internet and the increased availability of personal computers around the world have increased the vulnerability of critical infrastructure systems. In recent years computers have been used by terrorist to distribute information about terrorist attacks. Now many experts fear that terrorist will use computers to carry out an attack on electricity grid or other systems that are crucial to the operation of a nation's infrastructure. The purpose of this discussion is to investigate the ways in which cybercrimes occur and the how it applies to the criminal justice system approach to dealing with terrorism. Before we began the literature review let us provide an overview of the methodology used to identify and locate sources of information found in the literature review.
The sources used in the following literature review are from Academic Journals, books, newspapers, government agencies and articles found on the internet. Many of the Journals used are published by well respected institutions of higher learning. These sources were chosen because they are creditable and provide solid insight into the world of cybercrime as it relates to the development and implementation of legislation.
According to an article entitled "Computer Crimes," the Department of Justice defines Cybercrime as "any violations of criminal law that involve knowledge of computer technology for their perpetration, investigation, or prosecution (Ditzion et al. pg. 285)." The authors go on to explain that this is a broad definition and that there also exist criminal behaviours that are technology specific (Ditzion et al.). In addition, the Department of Justice places cybercrime into three categories: a computer as an object of a crime, a computer as an instrument used in a crime, and a computer as the subject of a crime (Ditzion et al.). The last category includes such crimes as logic bombs, Trojan horses, viruses and worms (Ditzion et al.).
Indeed cybercrime has been detrimental to businesses and individual and cost billions of dollars each year (Ditzion et al.; Pasley; Arquilla & Ronfeldt). Additionally, in many cases it is difficult to catch the criminals that are the perpetrators of such crimes. This is the case because crimes conducted through the use of a computer are more difficult to trace and because an attack may affect a Canadian business but the person that actually carried out the crime may live in Germany. In some cases it is also difficult to prosecute cyber criminals because laws differ amongst jurisdictions. The authors contend that for this reason there has been a rise in the development of specialized legislation to combat cybercrime (Ditzion et al.).
In the past legislation has been created in an attempt to address the problem of cybercrime. An article found in the Yale Law Journal asserts that
"The first cases of computer crime were heralded as an unprecedented phenomenon that law was not equipped to handle. Scholars and policymakers have since proposed a number of deterrence strategies, from criminal sanctions to tort law and the architecture of the web itself, but none of these methods has proved successful at deterring criminal hacking (Wible Pg 1557)."
The journal article goes on to explain that the Computer Fraud and Abuse Act of 1984 passed by congress was designed to prevent unwarranted intrusions. Along with other issues this and problems associated with prosecution this particular law has not deterred cyber criminals (Wible). In addition, enforcement of such laws has proven difficult under 18 U.S.C. [section] 1030(b). Such laws also necessitate large investments of resources and time, and training for local law enforcement agents (Wible). The article also asserts that factors such as encryption technologies and digital anonymity give those that commit cybercrimes an advantage over law enforcement agencies and existing laws (Wible). In addition, the uncertainties about jurisdictional issues cases that are costly to investigate and that entail sophisticated tracking capabilities, state prosecution is nearly unattainable (Wible).
The journal explains that "Proponents of tort liability for computer crime argue that, as compared to the criminal law, civil actions give targets control over the litigation. (30) The possibility of obtaining damages gives targets, otherwise unwilling to admit electronic vulnerabilities to consumers, an incentive to report (Wible)." The authors explain that even though ISP liability has received the most attention there are four types of tort liability that could be implemented in relation to cyber crimes (Wible). These liabilities include ISP liability, hacker liability, security company liability and liability for victims who do not to take private precautions (Wible).
The authors contend that the criticism of such laws A is that "tort liability does not carry a strong symbolic message condemning illegal hacking. The various tort proposals are unlikely to succeed for specific reasons, too: hackers tend to be judgment proof, (33) holding ISPs liable may actually increase hacking, (34) holding security companies to a high standard of liability may make their products prohibitively expensive and may be less effective than providing incentives to good practice, (35) and making victims bear the cost evinces an overly optimistic faith in the ability of potential targets to safeguard their materials through technological solutions (Wible).
According to a book entitled Governing the Internet: The Emergence of an International Regime asserts that the global use of the internet has greatly impacted legal jurisdiction in civil and criminal matters. The impact has been so dramatic because
"materials on the Internet can be composed or uploaded anywhere in the world and sent and downloaded anywhere else, an almost infinite number of legal questions and cases can be imagined when trying to determine which nation's law applies in any particular case when laws are allegedly violated. Particularly in its early years, a number of people involved in the creation of the Internet or among its most enthusiastic users argued that the decentralized, heterogeneous, and diverse nature of Internet architecture would make it impossible for sovereign nation-states to either use existing law to govern Internet activity or enact enforceable new law. It has also frequently been argued that legal controls over the Internet by sovereign states are either undesirable or illegitimate (Franda & Rienner pg 146)."
The authors go on to state that in recent years law enforcement agencies in nation states have attempted to develop new laws that take into account the unique variables that become apparent when addressing cybercrime (Franda & Rienner). In addition, some existing laws have been modified to include cybercrimes (Franda & Rienner). There have even been attempts to establish cross border procedures, international arbitration programs and regional cooperative mechanisms (Franda & Rienner).
However the author asserts that the most practical and effective way to gain legal authority is to gradually adapt the current laws of nation states as new problems come to the forefront (Franda & Rienner). The authors report that in the United Sates both statutes and case law concerned with jurisdiction on the internet are increasing at the state and local levels (Franda & Rienner). These statutes and case laws exist even though the Supreme Court has not decided to rule on matters of jurisdiction on the internet (Franda & Rienner).
The authors explain further that threshold test used by many courts to decide jurisdiction is if a defendant has knowingly availed a forum's laws. On this kind of basis cases involving cybercrime could be placed in three categories. These categories include
1. Purposeful availment which occurs when "a defendant clearly does business over the Internet" with clients from a particular jurisdiction, usually by entering into contracts that require the "knowing and repeated transmission of computer files over the Internet [into that same jurisdiction] (Franda & Rienner). "
2. Interactive websites which to some extent is a less clear area for jurisdiction where a user is able to swap information with the host computer however no contract exist (Franda & Rienner).
3. Passive websites, where defendants have posted information on the internet that is available to users in foreign jurisdictions (Franda & Rienner).
As it relates to cyber terrorism there is a great deal that is still unknown because a major cyber attack caused by terrorists and designed to attack the government and the nation's infrastructure has not yet occurred. According to a report published by the Center for Strategic & International Studies Cyber-terrorism is defined as "the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population (Lewis pg 1)."
The author explains that the theory behind cyber terrorism is that as nations and critical infrastructure are more reliant on computer networks for their operation, new vulnerabilities are arise to create "a massive electronic Achilles' heel (Lewis)." The author contends that an antagonistic nation or terrorist group could take advantage of these vulnerabilities to infiltrate a weakly secured computer network and disable or even shut down critical functions (Lewis).
The report further explains that protecting the critical infrastructure of the nation is problematic because the factors involved vary greatly from those of physical security (Lewis). For instance, when securing such infrastructure…