Tuesday, 27 February 2007

CYBERCRIME: LOCATING AND PENALIZING THE DIGITAL OFFENDER

part 4

Several theories have been advances as to when access becomes unauthorized. Before the advent of legislation, computer crimes involving unauthorized access were essentially absorbed by other common crimes like theft and burglary. This eventually proved to be insufficient as both crimes involved actual prejudice to property interests, where such could not be proven in crimes involving computers. The net result was a body of jurisprudence where the scope of the crime became very large and where proof of the actual property loss became very difficult, a combination that severely weakened enforcement. Thus:

Although not fully articulated at the time, the harm of misuse was that it interfered with the intended function of computers by either exceeding or denying intended privileges. The intrusion itself seemed worth prohibiting, much like a burglary or a trespass. Traditional property crime laws could address computer misuse only when the misuse triggered a consequential harm, however. As a result, the existing law had no clear remedy for many instances of misuse. Although commentators did not have a specific sense of where the line should be drawn, they tended to agree that misuse alone should be a new trigger of criminal liability.

Statutes were later enacted to remedy the initial disparity between traditional law and computer crimes but these proved to be insufficient inasmuch as the conceptual assumptions remained grounded in the old regime of anti-theft and burglary laws, resulting in statutes that are unnecessarily broad

Any standard for the punishment of crime must necessarily be strictly drawn in order not to unduly infringe upon the rights of individuals. In this respect, the functional definition of unauthorized access must set an absolute threshold. It may be as simple as the violation of password-protected files inside a computer. This example meets both the stringent threshold for criminal legislation and the broad need for protection by ordinary computer users.

Substantially the same standards and criticism apply to any access which is expressly unauthorized. In this case, however, the criminal act is much more patent inasmuch as the express lack of authority clearly delineates the crime. The more relevant issue in this instance is evidentiary in character: whether the intrusion has been monitored electronically and whether such electronic evidence is sufficient to produce a conviction.

Responses to Cybercrime

The basic issue for dealing with cybercrime can be summarized thus:
Cybercrime presents a conundrum that taps into the larger issue of how the law handles new technologies. Occasionally, the law singles out crimes that use more efficient means as deserving of special punishment (e.g., wire and mail fraud), and other times it does not (e.g., crimes performed with an automobile). The relationship between technology and law is an ever-evolving one, where innovations that benefit consumers frequently prove a boon to offenders as well. Cybercrime forces us to confront the role of criminal law and the limitations of public enforcement, just as the criminal law forces us to rethink the role of technology and the advancement of a heretofore largely unregulated marketplace.

by nestor gadrinab

1 comment:

jm said...

And yet issues continue to exist with respect to identification of the accused. Determining whether or not unauthorized access has taken place is relatively easy to confirm (through key loggers, surveillance software, that sort of thing), but these types of technology won't be able to conclusively identify who accessed the system. Then again, with the advent of biometrics, webcams, that sort of thing, perhaps some headway can be made.