Title: Criminal law, law enforcement and Internet crime : US and Polish surveys
1Criminal law, law enforcement and Internet crime
US and Polish surveys
- Andrzej Adamski
- Nicolas Copernicus University, Torun, Poland
2Law in the books 1997 penal code
- Criminalized
- CIA offences unauthorised access,
- computer eavesdropping, data interference, system
interference. - Computer-related computer fraud,
- computer forgery.
- Intellectual property crime unauthorised
reproduction/ dissemination of a protected work - Content-related crime child pornography, hate
speech.
3Law in action
- a. Prevalence of computer security attacks
telecom data (2002) - 30,000 reported incidents against network
security - port scanning, attempts of unauthorized
access, break-ins, theft of information incl.
passwords, destruction and modification of data. - Most reports (60) from abroad.
- Others (40) 10,000 - 12,000 from Poland
- baseline 12, 000 100
- b. Official reaction against CIA crime law
enforcement data (2002) - 400 crimes known to the police
- rate 3
-
- 23 cases prosecuted (2001-2002)
- rate less than 1 per cent (0,19 )
4Law reform Cyber-crime Convention
- new offences
- misuse of devices,
- system interference,
- possession of child pornography.
- new procedural measures
- search seizure of computer system/data,
- preservation of data,
- production order.
- will this change much?
5Official control of cyber-crime
- reactive mode
- incident ? victim/ third party ? reporting to
- the police ? IAP, ISP, hotlines
- b) pro-active mode
- entrapment false web sites, role playing,
masquerade - c) peace-keeping mode - patrolling the net.
6Vigilante models of cyber-crime control
- Intermediary passive, contact point, LE
collaborative - Admonitory reactive, warning and reprimand, LE
collaborative - Investigatory, pro-active, LE collaborative
- Punitive both pro-active and reactive,
stigmatisation, pillory, LE non-collaborative.
7Contact point model
- information clearinghouse /referral system
between the general public and law enforcement
agencies, or other hotlines - running of database where the illegal/harmful
material can be assessed and forwarded to LE - co-operation with law enforcement authorities
based on agreement
8Contact point model legal constrains
- - unclear legal status,
- - data protection constrains (processing of
offender data), - - illegal activities (downloading and possession
of child pornography) , - - difficulties in cooperation between law
enforcement hotlines and non-law enforcement
hotlines, - - monitoring of one-to-one communications,
- - risk of mala fide hotlines (Jos Dumortier)
9Admonitory modelPOLPAK ABUSE TP TEAM
- Reporting of incidents to TP http//www
.tpnet.pl/eng_ver/abuse.php - Incidents should be reported in the following
manner - using an online report form
- via e-mail addressed to abuse_at_telekomunikacja.pl,
abuse_at_tpnet.pl - PROCEDURESIf you were attacked, YOU decide on
how the case related to security breach (hacking,
mail bombing) will be handled.You may - Remove the traces of connection and other damage
and forget about the whole thing. - Collect the existing event - related logs (time,
IP address) and report the event to TP SA by
filling in the form. - Fill a "request to prosecute ..." to the Police
or the Regional Prosecutor's office. - Locate the intruder by your own means.
- REPORTING THE EVENT TO TP "POLPAK . . . .
10Investigatory model
- Private policing by volunteers -provocation
entrapment - The law is deficient. Police has no legal tools
for the efficient prosecution of
cyber-paedophiles. Entrapment by the police is
not allowed. However, it is not prohibited to
ordinary citizens. So ..... Lets do it!
11Investigatory modelpros cons
- ? some general preventive effects.
- ? inexperience may be harming - dealing with
child pornography, child sex abusers, or with the
victims of child sex abuse, is no place for
amateurs (John Carr). - ? risk of unlawful conduct,
- Polish penal code
- Article 24. Whoever incites another person to
commit a prohibited act, in order to direct
criminal proceedings towards such a person, shall
be liable as for instigating (...)
12Polish penal code
- Article 24. Whoever incites another person to
commit a prohibited act, in order to direct
criminal proceedings towards such a person, shall
be liable as for instigating (...)
- Art. 24.
- Odpowiada jak za podzeganie, kto w celu
skierowania przeciwko innej osobie postepowania
karnego naklania ja do popelnienia czynu
zabronionego
13http//perverted-justice.com/ volunteers pose as
kids in chat rooms, and when an adult engages
them in sexual banter, they publish the person's
personal data on the site so the group's
supporters can harass the adult by phone and
e-mail.
Punitive model
14Policing Internet crime
- Current Internet threats v. statistics
- Perception of the Internet fraud problem,
- Attitudes towards the law,
- Internet fraud enforcement,
- Preparadness for investigating Internet fraud,
- Cooperation,
- Extent of and response to Internet fraud.
15Schematic the botnet infection cycle
From D.Wall, Repelling the invasion of botnets,
ESC Conference, Cracow, 2005
16Reported network incidents by internet users
(1997-2003) Poland, telecom data
17Reported v. prosecuted CIA attacks
- a. Prevalence of computer security attacks
telecom data (2002)30,000 reported incidents
against network security - port scanning, attempts of unauthorized
access, break-ins, theft of information incl.
passwords, destruction and modification of data. - Most reports (60) from abroad.
- Others (40) 10,000 - 12,000 from Poland
- baseline 12, 000 100
- b. Official reaction against CIA crime law
enforcement data (2002) - 400 crimes known to the police
- rate 3
-
- 23 cases prosecuted (2001-2002)
- rate 0,19
18Internet-related offences (N658) prosecuted in
Poland (2001-2002)
19Two surveys
- US (2001)/ N217resp.
- nationwide sample from 700 police departments
employing at least 100 officers - no computer crime division 46,7
- response rate 31 percent.
- / R.G.Burns at al., Assessing law enforcement
preparedness to address Internet fraud, Journal
of Criminal Justice 32(2004)
- Poland (2005) N224 resp.
- nationwide sample from 223 police departments
employing mostly (78) at least 100 officers - no computer crime division 71,3
- response rate 10 percent.
- aim assessment of preparedness of the police
and level of involvement in preventing and
investigating Internet fraud in comparison with
US findings.
20Perceptions of Internet fraud as a significant
problem by
respondents who agree or agree strongly
21Attitudinal responses to Internet fraud
legislation
respondents who agree or agree strongly
22Attitudinal responses to Internet fraud
enforcement
respondents who agree or agree strongly
23Attitudinal responses to Internet fraud
enforcement
respondents who agree or agree strongly
24Resources available to address Internet fraud
respondents who agree or agree strongly
25Internet fraud training practices
respondents use of resources in training
26Cooperation - contacts
respondents reporting at least weekly
contact range 1
(never) to 5 (at least weekly)
27Cooperation -contacts
respondents reporting at least frequent
contact range 1
(never) to 5 (always)
28Cooperation -effectivness
respondents reportingeffectively or very
effectively range
1 (not at all effectively) to 4 (very
effectively)
29Cooperation - effectivness
respondents reportingeffectively or very
effectively range
1 (not at all effectively) to 5 (very
effectively)
30Complaints regarding Internet fraud
compliants received by respondents at least
monthly
31Final remarks
- Internet fraud takes different forms in the US
and Poland. - Even so, the police perception of the problem is
similar. - Police evaluation of the Internet fraud
legislation is equally critical in both
jurisdictions. - Considerable differences appear between police
officers views on how to investigate Internet
fraud and who should do it. - These differences may reflect various degree of
resistance to change organisation of the police
and their responses to innovative crimes.