COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...

More documents

Recommendations

Info

The last decade has seen significant developments in the promulgation of international and regional instruments aimed at countering cybercrime. The genesis, legal status, geographic scope, substantive focus, and mechanisms of such instruments vary significantly. Five possible ‘clusters’ of instruments may be identified – (i) instruments developed in the context of, or inspired by, the Council of Europe or the European Union; (ii) instruments developed in the context of the Commonwealth of Independent States or the Shanghai Cooperation Organization; (iii) instruments developed in the African context; (iv) instruments developed by the League of Arab States, and (v) instruments developed under the auspices of, or associated with, United Nations entities. These clusters are not absolute and a significant amount of crossfertilisation exists between the instruments. The basic concepts developed in the Council of Europe Cybercrime Convention, for example, are also found in many other instruments. 57 United Nations entities, such as UNECA and ITU, have also had some involvement in the development of instruments in the African context, including the Draft African Union Convention and the SADC Model Law. Within a cluster, instruments may have a particularly direct relationship. The Commonwealth Model Law, for example, is based closely on the Council of Europe Cybercrime Binding • Council of Europe Convention on Cybercrime (2001) and Additional Protocol (2003) • Council of Europe Convention on Protection of Children against Sexual Exploitation and Sexual Abuse (2007) • EU legislation including on e- Commerce (2000/31/EC), on Combating Fraud and Counterfeiting of Non-Cash Means of Payment (2001/413/JHA), on Personal Data (2002/58/EC as amended), on Attacks against Information Systems (2005/222/JHA and Proposal COM(2010) 517 final), and on Child Pornography (2011/92/EU) • Commonwealth of Independent States (CIS) Agreement on Cooperation in Combating Offences related to Computer Information (2001) • Shanghai Cooperation Organization Agreement on Cooperation in the Field of International Information Security (2009) • (Draft) Economic Community of West African States (ECOWAS) Directive on Fighting Cybercrime (2009) • (Draft) African Union Convention on the Establishment of a Legal Framework Conducive to Cybersecurity in Africa (2012) • League of Arab States Convention on Combating Information Technology Offences (2010) • Optional Protocol to the United Nations Convention on the Rights of the Child on the Sale of Children, Child Prostitution and Child Pornography (2000) Non-binding • Commonwealth Model Laws on Computer and Computer-related Crime (2002) and Electronic Evidence (2002) • East African Community Draft Legal Framework for Cyberlaws (2008) • Common Market for Eastern and Southern Africa (COMESA) Cybersecurity Draft Model Bill (2011) • Southern African Development Community (SADC) Model Law on Computer Crime and Cybercrime (2012) • League of Arab States Model Law on Combating Information Technology Offences (2004) • International Telecommunication Union (ITU)/Caribbean Community (CARICOM)/Caribbean Telecommunications Union (CTU) Model Legislative Texts on Cybercrime, e-Crime and Electronic Evidence (2010) • International Telecommunication Union (ITU)/Secretariat of the Pacific Community Model Law on Cybercrime (2011) 57 The analysis contained in Annex Three to this Study (‘Provisions of international and regional instruments’) demonstrates that many key concepts found in the Council of Europe Cybercrime Convention – such as illegal access to a computer system, illegal interception of computer data, illegal interference with computer data or a computer system, expedited preservation of computer data, and real-time collection of computer data – are also found in other, later, instruments. 64
CHAPTER THREE: LEGISLATION AND FRAMEWORKS Convention. The Draft African Union Convention incorporates language from the ECOWAS Draft Directive, and the Commonwealth of Independent States Agreement and Shanghai Cooperation Organization Agreement show some common concepts related to computer information security. Similarities and differences between the instruments and clusters can be illustrated with reference to the schema below, focusing on ‘legal status’, ‘geographic scope’, ‘substantive focus’, and ‘mechanisms.’ Legal status A first important distinction concerns whether an instrument is legally binding. A number of the instruments – notably the Council of Europe Conventions, the European Union instruments, the Commonwealth of Independent States Agreement, the Shanghai Cooperation Organization Agreement, and the League of Arab States Convention – are express agreements between states intended to create legal obligations. 58 If approved by the Assembly of the African Union, the Draft African Union Convention would also be open for signature, ratification or accession, with entry into force in the form of a binding instrument. 59 Other instruments – such as the Commonwealth Model Law, the COMESA Draft Model Bill, the League of Arab States Model Law, and the ITU/CARICOM/CTU Model Legislative Texts – are not intended to create legal obligations for states. Rather, they are designed to serve as inspiration or ‘models’ for development of national legislative provisions. Non-binding instruments may nonetheless have a significant influence at the global or regional level when many states choose to align their national laws with model approaches. 60 In addition, countries that have not ratified or acceded to a binding instrument may nonetheless make use of a binding instrument as inspiration for national legislative provisions – with the result that the reach of an instrument can be broader than the number of countries that have signed, ratified or acceded. 61 Geographic scope Legal status Binding Non-binding Substantive focus Criminalization o List of crimes o Specific crime International cooperation and jurisdiction Procedural powers Cybersecurity E-commerce Geographic scope Non-restricted Defined Mechanisms Generic obligations Extradition Mutual assistance Focal points For binding instruments, the geographic scope is typically determined by the nature and 58 ‘International conventions’, whether general or particular, establishing rules expressly recognized, are included as a source of international law to be applied by the International Court of Justice under Article 38 of the Statute of the International Court of Justice. Article 2 of the Vienna Convention on the Law of Treaties defines a ‘treaty’ as an ‘international agreement concluded between States in written form and governed by international law, whether embodied in a single instrument or in two or more related instruments and whatever its particular designation.’ 59 Draft African Union Convention. Part IV, Section 2. In September 2012, the 4th Ordinary Session of the African Union Conference of Ministers in Charge of Communication and Information Technologies (CITMC-4) requested the Draft African Union Convention to be submitted by the African Union Commission for adoption according to African Union rules of procedure. See African Union. 2012. Khartoum Declaration. AU/CITMC-4/MIN/Decl.(IV)Rev 2, 6 September 2012. 60 A number of states in the Commonwealth, for example, have used provisions from the Commonwealth Model Law either alone, or in conjunction with the Council of Europe Cybercrime Convention. See Council of Europe. 2012. Commonwealth States: Use of the Budapest Convention and Commonwealth Model Law. Council of Europe’s contribution to the Commonwealth Working Group on Cybercrime. 61 The Council of Europe, for example, reports that, in addition to the countries that have ratified, signed or been invited to accede to the Council of Europe Cybercrime Convention, it has engaged with at least 55 countries in technical cooperation on the basis of the Convention. See Seger, A., 2012. The Budapest Convention on Cybercrime 10 years on: Lessons learnt or the web is a web. 65
Page 1 and 2:
Comprehensive Study on Cybercrime D
Page 3 and 4:
UNITED NATIONS OFFICE ON DRUGS AND
Page 5 and 6:
CONTENTS ABBREVIATIONS ............
Page 7 and 8:
LIST OF ABBREVIATIONS LIST OF ABBRE
Page 9 and 10:
LIST OF ABBREVIATIONS and Electroni
Page 11 and 12:
INTRODUCTION INTRODUCTION General A
Page 13 and 14:
KEY FINDINGS AND OPTIONS KEY FINDIN
Page 15 and 16:
KEY FINDINGS AND OPTIONS Some count
Page 17 and 18:
KEY FINDINGS AND OPTIONS (g) The st
Page 19 and 20:
EXECUTIVE SUMMARY EXECUTIVE SUMMARY
Page 21 and 22:
EXECUTIVE SUMMARY inspired by: (i)
Page 23 and 24:
EXECUTIVE SUMMARY constituent eleme
Page 25 and 26:
EXECUTIVE SUMMARY content, all of w
Page 27 and 28:
EXECUTIVE SUMMARY to elements or ef
Page 29 and 30:
EXECUTIVE SUMMARY cybercrime risk a
Page 31 and 32:
CHAPTER ONE: CONNECTIVITY AND CYBER
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44: CHAPTER ONE: CONNECTIVITY AND CYBER
Page 53 and 54: CHAPTER TWO: THE GLOBAL PICTURE CHA
Page 55 and 56: CHAPTER TWO: THE GLOBAL PICTURE exh
Page 57 and 58: CHAPTER TWO: THE GLOBAL PICTURE una
Page 59 and 60: CHAPTER TWO: THE GLOBAL PICTURE and
Page 61 and 62: CHAPTER TWO: THE GLOBAL PICTURE ris
Page 63 and 64: CHAPTER TWO: THE GLOBAL PICTURE int
Page 65 and 66: CHAPTER TWO: THE GLOBAL PICTURE Ind
Page 67 and 68: CHAPTER TWO: THE GLOBAL PICTURE tra
Page 69 and 70: CHAPTER TWO: THE GLOBAL PICTURE 2.3
Page 71 and 72: CHAPTER TWO: THE GLOBAL PICTURE stu
Page 73 and 74: CHAPTER TWO: THE GLOBAL PICTURE exp
Page 75 and 76: CHAPTER TWO: THE GLOBAL PICTURE Mor
Page 77 and 78: CHAPTER TWO: THE GLOBAL PICTURE bot
Page 79 and 80: CHAPTER TWO: THE GLOBAL PICTURE cha
Page 81 and 82: CHAPTER THREE: LEGISLATION AND FRAM
Page 93: CHAPTER THREE: LEGISLATION AND FRAM
Page 107 and 108: CHAPTER FOUR: CRIMINALIZATION CHAPT
Page 109 and 110: CHAPTER FOUR: CRIMINALIZATION a com
Page 111 and 112: CHAPTER FOUR: CRIMINALIZATION 4.2 A
Page 113 and 114: CHAPTER FOUR: CRIMINALIZATION Prima
Page 115 and 116: CHAPTER FOUR: CRIMINALIZATION saved
Page 117 and 118: CHAPTER FOUR: CRIMINALIZATION Arab
Page 119 and 120: CHAPTER FOUR: CRIMINALIZATION cent
Page 121 and 122: CHAPTER FOUR: CRIMINALIZATION ‘da
Page 123 and 124: CHAPTER FOUR: CRIMINALIZATION crimi
Page 125 and 126: CHAPTER FOUR: CRIMINALIZATION shows
Page 127 and 128: CHAPTER FOUR: CRIMINALIZATION conce
Page 129 and 130: CHAPTER FOUR: CRIMINALIZATION Ident
Page 131 and 132: CHAPTER FOUR: CRIMINALIZATION Analy
Page 133 and 134: CHAPTER FOUR: CRIMINALIZATION Model
Page 135 and 136: CHAPTER FOUR: CRIMINALIZATION Perfo
Page 137 and 138: CHAPTER FOUR: CRIMINALIZATION 4.3 I
Page 139 and 140: CHAPTER FOUR: CRIMINALIZATION the n
Page 141 and 142: CHAPTER FOUR: CRIMINALIZATION Unite
Page 143 and 144: CHAPTER FOUR: CRIMINALIZATION furth
Page 145 and 146:
CHAPTER FOUR: CRIMINALIZATION crimi
Page 147 and 148:
CHAPTER FIVE: LAW ENFORCEMENT AND I
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
CHAPTER SIX: ELECTRONIC EVIDENCE AN
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
CHAPTER SEVEN: INTERNATIONAL COOPER
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
CHAPTER EIGHT: PREVENTION CHAPTER E
Page 257 and 258:
CHAPTER EIGHT: PREVENTION cybercrim
Page 259 and 260:
CHAPTER EIGHT: PREVENTION The next
Page 261 and 262:
CHAPTER EIGHT: PREVENTION Public-pr
Page 263 and 264:
CHAPTER EIGHT: PREVENTION all repor
Page 265 and 266:
CHAPTER EIGHT: PREVENTION Features
Page 267 and 268:
CHAPTER EIGHT: PREVENTION a risk. O
Page 269 and 270:
CHAPTER EIGHT: PREVENTION 8.3 Cyber
Page 271 and 272:
CHAPTER EIGHT: PREVENTION necessari
Page 273 and 274:
CHAPTER EIGHT: PREVENTION thirds of
Page 275 and 276:
CHAPTER EIGHT: PREVENTION unjust en
Page 277 and 278:
CHAPTER EIGHT: PREVENTION Cybercrim
Page 279 and 280:
CHAPTER EIGHT: PREVENTION number of
Page 281 and 282:
CHAPTER EIGHT: PREVENTION traffic f
Page 283 and 284:
CHAPTER EIGHT: PREVENTION accounts,
Page 285 and 286:
CHAPTER EIGHT: PREVENTION neither a
Page 287 and 288:
ANNEX ONE: ACT DESCRIPTIONS ANNEX O
Page 289 and 290:
ANNEX TWO: MEASURING CYBERCRIME ANN
Page 291 and 292:
ANNEX TWO: MEASURING CYBERCRIME rat
Page 293 and 294:
ANNEX TWO: MEASURING CYBERCRIME imp
Page 295 and 296:
ANNEX TWO: MEASURING CYBERCRIME (al
Page 297 and 298:
ANNEX THREE: PROVISIONS OF INTERNAT
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
ANNEX FOUR: THE INTERNET ANNEX FOUR
Page 309 and 310:
ANNEX FOUR: THE INTERNET The alloca
Page 311 and 312:
ANNEX FOUR: THE INTERNET to downloa
Page 313 and 314:
ANNEX FIVE: METHODOLOGY ANNEX FIVE:
Page 315 and 316:
ANNEX FIVE: METHODOLOGY Information
Page 317 and 318:
ANNEX FIVE: METHODOLOGY the total n
Page 320:
Vienna International Centre, PO Box
show all

COMPREHENSIVE STUDY ON CYBERCRIME - United Nations ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?