Since the late 1980s, the Council has addressed the growing international concern over computer-related crimes. In 1997, it established a Committee of Experts on Crime in Cyberspace (PC-CY) to begin drafting a binding Convention to facilitate international cooperation in the investigation and prosecution of computer crimes. The United States actively participated in both the drafting and plenary sessions (Chawki).
The Convention stipulates actions targeted at national and inter-governmental levels, directed to prevent unlawful infringement of computer system functions. It divides cybercrime into: hacking of computer systems, fraud, forbidden content (racist websites and child porn content) and breaking copyright laws. The Convention has been signed by 32 European and non-European States and ratified by nine. However, the Convention on Cybercrime is, so far, the only internationally binding legal basis for strengthened cooperation worldwide.
At the Eleventh United Nations Congress on Crime Prevention and Criminal Justice in Bangkok on April 26, 2005, it was stressed that further internationally binding and effective prescriptive instruments must be in place to achieve uniformity in national crime codes and procedures and effective international cooperation in the application of measures. "We need a universal framework of penal law," said Ambassador Henning Wegener of the World Federation of Scientists. The international nature of cybercrime creates the need for an international solution that should cover substantive, procedures and international cooperation rules (I-Newswire).
Meanwhile, on the national level, countries are developing legislation that deals with specific forms of cybercrimes. In response to the new cases of "hacking," many nations have devised new statutes protecting a "formal sphere of secrecy" for computer data by criminalizing the illegal access to or use of a third person's computer or related data. Similarly, most countries have explicitly provided copyright protection for computer programs by legislative amendments since the 1980s. As a consequence, the courts now recognise copyright protection of computer programs.
Some issues, however, are not as clear cut. Over recent years, offenses related to the production, possession and distribution of "child pornography" have assumed significant standing. One problem is terminology disagreements. In some jurisdictions, pornography is linked to sexualized behaviour. This can impact how any given example of child pornography is regarded. Thus, it is quite possible for a picture to be recognized under laws that emphasize sexual qualities as child pornography, but to fail in jurisdictions where obscenity or public morality definitions prevail. Another major difficulty relates to what, in the context of adult images, might be regarded as erotica. Pictures of this kind would generally be regarded as child pornography where reference is made to sexual qualities, but might not if obscenity or indecency criteria are used.
Another problem in writing, enforcing, prosecuting, and interpreting cybercrime laws is the lack of technical knowledge of legislators and experts charged with these regulatory duties. Legislators, in most cases, do not have a real understanding of the technical issues and what is or is not desirable -- or even possible -- to legislate. Police investigators are becoming more technically savvy, but in many small jurisdictions, no one knows how to recover critical digital evidence. Judges, too, often lack technical expertise, which makes it difficult for them interpret the laws. The fact that many computer crime laws use vague language worsens the problem. The answer to all these dilemmas is education and awareness programs, which must be aimed at everyone involved in the fight against cybercrime, including: legislators and other politicians, criminal justice professionals and it professionals and the community at large -- the cyberspace community in particular.
The increasing proliferation in usage of technology assisted criminal activity and cybercrime merits further attention from the global community by enacting the necessary legislative provisions and implementing effective technological and enforcement tools that reduce criminal activities. Cybercrime should be subject to a global principle of public policy that aims at combating and preventing this form of organized crime through raising international awareness and increasing literacy rates, coordinating legislative efforts on national, regional and worldwide levels, and establishing a high-level network of cooperation between enforcement agencies and police forces across the globe (Chawki).
It has been suggested, especially by those who are concerned with too much government regulation of communication, that another option to fight cybercrime exists: Individuals and companies can take their own actions as a proactive stance against Internet fraud. For example, studies show that most organizations are presently not doing anything or taking the right actions to protect themselves from criminal elements. A recent UK Department of Trade and Industry survey showed that only 8% of companies test their disaster recovery plans to ensure they will be able to maintain business continuity in the face of a cybercrime attack. In addition, many organizations have computer and Internet use policies but do evaluate compliance.
Not all attacks are external. Sabotage by employees can also occur. The above Trade and Industry survey also found that almost a third of UK firms had dealt with up to five disciplinary cases of Internet abuse in 2002. Carelessness by employees is almost as threatening as intentional crime. Users make passwords too simple, reveal them when asked, or write them on a post-it near their PC. Carelessness can be countered by the implementation and enforcement of systems use policies and training.
Lastly, because of the fear of terrorism since 9/11, numerous cities throughout the United States have put together disaster plans as well as had practice drills in case the worst occurs. It may be just as important to prepare for the worst for cybercrimes. It is not a matter of if, but when, an individual or group of individuals manipulates the electronic systems nationwide and causes problems to utilities or financial or military systems. Even if the fear of cyberterrorism may be exaggerated, its possibility can neither be denied nor ignored. As a new, more computer-intelligent generation of terrorists comes of age, the danger seems set to increase.
Chawki, Mohamed. Critical Look at the Regulation of Cybercrime. 2005. Retrieved April 26, 2005. http://www.iehei.org/bibliotheque/CriticalLookattheRegulationofCybercrime.doc
Denning, Dorothy. Cyberterrorism. Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House of Representatives.
May 23, 2000. Retrieved April 26, 2005. http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html
Goldstein, Emmanuel. "Hackers in Jail," 2600 Magazine, 6.1, Spring 1989, np.
Ilett, D. "Cybercriminals taking 2.5bn fromUK businesses." ZDNet U.K. April 5, 2005. Retrieved April 30, 2005. http://software.silicon.com/security/0,39024655,39129301,00.htm
I-Newswire. "Cybercrime: around-the-clock alert" April 26, 2005. Retrieved April 30, 2005. http://www.crime-research.org/news/26.04.2005/1187/
National White Collar Crime Center and Federal Bureau of Investigation. IC3 2004 Fraud. Retrieved April 25, 2005. http://www.ifccfbi.gov/strategy/2004_IC3Report.pdf
Seeley, Donn. "Tour of the Worm." Paper written for the Department of Computer Science, University of Utah. http://world.std.com/~franl/worm.html
Syngress (2002). Scene of Cybercrime. Computer Forensics Handbook. New York,
Tavani, H. "Defining the Boundaries of Computer Crime: Piracy, Beak-ins, and Sabatoge in Cyberspace." Readings in Cyberethics. Ed. R. Spinello. Sudbury, MA: 2001.