Sophisticated computer crime threatens to outpace the development of legislation. Computer technology has created challenges for investigators and prosecutors due to the inadequacy of existing legislation. Traditional criminal laws are poorly prepared to handle cyber crime since legislations were not enacted with technology in mind. The laws are geared toward protecting physical property, not electronic property. Legal challenges result from laws and legal tools required to investigate cyber crime, which lag behind technological, structural, and social changes.
Laws defining computer offenses make it difficult for decision makers to enforce laws adequately. There exists a wide gap in cyber crime laws around the globe. Countries are not consistent in their efforts to develop strong laws governing the cyber crime issue. Nations are not taking the threat seriously. A report by McCormell International (2000) analyzing high-tech laws in 52 countries discovered that only nine countries had amended their laws to address cyber crimes in four categories: data-related crimes, network related crimes, access crimes, and associated computer related crimes.
In 1986, the U. S. Congress passed an independent statute, the Computer Fraud and Abuse Act (CFAA), Title 8 Section 1030, to address computer crimes. This Act consists of seven different sections that address specific types of cyber crimes: espionage, information violations, intrusions into government computers, fraud, hacking, viruses, denial-of-service attacks, password trafficking, and extortion (Hancock, 2000). This Act was enacted to help stop cyber crimes and has had many revisions to achieve its goal.
Congress amended the Act in 1986,1988,1989, 1990, and 1994 (Wolf, 2000). CFAA does not contain full legislative flaws, but Congress falsely believes that computers are fundamentally different from other things, and thus, criminal statutes must be separated from other statutes. Legislation is moving at a slower pace than the crimes, thus, creating loopholes due to the laws not being directly applied to many of the cyber crimes (Speer, 2000).
The United States Sentencing Commission conducted a study in June of 1996, which reports that the CFAA resulted in only 174 convictions, thus, assessing the statute as ineffective due to unreliable statistics (Wolf, 2000). A national survey of prosecutors conducted in 2001 concludes that only 42% of the prosecutors' offices reported prosecuting computer related crimes under their state's computer statutes (Bureau of Justice Statistics [BJS], 2002). Thus, cyber criminal acts are being prosecuted under other fraud statutes, thereby, rendering cyber crime statistics ineffective.
Virtually every state has enacted legislation, rendering various computer and cyber activities illegal (Skinner & Fream, 1997). Furthermore, despite the enactment of such legislation, the war on cyber crime has experienced a problem of judicial leniency. The legislation is slow, and the threat is outrageous. Some of the biggest cyber crime cases in history have resulted in dismissals or relatively light punishments. The few cyber crime cases that have passed through the legal system have not led to severe punishments (Sherizen, 1995).
According to the Science Application International Corporation, the average bank robbery in the United States costs $1,900 and is prosecuted 82% of the time, whereas the average cyber crime costs $250,000 and is prosecuted less than 2% of the time (as cited in Overill, 1998). Consequently, criminals learn the comfortable circumstances of the legal system and realize that it is non-probable for them to get caught, and if they do, very minimal will be done to penalize or punish them.
Research has found that "controls over certain illegal behaviors were associated with moral commitment, fear or social disapproval, and fear of legal punishment" (Sherizen, 1995, p. 180). Thus, the literature suggests that greater enforcement of cyber crime laws and stiffer penalties would reduce the engagement of cyber criminals' acts in illegal and deviant behavior. Enacting legislation for private businesses to mandatorily report intrusions would maximize legal attention (Sherizen, 1995).
Unless the private sector is required by law to report intrusions, computer crime would not be controlled. The National Law Enforcement and Corrections Technology Center ([NLECTC], 2003, June) reports that on July 1, 2003, a California law became effective, which requires organizations to notify state customers of any intrusions that may compromise the security of customers' personal information. Cyber crime has grown at such a radical pace that laws have been unable to keep up with technology. The limits of the state have become increasingly apparent.
Lessig (1999) argues that cyberspace behavior is controlled through programming and architecture of information systems, and not through legislation. Technology is what regulates the cyber space, not law. There is a gap between old traditional laws that address tangible assets and new legal aspects that revolve around intangible assets. The current laws lag behind technological and social changes, creating legal challenges to law enforcement agencies (Herrera, 2001). Evidence search and seizure laws were written years ago and have not kept pace with technological advances (Schmidt, 1998).
In order to deter cyber criminals, legislators need to pass improved legislation to support detection and successful prosecution of offenders (p2 describe the limitations and constraints of marketing). More apprehension and punishment must take place in order for deterrence to function, and the laws must directly address new technological development (Sherizen, 1995). Bequai (1996) argues that the U. S. criminal justice system contains ineffective and outdated rales, procedures and laws that are not well suited, causing costly and time-consuming cyber crime prosecutions.
The nation's focus continues to lie in drugs and street violence, not information technology crimes. Laws are not consistent and vary from one jurisdiction to another, raising prosecution issues. The perpetrator could be operating in one state, while the victims could be in another state. The Internet, which is a borderless environment, gives easy access to cyber criminals to cross state boundaries. State and local authorities investigating cyber crime are often times faced with jurisdictional challenges; therefore, they need adequate and uniform laws that provide enforcement services (McCaul, 2001).
In theory, the U. S. legal system intends to be well prepared to deal with cyber crimes and to provide strict punishment. However, in practice, police agencies, along with prosecutors and the judiciary, are ill prepared to handle the challenges of cyber crime (Bequai, 1996). Prosecutors shy away from a case unless there is a loss or damage, despite the fact that the Federal computer crime statutes emphasize two areas - unauthorized use and unauthorized access.
No comments:
Post a Comment