As the development of computers, networks and the Internet has accelerated and become part of everyday life, the new cyberspace has created an environment for criminal offences. Information security is concerned with protecting the information confidentiality, integrity and accessibility1. Cybercrime is on the rise, but its transnational character poses difficulties in implementing statutes and regulations which effectively counter the vulnerabilities.
What do you see as the main potential threats posed by the widespread use in modern business of information technology and databases of personal information?
The protection of privacy and data is a key challenge in today’s society, characterized by extensive amounts of sensitive data being located in databases vulnerable to attacks and misuse. Threats may manifest themselves as physical and environmental, technical and people-based2. The European Convention on Cybercrime3 defines computer related crimes as (a)computer related forgery and fraud, (b)content related offences covering activities related to the distribution of illegal content and (c)infringements of intellectual property rights and related rights4.
From a business perspective, forgery and fraud, as well as intellectual property breach, should both pose reasons for concern. E-commerce is reliant on building consumer trust, which would undoubting be breached if consumer data is leaked, shared or misused5. Hackers getting hold of sensitive information, setting off viruses and attacking consumer’s data privacy, may not only significantly harm an organisation’s reputation, but may result in significant financial loss and compromise of sensitive information6. Breach of intellectual property, which is on the rise7, might on the other hand result in the organisation’s material being misused without recognition, potentially having significant impact on competitive advantage and ability for first mover advantage.
How can the law be extended to protect against these threats without stifling technical innovation and business activity more than absolutely necessary?
In order to develop effective cyberspace legislation, legal provisions must be enacted with clarity and specificity8. This would undoubting assist in promoting technical innovation, as legal protection has proven invaluable for innovation and development9.
One key characteristic of European policy making is the emphasis on harmonisation between member states, and encouragement of international cooperation and security information exchange10. Existing legislation is a step in establishing common criminal policies through harmonization of national legislation, enhanced law enforcement and judicial capabilities and improved international cooperation, to some degree succeeding in committing signatories to prosecute cyber-crime and reducing the number of jurisdictions where criminals can avoid prosecution11.
Critics have however argued that it undermines individual privacy rights and expands surveillance powers, or that it has no effect on typical problem countries where cyber criminals operate more freely. These challenges have been addressed by the providing of guidelines to jurisdictions which have less developed legal frameworks12, whilst surveillance concerns should be addressed by other privacy laws.
Well drafted legislation, which is ineffective in its enforcement, is however not the goal. There is no doubt that effective cooperation across jurisdictional boundaries needs to be achieved if efficient investigation of cybercrime is to be developed. Governments and businesses should cooperate with other stakeholders to develop necessary approaches to investigation and prosecution of cybercrime, taking technological development into consideration. This is a tedious process and a global agreement on cybercrime, although ideal, might be outside of realistic reach at the moment.