Crimes carried out online are already illegal — experts calling for new laws should rather concentrate on enforcing existing laws.
Crime statistics in England and Wales have recently started rising dramatically, following decades of steady decline. According to the UK Office for National Statistics (ONS), crimes have near-doubled since 2015. This is not because the UK has suddenly become a land of criminals, but rather because the ONS has, since end-2015 included estimated cybercrime figures in its statistics, exposing how criminal operations are increasingly moving online.
As a result, UK Prime Minister Theresa May recently suggested dedicated cybercrime laws to combat online harassment and intimidation. France also recently announced plans to fine social media firms for failing to take down hate speech, following similar laws introduced in Germany at the start of this year. However, the internet introduces myriad opportunities to perpetrate more than just harassment – phishing attacks, identity theft and cryptocurrency scams are all either exacerbated or created online and just recently, there have been dramatic revelations of mass data leaks in which the UK firm Cambridge Analytica used vast quantities of Facebook user data to manipulate political processes.
It is understandable, therefore, that this phenomenon is resulting in a call for bespoke laws criminalising specific cyber crimes. Mark King at the European e-identity organisation EEMA differs vehemently: “We already have laws against libel, theft, impersonation and basically everything else that is now cyber-enabled.”
He is correct, of course. The problem is not with existing laws, which, in South Africa in particular, are more than adequate. The problem is with enforcement.
Starting with the police, a complainant is likely to encounter officers who aren’t equipped to deal with digital crimes. Dedicated police departments might offer a solution to this problem. The same applies to the prosecuting authorities and even the courts, where most prosecutors, magistrates and judges would have difficulty in dealing with the technology involved in cybercrimes. Then there is the difficulty inherent in reporting cybercrime and collecting and presenting the evidence. One cannot, for instance, forward a suspected phishing email to the police, because it will get caught by their spam filters. What is required, in this case, might be dedicated computers that are specifically isolated and set up to receive and process this kind of evidence.
Internationally, countries are trying to deal with the problem of enforcement, starting with the creation of dedicated courts. In Hangzhou, China, for instance, a cyber-court opened last August, which puts the entire process online. Everything from discovery of evidence to judgments happens digitally – people even receive their verdicts on the platform. In addition, countries are starting to propose e-evidence laws that seek to reconcile different laws around evidence, particularly when there is a clash of jurisdictions.
Unfortunately, it would seem that not all countries play along. It would seem that countries like Ukraine, Russia and China, to name but a few, have lax enforcement and a reluctance to co-operate with authorities in affected countries.
Ultimately, even if local law enforcement is willing to cooperate, obtaining evidence in online cases is very difficult and if criminals use an anonymising service like a proxy, the chances of prosecution plummet — according to Patrick Curry, who runs the British Business Federation Authority, which develops authentication and identity standards: “You can have all the special courts and special experts you want …if the evidence isn’t there, what’s the judge going to be able to use to make a ruling?”
That opens the floor to an uncomfortable question – should we disallow anonymity on the internet?
Lawrence Sherman, an experimental criminologist at the University of Cambridge, compares dedicated courts with a recent proposal to redesign the internet to require identification of all users. Under this system, all online information would be tied to your real-world identity, making anonymous crime much more difficult. Curry and King also point to proposals to give people ID cards for the internet, using biometrics that tie us to specific devices.
Such suggestions go against the Wild West ethos on which the internet was originally built, but they would solve the problem of hauling someone known only as “Haxx0r420” into the dock. With cybercrime only set to rise, perhaps it’s time we brought some lawfulness to the online frontier.
With acknowledgement to Sally Adee, New Scientist, 31 March 2018