ITU - Global Cybersecurity Agenda

عربي | 中文 | Español | Français | Русский

Advanced Search

Home : Office of the Secretary-General : Corporate Strategy Division : Global Cybersecurity Agenda

Loopholes in Current Legal Frameworks

Cybercriminals are already exploiting vulnerabilities and loopholes in national and regional legislation. There is evidence that they are shifting their operations to countries where appropriate and enforceable laws are not yet in place, so they can launch attacks on victims with almost total impunity, even in those countries which do have effective laws in place.

With the spread of networks of hijacked computers over different countries, criminals can launch cyberattacks using a decentralized model based on peer-to-peer arrangements, making it difficult for any single national or regional legal framework to deal adequately with this problem. Such far-reaching challenges can only be addressed at the global level.

Many countries have adopted or are working on legislation to combat cybercrime and other misuses of information technology. These laws are drawn up so as to be enforceable in well defined geographical boundaries that are either national or regional. However, even if all countries introduce legislation, cybercriminals cannot be easily extradited between the country where the cybercrime was instigated and the country where it was committed, unless these legal frameworks are inter-operable. This is far from the case today.

Some efforts to address this challenge have been undertaken, by establishing bilateral agreements and Memoranda of Understanding between countries. However, bilateral agreements may be limited in their scope and effectiveness, due to the complexities involved in negotiating numerous bilateral agreements based on different terms and conditions. Further problems arise, where countries may need to extend such agreements to various others countries. A strategy based on cooperation through bilateral agreements may also result in differences in agreed responsibilities - for example, where, say, five countries are signatories to one agreement (first agreement) and one of these countries signs another bilateral agreement with a sixth country. Does that imply that the five parties that are signatories of the first agreement agree to extend this cooperation to the sixth country?

Clearly, these attempts - although valuable - are not the solution to the tackle the far-reaching legal challenges we face today in dealing with cyberthreats. At best, they may only shift the problem from one country to the next and result in creating cybercrime-havens for cybercriminals who are protected by the extraterritoriality of their activities.

« Go back to overview