Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Cybercrime Law - A review

  1. #1
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default Cybercrime Law - A review

    Cybercrime Law - A review
    1 October 2007

    In the global context, many countries have agreed to ratify and adopt the Council of Europe Convention on Cybercrime. There are currently 21 countries (including the USA, from 1 January 2007) which have adopted these measures whilst others are taking similar or more inclusive measures.

    This Convention is available here:

    http://conventions.coe.int/Treaty/en...s/Html/185.htm

    Additionally, as mentioned elsewhere in this forum, Germany have enacted measures in Section 202a, 303a and 303b which appear to be more inclusive than the minimum recommendations. These are detailed here:

    http://www.gesetze-im-internet.de/st...1BJNG005202307

    The UK has adopted similar measures in the Police and Justice Act 2006, s. 35 to 38, which is discussed below and can be viewed here:

    http://www.opsi.gov.uk/acts/acts2006/20060048.htm

    A common theme exists in which it is an offence to "Knowingly Access a Computer Without Authorization or In Excess of Authorization "

    In general, nothing in these national provisions above, exclude the employment of dual-use tools and software by those authorized to do so in performance of their duties as an employee or as a duly authorized consultant.

    For others, acting with intent but without (or exceeding) authorization, the law is pretty clear.

    Nothing in the Convention prohibits free speech or curtails discussion. However, the supply, distribution and operation of dual-use tools or software is restricted or prohibited.

    Those persons, corporations or responsible officers whose business includes use or distribution must take special note of the provisions not only nationally but internationally.

    The UK law extended existing legislation.

    Section 37 of the UK Act is interesting (paraphrased below) since it embraces not only use (in the main 1990 Act) but now supply and/or making (writing or producing):

    Making, supplying or obtaining articles for use in computer misuse offences

    In this section “article” includes any program or data held in electronic form.

    “3A Making, supplying or obtaining articles for use in offence under section 1 or 3 (1) of the 1990 Act - A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
    (2) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
    (3) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.


    Note: Computer includes telephone in many countries.

    The USA has taken similar steps to amend existing law and a manual has been produced to disseminate this information and is available here:

    http://www.usdoj.gov/criminal/cyberc...ual/index.html
    See also: http://www.usdoj.gov/criminal/cybercrime/index.html

    Interestingly, the location of the crime and its jurisdiction are considered thus, ("in today's wired world of telecommunication and technology, it is often difficult to determine exactly where a crime was committed, since different elements may be widely scattered in both time and space, and those elements may not coincide with the accused's actual presence."). In discussions, multidistrict offenses "may be ... prosecuted in any district in which such offense was begun, continued, or completed.

    Some essential points of the Convention are repeated below since they now form the backbone of a large number of national laws across the world.

    (A useful summary website which appears to be regularly updated is here: http://www.cybercrimelaw.net/ )


    Convention on Cybercrime 2001

    Chapter II – Measures to be taken at the national level

    Section 1 – Substantive criminal law

    Title 1 – Offences against the confidentiality, integrity
    and availability of computer data and systems

    Article 2 – Illegal access

    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.

    Article 3 – Illegal interception

    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

    Article 4 – Data interference

    1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without right.

    2 A Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm.

    Article 5 – System interference

    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.

    Article 6 – Misuse of devices

    1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

    a the production, sale, procurement for use, import, distribution or otherwise making available of:

    i a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5;

    ii a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed,

    with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and

    b the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches.

    2 This article shall not be interpreted as imposing criminal liability where the production, sale, procurement for use, import, distribution or otherwise making available or possession referred to in paragraph 1 of this article is not for the purpose of committing an offence established in accordance with Articles 2 through 5 of this Convention, such as for the authorised testing or protection of a computer system.

    3 Each Party may reserve the right not to apply paragraph 1 of this article, provided that the reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 a.ii of this article.
    Lux sit

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Interesting law reading blackfoot. Perhaps this will help to educate the public, more specifically our forum members, in retrospect of cybercrimes.

    Thanks for the post.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Thats great. I jus wanna knoo how to crack 'da WEP.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Hmmmm

    /me blindly clicks "I Accept"

    Isn't how all that small text works?

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by thorin View Post
    Hmmmm

    /me blindly clicks "I Accept"

    Isn't how all that small text works?
    I have some contracts that need a signature, I'll send them right over.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Junior Member
    Join Date
    Sep 2007
    Posts
    37

    Default

    i have the following words printed out in size big point font and taped on the wall in the office:

    Knowingly Access a Computer Without Authorization or In Excess of Authorization
    Its only wrong if you don't have authorization

  7. #7
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Thanks for the post blackfoot, good info
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  8. #8
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default UK enforces disclosure of encryption keys

    The UK has finally brought into being the ability to enforce disclosure of encryption (more properly decryption) keys as discussed here:

    http://www.theregister.co.uk/2007/10...on_keys_power/

    The Home Office now have a dedicated website with a section discussing encryption here:

    http://security.homeoffice.gov.uk/ripa/encryption/
    Lux sit

  9. #9
    SUB-ZERO
    Guest

    Default

    so walking along the fence line if fine. its just all about where you cross the fence and how you cross back lol you guys are great....

  10. #10
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term.
    What the hell? Isn't that a bit much? I thought just like car searches that we can refuse if we use the appropriate language, for example: 'Sorry Officer I do not consent to searches'; thus not being searched. In a way asking for a decrypting key is like asking to search your car [as its private property]. Shouldn't we have a right to our privacy? At least to a certain extent?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •