As well, while progress has been made, homogenizing all the various national laws is still some time off, Wisniewski (left) says. To illustrate differences in progress, the European Union has harmonized much of its cyber law to facilitate easier extradition and investigation on the continent. Canada, meantime, is currently considering a bill, known as C30, that would allow the Royal Canadian Mounted Police easier access to logs of activity from Canadian ISPs, he says. Here in the United States, President Obama has been trying to update the American cyber crime laws, but nothing has passed to date.
Bowker says he expects legislators to come up with something that is more thought out than the cyber crime bills currently under consideration, but not in an election year.
“You can bet that if the recent Anonymous arrests are as successful as they appear, that case will become one key argument for why information needs to be shared,” Bowker says.
Mitigation and control
In the MegaUpload case, in early Jan., criminal copyright charges were filed in the United States by the FBI and Department of Justice against the principals of MegaUpload. The U.S. authorities alleged ill-gotten profits by the P2P site in excess of $175 million and losses by copyright owners of $500 million. As MegaUpload is a Hong Kong entity with the core management team based out of New Zealand, including the founder and CEO, Kim Dotcom, who is currently under house arrest in New Zealand, this required legal cooperation among authorities in three nations, says Marcus Chung, COO of Malwarebytes.
Outside of search warrants and extradition agreements, he says the notable laws that likely will be invoked in this case include The Digital Millennium Copyright Act, the European Union Copyright Directive, and the New Zealand Federation Against Copyright Theft. All of these, as well as user privacy laws, such as the Electronic Communication Privacy Act, are likely to be cited both by the prosecution and defense.
“As Bob Dylan 2.0 might put it: The times, and the means of distribution, they are a-changin'.”
Jody Westby, CEO of Global Cyber Risk, says that in addition to substantive cyber crime laws, and the procedural laws that govern how investigations and search and seizure take place, a number of other legal frameworks are likely to be used in court. She expects to see laws on jurisdiction and extradition, which can also include international agreements, such as mutual legal assistance treaties (MLATs), and rules that assist in going through the courts for approval for assistance from one country to another.
Dotcom was freed on bail, but had conditions put in place that prohibit him from connecting to the internet, Bowker says. “This is an area more and more community corrections officers are going to have to get up to speed on, learning how to enforce conditions that restrict and/or monitor cyber offenders' computer and internet use.”
Mitigating and controlling the activities of cyber criminals across borders is part of the ongoing challenge to coordinate information sharing among various law enforcement agencies, both foreign and domestic, says Chung. There are privacy laws and due process that differ at both the regional and international levels. Due to this level of complexity, at a minimum there are typically local “search warrants,” financial information (to facilitate the freezing of assets) and evidence of criminal behavior that is shared among the agencies.
Westby adds that sharing often is facilitated informally through relationships and contacts because the formal process can be cumbersome. Regulations begun under the Homeland Security Act of 2002 allow the Department of Homeland Security to share critical infrastructure data with foreign governments, she says.