International review of criminal policy - Nos. 43 and 44/CONCLUSION

VII. CONCLUSION

289. This Manual has attempted to provide a broad overview of the newest forms of computer and computer-related crime. It has exposed the history, extent and complexities of this phenomenon. The complexities, intrinsic to the technology itself and to the vagaries of human nature, are exacerbated by the inadequacies of current law. The Manual has canvassed the various solutions that have been suggested and proposed some reform initiatives in the legal area. Pertinent issues for security in the electronic environment have been explored. In addition, the use of non-penal methods to combat this problem has been noted.

290. Many groups of experts in the computer and crime-enforcement fields have discussed, and continue to discuss, these issues. The discussions suggest that the phenomenon of computer crime has existed for some time and will not go away. Computer technology today is where automotive technology was in 1905. Significant developments lie ahead. Equally, we have not yet seen the full extent of computer-related crime.

291. Countries must be cognizant of the problem and realize its implications for their own social and economic development. Action must be taken at the national level to address the problem. This first step is not enough, however: computer-related crime is not merely a national problem, but an international one.

292. Given the international scope of telecommunications and computer communications, the transborder nature of many computer crimes and the acknowledged barriers within current forms of international cooperation, a concerted international effort is required to address the problem effectively. Attempts to define computer crime, or at least achieve common conceptions of what is comprises, and to harmonize the procedural processes for sanctioning it have a number of benefits:

1. A growing commonality of technology permits the transnational expansion of large-scale computer networks. This in turn increases the vulnerability of these networks and creates opportunities for their misuse on a transnational basis. Yet, concerted international cooperation can occur only if there is a common understanding of what a computer crime is or should be;
2. The expansion of international trade and commerce raises a concomitant need for laws that will adequately safeguard economic interests and facilitate, stabilize and secure economic activities. Likewise, the increasing computerization of data on the personal characteristics, attributes and socio-economic status of individuals, combined with a growing concern for privacy, engenders a corresponding need for legal protection, not only nationally but internationally;
3. International legal harmonization increases the ability of transnational business and other computer users to predict the legal consequences of criminal misuse of computer systems. Predictability leads to confidence and stability on the international investment market;
4. To the extent that criminal law establishes positive norms of conduct and serves to educate and deter, harmonization of the criminal law facilitates the creation of international norms of conduct for computer usage;
5. Harmonization can help to avert market restrictions and national barriers to the free flow of information and the transfer of technology. Business and Governments may otherwise refrain from exporting computer programs, data or technology to, or from establishing complex computer interconnections with, countries that do not have an effective system of legal protection;
6. The harmonization of laws, including criminal laws, could promote equal conditions for competition. The inadequate legal protection of computer programs, technology or trade secrets in some countries could cause some companies to operate there in a manner that would be considered by other countries to be unfair competition;
7. Better harmonization can prevent some countries from becoming havens from which international computer crime could be committed with impunity;
8. Harmonization facilitates law enforcement by the agencies of different countries because it provides a common understanding of what types of conduct constitute crime and, in particular, computer-related crime.
9. The harmonization of substantive law facilitates the extradition of alleged or fugitive offenders. Extradition treaties generally require dual criminality, that is, the conduct must be considered to be a crime under the laws of both countries and, sometimes, must be the same type of crime. Accordingly, harmonization of the concept and even the definition of crime can be crucial to the ability to extradite;
10. Harmonization facilitates mutual legal assistance, that is, the use of legally controlled investigatory powers, such as search and seizure, examination of witnesses, electronic surveillance etc., by one country for the benefit of another country. In some mutual assistance treaties, dual criminality is also required before one country will use its judicial or law-enforcement mechanisms to aid another country. Even where dual criminality is not a prerequisite, a common conceptualization of what constitutes a crime assists the law-enforcement and judicial authorities of the country in undertaking investigations within its own territory on behalf of a foreign country;
11. The harmonization of offences facilitates the harmonization of procedural law with respect to investigatory powers.

293. Much remains to be accomplished to achieve international cooperation. Most of the international work so far has been done in just a few regions of the world. The challenge for the future is to expand that cooperation to other portions of the international community. The potential for computer crime is as vast and extensive as the interconnections of worldwide telecommunications networks. All regions of the world, both developed and developing countries, must become involved in order to stifle this new form of criminality. Computer technologies will be increasingly important for developing countries attempting to achieve economic sufficiency. The implementation of security and crime-prevention procedures should be an integral aspect of technological progress in these countries, as should their cooperation in international computer-crime matters.

294. Cooperation in addressing computer-related crime must be developed and improved at both the national and international levels. At the national level, working groups could be established to address the relevant issues. These groups could draw their members from various disciplines and fields, including government, industry and learned societies. They could commence by examining the experience acquired in the field, including the material set forth in this Manual, and by conducting a similar analysis of their own national situations and laws. They could also consider adopting the following measures:

1. Reviewing the present state of legislation in light of the issues raised in this Manual, assessing the substantive and procedural adequacy of their legal and administrative infrastructures and recommending appropriate solutions;
2. Cooperating in the exchange of experience and information about legislation and judicial and law-enforcement procedures applicable to computer crime. This would foster international cooperation and the understanding of common problems;
3. Undertaking a review of sentencing legislation, policies and practices with a view to developing more effective penal sentencing provisions. International cooperation in sentencing reform would ensure the uniform treatment of computer-crime offenders and could prevent computer offenders from relocating to jurisdictions where computer misuse might be treated more leniently;
4. Ensuring periodic reviews and reform of laws, policies and practices in order to incorporate changes arising from technological developments and trends in computer crime;
5. Inviting educational institutions, associations of hardware and software manufactures and the data processing industry to add courses on the legal and ethical aspects of computers to their educational and training curricula, with a view to preventing the misuse of computers and creating ethical standards for the respective sectors;
6. Developing a mechanism to educate potential victims of computer crime and to expose the real extent of computer crime. The active involvement of victims should be encouraged in developing prevention programs and victim assistance programs that are commensurate with the scope of the problem;
7. In view of international character of data-processing and information technology, sharing security standards and procedural techniques among all sectors of the industry, both nationally and internationally;
8. In consultation with groups in other countries, and in order to keep abreast of advances in modern computer crime, consolidating and facilitating law enforcement efforts, including the development of and training in innovative techniques for investigative and prosecutorial personnel;
9. Implementing voluntary security measures by computer users in the private sector;
10. Imposing obligatory security measures in certain sensitive sectors;
11. Encouraging the creation and implementation of national computer security legislation, policies and guidelines;
12. Encouraging management and senior executives to commit their organizations to security and crime prevention;
13. Incorporating and promoting the use of security measures in the information technology industry;
14. Developing and promoting computer ethics in all sectors of society, but especially in educational institutions and professional societies;
15. Developing professional standards in the data-processing industry, including the option of disciplinary measures;
16. Educating the public about the prevalence of computer crime and the need to promote computer ethics, standards and security measures;
17. Promoting victim cooperation in reporting computer crime;
18. Training and educating personnel in the investigative, prosecutorial and judicial systems.

295. At the international level, further activities could be undertaken, including the following:

1. Within regional groups or associations, conducting comparative analyses of substantive and procedural law relating to computer crime;
2. Attempting to harmonize substantive and procedural law among the States of a region by developing guidelines, model law or agreements;
3. When negotiating or reviewing treaties on extradition, mutual assistance or transfer of proceedings, whether bilateral or multilateral, addressing the following issues, taking into account human rights, including privacy rights, and the sovereignty of States:
4. Ensuring a jurisdictional base for the prosecution of transborder, computer-related crime and enacting mechanisms for resolving jurisdictional conflicts;
   1. 1.Imposing obligations to extradite or prosecute offenders;
   2. Facilitating mutual assistance, particularly regarding synchronized law enforcement, transborder search and seizure and the interception of communications.

296. To ensure that human rights principles, privacy rights and international legal principles are effectively balanced, model treaties on criminal matters, such as those developed by the United Nations, can provide valuable guidelines. The implementation of security and crime prevention measures should be concomitant with technological development. The time to act is now.