Report: Lax Cybercrime Laws Threaten E-Commerce
Dec 7, 2000 10:36 AM PT
Few countries around the world have passed laws targeting online criminal activity, posing a threat to e-commerce and technological growth, according to a report released Wednesday.
McConnell International, a security consulting firm based in Washington, D.C., found that 9 of 52 countries it studied have extended existing laws to cover most crimes in cyberspace, creating massive legal gaps that make prosecution of online crimes difficult.
"The long arm of the law does not yet reach across the global Internet," said Bruce W. McConnell, the firm's president.
Until laws are beefed up, McConnell said, companies and other organizations "must rely on their own defenses" while working with governments "to develop consistent and enforceable national laws to deter future crime in cyberspace."
Uneven Legal Landscape
The report, "Cyber Crime ... and Punishment? Archaic Laws Threaten Global Information," considered 10 different types of crime in four general categories: 1) data-related offenses such as interception of private correspondence, 2) network crimes such as corporate sabotage, 3) access crimes such as hacking and viruses, and 4) other computer crimes, such as fraud and forgery.
The United States has legislation that addresses 9 of the 10 online crime categories, with only computer-aided fraud remaining to be addressed by specific legislation. The only gap in Japan's laws, meanwhile, is in the area of virus distribution.
In all, 33 of 52 countries looked at have yet to update their laws to address cybercrime in any way, though lawmakers in 17 of those countries -- including seven in Africa -- are now writing legislation.
Ten other nations have passed laws aimed at half or less of the 10 crime categories, and nine have targeted six or more of the crimes. Only the Philippines has legislation in place to prosecute all of the offenses.
Love Bug Lessons
"Countries where legal protections are inadequate will become increasingly less able to compete in the new economy," the report said. "As cyber crime increasingly breaches national borders, nations perceived as havens run the risk of having their electronic messages blocked by the network."
McConnell noted that the recently passed laws in the Philippines were sparked by the spread of the "I Love You" virus, which caused a reported US$2.6 billion in damages worldwide when it struck computers in May of this year.
Investigators traced the virus to the computer of 22 year-old college student Onel de Guzman. However, in the absence of specific cybercrime laws, authorities were forced to use regulations on credit card fraud in their prosecution. Within six weeks, the Philippines had enacted tough new laws regarding online crimes.
Laws Not Enough
The report points out that the current "global patchwork" of laws creates little certainty because countries cannot even agree on what crimes need to be legislated against. Additionally, even in countries where laws address cybercrimes, these crimes are not defined uniformly.
For instance, in some nations, unauthorized access is a crime only if harmful intent is present, and in others, data theft is a crime only if the data relates specifically to an individual's health or religion, or if the intent is to defraud.
Even in countries where cybercrime is addressed specifically, however, punishment outlined is often limited to fines, not enough to deter criminals in many cases. Also, many laws only outlaw crimes committed against government computers, but do not provide similar protection to private sector computers.
"Unless crimes are defined in a similar manner across jurisdictions, coordinated efforts by law enforcement officials to combat cyber crime will be complicated," the report said.
Incidents on the Rise
McConnell said that the growth of online crimes makes clear how urgent it is for nations to address the issues. The firm cites statistics from the Computer Emergency Response Team Coordination Center showing that organizations worldwide reported 54 percent more security breaches during the first nine months of 2000 than during all of 1999.
Earlier this year, McConnell released a study saying that a lack of Internet-related investment in many nations would stall the worldwide growth of the digital economy.
McConnell International manages the United Nations-sponsored Information Technology Coordination project, which surveys the global landscape periodically.
The latest report comes in advance of a global summit that the World Information Technology and Services Alliance plans to hold in Belfast, Northern Ireland in May to address issues of global technology readiness.