Registered Students login to NYLS Portal for updated Course Information and Reading Assignments.
UNIT 01:
Overview, What is Cybercrime?
Cybercrime (cf., computer crime, electronic crime, information crime, virtual crime) is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. These categories are not exclusive and many activities can be characterized as falling in one or more categories.
Additionally, although the term cybercrime is more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, the term is also popularly used to include traditional crimes in which computers or networks are used to facilitate the illicit activity, or where a computer or network contains stored evidence of a traditional crime.
Examples of cybercrime in which the computer or network is a tool of the criminal activity include "spamming" and certain intellectual property and criminal copyright crimes ("IP piracy"), particularly those facilitated through peer-to-peer networks.
Examples of cybercrime in which the computer or network is a target of criminal activity include unauthorized access (sometimes referred to as "computer trespass," "hacking," or "cracking"), malicious code ("malware"), and denial-of-service ("DoS" and "DDoS") attacks. Attacks on critical infrastructure (cf., CIP), including telecommunications networks and industrial control systems (SCADA), may result in significant real-world damage, implicating cyberterrorism and national security issues.
Examples of cybercrime in which the computer or network is a place of criminal activity include theft of service, in particular, telecom fraud (e.g., "phreaking") and certain financial frauds involving electronic transfers (e.g., "salami slicing"). An emerging area is "virtual crime," particularly in online gaming or immersive social network sites where avatars and virtual goods are subject to attack or theft.
Finally, examples of traditional crimes facilitated through the use of computers or networks include Nigerian 419 or other gullibility frauds (e.g., "phishing"), identity theft, child pornography, online gambling, securities fraud, etc. Cyberstalking is an example of a traditional crime -- harassment or stalking -- that has taken a new form when facilitated through computer networks. Additionally, computers or networks have been used to lure victims of assault, robbery or muggings.
Additionally, certain other information crimes, including trade secret theft and economic espionage, are sometimes considered cybercrimes when computers or networks are involved.
Cybercrime in the context of national security may involve hacktivism (online activity intended to influence policy), traditional espionage, or information warfare and related activities. (See GISP Program on Information and Warfare).
Another way to define cybercrime is simply as criminal activity involving the information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.
Unique Characteristics of Cybercrime.
The global reach of the Internet, the low marginal cost of online activity, and the relative anonymity of users have changed the balance of forces that have previously served to keep in check certain undesirable behaviors in the physical world. These characteristics of "cyberspace" have lowered the cost of perpetrating undesirable behavior by eliminating certain barriers to entry, lowering transaction costs, and reducing the probability of getting caught. (See Daniel E. Greer, "The Physics of Digital Law" in Cybercrime, Jack Balkin, et al. eds., NYU Press 2007).
Together, these characteristics make traditional law enforcement strategies, particularly strategies based on identifying and apprehending perpetrators after they commit online crime, both less effective and more expensive.
At the same time, however, other characteristics of cyberspace provide new opportunities to control illegal acts. Unlike in the physical world, in cyberspace certain readily identifiable third parties – Internet service providers, telecommunication providers, and victims themselves – have exclusive or shared technical control over the infrastructure through which most illegal online behavior is carried out. These characteristics provide new opportunities for innovative policy approaches to controlling undesirable behavior, including the use of technical architecture as a regulatory mechanism, the use of novel authorization and surveillance regimes to prevent or deter undesirable activity, and the use of data and activity logging to enhance persistence and recoverability of evidence, among others. (See, e.g., references in "OPTIONAL READING RE REGULATORY MECHANISMS," below).
These responses in turn raise new philosophical, social, and Constitutional concerns (or challenge accepted constructs) regarding the relationship between individual and the state, including issues relating to civil liberties, privacy, freedom, and collective security. (See Digital Law Enforcement). (See also, Subtext).
Cyber-attacks and attackers.
Cyber-attacks can be malicious or accidental; can involve attacks by other nation states, organized groups, or individuals; and can be motivated by monetary gain, ill-will, political interests, or curiousity. Cyber-attacks can be directed at governments, firms, or individuals. Cyber-attacks can involve the theft or destruction of information; the theft of services or financial assets; or the destruction of hardware or software infrastructure. Cyber-attacks can result in financial loss, business or service interruption, or infrastructure destruction. Cyber-attacks can be aimed directly at disrupting business or government services or can be launched in conjunction with physical attacks in order to magnify effects or prevent effective response. Cyber-attacks for monetary gain or ill-will are generally considered cybercrime; attacks for political interests can be considered hacktivism (if in the nature of political protest) or cyberterrorism (if intended to disrupt or destroy infrastructure or control mechanisms). Cyber-attacks by (or in some cases against) nation states are generally considered a form of information warfare.
Developing effective law enforcement or national security policies, laws, and practices to deal with emerging cyber threats while still protecting traditional civil liberties values as well as technology innovation opportunities is a national priority. (See GISP Program on Law Enforcement and National Security in the Information Age "PLENSIA").
Cybercrime Law.
Another way to think about cybercrime is to distinguish the applicable substantive law, procedural law, and jurisdictional law, and to distinguish between reactive, preemptive, and preventative strategies.
There are two kinds of substantive cybercrime law: computer misuse (covered in parts II and III below) and traditional crime (covered in part IV and V). Computer misuse crimes generally involve either exceeding the user's privileges (hacking) or denying others their privileges (malware, DoS, etc.). Traditional crimes are those like fraud, threats, harassment, gambling, pornography, etc. that have a physical world analog but are facilitated through the use of a computer (parts IV and V).
Procedural cybercrime law also has two distinct aspects (part VIII and IX): search and seizure law under the Fourth Amendment, and statutory privacy law. In general, the former -- Fourth Amendment jurisprudence -- governs the retrieval of evidence from individual computers while the latter -- statutory privacy laws -- governs the surveillance of networks or third party computers.
Jurisdictional law is complicated in computer crime because activity can take place in multiple jurisdictions complicating both prosecution and investigation/evidence gathering (part VI and VIII). Further, the global nature of the information infrastructure blurs the previously clear demarcation between reactive law enforcement policies and preemptive national security strategies (and their respective legal regimes) (parts IX, XII, XIII, XIV, and XV).
Additionally, because victims themselves, or third parties (like ISPs), control much of the infrastructure in or through which cybercrime takes place, preventative strategies are sometimes in tension with traditional law enforcement approaches (part VII).
Cybercrime can also take on a political dimension, for example, when it is used as a form of warfare between nation states (or against sub-state enemies) or when it is used by individuals or groups as a form of political activism (hacktivism) (part XII).
REQUIRED READING:
* Course Introduction and Part I, Overview, What is Cybercrime? (above).
* Course Subtext.
* Michael Edmund O'Neill, Old Crimes in New Bottles: Sanctioning Cybercrime, 9 Geo. Mason L. Rev 237-288 (2000) (available in Course Documents).
* Daniel E. Greer, "The Physics of Digital Law" pp. 13-36 in Cybercrime, (Jack Balkin, et al. eds., NYU Press 2007).
Congressional Research Service, Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress (CRS Reports RL 32114, updated Jan. 29, 2008) (download PDF) ("Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security...This report discusses options now open to nation states, extremists, or terrorist groups for obtaining malicious technical services from cybercriminals to meet political or military objectives, and describes the possible effects of a coordinated cyberattack against the U.S. critical infrastructure.")
Also, skim the PLENSIA Program Overview, Program on Law Enforcement and National Security in the Information Age, World Policy Institute (2004).
And, familiarize yourself with the Useful Links for Defining Technical Term.
OPTIONAL READING RE REGULATORY MECHANISMS:
Lawrence Lessig, CODE AND OTHER LAWS OF CYBERSPACE, Chapter 7, pp. 85-99 (Basic Books 1999) (ISBN:0465039138) (discussing law, social norms, the market, and architecture as things that regulate).
Neal Kumar Katyal, Architecture as Crime Control, 111 Yale L.J. 1039, 1047 (2002).
Neal Kumar Katyal, Digital Architecture as Crime Control, 112 Yale L.J. 2261 (2003).
K. A. Taipale, Internet and Computer Crime: System Architecture as Crime Control, Center for Advanced Studies (Feb. 2003). Available at SSRN: http://ssrn.com/abstract=706161.
Lien Tien, Architectural Regulation and the Evolution of Social Norms pp. 37-58 in Cybercrime (Jack Balkin, et al. eds., NYU Press 2007).
Orin Kerr, Virtual Crime, Virtual Deterrence: A Skeptical View of Self-Help, Architecture, and Civil Liability, 1 J.L. Econ. & Pol'y 197 (Winter 2005).
Susan W. Brenner and Leo L. Clark, Distributed Security: A New Model of Law Enforcement, J. Marshall J. Computer & Info. L. (2005). Available at SSRN: http://ssrn.com/abstract=845085.
OTHER BACKGROUND TEXTS:
Orin S. Kerr, COMPUTER CRIME LAW: AMERICAN CASEBOOK SERIES (2006) (ISBN:0314144005).
Ralph D. Clifford, CYBERCRIME: THE INVESTIGATION, PROSECUTION AND DEFENSE OF A COMPUTER-RELATED CRIME (Second Edition 2006) (ISBN:0890897239).
Samuel C. McQuade, III, UNDERSTANDING AND MANAGING CYBERCRIME (2006) (ISBN:020543973X).
Peter Stephenson, INVESTIGATING COMPUTER RELATED CRIME (2000) (ISBN:0849322189).
Joel McNamara, SECRETS OF COMPUTER ESPIONAGE: TACTICS AND COUNTERMEASURES (2003) (ISBN:0764537105).
OPTIONAL BACKGROUND READING ON SOCIAL CONSTRUCTION OF LAW:
The Stanford Encyclopedia of Philosophy, entry on "Legal Positivism."
Wikipedia, entry on "Legal Positivism."
See also references in COURSE SUBTEXT.
Registered Students login to NYLS Portal for updated Reading Assignments.
Course Outline/Class Units
Registererd NYLS students login to my.nyls.edu for updated outline and assignments.
- Overview, What is Cybercrime?
- Computer Intrusions and Attacks (Unauthorized Access)
- Computer Viruses, Time Bombs, Trojans, Malicious Code (Malware)
- Online Fraud and Identity Theft; Intellectual Property Theft; Virtual Crime
- Online Vice: Gambling; Pornography; Child Exploitation
- International Aspects and Jurisdiction
- Infrastructure and Information Security; Risk Management
- Investigating Cybercrime: Digital Evidence and Computer Forensics
- Interception, Search and Seizure, and Surveillance
- Information Warfare, Cyberterrorism, and Hacktivism
- Terrorism, Radicalization, and The War of Ideas
- Trade Secret Theft and Economic Espionage
- National Security
- Case Study: CALEA, VoIP
Course Information
- PAPER RESEARCH
- USEFUL LINKS FOR DEFINING TECHNICAL TERMS
- COURSE SUBTEXT AND OPTIONAL BACKGROUND MATERIAL
Registered Students login to NYLS Portal for updated Reading Assignments.
All original material on this or any linked page is copyright the Center for Advanced Studies in Science and Technology Policy © 2003-2009. Permission is granted to reproduce this material in whole or in part for non-commercial purposes, provided it is with proper citation and attribution.
|
