this paper is a draft working paper reflecting the preliminary findings of the drafting team. it
has been subject to review by all wgig members but it does not necessarily present a
consensus position nor does it contain agreed language accepted by every member. the purpose
of this draft is to provide a basis for the ongoing work of the group. it is therefore not to be seen
as a chapter of the final wgig report but rather as raw material that will be used when drafting
the report. this draft working paper has been published on the wgig website for public
comment so it will evolve taking into account input from governments and stakeholders
issue (what?)
the wsis declaration of principles recognizes that: “the management of the internet
encompasses both technical and public policy issues …” one of the public policy issues which
require careful consideration is security and crime. not surprisingly therefore the plan of action
considers that: “confidence and security are among the main pillars of the information society.”
as stated in the utive summary of a communication from the european commission titled
network and information security: proposal for a european policy approach com(2001)298
final:
“network and information security can be understood as the ability of a network or an
information system to resist at a given level of confidence accidental events or malicious actions.
such events or actions could compromise the availability authenticity integrity and
confidentiality of stored or transmitted data as well as related services offered via these networks
and systems.”
such malicious cybersecurity intrusions therefore give rise to cybercrimes which are described in
a 2000 mcconnell international report as “harmful acts committed from or against a computer or
a network”[schneider and hyner page 6]. on accepting this definition it follows that the internet:
global network of networks presents the main opportunity for cybercrimes.
as described in the electronic frontier: the challenge of unlawful conduct involving the use of
the internet a report of the president’s working group on unlawful conduct on the internet
dated march 2000 cybercrime may be encountered with the computer used as a communications
tool a storage device or as a target itself. storing pornographic material and physically damaging
a computer are examples of the latter two mechanisms. illegal distribution of racist or sexually
explicit materials intellectual property theft stealing credit card numbers and launching
computer viruses are all examples of cybercrimes effected over the internet. the internet is
heavily dependent on the public telecommunications infrastructure. in several countries multiple
competitive operators provide inter-connected networks which increase the opportunities for
security intrusions. examples of cybercrimes committed through cybersecurity intrusions into the
telecommunications network are: illegal access of a pabx getting dial tone and then dialing for
free to any part of the globe or listening to other people’s conversation.
now some of these crimes such as fraud piracy and counterfeiting are really old crimes being
committed in new ways. this has led vice president gore to state in 1999 that “unlawful activity
is not unique to the internet – but the internet has a way of magnifying both the good and the bad
this paper is a draft working paper reflecting the preliminary findings of the drafting team. it
has been subject to review by all wgig members but it does not necessarily present a
consensus position nor does it contain agreed language accepted by every member. the purpose
of this draft is to provide a basis for the ongoing work of the group. it is therefore not to be seen
as a chapter of the final wgig report but rather as raw material that will be used when drafting
the report. this draft working paper has been published on the wgig website for public
comment so it will evolve taking into account input from governments and stakeholders.
2
in our society … what we need to do is to find new answers to old crimes.” some people do not
consider such offences to be ‘cybercrimes’ because they say it is like using a mobile phone in the
course of a robbery and that does not make it a mobile phone offence! however some are
distinctly new types of crimes such as hacking and the release of viruses into the network.
schneider and hyner observed that “the scale scope and complexity of these problems …. seem
to trigger and propel the growth of an array on new institutional arrangements and governance
structures geared to deal with these kinds of security issues.” however the lack of effective
coordination remains a challenge.
another issue concerns the difficulty in detecting and prosecuting most offences committed in a
global network. criminal law is generally limited to the jurisdiction of the state. for example the
computer fraud and abuse act was created in the unites sates in1986 in response to increasing
cybercrime while corresponding legislation was enacted in the united kingdom by way of the
computer misuse act 1990. these statutes have improved the body of law available to deal with
cybercrime. collecting evidence from and extraditing offenders from other states still remains a
significant legal challenge. the council of europe convention on cybercrime is intended to
harmonize laws across states and provide for greater international cooperation in this area.
governments must therefore develop new expertise to deal with these new and complex issues.
cybersecurity and cybercrime are huge problems. generally they “compromise the availability
authenticity integrity and confidentiality of stored or transmitted data as well as related services
offered via these networks and systems.” specifically these activities cost billions of dollars in
losses to firms undermine consumer confidence in e-commerce damage people’s lives and
reputation through privacy intrusions and threaten to disturb the stable and secure functioning of
the internet.