Cybercrime 2020
Beau van Leenders
DEADLINES
- Assignment due dates:
o 28th September
o 5th of October
o 18th October
- Final assignment – November 9th
About the Course:
This course offers an overview of cybercrime law and governance. The first part focuses on concepts,
methods and prevalence. The second and major part discusses substantive and procedural criminal
law. The third part discusses the governance of cybercrime. The Council of Europe's Cybercrime
Convention will be a key point of reference to illustrate all issues. Substantive criminal issues
discussed include hacking, malware, phishing, and (virtual) child pornography. Procedural issues
include various investigation powers, such as computer and network searches, smartphone
investigations, and wiretapping. This course is part of the Master Law and Technology and is taught
in the winter semester. All students with basic knowledge of criminal law are welcome to
participate. The course is taught in English and composed of lectures and tutorials
Course objectives
- Explain what cybercrime is and what the major challenges of cybercrime are for legislators
and for practitioners;
- Find and explain cybercrime provisions in her own national legal system, and compare
these to the Cybercrime Convention;
- Identify differences in national cybercrime legislations and explain how this affects
cybercrime governance;
- Interpret articles 2-21 and 32 of the Cybercrime Convention;
- Apply substantive cybercrime provisions to a case describing a (potential) cybercriminal
activity;
- Apply procedural cybercrime provisions to a case describing a cyber investigation;
- Evaluate how cybercrime can be governed, including a critical assessment of the role of the
law in combating cybercrime and assessing how social norms, market forces and
technology can play a role in cybercrime governance;
- Argue how specific types of cybercrime, such as deep fakes and botnets, can be combated.
,Lecture Literature Main argument
1 D S Wall: Security and Cyberspace has become more: Global, Informational, Distributed. The cyber-lift:
Information Communication means it can be done more global and on a broader scale.
Technologies: The Changing We can use the transformation test to see whether something is cyber-assisted,
Cybersecurity Threat Landscape cyber-enabled or cyber-dependent. These are the 3 generations of cybercrime.
and Its Implications for Regulation
and Policing
P. Graborsky: The Evolution of Three major elements; (1) sophistication, (2) commercialization and (3)
Cybercrime organization.
Koops: The internet and the In the CCC: CIA crimes, Computer related crimes and computer assisted crimes. On
opportunities for Cybercrime the other hand there are: 3 generations of cybercrime according to Wall. There
might be a 4th: wholly virtual
2 Kerr: Norms of Computer What makes access unauthorized?
Trespass There is need to look at 3 elements. (1) Nature of the space. Some spaces are
more private: compare a mall to a home. Moreover, some online spaces are more
private: e.g. think bank account (2) Means of entry. Compare a door or window:
the latter is not likely legal measure (3) Context of entry. Also keep in mind the
inherent openness of the internet.
3 E Lievens: Bullying and sexting in Sexting could lead to the conviction of minors. Essentially, they are creating
social networks from a legal pornography. Look at the rationale of the law. There is now a mismatch.
perspective
Stroud: What Exactly is Revenge Not all the behaviours in revenge porn entail harm when disclosing. There can be
Porn or Non-consensual more rationales. 4 dimensions: source of the content, consent-status, intent of
Pornography posting, identifying features. Intent could also be praise.
4 Kerr: Searches and Seizures in a 4th amendment US protects from unreasonable searches. How does this apply to
Digital World digital searches? Ex ante ex post, data acquisition v reduction, exposure based
approach, plain view doctrine.
5 Seitz: Transborder Search: A new This discusses the Gorshkov and Ivanov case. Here the 2 Russions were suspected
perspective in law enforcement? of hacking in the US and fraud. The US came up with a plot. Set up a fake firm, had
a job interview and based on the passwords were able to extend the search to
servers located in Russia. However, Russia considered this an invasion of
sovereignty.
Currie: Cross-Border Evidence Microsoft vs United States case.
Gathering in Transnational
Criminal Investigation: Is the
Microsoft Ireland Case the 'Next
Frontier'?
6 Vd Meulen, Koops: The Challenge
of Identity Theft in Multi-Level
Governance
Koops: On legal boundaries,
technologies, and collapsing
dimensions of privacy
7 Brenner, Clarke: Distributed The model suggests that government can better
Security: A New Model of Law control cybercrime by employing a system of “distributed” security that uses
Enforcement criminal sanctions to require computer users and those who provide access to
cyberspace to employ reasonable security measures as deterrents. We argue
that criminal sanctions are preferable in this context to civil liability, and we
suggest a system of administrative regulation backed by criminal sanctions that
will provide the incentives necessary to create a workable deterrent to
cybercrime. AND ISPs should be held to a license system.
Koops: Technology and the Crime
Society
,Lecture 1 – Concepts of Cybercrime
Lecture objectives
- Overview of the course
- What is cybercrime?
- Types and forms of cybercrimes
- What do we know about cybercrime?
- The role of fiction in our understanding of cybercrime
Mandatory Literature
(1) David S. Wall, Crime, Security and Information Communication Technologies: The
Changing Cybersecurity Threat Landscape and Its Implications for Regulation and Policing
(2017),
This paper is about:
- Networked digital tech have transformed crime. It will be more complex to regulate,
investigate and prevent.
- This paper looks at how this networked tech has made an impact on the crime landscape
and society as a whole.
Introduction
- Early days many apocalyptic things were said about cybercrime. However, now it has
become part of our everyday reality.
o Media used to use fear as a marketing tool with an eye on the cybercrime domain
- The consequences of online activity could be unexpected: think e.g. of the consequences of
social media: no one saw this coming
o The negatives such as bullying, grooming etc. remain absent from the headlines
o Knowing and reporting is one thing, knowing how to respond constructively is
another
- The opportunities for cybercrime grow and so do the regulatory difficulties; legally, industry
wise and policing
o One challenge is managing public expectations. Sometimes they cannot always
deliver. Or they have to use outdated laws, or laws not yet formed
- There is need for collaboration: however this is counter-intuitive for e.g. the police
Chapter 2: How has the network changed criminal behavior online
- 3 fundamental areas of change in social behavior
o Global
o Informational
o Distributed
- From the crime perspective this leads to
o Global effect on crime. Not just within physical span.
o New type of asymmetric relationships. Many victims of the same crime
o Non-physical relationships
- From a distance, more easily à “cyber-lift”
Another thing is that criminal labour is becoming more and more a thing.
- Low skilled level because of automated crimes
- Low costs of tech – more people can get it
- All in all à risk is much lower per person
, Chapter 3: How has the network and tech changed the “cyber-threat” landscape?
- Tech can also help aid in preventing or fighting tech-run crime
Chapter 4: What is Cybercrime?
- One can distinguish cybercrimes from non-cybercrimes with the – “Transformation test”
- This is where you take away the cyberlift to see what is left of the crime
- Then you analyse to what extent cyber was used
o Cyber dependent ßà Cyber assisted
o Midway: Cyber enabled
- Also, there is a distinction between
o Crimes against the machine (hacking, DDOS)
o Crimes using the machine (Fraud)
o Crimes in the Machine (extreme pornography)
- Also, there is a differentiation between the victim group
o Individual victimization
o Organisational victimization
- Setting out these different sub-groups makes understanding cybercrime easier and better to
regulate or frame
Chapter 5 – which cybercrimes are affecting police and the system?
- The estimates are plenty. However, might sometimes be risk inflated
- Prosecutions do not make it easier, because not a good measure
o Examples: Facebook flirt case
o Examples: Sexting case UK
o Example: talktalk head
- These examples raise questions about the role of the police in this.
Chapter 7 – what can we do about cybercrime?
- We cannot just stop it. Or stop the tech.
- Purely tech counter-measures also not the answer: since they often restrict freedoms
- We need to mitigate risks
- Collaboration but not only between police, all involved actors
(2) Peter Grabosky, The Evolution of Cybercrime, 2004–2014,
Abstract
- Developments in cybercrime starting in 2004.
- Basic substance of CC is essentially the same as the past.
- Now executed more professionally, more diverse actors, more financial gain
Chapter 1 – introduction
- Moore’s law: capacity of computers will double every 2 years.
- This paper centres around:
o Sophistication: complexity of methods by which CC is executed
o Commercialization: profits and markets for the motivation of CC
o Organization: apparent diversity of organization form represented in recent CC
Chapter 2 – Trends in CC
(1) Sophistication
- Example of this is botnets. (Spamming, Denial of service, malware, financial crimes)
- First the spam emails were poorly written and obvious. No longer