Upload
felicity-watson
View
220
Download
1
Embed Size (px)
Citation preview
TAIEX Seminar
Cybercrime challenges in Romania. Issues related to
international judicial cooperation
Bucharest, 8-9 October 2009Raluca Simion, MoJCL
Outline of the presentation
What are the challenges?Some general remarks
The transnational character of cybercrime and issues that derive from it
What are the challenges emerging from the international judicial cooperation in cybercrime cases?
What are the possible solutions?
Some final ideas about sentencing cybercrime in Romania, deterrent effect and prevention policies
What are the challenges?
Challenges for law enforcement
Challenges related to substantial issues;
Challenges related to procedural issues;
Challenges related to international judicial cooperation;
Challenges for industry
Challenges for users (legal entities or individuals)
Without promoting a unilateral approach, the present lecture will touch upon the legal challenges
Transnational character of cybercrime
Some of the challenges emerging from the transnational character of cybercrime are:
Specificity of cybercrime which means volatility of data, , consequently urgent MLA requests ;
Lack of double criminality;
Multitude of instruments applicable in MLA cases related to cybercrime;
Possible positive conflicts of jurisdiction.
Transnational character of cybercrime
What does transnational mean in this case?
The offender A from Romania causes multiple prejudices to individuals situated in USA, Canada, Holland, Germany, Australia etc..
one individual or a group of individuals, dozens or even hundreds of victims, different jurisdictions which could lead to substantial, procedural and international judicial cooperation challenges altogether
Due to harmonization processes the first two type of legal challenges can to a high extent be addressed , the last one still represents a field that needs to be worked upon
Transnational character of cybercrime
Challenges emerging from substantial and procedural law issues
These challenges have been dealt efficiently by Romania by adopting a legislative framework compatible with the international legislation, mainly Council of Europe Cybercrime Convention and the relevant Framework Decisions adopted by the European Union
The domestic legislation is represented by Law 161/2003, Law 8/96 and other relevant provisions from the Criminal Procedural Law, Criminal Code, Law 302/2004, Law 365/2002, etc..
Challenges emerging from international judicial cooperation
But as the Internet as a global nature, MLA in cybercrime cases are crucial for solving the cases, which leads us to another challenges more difficult to address
The question to start from- do we need special regulations when it comes to mutual legal cooperation as regards cybercrime?
In order to answer that question, let' s have a look at
Applicable instruments;
Competent authorities;
Communication channels.
Challenges emerging from international judicial cooperation
Applicable instruments Domestic legislation
Law nr. 302/2004 regarding the international judicial cooperation in criminal matters
Law no.161/2003 Title 3, Prevention and combating of cybercrime Chapter 5
International legislation
Challenges emerging from international judicial cooperation
Applicable instruments International legislation-there is no single legal
instrument which can become applicable, which leads to the necessity of applying for the same request , 3, 4 different international instruments, whether international, regional or bilateral
Sometimes no legal instrument is applicable, need to make use of international courtship
What does it all mean?different channels of communication, different competent authorities, different periodization for solving the request
Challenges emerging from international judicial cooperation
Applicable instruments Some examples of applicable instruments already used
by Romania in MLA requests in cybercrime cases;
European Convention on Mutual Legal Assistance in Criminal Matters, Strasbourg, 1959 and its due additional protocols;
Convention of 29 May 2000 on Mutual Legal Assistance in Criminal Matters between the member-states of the European Union and its Additional protocol of 2001;
Challenges emerging from international judicial cooperation
Applicable instruments United Nations' Convention against Transnational
Organized Crime, Palermo, 2000;
Bilateral instruments (e.g bilateral treaties between Romania and Canada, USA and China);
CoE Cybercrime Convention, Budapest, 2001
In the absence of a multilateral or bilateral treaty the guarantee of reciprocity is necessary;
These instruments are also mentioning the competent authorities and channels of communication so....
Challenges emerging from international judicial cooperation
Competent authorities Which are the authorities that could become competent in
cybercrime MLA requests ?
It depends on the country or the treaty applicable
Usually the competent institution is the MoJ, in some cases it could be the Ministry of External Affairs or the Ministry of Interior
What about Romania?
The situation looks a little bit atypical compared with the majority of other states
Challenges emerging from international judicial cooperation
Competent authorities In Romania there are in general two central
authorities responsible for issuing/receiving MLA requests, cybercrime cases included
MoJ-for requests issued during the trial
Prosecutors'Office Attached to the High Court of Cassation and Justice-for requests issued during the pretrial phase
Exception: Some bilateral treaties mention MoJ as the only competent authority, no matter the stage of the trial
Challenges emerging from international judicial cooperation
Competent authorities Important for cybercrime cases is the 24/7 point of
contact-relevant for urgent requests such as data preservation
The declaration Romania made with regard to art.35 of the Cybercrime Convention and corresponding internal provisions Law 161/2003, art. 62 establish as the 24/7 point of contact the Service of Combating Cybercrime within the Prosecutors's Office by the High Court of Cassation and Justice-unlike the majority of the states, it is a judicial authority and not police authority
Challenges emerging from international judicial cooperation
Competent authorities Among its attributes the Service of Combating Cybercrime
is an issuing and executing authority for data preservation requests, and executing authority for rogatory letters forwarded by other states
Important to know exactly which institution is responsible for a particular type of request before sending it
But taking into account that cybercrime means also volatile date, important are also...
Challenges emerging from international judicial cooperation
Channels of communication The ideal scenario would involve the direct contact
between the issuing and receiving judicial authority whether the request is issued in the pretrial stage or the trial stage, and if possible using the expedited means of communication, such as fax and email
This ideal scenario is provided by the EU Convention 2000 as a rule but not by other previous Conventions
E.g 1959 Convention is establishing as the main rule the contact between central authorities by post.
Challenges emerging from international judicial cooperation
Channels of communication Many of the existing applicable Conventions are using
classical channels such as post and diplomatic channels (special reference is made to countries outside Europe and the UNTOC Convention)
Some countries have internal provisions that do not allow transmitting or receiving MLA requests but through diplomatic channels (e.g Korea can receive and transmit MLA requests through the Ministry of External Affairs, no matter the legal instrument applicable)
Serious consequences in solving a cybercrime case
Some examples of MLA requests in cybercrime cases
Let's see the specificity of cybercrime by having some concrete examples from the caseload of the MoJ
Examples during the pretrial phase
Examples during the trial phase
Some examples of MLA requests in cybercrime cases
Examples during the pretrial phase
Example no.1 active rogatory letter
Receiving state-Malaysia/direct contact/post
Organized criminal group
Offences allegedly being committed: computer related fraud, computer related forgery and swindling
Object of the request: identity of the potential victims
Sent in November 2008, no answer up to now
Some examples of MLA requests in cybercrime cases
Examples during the pretrial phase
Example no.2 active rogatory letter
Receiving state-Nigeria/diplomatic channels
Organized criminal group
Offences allegedly being committed: computer related fraud, computer related forgery and swindling
Object of the request: identity of a potential offender of Nigerian citizen
Initial request June 2008, reminder February 2009
Some examples of MLA requests in cybercrime cases/Trial stage
Offence: computer-related fraud committed in an organized manner
Object of the request: service of documents to the injured parties
Countries involved as requested states: USA, Brazil, Ireland, Canada, Dominican Republic
Let's have a look at the instruments applicable, channels of communication and authorities responsible
Some examples of MLA requests in cybercrime cases
Romania
USACA DO
M Brazil
Ireland
Conv 1959
centralpost
UN 2000
centralpost
UN 2000 centralDiplo
channels
central
Bilateral
Treaty centralpost
Bilteral
Treaty
post
Some examples of MLA requests in cybercrime cases
Romania
USASpai
n ITUK
Greece
Conv 1959
centralpost
UE 2000
centralpost
Conv 59 centralfax.
judicial
Bilateral
Treaty centralpost
EU2000
fax
MLA requests in cybercrime cases
What are these examples showing? There are different type of requests, more often
encountered are
Rogatory letters - most of them refer to identify owners of IP addresses, potential victims/interviewing victims, owners of cell phone numbers, intercepting phone conversation
Service of documents - the most common scenario is related to the trial stage when the victims needs to be informed about the trial taking place
Complexity of MLA requests
A MLA request can be in these cases very complex
Let's have an example:
Rogatory letter the suspects allegedly have committed computer related forgery, computer related fraud and swindling, all offences committed in an organized manner
The criminal activity was undertaken in USA, Greece, Spain, Italy, UK- see ex. above applicable treaties, timing, communication channels
How does a rogatory letter addressed to one country looks like?
Complexity of MLA requests
1. request referring to the victims that have already been identified
2. request in order to confirm the identity of other potential victims, verify contact details, verify Moneygram, Western Union forms
3. request to be forwarded to an email company
4. request to be forwarded to the social networking company.
Other supplements of request followed...e.g identifying the owner of a telephone number
Cybercrime is getting organized true or false?
Looking upon the recent caseload of MoJCL, there is a constant growth of MLA requests in cybercrimes cases committed in an organized manner
That means complex requests, as in the previous example, not only multiple victims on various continents but also very well organized networks of cybercriminals
Concerted investigation needed, constant contacts between police and prosecutors from various countries
Some very good examples can also be offered as regards the EAW
EAW and cybercrime committed in an organized manner
Romania applies the EAW since 2007.
Computer crimes are included in the 32 list of offences mentioned in art.2 paragraph 2 of the EAW FD.
That means that the double criminality requirement does not have to be verified anymore
Romania executed a lot of requests coming from Italy, Holland, Germany, France and Belgium
E.g in 2007 around 40% Romania received from Italy were issued for cybercrime, mostly phishing and skimming offences many of them committed in an organized manner
EAW and cybercrime committed in an organized manner
Some relevant examples offered by the Eurojust Annual Reports 2007 and 2008
In the 2007 cases Eurojust undertook coordination meetings between the countries involved, Romania included in order to establish a coherent action plan and to expedite the execution of letters rogatory and resulted also in issuing of EAW which were executed by Romania
Some of the operations needed to be executed in real time, suspects need to be arrested simultaneously
EAW and cybercrime committed in an organized manner
The situation is following the same pattern in 2009
A lot of EAW issued by other EU member-states for cybercrimes and executed by the Romanian authorities
A recent and highly publicized example is. represented by a criminal network which allegedly committed skimming and managed to clone 15 000 credit cards, the estimated prejudice being around 6.5 mil EUROS
The operation needed simultaneous arrests (25 outside Romania and 11 in Romania) and searches, therefore coordinated actions of the prosecutors in all the countries involved
EAW and cybercrime committed in an organized manner
The organization in cells makes the investigation harder
So to cut it short, at least from our point of view, the answer is YES, cybercrime is getting organized and this is not just a rhetoric discourse
We are not talking about organized crime and cybercrime, we are talking about organized criminal groups that commit computer crimes
These organized criminal groups are highly specialized, each member having a specific task as in the following example
Example of a criminal network specialized in committing card offences
Heads of the network
Persons bulding up the skimmers IT technician in charge
with the software and Data protectionOrganizers
Cells
Italian cellsTorino and Verona
English cell
Dutch cell
Participants
ParticipantsParticipants
Free lancers
What are the possible solutions for enhancing MLA?
We need a single instrument able to facilitate the mutual legal assistance requests in cybercrime cases taking into account the specificity of cybercrime - implementing such an instrument globally needs time
Currently there are regional and bilateral instruments in place and also international treaties,
At EU level the instruments are facilitating expedited communication but cybercrime is not regional, countries outside Europe will very often be involved
What are the possible solutions for enhancing MLA?
The CoE Convention comprises the needed provisions but even though it will be adopted by as much countries as possible from outside Europe, preeminence will still have the existing multilateral and bilateral treaties already established between member-states, according to the provisions of the Convention-see art 25 paragraph 4
Up to the moment no single global instrument can be used worldwide, we have to adjust what we have, use as much as possible the expedited means of communication and the institutional networks
We got to find valid solutions together
Sentencing, deterrence and prevention policies in Romania
general prevention: by applying effective, dissuasive punishments the deterrence paradigm should made its presence felt as concerns the general public.-Q1-is deterrence really efficient in Romania?special prevention: by the punishment imposed in a particular case the offender is not only re-educated but also prevented from causing prejudices to the society-Q2-situational prevention could work in this particular context?Yes, but not enough, education plays an important role in the construction of any prevention policy
• The role of the punishment in building up the general and special prevention is under discussion as long as:
• the trial can take on average 2,3 years until it gets to its final outcome, sometimes it lasts even more, such as in the following examples:
Case A-a first instance court competent-the criminal investigation was finished in March 2002 and the sentence was issued in March 2006, after more than 4 years.
In the motivation of the criminal judgement it was specified the cause of the delay
Deterrence?
Deterrence?
“the criminal proceedings were undertaken with difficulty due to the fact that the 13 civil parties have their residence
abroad, so the request of service of documents for all these civil parties was executed only for today's term”
Case B: the trial was still in course in March 2009, pending since 2002, there are 8 defendants and 26 injured/civil
parties from Netherlands, USA, China and Canada, the cause have been postponed again. The delay again is
caused by the impossibility to receive the proof of service for all the injured/civil parties although the terms are very
generous of more than 6,7 months.
What role for the media?
The current image created by the media-is concentrating on cybercriminals and cybercrime in general, Romania makes no difference in this respect
What is the actual image created by the media and how does this contribute to the perception of cybercrime?
Is the Romanian press taking into account the educational aspects related to cybercrime?
Can one find victim orientation articles for examples?
What does legal criminality shows with regard to cybercrime in Romania?
What role for the media?
The press is propagating the image of the mythical hacker
A concrete example (March 2009)
Special bus line for Superman (the website of RATB- Bucharest public transportation lines)
Instead of conclusion
The MLA requests are taking very long time, due to the fact that they are forwarded worldwide under different legal backgrounds and subject to different rules and procedural rules
So the international cooperation in cybercrime cases represents one of the major challenges posed by cybercrime
The problem has be acknowledged by the European Union and the Council of Europe
This problem needs to be acknowledged though globally
The greatest domestic challenge- to acknowledge the real dimension of cybercrime and leave the sensational aside