Top
image credit: Unsplash

Can Legislation Stop Cybercrime?

May 21, 2020

Category:

It is often incredibly difficult to pinpoint the origin of a cyberattack. But even in cases where the perpetrator can be accurately identified, international law has very few mechanisms that allow a state to respond to it. With these difficulties in mind, a very important question emerges: can legislation find some stable ground in the quicksand that is cybercrime, enough to fight it effectively?

The Challenges

The Computer Misuse Act has been updated no less than 11 times in the last 25 years. This has led to numerous available sanctions that deal with criminal activity in an effort to punish and rehabilitate criminals. Still, the number of attacks is on the rise.

A logical deduction is that the law isn’t as effective as one would expect at stopping criminals from engaging in cybercrime. The question is why.

One of the most apparent difficulties in dealing with cybercrime is its global nature—perpetrators may be in one country, while their victims are in another. This means that the chances of such activities being investigated and prosecuted are low—0.05%, to be exact.  

To complicate matters further, there’s a lack of reporting and data, leading to a lack of awareness of the real amount of instances these crimes take place. A reason this happens is that for businesses in a competitive environment, reporting cybercrime is seen as revealing their vulnerabilities, which may affect their users’ trust in them. 

In addition, the evidence involved in cyber cases is difficult to gather, fragile, and prone to manipulation or even destruction.

What’s more, the law seems to not be punitive enough. This means that even in the rare cases where there is enforcement, cybercriminals are hardly impacted by it, boosting the chances they may try again.

Other challenges include cost, time, the effort needed for investigating and prosecuting, lack of enforcement mechanisms, and ill-trained and poorly paid enforcement agencies

What Can Be Done?

1. Reaching Common Ground

The first step to effectively dealing with cybercrime is to reach a common ground. Without it, the international community cannot hope to deal with a threat as global as this one. This shared vision is becoming increasingly vital with the rise of integrated smart cities, 5G networks, AI, and cloud computing. To this end, building alliances, improving the sharing of information, and streamlining bureaucratic methods are all invaluable techniques for ensuring the collective agreement is put to good use. 

2. Improved Attribution Efforts

Attribution refers to identifying the origin and individual or individuals who performed the cyberattack. While it’s true that it is both time-consuming and incredibly difficult, it is not impossible.

There is a lack of physical evidence that makes matters more difficult, and it is the reason cyber attribution must deal in degrees of certainty, and not in absolutes. This is just one of the challenges that can be mitigated by more resources being put into technological advances in cyber investigations. Indeed, the systems and processes used in attribution when it comes to cyber crimes are still in the inception phase, particularly when compared to physical crimes.

Governments can also start advising system operators on which tools and procedures are best to use when a breach occurs so that they will gain the most forensic evidence. 

3. Better International Enforcement

More funding should be put into bilateral and multilateral cyber capacity-building efforts, as they are an opportunity to enhance international back-up—not only for the rule of law but also for human rights. 

Of course, better international enforcement cannot happen without each country improving its domestic enforcement first. To achieve that, enhanced forensic training, technical assistance, and crime labs are needed for law enforcement. 

Conclusion

To answer the title’s question, legislation can become effective at stopping cybercrime. But this will happen in the future, once the enforcement gap is addressed. This will require transnational integration, as well as closer collaboration between law enforcement and private companies. 

More investments should be made for the technology responsible for identifying the culprit, and there should be more efforts to strengthen international enforcement. Essentially, a new global architecture is needed. Until this happens, the legislation will continue to have difficulties in effectively stopping cybercrime.