• Understanding cybercrime: Phenomena, challenges and legal response
  • Table of contents
  • Purpose
  • 1. Introduction
    • 1.1 Infrastructure and services
    • 1.2 Advantages and risks
    • 1.3 Cybersecurity and cybercrime
    • 1.4 International dimensions of cybercrime
    • 1.5 Consequences for developing countries
  • 2. The phenomena of cybercrime
    • 2.1 Definitions
    • 2.2 Typology of cybercrime
    • 2.3 Development of computer crime and cybercrime
      • 2.3.1 The 1960s
      • 2.3.2 The 1970s
      • 2.3.3 The 1980s
      • 2.3.4 The 1990s
      • 2.3.5 The 21st Century
    • 2.4 Extent and impact of cybercrime offences
      • 2.4.1 Crime statistics
      • 2.4.2 Surveys
    • 2.5 Offences against the confidentiality, integrity and availability of computer data and systems
      • 2.5.1 Illegal access (hacking, cracking)
      • 2.5.2 Illegal data acquisition (data espionage)
      • 2.5.3 Illegal interception
      • 2.5.4 Data interference
      • 2.5.5 System interference
    • 2.6 Content-related offences
      • 2.6.1 Erotic or pornographic material (excluding child pornography)
      • 2.6.2 Child pornography
      • 2.6.3 Racism, hate speech, glorification of violence
      • 2.6.4 Religious offences
      • 2.6.5 Illegal gambling and online games
      • 2.6.6 Libel and false information
      • 2.6.7 Spam and related threats
      • 2.6.8 Extortion
      • 2.6.9 Other forms of illegal content
    • 2.7 Copyright and trademark related offences
      • 2.7.1 Copyright-related offences
      • 2.7.2 Trademark-related offences
    • 2.8 Computer-related offences
      • 2.8.1 Fraud and computer-related fraud
      • 2.8.2 Computer-related forgery
      • 2.8.3 Identity theft
      • 2.8.4 Misuse of devices
    • 2.9 Combination offences
      • 2.9.1 Terrorist use of the Internet
      • 2.9.2 Cyberwarfare
      • 2.9.3 Cyberlaundering
      • 2.9.4 Phishing
  • 3. The challenges of fighting cybercrime
    • 3.1 Opportunities
      • 3.1.1 General automation of investigations
      • 3.1.2 Creation of data in online services
      • 3.1.3 Creation of data within the digitalization of offline processes
    • 3.2 General challenges
      • 3.2.1 Reliance on ICTs
      • 3.2.2 Number of users
      • 3.2.3 Availability of devices and access
      • 3.2.4 Availability of information
      • 3.2.5 Missing mechanisms of control
      • 3.2.6 International dimensions
      • 3.2.7 Independence of location and presence at the crime site
      • 3.2.8 Automation
      • 3.2.9 Resources
      • 3.2.10 Speed of data exchange processes
      • 3.2.11 Speed of development
      • 3.2.12 Anonymous communications
      • 3.2.13 Failure of traditional investigation instruments
      • 3.2.14 Encryption technology
      • 3.2.15 Summary
    • 3.3 Legal challenges
      • 3.3.1 Challenges in drafting national criminal laws
      • 3.3.2 New offences
      • 3.3.3 Increasing use of ICTs and the need for new investigative instruments
      • 3.3.4 Developing procedures for digital evidence
  • 4. Capacity building
    • 4.1 Cybersecurity and cybercrime
    • 4.2 Capacity building methodology
      • 4.2.1 Set-up
      • 4.2.2 Development of a project plan
      • 4.2.3 Assessment as a starting point
      • 4.2.4 Comparative analysis
      • 4.2.5 Stakeholder consultations
      • 4.2.6 Drafting process
      • 4.2.7 Training, education and follow up activities
    • 4.3 Strategy as a starting point
      • 4.3.1 Implementation of existing strategies
      • 4.3.2 Regional differences
      • 4.3.3 Relevance of cybercrime issues within the pillars of cybersecurity
      • 4.3.4 Taking strategies beyond the formulation of future plans
    • 4.4 The relevance of a policy
      • 4.4.1 Responsibility within the government
      • 4.4.2 Defining the different components
      • 4.4.3 Determination of stakeholders
      • 4.4.4 Identification of benchmarks
      • 4.4.5 Defining key topics for legislation
      • 4.4.6 Defining legal frameworks that require amendments, updates or changes
      • 4.4.7 Relevance of crime prevention
    • 4.5 The role of regulators in fighting cybercrime
      • 4.5.1 From telecommunication regulation to ICT regulation
      • 4.5.2 Models for extension of regulator responsibility
      • 4.5.3 Examples for involvement of regulators in fighting cybercrime
      • 4.5.4 Legal measures
      • 4.5.5 Technical and procedural measures
      • Organizational structures
      • Capacity building and user education
      • International cooperation
    • 4.6 Capacity building experiences in African, Caribbean, and Pacific Group of States (ACP)
      • 4.6.1 Methodology
      • 4.6.2 Lessons learned
      • High standards in developing countries
  • 5. Overview of activities of regional and international organizations
    • 5.1 International approaches
      • 5.1.1 The G7 (previously G8)
      • 5.1.2 United Nations and United Nations Office on Drugs and Crimes
      • 5.1.3 International Telecommunication Union
    • 5.2 Regional approaches
      • 5.2.1 Council of Europe
      • 5.2.2 European Union
      • 5.2.3 Organisation for Economic Co-operation and Development
      • 5.2.4 Asia-Pacific Economic Cooperation
      • 5.2.5 The Commonwealth
      • 5.2.6 African Union
      • 5.2.7 Arab League and Gulf Cooperation Council
      • 5.2.8 Organization of American States
      • 5.2.9 Caribbean
      • 5.2.10 Pacific
      • 5.2.11 Southern African Development Community (SADC)
    • 5.3 Scientific and independent approaches
      • 5.3.1 Stanford Draft International Convention
      • 5.3.2 Global Protocol on Cybersecurity and Cybercrime
    • 5.4 The relationship between regional and international legislative approaches
    • 5.5 The relationship between international and national legislative approaches
      • 5.5.1 Reasons for the popularity of national approaches
      • 5.5.2 International vs. national solutions
      • 5.5.3 Difficulties of national approaches
  • 6. Legal response
    • 6.1 Definitions
      • 6.1.1 The function of definitions
      • 6.1.2 Access provider
      • 6.1.3 Caching provider
      • 6.1.4 Child
      • 6.1.5 Child pornography
      • 6.1.6 Computer data
      • 6.1.7 Computer data storage device
      • 6.1.8 Computer system
      • 6.1.9 Critical infrastructure
      • 6.1.10 Cryptology
      • 6.1.11 Device
      • 6.1.12 Hindering
      • 6.1.13 Hosting provider
      • 6.1.14 Hyperlink
      • 6.1.15 Interception
      • 6.1.16 Interference
      • 6.1.17 Multiple electronic mails
      • 6.1.18 Remote forensic software
      • 6.1.19 Seize
      • 6.1.20 Service provider
      • 6.1.21 Traffic data
    • 6.2 Substantive criminal law
      • 6.2.1 Illegal access (hacking)
      • 6.2.2 Illegal remaining
      • 6.2.3 Illegal acquisition of computer data
      • 6.2.4 Illegal interception
      • 6.2.5 Data interference
      • 6.2.6 System interference
      • 6.2.7 Erotic or pornographic material
      • 6.2.8 Child pornography
      • 6.2.9 Solicitation of children
      • 6.2.10 Hate speech, racism
      • 6.2.11 Religious offences
      • 6.2.12 Illegal gambling
      • 6.2.13 Libel and defamation
      • 6.2.14 Spam
      • 6.2.15 Misuse of devices
      • 6.2.16 Computer-related forgery
      • 6.2.17 Identity theft
      • 6.2.18 Computer-related fraud
      • 6.2.19 Copyright crimes
      • 6.2.20 Terrorist use of the Internet
      • Cyberwarfare
    • 6.3 Digital evidence
      • 6.3.1 Definition of digital evidence
      • 6.3.2 Importance of digital evidence in cybercrime investigations
      • 6.3.3 Growing importance of digital evidence in traditional crime investigations
      • 6.3.4 New opportunities for investigation
      • 6.3.5 Challenges
      • 6.3.6 Equivalences of digital evidence and traditional evidence
      • 6.3.7 Relation between digital evidence and traditional evidence
      • 6.3.8 Admissibility of digital evidence
      • 6.3.9 Legal Framework
    • 6.4 Justisdiction
      • 6.4.1 Introduction
      • 6.4.2 Different principles of jurisdiction
      • 6.4.3 Principle of territoriality / principle of objective territoriality
      • 6.4.4 Flag principle
      • 6.4.5 Effects doctrine / Protective principle
      • 6.4.6 Principle of active nationality
      • 6.4.7 Principle of passive nationality
      • 6.4.8 Principle of universality
    • 6.5 Procedural law
      • 6.5.1 Introduction
      • 6.5.2 Computer and Internet investigations (Computer Forensics)
      • 6.5.3 Safeguards
      • 6.5.4 Expedited preservation and disclosure of stored computer data (Quick freeze procedure)
      • 6.5.5 Data retention
      • 6.5.6 Search and seizure
      • 6.5.7 Production order
      • 6.5.8 Real-time collection of data
      • 6.5.9 Collection of traffic data
      • 6.5.10 Interception of content data
      • 6.5.11 Regulation regarding encryption technology
      • 6.5.12 Remote forensic software
      • 6.5.13 Authorization requirement
    • 6.6 International cooperation
      • 6.6.1 Introduction
      • 6.6.2 Mechanisms for international cooperation
      • 6.6.3 Overview of applicable instruments
      • 6.6.4 United Nations Convention against Transnational Organized Crime
      • 6.6.5 Council of Europe Convention on Cybercrime
      • 6.6.6 International Cooperation in the Stanford Draft International Convention
    • 6.7 Liability of Internet providers
      • 6.7.1 Introduction
      • 6.7.2 The United States approach
      • 6.7.3 European Union Directive on Electronic Commerce
      • 6.7.4 Liability of access provider (European Union Directive on Electronic Commerce)
      • 6.7.5 Liability for caching (European Union Directive on Electronic Commerce)
      • 6.7.6 Liability of Hosting Provider (European Union Directive)
      • 6.7.7 Liability of hosting provider (HIPCAR)
      • 6.7.8 Exclusion of the obligation to monitor (European Union Directive on Electronic Commerce)
      • 6.7.9 Liability for hyperlinks (Austrian ECC)
      • 6.7.10 Liability of search engines
      • Blank Page