, it is a limited right and is not applied to all searches and seizures. Furthermore, it is a personal right and can be claimed only by the person who is the subject of the search.

On the other hand, the amendment prohibits unreasonable searches and considers many circumstances at the same time. An example would be the case United States v. Verdugo-Urquidez as a reasonable justification for the search, a set of circumstances were given and the assistance and cooperation of foreign agents was emphasized (Bailey, 2018). The Fourth Amendment in this instance did not have its force in relation to the search of property belonging to a non-resident alien and located in another country. An exception in the absence of content may be the assumption by law enforcement agencies of the validity and evidence of their actions in accordance with the appropriate authority.

Another exception is the example when the electronic source of the necessary evidence has several hosts. Thus, if there is a password to the technology, a third party can consent to the data search. An example of such a case was the investigation of the United States v. Smith (1999). Thus, it is possible to circumvent consent, but this case can still be refuted by the court as a violation of the Fourth Amendment.

Electronic high-tech technologies store a huge amount of information about their users. Thus, in relation to the Fourth Amendment and applying it to electronic devices, consent is required, which prevents the acquisition of evidence. Moreover, this amendment allows law enforcement agencies to conduct searches to seize documents during criminal investigations and enables judges to issue warrants authorizing police to confiscate suspects’ digital devices. The main condition in this case is a detailed indication of the places to be searched and the items to be seized. Nevertheless, this factor can be bypassed if the electronic carrier has several users who have the necessary password.

References

Bailey, C. E. (2018). The extraterritorial application of Constitutional Law: United States v. Verdugo-Urquidez. BU Int’l LJ, 36, 119.

Garrett, B., & Stoughton, S. (2017). A Tactical Fourth Amendment. Va. L. Rev., 103, 211.

Tokson, M. (2020). The emerging principles of fourth amendment privacy. Geo. Wash. L. Rev., 88, 1.

Cybercrime and Law Enforcement Challenges

Introduction

Law enforcers investigating different crimes continue to grapple with numerous obstacles. Modern technologies such as the Internet have led to new problems. Internet exploitation, obscenity, and cyber-stalking are crimes that have become hard to mitigate. This paper describes the major challenges facing law enforcement agencies whenever dealing with these crimes and offers evidence-based approaches to minimize them.

Greatest Challenge

Brown (2015) acknowledges that law enforcement institutions are unable to deal with various crimes associated with the Internet such as exploitation and cyberstalking. This is the case due to various problems such as overlapping jurisdictions and lack of adequate funds. However, the biggest challenge facing such agencies whenever investigating these criminal acts is the ability to get and detect evidence. The rationale for this argument arises from the nature of modern technologies (Ibrahim, 2016). Emerging technologies are making it easier for perpetrators to delete, change, or even destroy data on their computers. That being the case, enforcers cannot be in a position to collect and examine the intended data.

Additionally, the fact that culprits engaged in such criminal activities might be residing in different countries, states, or continents makes it impossible for law enforcement agencies to collect accurate and timely data (Ajayi, 2016). Coupled with various obstacles such as existing seizure laws and overlapping jurisdictions, this challenge makes it hard for different agencies to deal with cybercrime.

Overlapping Jurisdictions and Salient Solutions

As indicated earlier, overlapping jurisdictions pose several challenges in the fight against cybercrime. To begin with, many state and national laws require warrants to be issued before law enforcers can collect evidence or search for information. This situation makes it hard to collect data immediately and establish a strong case against the offender. Secondly, cybercriminals can operate globally. Such criminals might be in a given state while the victim is in another region. Such countries will have different agencies that are required to carry out targeted investigations (Ibrahim, 2016). That being the case, such agencies might not share critical evidence due to the nature of existing laws in their respective states or nations.

The third challenge is the scope of the legislation. This means that there is no homologous legislation aimed at addressing the problem of cybercrime across the globe. Existing laws make it hard for countries to deal with this form of crime. In some countries, crimes such as cyber-stalking and obscenity might not be taken seriously by the existing laws (Ibrahim, 2016). This means that a cybercriminal in a given country might not be viewed as guilty elsewhere depending on the nature of the offense. Some nations lack adequate laws to cover malpractices such as the use of malicious software and unauthorized access to people’s computer systems.

Each of these challenges can be addressed using adequate solutions. The first problem requires governments to revise existing laws in such a way that a cybercriminal’s premises and computer systems can be searched and analyzed without a legal warrant. The rationale is that the approach will ensure that more criminals are caught. However, law enforcers must act ethically and support every suspect’s rights. The second solution is ensuring that states and nations collaborate to deal with the problem of cyber insecurity (Brown, 2015). The rationale for this proposal is that coordinated efforts will allow law enforcement agencies to share information and deal with cybercrime from a global perspective. The third challenge can be addressed using homologous laws or legislation across the globe. Such laws will ensure that all offenders can be prosecuted and sentenced in any given country. This approach will play a positive role in addressing the predicament of global cybercrime.

Collaboration for Law Officers

It is agreeable that many cybercrimes are usually carried across state lines. When such crimes occur, law enforcement efforts tend to be frustrated since states tend to have diverse laws. The decision to allow law officers from different states to work together can minimize some of the challenging arising from overlapping jurisdictions (Ajayi, 2016). When these professionals combine their efforts, it will be easier to share available data and gather additional information. The move will empower law enforcers to search, seize, and identify more cybercriminals.

This kind of cooperation can also be expanded to include the concept of online community policing (Brown, 2015). By so doing, more states will address the problem of cyber insecurity and record positive gains. Criminals who migrate to another state will no longer be in a position to achieve their goals. Combined efforts will, therefore, make it easier for law enforcers to identify, arrest, and prosecute more cybercriminals. The targeted states will share their resources and deliver positive results much faster.

Conclusion

Modern technologies have revolutionized how human beings pursue their roles and goals. However, their drawbacks cannot go unmentioned. The era of the Internet has created problems such as cybercrime. Unfortunately, existing obstacles such as overlapping jurisdictions and lack of homologous laws make it hard for law enforcement agencies to prevent this kind of crime. Combined efforts and evidence-based laws are, therefore, needed to deal with global cyber insecurity.

References

Ajayi, E. F. (2016). Challenges to enforcement of cyber-crimes laws and policy. Journal of Internet and Information Systems, 6(1), 1-12. Web.

Brown, C. S. (2015). Investigating and prosecuting cyber crime: Forensic dependencies and barriers to justice. International Journal of Cyber Criminology, 9(1), 55-119. Web.

Ibrahim, S. (2016). Social and contextual taxonomy of cybercrime: Socioeconomic theory of Nigerian cybercriminals. International Journal of Law, Crime and Justice, 47, 44-57. Web.

Phishing as Type of Cybercrime

By entering the 21st century, humanity took all of the previous technological progress. Unfortunately, cutting-edge inventions might both facilitate and worsen people’s lives simultaneously. One of the disadvantages of human development is called ‘cybercrime’ and refers to the traditional crime committed with the usage of computer technologies, usually with lucrative purposes (Merriam-Webster, n.d.-a). This report is aimed to explain the specific type of cybercrime: phishing. While analyzing phishing, it is crucial to specify that it is a link-clicking fraud with the purpose of confidential information reveal that is usually included in e-mails (Merriam-Webster, n.d.-b). In fact, ‘phishing’ occurs when fraudsters implement a specific link into a digital object, so by clicking on this object, a person will do further action without understanding that the cybercrime is already committed (Federal Trade Commission, 2022). For example, the digital object might be a photo, and when a phishing victim clicks on the image, they become redirected to a previously developed website, where further actions will lead to the personal information leak.

Many people and companies around the world are affected by phishing daily. More specifically, it is the most widespread type of cybercrime in the world, with over 241,342 victims across the globe in 2020 (Statista, 2021a). In terms of sectors distribution, the financial and commercial sector is mostly affected by phishing, so almost every fourth of this cybercrime is committed in this industry (Statista, 2021b). As a result, it is possible to determine that developing countries are the most probable victims of phishing due to their growing wealth in alignment with rules of internet usage neglection. Finally, fraud is expanding its scales every year mainly due to globalization and the growing number of people with access to the Internet.

There are numerous motives for people to engage in phishing. On the one hand, the human inability to think critically during the Internet that provides many possibilities to get ‘easy’ money. More specifically, most users of the online world have never received training for basic rules of online use, which include explaining how to protect against basic fraudulent schemes and how to recognize as yet unseen ones. Consequently, ‘phishers’ are seduced to deceive people without much effort and with as little risk of trespassing as possible because they don’t hack any software, but they lead people to give their own personal information to the scammers. As a result, ‘phishing’ is very difficult to prove in court as a crime.

On the other hand, phishers usually have profound knowledge in computer science and Internet function, but do not want to commit a direct cybercrime. In this case, it is much safer to develop a phishing scheme. Using the Internet, most people do not even think about the complex algorithms of its functioning, which gives the possibility to use some specific subtleties to steal personal data and users’ money. For example, by creating a “mirror” of the website, which has exactly the same appearance as some ‘normal’ website, phishers can get any information which is entered during the use of the website.

One example of phishing that happened in 2013 to the ‘big-tech’ companies Google and Facebook is analyzed to assure the evidence that any person or any entity might be frauded by such a simple and effective instrument. In 2013, Evaldas Rimasauskas, in collaboration with his colleagues, created a fictional company with the same identity as Google’s and Facebook’s one of the biggest service suppliers: Quanta Computer (Huddleston, 2019). More specifically, the fraudsters were sending multi-million-dollar invoices to the companies’ workers. As a result, the fraudsters received the employees’ confidential information and $100 million that was sent through the fake payment link, and both companies significantly enforced their financial department’s payment processing.

References

Federal Trade Commission. (2022). How to recognize and avoid phishing scams. Consumer Information. Web.

Huddleston, T. (2019). How this scammer used phishing emails to steal over $100 million from Google and Facebook. CNBC. Web.

Merriam-Webster. (n.d.-a). Cybercrime. In Merriam-Webster.com dictionary. Web.

Merriam-Webster. (n.d.-b). Phishing. In Merriam-Webster.com dictionary. Web.

Statista. (2021a). Most commonly reported types of cybercrime 2020. Web.

Statista. (2021b). Phishing: most targeted industry sectors 2021. Web.

Cybercrime and Cyber-Related Crimes

The introduction of modern telecommunication networks has come with great benefits to the modern society. However, the embracement of computer technology has come with disadvantages that cannot be ignored. The introduction of computer technology has created room for cyber crimes and cyber related crimes that have caused many people pain and losses to the society.

According to the reports submitted by researchers and scholars on the negative effects of computer technology, it is evident that the innovation has come with numerous negative social impacts. Cyber crime refers to all the offences that are committed to another person or a group of people with a motive of harming them emotionally, physically and economically (Rothman and Mosmann 56).

Cyber crimes are normally committed using modern telecommunication devices and networks such as mobile phones, computers, internet, emails, chat rooms and social sites among others. All these crimes are committed through the use of a computer and a network. The cyber crimes and cyber related crimes have become a social threat in the modern societies and in fact in some countries they have become a threat to the state security, health and financial systems.

According the recent research by a group of experts from the developed countries, some of the major cybercrimes and cyber related crimes that have become so common include online child grooming, child pornography, cracking of software without the permission of the owner and Pirating intellectual properties among others.

The embracement of computer technology has also contributed to the cyber related crimes such as invasion of privacy, loss of confidential information, financial theft, espionage and other cross border crimes. States have also contributed to the cyber crimes by involving in practices such as cyber warfare among others (Rothman and Mosmann 97).

From the above examples, it is evident that, regardless of the fact that the innovation of computer technology has come with numerous benefits, it has also contributed to numerous negative social impacts that cannot go unmentioned. Cyber criminals have caused a lot of social injustices that need to be addressed and probable solutions suggested.

For instance, children have been harassed through the internet, others subjected to pornography and other unfit information by cyber criminals. Consequently, this has ruined their morals and has introduced children to immoral behavior such as premarital sex and drug abuse (Rothman and Mosmann 128).

Many people have been subjected to physical harm, emotional harm and economic harm as a result of cyber crime and cyber related crimes.

People have had their online accounts hacked valuable information stolen and used to cause more harm to them or their family members. In some situations, marriages and relationships have been broken due to the use of information lost through cyber crimes. Both government and non-government organizations have also lost confidential information and money through cyber crimes and cyber related crimes.

The society has lost its morals as the results of computer technology and the young people are now exposed to dangers such as involvement in terrorism, drug abuse, early sex and other practices that not only degrade their morals but also subject them to health risks. It is worth noting that the end result of cyber crimes is social injustices, social imbalances and moral erosion among the modern societies. It is therefore crucial to ensure that strategies are established to end cyber crimes and cyber related crimes.

Works Cited

Rothman, Stanley, and C. Mosmann. Computers and society: The technology and its social Implications. New York, NY, United States: Science Research Associate, 2007. Print.

Cybercrime and Cybersecurity: Data Protection

The Computer Crime and Intellectual Property Section (CCIPS) was created as part of the U.S. Department of Justice (DOJ) as part of the effort to combat computer and intellectual property (IP) crime. Considering IP is a vital aspect of the U.S. economic engine, the CCIPS seeks to develop a strong cyber and legal infrastructure to pursue network criminals (U.S. Department of Justice, n.d.a).

The department has broad investigative powers which allow obtaining communications information from the network (ISP) and cellphone providers guided by the Stored Communications Act, 18 U.S.C. §§ 2701-12 (“SCA”). Furthermore, the agency can conduct live electronic surveillance, including or communication networks which is overseen by the Wiretap Act, 18 U.S.C. §§ 2510-22 (Jarrett, Bailie, Hagen, & Judish, 2015).

One of the biggest Constitutional concerns for electronic surveillance as well as search and seize of evidence is protected by the Fourth Amendment which limits any such activities against the private persons, property, or effects without a warrant that is issued based on probable cause and supported by affirmation. Electronic surveillance is overseen by what is known as Title III which requires any law enforcement or investigative officer or agency to submit in writing a request, approved by a U.S. attorney, to conduct electronic surveillance.

The request is extremely detailed and must state-planned form of intercepted communications, identify directly all involved persons, present reasonable cause that there is ongoing criminal activity, justify that all other reasonable measures of investigation have been tried and failed, and several other highly detailed technical information (U.S. Department of Justice, n.d.b).

However, there are evident loopholes to the system which may potentially violate Constitutional rights or principles. For example, similar to other warrant situations, exigent circumstance allows the government to forgo obtaining a warrant. Furthermore, instances of national security, conspiracy, or organized crime also allow proceeding without a warrant. Furthermore, if Title III was violated during the collection of evidence, the statutes governing electronic surveillance only grant evidence suppression remedies to the defendant in a very specific set of cases (Legal Information Institute, n.d.).

Another case of egregious violations of the law was domestic agencies such as the FBI and potentially the CCIPS using the National Security Agency (NSA) intelligence database for information on American citizens. The NSA activities which are guided by Foreign Intelligence Surveillance (FISA) collect both upward and downward electronic communications collected without a warrant. In many cases, databases have information on and including American citizens which as described earlier cannot be surveyed without a warrant (Volz & Tau, 2019). The concept of domestic criminal investigations using illegally obtained data is a direct violation of the Constitution.

The ‘cyber’ prefix which has been added to much new surveillance and investigation serves as a cover for the use of computers and ISP data for example to related suspects in regular investigations, not just hackers. For example, a controversial practice was employed in the U.S. law enforcement agencies known as “parallel construction.” Agencies with mass surveillance capabilities and permissions such as the NSA or DEA would leak evidence to other law enforcement bodies, which then reconstructed or repurposed the evidence using a lawful method, providing legitimate grounds for an arrest (Human Rights Watch, 2018).

In a digital society, data protection is unarguably a fundamental right and with the availability of personal information online, privacy in a democratic society must be available to all persons on an equal basis. In the digital age, new forms of privacy should be considered such as privacy of personal electronic communications which have grown to define modern socialization as well as privacy of personal data, ranging from addresses to credit scores and medical history which is all stored digitally.

The converging technologies result in an enormous amount of data collected by electronic devices, private firms, and public systems (i.e. security cameras) without the government even conducting any surveillance investigations. In the context of the law, legal protections for many forms of electronic communications, surveillance are often lagging rapidly developing technologies, leaving loopholes for violations of privacy by government agencies.

Unarguably it is a difficult task to balance law enforcement needs with privacy expectations and Constitutional rights, but an approach must be found. The most effective method would be through a multifaceted policy approach focused on establishing strong legal support and focusing on defensive capabilities. Cybersecurity should undertake a threat assessment that identifies critical infrastructure and methods that are being misused and establish proper defenses against these.

Furthermore, comprehensive data protection laws must be established with legal obligations by both private and government entities to protect personal data. It is necessary to underpin legislation with human rights safeguards and establish legal frameworks around cyber-enabled crime. The crimes should be interpreted and described in detail, and the law must be consistent with the national Constitution (Privacy International, n.d.).

One can argue that data will be collected in greater amounts the more digitized the world becomes, by both private and public entities. It is reasonable to suggest that the matter of law enforcement using surveillance is simply becoming a logical investigative technique. Cybercrime can only be effectively combatted using the same methods and data points that the criminals rely on. Therefore, to avoid Constitutional violations and unreasonable violations of privacy, it should be written directly into law on when and how that data can be used, setting legal frameworks for what can be defined as cybercrime, and in what cases surveillance data can be used to make arrests and prosecute in courts.

References

Jarrett, H. M., Bailie, M. W., Hagen, E., & Judish, N. (2015). Searching and seizing computers and obtaining electronic evidence in criminal investigations. Washington, D.C.: Office of Legal Education Executive Office for United States Attorneys.

Human Rights Watch. (2018). . Web.

Legal Information Institute (n.d.). . Web.

Privacy International. (n.d.). Understanding the difference between cyber security and cyber crime. Web.

U.S. Department of Justice. (n.d.a). Computer crime and intellectual property section (CCIPS). Web.

U.S. Department of Justice. (n.d.b). . Web.

Volz, D., & Tau, B. (2019). FBI’s use of surveillance database violated americans’ privacy rights, court found. The Wall Street Journal. Web.

Cybercrime, Surveillance, and Constitutional Rights

Following the 9/11 disaster and the PATRIOT Act’s passage, the powers of the United States government to conduct surveillance on both citizens and foreign entities expanded dramatically. The Computer Crime and Intellectual Property Section was added to the Department of Justice, and the National Security Agency received substantially expanded purview for the stated purpose of combating terror. However, both before these measures were put into place and especially after the 2013 leak by Edward Snowden, questions arose about the rationality and constitutionality of these measures. The indiscriminate gathering of information about private citizens is presumably a violation of the Fourth Amendment, as there is no reasonable cause for doing so in an overwhelming majority of individual cases. This paper aims to define the problem and propose a solution that will respect the Constitution while enabling the government to fight cybercrime.

Under the current law, the gathering of private data by government agencies without a reasonable cause and an appropriate warrant is illegal in accordance with the Fourth Amendment. However, Snowden has revealed that agencies engage in such behavior, regardless, while the government aided and abetted them (Boussios, 2016). They use their lack of transparency, which is nominally intended to protect the nation’s intelligence interest and prevent the targeted criminals from learning that they are in danger. This same obscurity enables abuses of power by government agencies, and various stories from both the 20th and 21st centuries demonstrate that numerous agents in the government are willing to engage in such. Without whistleblowers such as Snowden, it would be nearly impossible to uncover such scandals, as more and more people would become involved and complicit upon learning of its existence.

However, there also exists another avenue for surveillance, one that has a more nebulous relationship with the Fourth Amendment. Brennan-Marquis (2017) discusses how large IT corporations, such as AT&T or various internet service providers, will collect users’ personal information and share it with the government voluntarily. Barring scenarios where data collection is happening illegally, users typically give their consent to such gathering, described in notoriously long and convoluted Terms of Service. As a result, the Fourth Amendment is technically bypassed, as the information was given away after consent was obtained, and the company gave it away freely, as well. With that said, the end result is the same gathering of data that is ripe for abuse, which is likely beyond most citizens’ expectations of privacy. Hence, this issue should also be addressed, as it addresses a loophole in the Constitution.

Lastly, it is necessary to consider whether mass surveillance achieves effects in cybercrime prevention that justify its existence. Per Boussios (2016), Snowden and other advocates for the elimination of surveillance allege that the programs are ineffective in achieving their stated objectives. The reason is that, while the state has the technology needed to gather massive amounts of information, few to no effective methods exist for analyzing it and deriving useful results. At the same time, the costs of the program, both economic and social, are massive, draining billions from the budget and reducing citizen trust in the government. It should be mentioned that future developments in big data technology may enable the analysis of such massive amounts of information. However, for now, the results achieved by surveillance have been underwhelming, particularly when compared to the abuses that were uncovered.

With the dangers and failures of mass surveillance taken into consideration, the conclusion skews toward restricting the practice. With that said, the secrecy requirements of fighting crime, both physical and informational, prevent the solution of increasing transparency from being reasonable. Snowden’s solution of increasing whistleblower protections, as described by Boussios (2016), may be effective, but first, a thorough review of the agencies involved in surveillance to uncover existing abuses is required. Additionally, it is necessary to consider the private company issue mentioned above. This paper recommends applying the same protections for this variety of data gathering as for seizures at government order, prohibiting agencies from accepting the information without reasonable cause. Overall, data gathering should only take place in the same circumstances as physical government searches and be subject to the same restrictions.

Mass surveillance has a strongly negative public image and a variety of negative implications that were explored by scholars and writers throughout the 20th and 21st centuries. Its dangers have been confirmed both within the U.S. government and internationally with various scandals that revealed government corruption. On the other hand, the risks of cybercrime and the effectiveness of private data gathering are less clear. The necessity of using surveillance-associated preventative measures for both cybercrime and terrorism does not appear to have been established over the nearly two decades of their use. As such, there should be little question of whether it is necessary to strike a balance between respecting citizen privacy and preventing crime. The Constitution takes precedence, and where its letter may be lacking, lawmakers and judicial bodies should respond by reinforcing its spirit to protect the integrity of the system.

References

Boussios, E. G. (2016). The “right” to privacy? – The debate over the United States government’s control over its cyberspace. Athens Journal of Law, 2(4), 211-224.

Brennan-Marquez, K. (2017). The Constitutional limits of private surveillance. University of Kansas Law Review, 66, 485-521.

Patrol Officers Role in Responding to Cybercrime

Overview

The article outlines findings of research that was carried out to document the perceptions and recommendations of police officers who are charged with the duty of safeguarding cyber security. According to the results, the officers have perceived roles in responding to the crime. It states that the officers believe they do not have the capacity to manage cybercrime. Moreover, it points out that the officers believe there is a law enforcement emergency that should have the responsibility of combating cybercrime. The report adds that the officers feel unacquainted with the skills of managing the new wave of crime.

Further, the article stipulates that the line officers have no confidence in the current methods of fighting cybercrime. It records that the officers believe the country has not adopted effective methods of fighting cybercrime. In spite of a few limitations of the study, it has effectively put to light the urgent need for improvement in the security department.

Description of the Research Problem

Technology has fundamentally transformed the aptitude of criminals to engage in crime. Cybercrime has increased as indicated by various sources (Schell and Martin, 2004). Corporations and individuals commonly report the economic impact of cybercrime. Businesses lose billions of dollars annually as children continue to be victimized by the threat. In addition, the crime attacks critical infrastructural facilities such as hospitals, nuclear power plants, and water sources. In spite of these alarming attacks, there is no official statics of the number of attacks. A majority of offenders commonly remain at large. Victims do remain in a state of confusion since the internet permits cybercrime to transcend geographical borders and provide some level of obscurity. The senior police officers consent that the line officers must enhance their capacity to counter the threat of cybercrime (Moore, 2010).

The officials expect patrol officers to respond to cybercrime just as they do in conventional criminal cases, explicitly as first responders who arrive and lock the scene, pull together evidence, and interview witnesses. The lack of statistics depicts that the line officers have achieved little success in carrying out these roles. Despite this, patrol officers are seldom interviewed to discover their preparedness, perceptions, and recommendations for improvement(Moore, 2010). The research attempted to address the gap and gather precise information.

Research Methodology

The researchers intended to understand what should be done to stop cybercrime from the vantage point of the officers in charge. In order to achieve this objective, the experts assessed patrol detectives from two southern cities in the United States. The assessment covered three themes, namely, the agency that the officers believe should be responsible for cyber security, perceptions about their capability, and recommendations for improving the social response to cybercrime. There was no specific sampling strategy. Patrol officers at the rank of Sergeant and below were requested to take part in the assessment. Higher-ranking officers were not allowed to participate in the survey since they commonly execute managerial duties(Moore, 2010). The study objective was to find out the views of the line officers on cyber security management. However, they were involved in distributing survey instruments. They had the opportunity to take part completely.

Officers at SCMPD received survey instruments from their command staff. The command staff had to collect them at a weekly department meeting in spring 2008. The command staff forwarded 144 completed surveys, a 36 percent response rate. Patrol officers at CMPD, on the other hand, got their survey instruments online. The researchers uploaded them on an internal departmental website. An electronic record of 124 completed instruments was delivered to the research staff. This is a 9 percent response rate. In order to know the baseline experience of the officers with cybercrime in each of the cities, respondents were also asked to explain their exposure rates to cybercrime. The researchers translated the results to mean the patrol officers have a perceived role in combating cybercrime.

Contributions to the Literature

The methodology contributed to the valuable development of the literature. The two cities were only used as a sample. The results reflected on the actual demographic characteristics of the police force in the United States. The final survey was 268. The majority were male (86.4%) and White (75.6%). Male members of the police department in the United States are estimated at 87.5 percent and 25 percent consisting of racial minorities (Waters and Brown, 2000). The literature, therefore, uses the two cities to point out the crucial security matters and advocates for swift action.

Notably, addressing cybercrime is an enormous challenge for patrol officers. The numbers of crime cases reported and the estimates of unreported cases indicate that the new security challenge is complex to manage (Waters and Brown, 2000). The Government, therefore, ought to carry out further research to address the problem decisively.

Critique of the Article

The article has several outstanding aspects. Security experts can depend on it since it correlates with scholarly ideologies. The methodology is also scientific. In spite of the exceptional method and style of the research, it has weaknesses.

The first positive aspect is the suitability of the method. The researchers created the method using questions taken up from studies on computer crime awareness among the public and the police (Schell and Martin, 2004). Therefore, the researchers did not develop their own method. However, they incorporated their professional ideologies into the study questions. This style involved seeking responses from volunteer patrol officers in the Charlotte-Mecklenburg police department in Charlotte, North Carolina and those in the Savannah-Chatham Metropolitan police department in Savannah Georgia. The two stations, though they are in the southern region of the United States, differ on several characteristics. They satisfactorily represented the diversity of the police department. The article depicted the demographic character of the officers in the United States. The numbers of females and Whites were almost the same as those on the official US security data. Further, the experts have cited numerous research outcomes to prove professionalism. Therefore, the survey method was correct.

However, it is possible to question the accuracy of the survey. Firstly, one may question the competence of the experts to rule that 268 officers’ views represent that of the entire security force in the country. Moreover, the quality of the findings may be compromised due to an inability to observe the procedures. The researchers delegated the responsibility of delivering survey instruments to the command officers. This was superfluous as the senior officers could influence the decision of their juniors to either complete or reject the assignment. Moreover, due to lack of proper supervision, the senior officers could interferer with the outcome of the survey. That might have been the cause of the low response rate of 36%. The officers also uploaded the survey instruments on the CMPD’s internal website and the response rate was 9%. Similar to the first method, the officers’ decisions were subject to the authority’s influence ( Kellenberger, 2001). The online method possibly suffered setbacks due to impersonation, as identification of the authorized staff was difficult.

Therefore, it is impossible to appreciate fully the research work bearing in mind the limitations. Nevertheless, the work stands out as one that calls for transformation in the cyber security department. The article, therefore, successfully describes the need for further investigations and action-taking.

References

Kellenberger, J. (2001). Moral Relativism, Moral Diversity & Human Relationships. University Park, Pa.: Pennsylvania State University Press.

Moore, R. (2010). Cybercrime Investigating High-Technology Computer Crime. (2nd ed.). Burlington: Elsevier Science.

Schell, B. H., & Martin, C. (2004). Cybercrime: A Reference Handbook. Santa Barbara, Calif.: ABC-CLIO.

Waters, I., & Brown, K. (2000). Police Complaints and the Complainants’ Experience. Br J Criminol, 40(4), 617-638.