COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...

More documents

Recommendations

Info

in a number of countries. Notification is intended to enable victims of breaches to take measures to reduce the security impact (such as changing passwords or PINs, or asking for payment cards to be reissued); to increase the competitive pressure on businesses to improve their security; and to support the work of regulators responsible for data protection and critical infrastructure protection. Data breach notification laws exist at the sub-national level in countries in North America. 125 The European Union also requires public communication networks and services to report significant breaches to national authorities 126 and to adversely affected individuals. 127 It is currently considering the extension of this requirement to all organisations that process personal data. 128 Notification requirements or guidelines have also been introduced by countries in Oceania, and South Eastern and Southern Asia. 129 While data breach notifications can represent an important element of information security regimes – including as applicable to ISPs - such laws must ensure that they define the term ‘security breach’ with care, and are used in conjunction with a range of other measures, including effective data protection laws. Filtering of internet content – In addition to crime prevention opportunities related to data storage, ISPs may also play a role in preventing cybercrime through active review of the internet communications and data that they carry. One key concept in this respect is the possibility of internet ‘filtering’ by ISPs. Filtering of internet connections occurs, at some level, on almost all networks. The most basic level of filtering is employed to improve network performance and security by dropping invalid and otherwise corrupted data. ISPs may also have the technical ability to filter for specific malicious or illegal content. Many ISPs implement basic spam filtering for their users’ email accounts, for example, and may also protect against well-known malicious traffic coming from viruses or hacking attempts, by refusing to pass on traffic identified as such. Spam and botnets – Spam filtering is a major concern of all email providers due to the high volume of spam messages sent and received every day. The means by which spam is filtered are varied and complex, including analysis of the origin of emails to identify known sources of spam, as well as textual analysis to identify common phrases and patterns of content in the messages. Messages identified as spam are sometimes dropped entirely, or delivered to user ‘spam folders’. In addition to filtering of spam, ISPs may also play a role in combating malicious traffic, such as that generated by botnets. When ISPs are notified, or identify from internet traffic patterns, that a machine in their network appears to be part of a botnet or is otherwise infected with malicious software, one option is to block some or all of the traffic from that address, while notifying the customer of steps they can take to remove the malicious software. These notifications can come from security companies monitoring botnets, using techniques such as ‘honeypot’ machines that deliberately attract malicious software. ISPs can also take steps to proactively identify compromised machines by monitoring 125 National Conference of State Legislatures, 2012. State Security Breach Notification Laws, at http://www.ncsl.org/issuesresearch/telecom/security-breach-notification-laws.aspx 126 Article 13a of Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (OJ L 108, 24.4.2002, pp.33–50). 127 Article 4 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (OJ L 201 , 31/07/2002 pp.37-47). 128 Articles 31 and 32 of the Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. COM(2012) 11 final. 129 Maurushat, A., 2009. Data Breach Notification Law across the World from California to Australia. Privacy Law and Business International. UNSW Law Research Paper No. 2009-11. 250
CHAPTER EIGHT: PREVENTI<strong>ON</strong> traffic for known signatures, although some amount of targeting is required to make this effective. A review from the European Network and Information Security Agency concluded that: ‘Identifying botnet traffic among benign, regular traffic is like searching for a needle in 100 million haystacks.’ As noted above and in Chapter Five (Law enforcement and investigations), general traffic monitoring may also, in some circumstances, risk conflict with data protection and privacy laws. 130 Content filtering – As discussed below in the context of ISP liability, laws in some countries require ISPs to block access to illegal content such as child pornography. There are various ways in which ISP can do this, with different methods making tradeoffs between speed, cost, effectiveness and accuracy. Using DNS Filtering, ISPs can control the answers given to users by their DNS server, thereby restricting access to a domain, such as ‘google.com’, but not a specific page or set of search results. This is easy to bypass as users can simply use alternative DNS servers that will give genuine results. IP Header Filtering can be used to block individual computers based on their addresses or even partially to block specific services such as web or email. As many websites may be running on a single internet server, it can affect unrelated websites – sometimes in very large numbers. Deep Packet Inspection can be used to examine the main body of internet traffic. This allows extremely flexible filtering, but requires expensive hardware on high-speed ISP links, and can slow all user connections. In practice, many filtering regimes employ a combination of these approaches, forming a hybrid filter. Often, simpler filters, such as those based on DNS, are used to identify traffic to be redirected to more complex filters. This hybrid approach allows sophisticated filtering with greatly reduced resources. Another possible ISP response to illicit content is to slow down traffic rather than blocking it altogether. This approach can be used to make a service sufficiently inconvenient that users avoid it. Examples of this include the slowing of encrypted web connections, to force users onto unencrypted and thus inspectable versions of websites, and the practice of ISP ‘throttling’ of filesharing traffic such as BitTorrent. Possibilities for filtering or blocking of content, including with the aim of cybercrime prevention, have raised a number of human rights concerns. The Human Rights Council has emphasized, for example, the importance of internet access to freedom of expression and other human rights. A resolution adopted at its 20 th session ‘Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression,’ and ‘Calls upon all States to promote and facilitate access to the Internet.’ 131 The Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, has similarly called the internet ‘an indispensable tool for realizing a range of human rights, combating inequality, and accelerating development and human progress… facilitating access to the Internet for all individuals, with as little restriction to online content as possible, should be a priority for all States.’ 132 Intermediary liability – Internet content filtering is closely linked with the possibility of imposition of service provider liability for content. ISPs typically have limited liability as ‘mere conduits’ of data. However, as discussed below, particularly in the context of internet hosting, modification of transmitted content can increase liability in some legal systems, as can actual or 130 Hogben, G., (ed.) 2011. Botnets: Detection, Measurement, Disinfection & Defence. ENISA, pp.73-74. 131 A/HRC/20/L.13, 29 June 2012. 132 A/HRC/17/27, 16 May 2011. 251
Page 1 and 2:
Comprehensive Study on Cybercrime D
Page 3 and 4:
UNITED NATIONS OFFICE ON DRUGS AND
Page 5 and 6:
CONTENTS ABBREVIATIONS ............
Page 7 and 8:
LIST OF ABBREVIATIONS LIST OF ABBRE
Page 9 and 10:
LIST OF ABBREVIATIONS and Electroni
Page 11 and 12:
INTRODUCTION INTRODUCTION General A
Page 13 and 14:
KEY FINDINGS AND OPTIONS KEY FINDIN
Page 15 and 16:
KEY FINDINGS AND OPTIONS Some count
Page 17 and 18:
KEY FINDINGS AND OPTIONS (g) The st
Page 19 and 20:
EXECUTIVE SUMMARY EXECUTIVE SUMMARY
Page 21 and 22:
EXECUTIVE SUMMARY inspired by: (i)
Page 23 and 24:
EXECUTIVE SUMMARY constituent eleme
Page 25 and 26:
EXECUTIVE SUMMARY content, all of w
Page 27 and 28:
EXECUTIVE SUMMARY to elements or ef
Page 29 and 30:
EXECUTIVE SUMMARY cybercrime risk a
Page 31 and 32:
CHAPTER ONE: CONNECTIVITY AND CYBER
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
CHAPTER TWO: THE GLOBAL PICTURE CHA
Page 55 and 56:
CHAPTER TWO: THE GLOBAL PICTURE exh
Page 57 and 58:
CHAPTER TWO: THE GLOBAL PICTURE una
Page 59 and 60:
CHAPTER TWO: THE GLOBAL PICTURE and
Page 61 and 62:
CHAPTER TWO: THE GLOBAL PICTURE ris
Page 63 and 64:
CHAPTER TWO: THE GLOBAL PICTURE int
Page 65 and 66:
CHAPTER TWO: THE GLOBAL PICTURE Ind
Page 67 and 68:
CHAPTER TWO: THE GLOBAL PICTURE tra
Page 69 and 70:
CHAPTER TWO: THE GLOBAL PICTURE 2.3
Page 71 and 72:
CHAPTER TWO: THE GLOBAL PICTURE stu
Page 73 and 74:
CHAPTER TWO: THE GLOBAL PICTURE exp
Page 75 and 76:
CHAPTER TWO: THE GLOBAL PICTURE Mor
Page 77 and 78:
CHAPTER TWO: THE GLOBAL PICTURE bot
Page 79 and 80:
CHAPTER TWO: THE GLOBAL PICTURE cha
Page 81 and 82:
CHAPTER THREE: LEGISLATION AND FRAM
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
CHAPTER FOUR: CRIMINALIZATION CHAPT
Page 109 and 110:
CHAPTER FOUR: CRIMINALIZATION a com
Page 111 and 112:
CHAPTER FOUR: CRIMINALIZATION 4.2 A
Page 113 and 114:
CHAPTER FOUR: CRIMINALIZATION Prima
Page 115 and 116:
CHAPTER FOUR: CRIMINALIZATION saved
Page 117 and 118:
CHAPTER FOUR: CRIMINALIZATION Arab
Page 119 and 120:
CHAPTER FOUR: CRIMINALIZATION cent
Page 121 and 122:
CHAPTER FOUR: CRIMINALIZATION ‘da
Page 123 and 124:
CHAPTER FOUR: CRIMINALIZATION crimi
Page 125 and 126:
CHAPTER FOUR: CRIMINALIZATION shows
Page 127 and 128:
CHAPTER FOUR: CRIMINALIZATION conce
Page 129 and 130:
CHAPTER FOUR: CRIMINALIZATION Ident
Page 131 and 132:
CHAPTER FOUR: CRIMINALIZATION Analy
Page 133 and 134:
CHAPTER FOUR: CRIMINALIZATION Model
Page 135 and 136:
CHAPTER FOUR: CRIMINALIZATION Perfo
Page 137 and 138:
CHAPTER FOUR: CRIMINALIZATION 4.3 I
Page 139 and 140:
CHAPTER FOUR: CRIMINALIZATION the n
Page 141 and 142:
CHAPTER FOUR: CRIMINALIZATION Unite
Page 143 and 144:
CHAPTER FOUR: CRIMINALIZATION furth
Page 145 and 146:
CHAPTER FOUR: CRIMINALIZATION crimi
Page 147 and 148:
CHAPTER FIVE: LAW ENFORCEMENT AND I
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
CHAPTER SIX: ELECTRONIC EVIDENCE AN
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
CHAPTER SEVEN: INTERNATIONAL COOPER
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230: CHAPTER SEVEN: INTERNATIONAL COOPER
Page 255 and 256: CHAPTER EIGHT: PREVENTION CHAPTER E
Page 257 and 258: CHAPTER EIGHT: PREVENTION cybercrim
Page 259 and 260: CHAPTER EIGHT: PREVENTION The next
Page 261 and 262: CHAPTER EIGHT: PREVENTION Public-pr
Page 263 and 264: CHAPTER EIGHT: PREVENTION all repor
Page 265 and 266: CHAPTER EIGHT: PREVENTION Features
Page 267 and 268: CHAPTER EIGHT: PREVENTION a risk. O
Page 269 and 270: CHAPTER EIGHT: PREVENTION 8.3 Cyber
Page 271 and 272: CHAPTER EIGHT: PREVENTION necessari
Page 273 and 274: CHAPTER EIGHT: PREVENTION thirds of
Page 275 and 276: CHAPTER EIGHT: PREVENTION unjust en
Page 277 and 278: CHAPTER EIGHT: PREVENTION Cybercrim
Page 279: CHAPTER EIGHT: PREVENTION number of
Page 283 and 284: CHAPTER EIGHT: PREVENTION accounts,
Page 285 and 286: CHAPTER EIGHT: PREVENTION neither a
Page 287 and 288: ANNEX ONE: ACT DESCRIPTIONS ANNEX O
Page 289 and 290: ANNEX TWO: MEASURING CYBERCRIME ANN
Page 291 and 292: ANNEX TWO: MEASURING CYBERCRIME rat
Page 293 and 294: ANNEX TWO: MEASURING CYBERCRIME imp
Page 295 and 296: ANNEX TWO: MEASURING CYBERCRIME (al
Page 297 and 298: ANNEX THREE: PROVISIONS OF INTERNAT
Page 307 and 308: ANNEX FOUR: THE INTERNET ANNEX FOUR
Page 309 and 310: ANNEX FOUR: THE INTERNET The alloca
Page 311 and 312: ANNEX FOUR: THE INTERNET to downloa
Page 313 and 314: ANNEX FIVE: METHODOLOGY ANNEX FIVE:
Page 315 and 316: ANNEX FIVE: METHODOLOGY Information
Page 317 and 318: ANNEX FIVE: METHODOLOGY the total n
Page 320: Vienna International Centre, PO Box
show all

COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?