CyberCrime

How the criminal law has been reformed. Was this reformation sufficient is the law able to cope as it currently stands.

Throughout the last few decades computers have become omnipresent. As a result of this, so has cybercrime. With the rise in prominence of hacker groups such as Anonymous and LulzSec, cybercrime has come to the forefront of public attention in recent months. However, cybercrime has been costing businesses and individuals billions of euros, dollars and pounds for many years.

Dishonest Operation Dishonest operation of a computer with the intention of making a gain or causing a loss to another is an offence under the Criminal Justice (Theft and Fraud Offences) Act 2001 S. 9(1). It can be met by a fine or a maximum of 10 years in prison. The offences in the cases of R v Governor of Brixton Prison (1996) ( Levin operated a computer in Russia) and R v Thompson (1984) ( Computer programmer for the Bank of Kuwait) would fall under this category. This offence is very comprehensive in meeting the challenges posed by modern technology but as Kelleher and Murray point out, it is difficult to establish and suffers from the limitation that dishonest operation not concerning money or property may fall outside the ambit of the offence.

Unauthorised Access This is an offence under S. 5(1) of the Criminal Damage Act 1991. Concerns cases similar to the facts of R v Browne (1996) (former policeman used his position to access database on behalf of a friend who was a debt collector). It is beneficial in the sense that it has a comparatively broad application and the elements of the offence are relatively straightforward. However it can only result in a small fine or 3 months in prison, it is a minor offence. As well as this the prosecution must be started within 6 months of the act. This may be very problematic in computer cases.

Creating a False Instrument This constitutes an offence under S. 25(1) of the Criminal justice (Theft and fraud Offences) Act 2001. Concerns scenarios factually similar to R v Gold (1988) (2 journalists hacked the Prestel Information System)

Offences under the Electronic Commerce Act 2000 This primarily concerns electronic signatures and signature recognition devices.

Social Engineering and Phishing Social Engineering is illegal under S. 25(d) of the Electronic Commerce Act 2000. If phishing can be shown then the offence of deception under S.6 of the Criminal Justice (Theft and Fraud Offences) Act 2001 can be made out.

Information Theft As the law currently stands in this jurisdiction Irish Law does not recognize any offence of theft of information.

Extortion Under the Criminal Damage Act 1991 it is an offence to threaten to damage property. This is limited to threats involving property and so cannot be invoked in cases similar to Zezev and Yarkmaka v Governor of HM Prison Brixton (2002) (concerned a threat to reputation).

Damage to Data This is an offence under S.2 of the Criminal Damage Act 1991. With respect to this area the issue of Bot-nets is relevant. This is in effect an unwitting army of zombies. (Markoff) As these are not directly controlled and have inherent jurisdictional issues attached to them, the relevance of the 1991 Act is questionable here, according to Kelleher and Murray. Backing up this opinion is the fact that no prosecution for damage of data contrary to the act has been brought.

Distributed Denial of Service Attacks (DDoS) This process involves giving a server so many requests that it cannot function properly and is the favored method of attack by groups such as LulzSec and the implementation of the well known Operation Payback which targeted anti-piracy organisations and companies who withdrew support for Wikileaks. This is an example of types of cybercrime that existing legislation is struggling to deal with, as Murray notes. These DDoS attacks are usually done by tools such as the Low Orbit Ion Cannon. S. 4 of the Criminal Damage Act 1991 criminalises the possession of tools such as these however it suffers from the limitation that the possession must have the intention of either endangering the life of someone or engaging in fraud.

Malware This may be covered by S.4 of the 1991 Act but as all infected users have a copy of the virus and may have inadvertently distributed it an intention to damage property would have to be shown. It may also fall under the ambit of S.9 of the 2001 Act or S.2 of the 1991 Act. An example of malware is the well known Rustock.C of 2008 which my computer had the privilege of meeting. A virus is a self-replicating and a self-executive program written to alter the way a computer operates. Worms replicate themselves from system to system without the use of a host file. The most well know worm would be the Morris Worm of the 1980s. There are also Trojan horses, time bombs and logic bombs.

Child Pornography This is illegal under the Child Trafficking and Pornography Act 1998. Possession is covered by S.6 and its production and distribution under S.5. In the Curtin case Mr. Curtin had child pornography on his computer but got off on a technicality. It is interesting to note that the Oireachtas wished to obtain the computer in question but would have been in possession of child pornography. Curtin conveniently retired on health grounds days before he was to give evidence to a committee and days after he met the time requirement to qualify for a pension. (Good news for the child pornography industry in Texas!) The issue of computer generated child pornography is illegal in Ireland but seems to be legal in the USA. There is also the issue of sexting. This is where young teenagers take pictures of themselves of a sexual nature and distributing them. This will probably constitute child pornography.

Conclusions As Lloyd notes, the provisions of the Convention on Cybercrime of 2001 indicate that the emergence of the internet poses substantial challenges to the efficiency of older computer related legislation. The global nature of the internet and computer technology in general means that international cooperation is vital. In conclusion, the majority of cybercrime in covered by some form of legislation, either expressly for computer technology or not. However, the speed of advancement has meant that some laws are having to be uncomfortably stretched to fit the crimes and a variety of cybercrimes are not sufficiently covered at all, for example bot-nets and DDoS attacks. This point is backed by Kelleher and Murray who state that there has not been on successful prosecution for cybercrime in Ireland. To put is simply, there seems to be problems with the legal framework dealing with cybercrime. As a result of this it would be desirable to see the criminal law updated.