Introduction
The global game against cybercrime has never stopped as cybercriminals keep improving their tactics, forcing agencies to amend and develop the conventions and laws. However, the attempt to solve the issue remains elusive for several reasons (Grant & Terry, 2017). First, criminal subjects are becoming more professional and hence complicate curbing the spread of crime. The professionalism is attributed to the fact that the overall education level is relatively high, with considerable computer technology and network knowledge and a solid ability to evade supervision and attack. Second, the forms of crime are becoming increasingly varied and concealed (Rossy & Ribaux, 2020). Unlike traditional crimes that need to carry the ‘criminal tools’ with them, cybercriminals can even move the cyber places where crimes are committed overseas, adopting methods such as information backflow and cross-border alliances. They can utilize cyberspace’s highly virtual nature to realize the instantaneity of the time of the crime, the uncertainty of space, and the separation of behavior and consequences through the rapid renovation of technical means. Third, criminal activities are becoming more organized and grouped, making them easier to elude the law. According to statistics, since 2016, telecommunications fraud criminal groups have set up fraud dens in more than 40 countries, including Southeast Asia, Europe, Africa, and Oceania (Rossy & Ribaux, 2020). Especially in crimes such as Internet fraud, Internet gambling, and Internet pornography, criminals exchange criminal methods and means through Internet information, divide labor, cooperate closely, and form a strict criminal group.
Since legal measures stand out as the primary defense against cybercrime, understanding the current laws and their effectiveness could help propose effective measures to address cybercrime. The purpose of the paper is to explore the issue of cybercrimes, evaluate existing laws, identify challenges in the implementation of laws, and give recommendations on what should be done to improve the legal frameworks for cybercrime.
Legal Development of Cyber Laws
To effectively curb cybercrime, many countries and national organizations, such as the United Nations, the Organization for Economic Cooperation and Development, and the European Union, actively seek international cooperation in combating cybercrime. The most effective of these is the work of the European Commission (Pawlak, 2019). The Cybercrime Convention is the first international convention to combat cybercrime (Pawlak, 2019). Its main goal is to establish a standard criminal policy and a consistent legal system for combating cybercrime among the contracting parties. It modifies traditional investigation measures such as search and seizure and creates new investigation measures such as rapid computer data protection.
Budapest Convention is another international law designed to address cybercrime. The Budapest Convention is led by developed countries such as Europe and the United States (Tosoni, 2018). The types of cybercrime stipulated reflect Western legislative traditions and values and concern many developing countries. Western countries have always claimed that the “Budapest Convention” is a “golden model.” However, since the convention was formulated at the beginning of the 21st century, it does not consider emerging cybercrime issues (Tosoni, 2018). Many cybercrimes prevalent at the beginning of the convention are rare, and new types of cybercrimes are emerging one after another. New types of cybercrimes urgently need to be included in the global cybercrime convention. Emerging countries represented by China and Russia have expressed on many international occasions that it is imperative to formulate an international convention against cybercrime under the United Nations framework.
Challenges Facing Cybercrime Laws
According to UN General Assembly (UNGA) Resolution 73/187 adopted in 2018, countries submitted written opinions to the UN Secretary-General on the challenges faced in combating cybercrime and finally formed a report on cybercrime issues submitted to the UNGA. In December 2019, the 74th UN General Assembly passed Resolution 74/247, officially launching the negotiation process of a global convention against cybercrime under the United Nations framework (Pawlak, 2019). The positions and suggestions made by various countries on the above-mentioned multilateral platforms will, to a large extent, be continued in the negotiation of the convention, which is of reference and reference significance for our country’s position on relevant legal issues.
Conviction of Cybercriminals
What constitutes a cybercrime is a primary issue in the negotiation and formulation of a cybercrime convention. Internationally, there is no consensus on the definition and scope of cybercrime. It is generally believed that cybercrime in a narrow sense refers only to crimes against computer systems or data, that is, pure cybercrime. In a broader sense, cybercrime also includes crimes committed by computers (Grant & Terry, 2017). Few existing regional international instruments against cybercrime clearly define cybercrime, and they mainly adopt broad standards, including crimes directed at computer systems or data and crimes committed using computers.
Conflicting Domestic and International Laws
Most international conventions may propose measures that are hard to be implemented domestically. Insufficient cooperation between internet companies and law enforcement agencies (Rossy & Ribaux, 2020). Countries have different standards for law enforcement agencies to retrieve data. India and Brazil proposed that each country’s privacy protection laws and other domestic legal standards are different. Some regulations are too strict, which constitutes an obstacle to international cooperation in obtaining electronic evidence. Russia criticizes that the “Budapest Convention” allows some countries to collect personal data from all over the world without restriction, which is not conducive to protecting individuals’ and businesses’ rights (Tosoni, 2018). The United States recommends that countries improve their domestic legal frameworks and protect individual rights through judicial review and regulatory data retrieval orders. Italy, South Africa, Israel, etc., advocate that the retrieval of electronic evidence from Internet companies should comply with the principle of proportionality and the principle of necessity and seek a balance between cooperating with law enforcement, ensuring legitimate operations, and protecting user privacy.
Many domestic laws hinder investigative agencies from obtaining copies of electronic evidence. Electronic evidence in cybercrime cases is generally stored in a computer system or transmitted on the Internet (Rossy & Ribaux, 2020). For this type of evidence, the investigative agency cannot retrieve the actual evidence at all in some cases. For example, for electronic data transmitted on the Internet, the investigative agency can only obtain a copy of the electronic evidence. In some cases, it is difficult for the investigative agency to obtain the actual evidence. Allowing investigative agencies to obtain copies of evidence as legally valid evidence is crucial to investigating evidence in cybercrime cases (Grant & Terry, 2017). Otherwise, the investigation of such cases will face insurmountable legal obstacles.
Cross-Border Retrieval and Acceptance of Electronic Evidence
With the development of cloud computing and other technologies, more electronic evidence is distributed and stored in different countries. Law enforcement agencies in various countries have a strong demand for cross-border evidence collection in handling cases. However, there are no unified cross-border evidence collection rules in the world (Rossy & Ribaux, 2020). The inconsistency of domestic standards and rules in the definition, scope, collection, and acceptance of electronic evidence in various countries is also very detrimental to cooperation. In addition, since electronic evidence is unstable and easily tampered with, it is not easy to judge its authenticity, legitimacy, relevance, and integrity (Grant & Terry, 2017). Designing a faster and more convenient mechanism for cross-border retrieval and admissibility of electronic evidence is the biggest challenge countries face in their cooperation in combating cybercrime.
Sovereignty Issues
Legalizing the global governance of the Internet must adhere to the principle of respect for national sovereignty and establish a mechanism for equal participation in the formulation of Internet rules. It should also enhance the system supply of global Internet governance and ultimately achieve global Internet shared co-governance (Tosoni, 2018). The system design that one considers beneficial to one’s interests may hurt oneself when adopted by other countries (Rossy & Ribaux, 2020). Therefore, it is necessary to test the rationality of the interpretation conclusions on occasions when other countries share their own countries’ interpretation conclusions.
Recommendation
The first recommendation is to have a proper definition of cybercrime. Countries have different views on whether it is necessary to define cybercrime uniformly. In the early discussions of the UN Cybercrime Government Expert Group, the European Union, France, Chile, etc., the definition of cybercrime in each country’s domestic laws is different. This difference will bring specific cooperation difficulties in the fight against cybercrime (Tosoni, 2018). Therefore, it is necessary to have a unified definition of “cybercrime.” The United States believes that all countries only need to form a consensus on the core cybercrimes to be combated, and there is no need to agree on a specific definition of cybercrime.
The second recommendation is to define what constitutes cybercrime. There is broad consensus among countries on the inclusion of pure cybercrime in the convention. Still, it is difficult to agree on whether to include traditional crimes committed using computers (Grant & Terry, 2017). In this regard, Germany believes that crimes committed through the Internet are not necessarily cybercrimes (Maillart, 2021). Therefore, careful consideration should be given to expanding the scope of cybercrimes to general crimes committed using computers. Mexico proposes to develop a semantic framework that is broad enough to cover various forms of cybercrime (Maillart, 2021). Portugal advocates combating severe crimes such as disseminating harmful information on the Internet and using the Internet to traffic human beings and money laundering (Pawlak, 2019). Unless the constituents of cybercrime are clarified, it will be hard to curb the rising cases of cybercrime.
The third recommendation is that there should be clear measures on how to retrieve electronic evidence across borders. In recent years, many countries have advocated that a country bypass international judicial assistance and law enforcement cooperation channels and directly obtain electronic evidence across borders (Rossy & Ribaux, 2020). The United States, the United Kingdom, Chile, and other States parties to the Budapest Convention advocate the data controller standard. The standard is based on domestic enterprises’ jurisdiction, allowing law enforcement agencies to obtain electronic evidence needed for criminal investigations directly. Slovakia emphasizes that adopting this standard for judging electronic data jurisdiction can solve most of the cross-border evidence collection problems in the cloud computing era (Maillart, 2021). The U.S. and U.K. also advocated that a fast-track evidence collection channel could be established by signing a bilateral agreement, bypassing criminal judicial assistance channels, and directly accessing overseas electronic data from each other’s companies (Maillart, 2021). Since different standards complicate prosecuting and implicating cybercriminals, they should be harmonized and clarified.
The fourth recommendation is the need for public-private cooperation and encourages all sectors of society and the public to prevent cybercrimes. South Africa, Indonesia, etc., advocate setting necessary legal responsibilities or codes of conduct for network service providers. Argentina advocates establishing a more effective framework for collaboration with Internet service providers and attaching importance to civil society organizations and academia’s contribution to preventing cybercrime (Tosoni, 2018). Australia advocates that online content involving child pornography and violence should be offline through cooperation with the industry. The United States, Indonesia, and others advocate that countries should bear in mind their human rights obligations when implementing cybercrime prevention measures, protect personal data security and freedom of speech, and restrict online content as little as possible (Maillart, 2021). China believes that countries should legislate to stipulate network service providers’ preventive obligations, especially the early warning of security risks and emergency response to security incidents. Consequently, public-private cooperation is crucial in the war against cybercrimes.
Conclusion
The paper demonstrated that attempt to address cybercrime is hindered by a lack of a comprehensive and universal legal framework. The ubiquity, integration, and cross-border characteristics of the Internet have challenged the traditional legal effect theory and jurisdiction system. The perpetrator, place of action, place of result, place of jurisdiction, etc., are separated, and the regional effect is difficult to determine. The issue is complicated because cyberspace is an intangible space that does not occupy physical or geographic locations. It is an electronic place where individuals, companies, communities, governments, and other roles can exist within and outside nation-states’ borders instantaneously, simultaneously, or ubiquitously. Finally, cyberspace is a medium through which users in one jurisdiction of real space can communicate with users in another absolute space jurisdiction. In short, there is no analogy or legal analog that can describe the various properties of cyberspace. Therefore, it is necessary to construct new terms for understanding the complexity of Internet relations. Having a proper definition of cybercrime, illustrating elements of this crime, and indicating how to retrieve electronic evidence across borders are some of the measures that can be taken to make existing laws better.
References
Grant, H. B., & Terry, K. J. (2017). Law enforcement in the 21st century. Pearson
Maillart, J. B. (2021). The Need to Think Beyond Objective Territoriality to Better Protect the Rights of the Suspect of a Cybercrime. In Rethinking Cybercrime (pp. 105-120). Palgrave Macmillan, Cham.
Pawlak, P. (2019). The EU’s role in shaping the cyber regime complex. European Foreign Affairs Review, 24(2), 167 – 186. Web.
Rossy, Q., & Ribaux, O. (2020). Orienting the development of crime analysis processes in police organisations covering the digital transformations of fraud mechanisms. European Journal on Criminal Policy and Research, 26(3), 335-356. Web.
Tosoni, L. (2018). Rethinking Privacy in the Council of Europe’s Convention on Cybercrime. Computer Law & Security Review, 34(6), 1197-1214. Web.