With the threat of cyber attacks looming over all of us, we are in dire need of international cybercrime laws and regulations. National governments and their cyber security bodies are working towards regulating transnational cybercrimes. Sadly, this is a lot easier said than done, for a few notable reasons.
Cybercriminals can work from anywhere, hand-picking targets from all corners of the globe. Cybercriminal activities continue to evolve, making them more difficult to define and categorise by lawmakers. This lack of policies paves the way for cybercriminals to wreak havoc on the web – sometimes with little to no repercussions.
As regulatory bodies still develop their own policing and detection processes, cyber security specialists tell us to take our digital security into our own hands. Netizens across the US and Canada are becoming more wary about their activities online. And in Australia VPN usage is becoming increasingly popular. More security service providers are building local servers and other infrastructure to support their growing user base within the Asia-Pacific region. But even though we’re all using the same cyber security measures, how our countries define cybercrime can be wildly different.
Today, we’ll be taking a closer look at the issue of policing cybercrime. Read on to learn how laws may change from state to state, and what impact these changes will have on transnational cybercriminal activities.
How do different countries define ‘cybercrime’?
It’s no secret that governments have differing viewpoints when it comes to deciding what should be legal or illegal. In fact, even some states within nations possess differing viewpoints on some of the world’s most hotly debated social issues. For example, you can smoke marijuana for recreational purposes in the state of Virginia with no issue. But as soon as you step over the bordering North Carolina state line, possession of half an ounce of marijuana or less is considered a Class 3 misdemeanour.
It’s baffling to think that even just travelling a few short miles can result in dramatically different outcomes. But this same inconsistency can be found in cyber security processes and policies all over the globe.
Take a look at China, for instance. Even the use of VPNs is strictly prohibited here, and in a handful of other countries with similarly strict censorship laws. And although the majority of us can agree that using cyber security measures doesn’t make you a criminal, countries like China, Russia, and even Vietnam would disagree.
But the issue of where we draw our cyber borders goes so much further than just VPN usage alone. There are also questions about the legality of white hat hacker activity. These are hackers that only infiltrate cyberspace with the purpose of bringing down malicious black hat hackers and ransomware.
Like whistleblowers, white hat hacking professionals are at risk of being targeted by policing bodies. Especially in countries that are particularly strict with their cybercrime legislation. But can we afford to stifle individuals and agencies that have the means of toppling international hacking societies? The United Nations says that we can’t, which is why they’ve been busy trying to write up their own transnational cybercrime legislation.
How does the UN currently define ‘cybercrime’?
Currently, cybercrime is a broad term that’s used to refer to any criminal activities or behaviours that involve the use of computers, the internet, or other forms of ICT (information communications technologies). While this definition works well in theory, many civil liberties groups argue that this working definition is too expansive to be effective in practice.
In their 2022 letter to the United Nations’ Ad Hoc Committee to Elaborate a Cybercrime Treaty, the Electronic Frontier Foundation asserted that the current definition of ‘cybercrime’ could put other individuals at risk of being hit with cybercriminal charges. Under the UN’s proposed legislation, legitimate actors like ‘journalists, whistleblowers, security researchers, and others could be wrongfully charged with a cybercrime.
So the UN’s solution shares the same pitfalls of national cybercrime legislation. It seems like we’re closing in on a viable approach on all sides, but are still falling short of the mark where it matters most. So where do we go from here?
So what is the solution?
It’s clear to see that the world’s real problem surrounding all things cybercrime isn’t just the criminals themselves. It’s the system that allows cybercriminals to go undetected. It’s the system that instead punishes the journalists, whistleblowers, and others who are working to ensure our safety.
The goal is to develop legislation protecting these individuals while providing a wide scope for defining cybercrimes. Given the great variation in malicious hacking activities, this wide scope is necessary. And the fact that hacking methodologies have a tendency to evolve at rapid fire rates.
So how do we create a system that still corrects cybercriminal activities without turning on legitimate actors within cyberspace? The answer is to consider if actions exhibited in cyberspace demonstrate criminal intent.
Defining criminal intent will likely also take a bit of finetuning by transnational bodies and governments. But it’s a start towards making our cybercrime policies more effective as we continue honing our crime detection processes.
Sadly, disrupting cyberspace seems to be the most powerful method of prompting governments to take action. Does this mean that you should don a black hoodie, sitting in a darkly lit room, and become a black hat hacker yourself? Well, no. But you can learn more about how hackers operate, and how you can keep yourself safe online.
By educating yourself, we can help our global community be better equipped to respond to cybercrime in the future. And by building cyber security awareness from the ground up, we can help ensure that future policy making efforts are as on the pulse as the criminals themselves.