Academic journal article Forum on Public Policy: A Journal of the Oxford Round Table

Catch Me If You Can: A Taxonomically Structured Approach to Cybercrime

Academic journal article Forum on Public Policy: A Journal of the Oxford Round Table

Catch Me If You Can: A Taxonomically Structured Approach to Cybercrime

Article excerpt

Introduction

Jurisdiction and physical presence of a perpetrator and evidence form the basis of the majority of existing legal structures that address criminal issues. Tangible, physical evidence is the foundation on which most successfully prosecuted crimes rest. Digital evidence obtained from a cybercrime intrusion is volatile, difficult to obtain or present in court, and requires a certain amount of adaptation in order to be acceptable to most courts. These difficulties of application may be illustrated in more detail by examining specific comparisons of cybercrime incidents to existing laws, as well as procedural difficulties arising from determination of jurisdiction over a networked environment.

Axelrod and Jay (1999, p. 14) give an example of suitable application to computer crime of an existing law. If a stolen password is used to gain unauthorized, local entry into a computer, this can be prosecuted as unauthorized use of a computer under New York State Computer Law [NYSCL], [section] 156.05 (1998). A different example described by Axelrod and Jay (1999, p. 14) is that of a distributed denial of service attack. A distributed denial of service attack [DDoS] occurs when a multitude of networked systems direct a massive quantity of network traffic (in the form of "packets") toward a single victim system. The deluge of packets can cause access to the victimized system to become unavailable to legitimate users. The use of computer trespass (NYSCL, [section] 156.10, 1998) would be realistically impossible to support in court, due to the untraceable nature of a DDoS attack. Computer tampering (NYSCL, [section] 156.20, 1998) would also be unlikely to help establish a case because, technically speaking, the intruder has not intentionally altered or destroyed computer data belonging to another person.

When Axelrod and Jay's (1999) examples are examined, it can be seen that the "fit" between traditional law and applicability to the various network-related crimes are distinguished by the characteristic of remote connection; that is to say, the networked environment in which the crime takes place. As illustrated by Axelrod and Jay, unauthorized local physical access to a computer bears enough resemblance to the traditional laws governing trespass to allow prosecution. When certain characteristics inherently exclusive to the networked environment are introduced as in the case of a DDoS attack, laws crafted for a traditional, physical environment may prove to be difficult to apply when prosecuting the perpetrators even should the perpetrators be identified.

Traditional law in the United States has yet to precisely define jurisdiction involving cybercrime. There is little precedent concerning determination of jurisdiction over actions which are performed remotely using the Internet as the medium for conveyance. In those cases where the United States justice system has adjudicated, "long-arm" statutes, which allow a state to extend jurisdiction to individuals or organizations not residing in that state, and local jurisdictional principals have been applied toward making decisions. Due to the paucity of jurisdiction cases involving cybercrime, there is currently a limited amount of law for policy makers or enforcement officers to reference.

Berman (2004, p. 1821) argues that "territorially-based conceptions of legal jurisdiction may no longer be adequate" in pursuing offences committed in the virtual, global environment of the Internet and proposes a pluralistic concept of jurisdiction. Berman notes a selection of cybercrime cases in which United States judges have ruled according to United States law, assuming that because United States law may apply that it should apply.

Berman's (2004) pluralist view detaches the jurisdiction process from territorial nation-states and places jurisdiction into the virtual state occupied by networked entities represented through the Internet. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.