Abstract : …………………………………………………………………………………………………………………. 2
Chapter 1 : 1.Introduction ……………………………………………………………………………………….. 3
Chapter 2 : 2. The phenomena of cybercrime ………………………………………………………….. 6
Chapter 3 : 3. The challenges of fighting cybercrime ………………………………………………. 9
Chapter 4 : 4. Anti-cybercrime strategies ………………………………………………………………. 12
References ……………………………………………………………………………………………………………… 15
Computer crime, or cybercrime, is any crime that involves a computer and a network. The computer may have been
used in the commission of a crime, or it may be the target.
Dr. Debarati Halder and Dr. K. Jaishankar (2011) define Cybercrimes as: “Offences that are committed against
individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause
physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such
as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”.Such crimes may
threaten a nation’s security and financial health. Issues surrounding these types of crimes have
become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child
grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or
otherwise. Dr.Debarati Halder and Dr.K.Jaishankar(2011) further define cybercrime from the perspective of gender
and defined ‘cybercrime against women’ as ““Crimes targeted against women with a motive to intentionally harm
the victim psychologically and physically, using modern telecommunication networks such as internet and mobile
Chapter 1 : 1.Introduction
1.1 Infrastructure and services
The Internet is one of the fastest-growing areas of technical infrastructure development. Today, information and
communication technologies (ICTs) are omnipresent and the trend towards digitization is growing. The demand for
Internet and computer connectivity has led to the integration of computer technology into products that have
usually functioned without it, such as cars and buildings. Electricity supply, transportation infrastructure, military
services and logistics – virtually all modern services depend on the use of ICTs.
Although the development of new technologies is focused mainly on meeting consumer demands in western
countries, developing countries can also benefit from new technologies. With the availability of long-distance
wireless communication technologies such as WiMAX5 and computer systems that are now available for less than
USD 2006, many more people in developing countries should have easier access to the Internet and related
products and services.
The influence of ICTs on society goes far beyond establishing basic information infrastructure. The availability of
ICTs is a foundation for development in the creation, availability and use of network-based services. E-mails have
displaced traditional letters; online web representation is nowadays more important for businesses than printed
publicity materials; and Internet-based communication and phone services are growing faster than landline
The availability of ICTs and new network-based services offer a number of advantages for society in general,
especially for developing countries.
ICT applications, such as e-government, e-commerce, e-education, e-health and e- environment, are seen as
enablers for development, as they provide an efficient channel to deliver a wide range of basic services in remote
and rural areas. ICT applications can facilitate the achievement of millennium development targets, reducing
poverty and improving health and environmental conditions in developing countries. Given the right approach,
context and implementation processes, investments in ICT applications and tools can result in productivity and
quality improvements. In turn, ICT applications may release technical and human capacity and enable greater
access to basic services. In this regard, online identity theft and the act of capturing another person’s credentials
and/or personal information via the Internet with the intent to fraudulently reuse it for criminal purposes is now one
of the main threats to further deployment of e-government and e-business services.
The costs of Internet services are often also much lower than comparable services outside the network.E-mail
services are often available free of charge or cost very little compared to traditional postal services.The online
encyclopaedia Wikipedia can be used free of charge, as can hundreds of online hosting services. Lower costs are
important, as they enable services to be used by many more users, including people
with only limited income. Given the limited financial resources of many people in developing countries, the Internet
enables them to use services they may not otherwise have access to outside the network.
1.2 Advantages and risks
The introduction of ICTs into many aspects of everyday life has led to the development of the modern concept of the
information society. This development of the information society offers great opportunities. Unhindered access to
information can support democracy, as the flow of information is taken out of the control of state authorities (as has
happened, for example, in Eastern Europe and North Africa). Technical developments have improved daily life – for
example, online banking and shopping, the use of mobile data services and voice over Internet protocol (VoIP)
telephony are just some examples of how far the integration of ICTs into our daily lives has advanced.
However, the growth of the information society is accompanied by new and serious threats. Essential services such
as water and electricity supply now rely on ICTs. Cars, traffic control, elevators, air conditioning and telephones
also depend on the smooth functioning of ICTs. Attacks against information infrastructure and Internet services now
have the potential to harm society in new and critical ways.
Attacks against information infrastructure and Internet services have already taken place. Online fraud and hacking
attacks are just some examples of computer-related crimes that are committed on a large scale every day. The
financial damage caused by cybercrime is reported to be enormous. In 2003 alone, malicious software caused
damages of up to USD 17 billion. By some estimates, revenues from cybercrime exceeded USD 100 billion in 2007,
outstripping the illegal trade in drugs for the first time. Nearly 60 per cent of businesses in the United States
believe that cybercrime is more costly to them than physical crime. These estimates clearly demonstrate the
importance of protecting information infrastructures.
Most of the above-mentioned attacks against computer infrastructure are not necessarily targeting critical
infrastructure. However, the malicious software “Stuxnet” that was discovered in 2010 underlines the threat of
attacks focusing on critical infrastructure.The software, with more than 4 000 functions, focused on computer
systems running software that is typically used to control critical infrastructure.
1.3 Cybersecurity and cybercrime
Cybercrime and cybersecurity are issues that can hardly be separated in an interconnected environment. The fact
that the 2010 UN General Assembly resolution on cybersecurity addresses cybercrime as one major challenge
underlines this. Cybersecurity plays an important role in the ongoing development of information technology, as
well as Internet services. Enhancing cybersecurity and protecting critical information infrastructures are essential
to each nation’s security and economic well-being. Making the Internet safer (and protecting Internet users) has
become integral to the development of new services as well as government policy. Deterring cybercrime is an
integral component of a national cybersecurity and critical information infrastructure protection strategy. In
particular, this includes the adoption of appropriate legislation against the misuse of ICTs for criminal or other
purposes and activities intended to affect the integrity of national critical infrastructures. At the national level, this
is a shared responsibility requiring coordinated action related to prevention, preparation, response and recovery
from incidents on the part of government authorities, the private sector and citizens. At the regional and
international level, this entails cooperation and coordination with relevant partners. The formulation and
implementation of a national framework and strategy for cybersecurity thus requires a comprehensive
approach.Cybersecurity strategies – for example, the development of technical protection systems or the education
of users to prevent them from becoming victims of cybercrime – can help to reduce the risk of cybercrime. The
development and support of cybersecurity strategies are a vital element in the fight against cybercrime.
The legal, technical and institutional challenges posed by the issue of cybersecurity are global and far- reaching,
and can only be addressed through a coherent strategy taking into account the role of different stakeholders and
existing initiatives, within a framework of international cooperation. In this regard, the World Summit on the
Information Society (WSIS) recognized the real and significant risks posed by inadequate cybersecurity and the
proliferation of cybercrime. The provisions of §§ 108-110 of the WSIS Tunis Agenda for the Information Society,
including the Annex, set out a plan for multistakeholder implementation at the international level of the WSIS
Geneva Plan of Action, describing the multistakeholder implementation process according to eleven action lines and
allocating responsibilities for facilitating implementation of the different action lines. At WSIS, world leaders and
governments designated ITU to facilitate the implementation of WSIS Action Line C5, dedicated to building
confidence and security in the use of ICTs.
1.4 International dimensions of cybercrime
Cybercrime often has an international dimension. E-mails with illegal content often pass through a number of
countries during the transfer from sender to recipient, or illegal content is stored outside the country. Within
cybercrime investigations, close cooperation between the countries involved is very important. The existing mutual
legal assistance agreements are based on formal, complex and often time-consuming procedures, and in addition
often do not cover computer-specific investigations. Setting up procedures for quick response to incidents, as well
as requests for international cooperation, is therefore vital.
A number of countries base their mutual legal assistance regime on the principle of “dual criminality”.Investigations
on a global level are generally limited to those crimes that are criminalized in all participating countries. Although
there are a number of offences – such as the distribution of child pornography – that can be prosecuted in most
jurisdictions, regional differences play an important role. One example is other types of illegal content, such as hate
speech. The criminalization of illegal content differs in various countries. Material that can lawfully be distributed in
one country can easily be illegal in another country.
The computer technology currently in use is basically the same around the world.Apart from language issues and
power adapters, there is very little difference between the computer systems and cell phones sold in Asia and those
sold in Europe. An analogous situation arises in relation to the Internet. Due to standardization, the network
protocols used in countries on the African continent are the same as those used in the United States.
Standardization enables users around the world to access the same services over the Internet.
The question is what effect the harmonization of global technical standards has on the development of the national
criminal law. In terms of illegal content, Internet users can access information from around the world, enabling
them to access information available legally abroad that could be illegal in their own country.
Theoretically, developments arising from technical standardization go far beyond the globalization of technology
and services and could lead to the harmonization of national laws. However, as shown by the negotiations over the
First Protocol to the Council of Europe Convention on Cybercrime (the “Convention on Cybercrime”),the principles
of national law change much more slowly than technical developments. Although the Internet may not recognize
border controls, there are means to restrict access to certain information.The access provider can generally block
certain websites and the service provider that stores a website can prevent access to information for those users on
the basis of IP-addresses linked to a certain country (“IP-targeting”). Both measures can be circumvented, but are
nevertheless instruments that can be used to retain territorial differences in a global network. The OpenNet
Initiative reports that this kind of censorship is practised by about two dozen countries.
Chapter 2 : 2. The phenomena of cybercrime
Most reports, guides or publications on cybercrime begin by defining the terms “computer crime” and
“cybercrime”.In this context, various approaches have been adopted in recent decades to develop a precise
definition for both terms. Before providing an overview of the debate and evaluating the approaches, it is useful to
determine the relationship between “cybercrime” and “computer-related crimes”.Without going into detail at this
stage, the term “cybercrime” is narrower than computer- related crimes as it has to involve a computer network.
Computer-related crimes cover even those offences that bear no relation to a network, but only affect stand-alone
During the 10th United Nations Congress on the Prevention of Crime and the Treatment of Offenders, two
definitions were developed within a related workshop:Cybercrime in a narrow sense (computer crime) covers any
illegal behaviour directed by means of electronic operations that target the security of computer systems and the
data processed by them. Cybercrime in a broader sense (computer- related crimes) covers any illegal behaviour
committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession
and offering or distributing information by means of a computer system or network.
One common definition describes cybercrime as any activity in which computers or networks are a tool, a target or a
place of criminal activity. There are several difficulties with this broad definition. It would, for example, cover
traditional crimes such as murder, if perchance the offender used a keyboard to hit and kill the victim. Another
broader definition is provided in Article 1.1 of the Stanford Draft International Convention to Enhance Protection
from Cyber Crime and Terrorism (the “Stanford Draft”), which points out that cybercrime refers to acts in respect to
2.2 Typology of cybercrime
The term “cybercrime” is used to cover a wide variety of criminal conduct. As recognized crimes include a broad
range of different offences, it is difficult to develop a typology or classification system for cybercrime. One approach
can be found in the Convention on Cybercrime, which distinguishes between four different types of offences:
1. offences against the confidentiality ,integrityandavailabilityofcomputerdataand systems;
2. computer-related offences; 3. content-related offences; and 4. copyright-related offences.
This typology is not wholly consistent, as it is not based on a sole criterion to differentiate between categories.
Three categories focus on the object of legal protection: “offences against the confidentiality, integrity and
availability of computer data and systems”; content-related offences; and copyright- related offences. The fourth
category of “computer-related offences”does not focus on the object of legal protection, but on the method used to
commit the crime. This inconsistency leads to some overlap between categories.
In addition, some terms that are used to describe criminal acts (such as “cyberterrorism” or “phishing”) cover acts
that fall within several categories. Nonetheless, the four categories can serve as a useful basis for discussing the
phenomena of cybercrime.
2.3 Development of computer crime and cybercrime
The criminal abuse of information technology and the necessary legal response are issues that have been discussed
ever since the technology was introduced. Over the last 50 years, various solutions have been implemented at the
national and regional levels. One of the reasons why the topic remains challenging is the constant technical
development, as well as the changing methods and ways in which the offences are committed.
- 2.3.1 The 1960s
In the 1960s, the introduction of transistor-based computer systems, which were smaller and less expensive than
vacuum-tube based machines, led to an increase in the use of computer technology. At this early stage, offences
focused on physical damage to computer systems and stored data. Such incidents were reported, for example, in
Canada, where in 1969 a student riot caused a fire that destroyed computer data hosted at the university. In the mid
1960s, the United States started a debate on the creation of a central data-storage authority for all ministries.
Within this context, possible criminal abuse of databases and the related risks to privacy were discussed.
- 2.3.2 The 1970s
In the 1970s, the use of computer systems and computer data increased further.At the end of the decade, an
estimated number of 100 000 mainframe computers were operating in the United States.With falling prices,
computer technology was more widely used within administration and business, and by the public. The 1970s were
characterized by a shift from the traditional property crimes against computer systems that had dominated the
1960s, to new forms of crime. While physical damage continued to be a relevant form of criminal abuse against
computer systems, new forms of computer crime were recognized. They included the illegal use of computer
systems and the manipulation of electronic data. The shift from manual to computer- operated transactions led to
another new form of crime – computer-related fraud.Already at this time, multimillion dollar losses were caused by
computer-related fraud.Computer-related fraud, in particular, was a real challenge, and law- enforcement agencies
were investigating more and more cases. As the application of existing legislation in computer-crime cases led to
difficulties, a debate about legal solutions started in different parts of the world. The United States discussed a draft
bill designed specifically to address cybercrime.Interpol discussed the phenomena and possibilities for legal
- 2.3.3 The 1980s
In the 1980s, personal computers became more and more popular. With this development, the number of computer
systems and hence the number of potential targets for criminals again increased. For the first time, the targets
included a broad range of critical infrastructure. One of the side effects of the spread of computer systems was an
increasing interest in software, resulting in the emergence of the first forms of software piracy and crimes related to
patents.The interconnection of computer systems brought about new types of offence. Networks enabled offenders
to enter a computer system without being present at the crime scene. In addition, the possibility of distributing
software through networks enabled offenders to spread malicious software, and more and more computer viruses
were discovered. Countries started the process of updating their legislation so as to meet the requirements of a
changing criminal environment. International organizations also got involved in the process. OECD and the Council
of Europe set up study groups to analyse the phenomena and evaluate possibilities for legal response.
- 2.3.4 The 1990s
The introduction of the graphical interface (“WWW”) in the 1990s that was followed by a rapid growth in the
number of Internet users led to new challenges. Information legally made available in one country was available
globally – even in countries where the publication of such information was criminalized. Another concern associated
with online services that turned out to be especially challenging in the investigation of transnational crime was the
speed of information exchange. Finally, the distribution of child pornography moved from physical exchange of
books and tapes to online distribution through websites and Internet services. While computer crimes were in
general local crimes, the Internet turned electronic crimes into transnational crime.
As a result, the international community tackled the issue more intensively. UN General Assembly Resolution 45/121
adopted in 1990 and the manual for the prevention and control of computer-related crimes issued in 1994 are just
- 2.3.5 The 21st Century
As in each preceding decade, new trends in computer crime and cybercrime continued to be discovered in the 21st
century. The first decade of the new millennium was dominated by new, highly sophisticated methods of committing
crimes, such as “phishing”, and “botnet attacks”, and the emerging use of technology that is more difficult for law
enforcement to handle and investigate, such as “voice-over-IP (VoIP) communication” and “cloud computing”. It is
not only the methods that changed, but also the impact. As offenders became able to automate attacks, the number
of offences increased. Countries and regional and international organizations have responded to the growing
challenges and given response to cybercrime high priority.
Chapter 3 : 3. The challenges of fighting cybercrime
Law-enforcement agencies can now use the increasing power of computer systems and complex forensic software to
speed up investigations and automate search procedures. It can prove difficult to automate investigation processes.
While a keyword-based search for illegal content can be carried out easily, the identification of illegal pictures is
more problematic. Hash-value based approaches are only successful if pictures have been rated previously, the hash
value is stored in a database and the picture that was analysed has not been modified.
Forensic software is able to search automatically for child-pornography images by comparing the files on the hard
disk of suspects with information about known images. For example, in late 2007, authorities found a number of
pictures of the sexual abuse of children. In order to prevent identification the offender had digitally modified the
part of the pictures showing his face before publishing the pictures over the Internet. Computer forensic experts
were able to unpick the modifications and reconstruct the suspect’s face. Although the successful investigation
clearly demonstrates the potential of computer forensics, this case is no proof of a breakthrough in childpornography
investigation. If the offender had simply covered his face with a white spot, identification would have
3.2 General challenges
3.2.1 Reliance on ICTs
Many everyday communications depend on ICTs and Internet-based services, including VoIP calls or e- mail
communications.ICTs are now responsible for the control and management functions in buildings, cars and aviation
services. The supply of energy, water and communication services depend on ICTs. The further integration of ICTs
into everyday life is likely to continue. Growing reliance on ICTs makes systems and services more vulnerable to
attacks against critical infrastructures. Even short interruptions to services could cause huge financial damages to
e-commerce businesses. It is not only civil communications that could be interrupted by attacks; the dependence on
ICTs is a major risk for military communications.
Existing technical infrastructure has a number of weaknesses, such as the monoculture or homogeneity of operating
systems. Many private users and SMEs use Microsoft’s operating system, so offenders can design effective attacks
by concentrating on this single target.
The dependence of society on ICTs is not limited to the western countries. Developing countries also face challenges
in preventing attacks against their infrastructure and users. The development of cheaper infrastructure
technologies such as WiMAX has enabled developing countries to offer Internet services to more people. Developing
countries can avoid the mistakes of some western countries, which have concentrated mainly on maximizing
accessibility, without investing significantly in protection. US experts have explained that successful attacks against
the official website of governmental organizations in Estonia could only take place due to inadequate protection
measures. Developing countries have a unique opportunity to integrate security measures early on. This may
require greater upfront investments, but the integration of security measures at a later point may prove more
expensive in the long run.
Strategies must be formulated to prevent such attacks and develop countermeasures, including the development
and promotion of technical means of protection, as well as adequate and sufficient laws enabling law-enforcement
agencies to fight cybercrime effectively.
3.2.2 Number of users
The popularity of the Internet and its services is growing fast, with over 2 billion Internet users worldwide by 2010.
Computer companies and ISPs are focusing on developing countries with the greatest potential for further growth.
In 2005, the number of Internet users in developing countries surpassed the number in industrial nations, while the
development of cheap hardware and wireless access will enable even more people to access the Internet.
With the growing number of people connected to the Internet, the number of targets and offenders increases. It is
difficult to estimate how many people use the Internet for illegal activities. Even if only 0.1 per cent of users
committed crimes, the total number of offenders would be more than one million. Although Internet usage rates are
lower in developing countries, promoting cybersecurity is not easier, as offenders can commit offences from around
The increasing number of Internet users causes difficulties for the law-enforcement agencies because it is relatively
difficult to automate investigation processes. While a keyword-based search for illegal content can be carried out
rather easily, the identification of illegal pictures is more problematic. Hash-value based approaches are for
example only successful if the pictures were rated previously, the hash value was stored in a data base, and the
picture that was analysed has not been modified.
3.3 Legal challenges
3.3.1 Challenges in drafting national criminal laws
Proper legislation is the foundation for the investigation and prosecution of cybercrime. However, law- makers must
continuously respond to Internet developments and monitor the effectiveness of existing provisions, especially given
the speed of developments in network technology.
Historically, the introduction of computer-related services or Internet-related technologies has given rise to new
forms of crime, soon after the technology was introduced. One example is the development of computer networks in
the 1970s – the first unauthorized access to computer networks occurred shortly afterwards. Similarly, the first
software offences appeared soon after the introduction of personal computers in the 1980s, when these systems
were used to copy software products.
It takes time to update national criminal law to prosecute new forms of online cybercrime. Indeed, some countries
have not yet finished with this adjustment process. Offences that have been criminalized under national criminal law
need to be reviewed and updated. For example, digital information must have equivalent status as traditional
signatures and printouts.
Without the integration of cybercrime-related offences, violations cannot be prosecuted.
The main challenge for national criminal legal systems is the delay between the recognition of potential abuses of
new technologies and necessary amendments to the national criminal law. This challenge remains as relevant and
topical as ever as the speed of network innovation accelerates. Many countries are working hard to catch up with
legislative adjustments. In general, the adjustment process has three steps: adjustment to national law,
identification of gaps in the penal code, and drafting of new legislation.
Adjustments to national law must start with the recognition of an abuse of new technology
Specific departments are needed within national law-enforcement agencies, which are qualified to investigate
potential cybercrimes. The development of computer emergency response teams (CERTs), computer incident
response teams (CIRTs), computer security incident response teams (CSIRTs) and other research facilities have
improved the situation.
Chapter 4 : 4. Anti-cybercrime strategies
4.1 Cybercrime legislation as an integral part of a cybersecurity strategy
As pointed out previously, cybersecurity plays an important role in the ongoing development of information
technology, as well as Internet services. Making the Internet safer (and protecting Internet users) has become
integral to the development of new services as well as governmental policy.Cybersecurity strategies – for example,
the development of technical protection systems or the education of users to prevent them from becoming victims of
cybercrime – can help to reduce the risk of cybercrime. An anti-cybercrime strategy should be an integral element of
a cybersecurity strategy. The ITU Global Cybersecurity Agenda, as a global framework for dialogue and
international cooperation to coordinate the international response to the growing challenges to cybersecurity and to
enhance confidence and security in the information society, builds on existing work, initiatives and partnerships
with the objective of proposing global strategies to address these related challenges. All the required measures
highlighted in the five pillars of Global Cybersecurity Agenda are relevant to any cybersecurity strategy.
Furthermore, the ability to effectively fight against cybercrime requires measures to be undertaken within all of the
4.1.1 Implementation of existing strategies
One possibility is that anti-cybercrime strategies developed in industrialized countries could be introduced in
developing countries, offering advantages of reduced cost and time for development. The implementation of existing
strategies could enable developing countries to benefit from existing insights and experience.
Nevertheless, the implementation of an existing anti-cybercrime strategy poses a number of difficulties. Although
similar challenges confront both developing and developed countries, the optimal solutions that might be adopted
depend on the resources and capabilities of each country. Industrialized countries may be able to promote
cybersecurity in different and more flexible ways, e.g. by focusing on more cost- intensive technical protection
There are several other issues that need to be taken into account by developing countries adopting existing anticybercrime
strategies. They include compatibility of respective legal systems, the status of supporting initiatives
(e.g. education of the society), the extent of self-protection measures in place as well as the extent of private sector
support (e.g. through public-private partnerships).
4.1.2 Regional differences
Given the international nature of cybercrime, the harmonization of national laws and techniques is vital in the fight
against cybercrime. However, harmonization must take into account regional demand and capacity. The importance
of regional aspects in the implementation of anti-cybercrime strategies is underlined by the fact that many legal and
technical standards were agreed among industrialized countries and do not include various aspects important for
developing countries. Therefore, regional factors and differences need to be included within their implementation
4.1.3 Relevance of cybercrime issues within the pillars of cybersecurity
The Global Cybersecurity Agenda has seven main strategic goals, built on five work areas: 1) Legal measures;
2)Technical and procedural measures; 3)Organizational structures; 4)Capacity building; and 5) International
cooperation. As pointed out above, issues related to cybercrime play an important role in all five pillars of the Global
Cybersecurity Agenda. Among these work areas, the “Legal measures” work areas focuses on how to address the
legislative challenges posed by criminal activities committed over ICT networks in an internationally compatible
4.2 A cybercrime policy as starting point
Developing legislation to criminalize certain conduct or introduce investigation instruments is a rather unusual
process for most countries. The regular procedure is first of all to introduce a policy. A policy is comparable to a
strategy that defines the different instruments used to address the issue. Unlike a more general cybercrime strategy
that may address various stakeholders, the role of policy is to define the government’s public response to a certain
issue. This response is not necessarily limited to legislation as governments have various instruments that can be
used to achieve policy goals. And even if the decision is made that there is a need to implement legislation, it does
not necessarily need to focus on criminal law but could also include legislation more focussed on crime prevention.
In this regard, developing a policy enables a government to comprehensively define the government response to a
problem. As the fight against cybercrime can never solely be limited to introducing legislation, but contains various
strategies with different measures, the policy can ensure that those different measures don’t cause conflicts.
Within different approaches to harmonize cybercrime legislation too little priority has been given to not only
integrating the legislation in the national legal framework but also including it into an existing policy, or developing
such policy for the first time. As a consequence some countries that merely introduced cybercrime legislation
without having developed an anti-cybercrime strategy as well as policies on the government level faced severe
difficulties. They were mainly a result of a lack of crime prevention measures as well as an overlapping between
4.3 The role of regulators in fighting cybercrime
In decades gone by, the focus of solutions discussed to address cybercrime was on legislation. As already pointed
out in the chapter dealing with an anti-cybercrime strategy, however, the necessary components of a comprehensive
approach to address cybercrime are more complex. Recently, the spotlight has fallen on the role of regulators in the
fight of cybercrime.
4.3.1 From telecommunication regulation to ICT regulation
The role of regulators in the context of telecommunications is widely recognized. As Internet has eroded the old
models of the division of responsibilities between government and private sector, a transformation of the traditional
role of ICT regulators and a change in the focus of ICT regulation can be observed. Already today ICT regulatory
authorities find themselves involved in a range of activities linked to addressing cybercrime. This is especially
relevant for areas like content regulation, network safety and consumer protection, as users have become
vulnerable. The involvement of regulators is therefore the result of the fact that cybercrime undermines the
development of the ICT industry and related products and services.
The new duties and responsibilities of the ICT regulator in combating cybercrime can be seen as part of the wider
trend towards the conversion of centralized models of cybercrime regulation into flexible structures. In some
countries, ICT regulators have already explored the possibility of transferring the scope of regulatory duties from
competition and authorization issues within the telecom industry to broader consumer protection, industry
development,cybersafety, participation in cybercrime policy- making and implementation, which includes the wider
use of ICTs and as a consequence cybercrime- related issues. While some new regulatory authorities have been
created with mandates and responsibilities that include cybercrime, older established ICT regulators have extended
their existing tasks to include various activities aimed at tackling cyber-related threats. However, the extent and
limitations of such involvement are still under discussion.
4.3.2 Models for extension of regulator responsibility
There are two different models for establishing the mandate of regulators in combating cybercrime, namely:
extensively interpreting the existing mandate, or creating new mandates.
Two traditional areas of involvement of regulators are consumer protection and network safety. With the shift from
telecommunication services to Internet-related services, the focus of consumer protection has changed. In addition
to the traditional threats, the impact of Spam, malicious software and botnets need to be taken into consideration.
One example of extending a mandate comes from the Dutch Independent Post and Telecommunication Authority
(OPTA). The mandate of the regulator includes Spam
prohibition and preventing the dissemination of malware. During the debate on the mandate of OPTA, the
organization expressed the view that a bridge should be built between cybersecurity as a traditional field of activity
and cybercrime in order to effectively address both issues. If cybercrime is seen as a failure of cybersecurity, the
mandate of regulators is consequently automatically expanded.
The possibility of extending the regulator’s mandate to include cybercrime issues also depends on the institutional
design of the regulator, and whether it is a multisector regulator (like utility commissions), a sector-specific telecom
regulator or a converged regulator. While every model of institutional design has its advantages and disadvantages
from the perspective of ICT industry regulation, the type of institutional design should be taken into account when
assessing how and in what areas the ICT regulator should be involved. Converged regulators, with responsibility for
media and content as well as ICT services, generally face a challenge in terms of complexity of workloads. However,
their comprehensive mandate can constitute an advantage in dealing with content-related issues, such as child
pornography or other illegal or harmful content. In a converged environment where traditional telecommunication
regulators may struggle to resolve certain issues, such as consolidation between media content and
telecommunication service providers, the converged regulator appears to be in a better position to address contentnetwork
issues. Furthermore, the converged regulator can help to avoid inconsistency and uncertainty of regulation
and unequal regulatory intervention in respect of the different content delivered over various platforms.
Nevertheless, the discussion of the advantages of a converged regulator should not undermine the importance of
the activities of single-sector regulators. While, for instance, up to the end of 2009 the European Union had only
four converged ICT regulators, many more were involved in addressing cybercrime.
When thinking of extending the interpretation of existing mandates, account must be taken of the capacity of the
regulator and the need to avoid overlap with the mandates of other organizations. Such potential conflicts can be
solved more easily if new mandates are clearly defined.
The second approach is the creation of new mandates. In view of the potential for conflicts, countries such as
Malaysia have decided to redefine mandates to avoid confusion and overlap. The Malaysian Communications and
Multimedia Commission (MCMC), as a converged regulator, has established a special department dealing with
information security and network reliability, the integrity of communications and critical communication
infrastructure.A similar approach can be observed in South Korea, where in 2008 the Korea Communications
Commission (KCC) was created by consolidating the former Ministry of Information and Communication and the
Korean Broadcasting Commission. Among other duties, KCC is responsible for the protection of Internet users from
harmful or illegal content.
1) Clarke/Sandberg/Wiley/Hong, Freenet: a distributed anonymous information storage and retrieval system, 2001;
Chothia/Chatzikokolakis, A Survey of Anonymous Peer-to-Peer File-Sharing, available at: www.spinellis.gr/pubs/jrnl/
2004-ACMCS-p2p/html/AS04.pdf; Han/Liu/Xiao/Xiao, A Mutual Anonymous Peer- to-Peer Protocol Design, 2005.
2) Autronic v. Switzerland, Application No. 12726/87, Judgement of 22 May 1990, para. 47. Summary available at:
2422ec00f1ace923c1256681002b47f1/cd1bcbf61104580ec1256640004c1d0 b? OpenDocument.
3) The Internet Systems Consortium identified 490 million Domains (not webpages). See the Internet Domain
Survey, July 2007, available at: www.isc.org/index.pl?/ ops/ds/reports/2007-07/; The Internet monitoring company
Netcraft reported in August 2007 a total of nearly 130 million websites at: http://news.netcraft.com/
4) Gordon/Ford, On the Definition and Classification of Cybercrime, Journal in Computer Virology, Vol. 2, No. 1,
2006, page 13-20; Chawki, Cybercrime in France: An Overview, 2005, available at: www.crimeresearch.
org/articles/cybercrime-in- france-overview; Gordon/Hosmer/Siedsma/Rebovich,
5) Assessing Technology, Methods, and Information for Committing and Combating Cyber Crime, 2003, available
6) Kabay, A Brief History of Computer Crime: An Introduction for Students, 2008, page 23, available at:
7) CRS Report for Congress on the Economic Impact of Cyber-Attacks, April 2004, page 10, available at: