Regulating Cybercrime Flashcards

Question

Article 8 CoC -> computer-related fraud

Answer 1

There has to be a loss of property Explanatory report: “The term “loss of property”, being a broad notion, includes loss of money, tangible and intangibles with an economic value”.

Answer 2

A person who, with the intent of obtaining an unlawful gain, induces a person, by assuming a false name or a false capacity, by artful tricks, or by a tissue of lies, to surrender any property, provide a service, make available data, ... “Induce a person”: need a person to be deceived? No (according to case law) Case law – computer-related fraud: A student put a keylogger in the computer of a teacher. The student typed their usernames and passwords, and the suspect could use their usernames and passwords. He used this information to order things online, all kinds of stuff, expensive but small. He ordered stuff and let it be sent to an address and when the delivery happened, he used a … to pick up the object. Then, he resold all the items. The police in the end found out who it was and got convicted.

Answer 3

Theft: taking away a good or property belonging to someone else (art. 310 DPC) Data is not considered to be a good/property under Dutch law. Defendant argued that a virtual objects is not a good. However, Supreme Court decided that they are. Why? Reasoning Supreme Court in Runescape case * 3.3.2. ... An intangible object may be considered a good provided it is an object that by its nature can be removed from the de facto control of another person. * 3.6.1. The assertion that the objects are not goods because they consist of ‘bits and bytes’ is untenable. The virtual nature of these objects does not in itself preclude their being considered goods within the meaning of art. 310 of the Criminal Code (= theft). The Appeal Court’s ruling on this matter is thoroughly reasoned and is in no way incorrect in its interpretation of the law. The Supreme Court bases this conclusion in part on the fact that the appeal court established that “for the victim, the defendant and his co- accused, the possessions they collect in the game hold genuine value, which can be taken away from them” and that “this concerns items of value accumulated over the course of the game, which were obtained – or can be obtained – through time and effort” and that the victim had “exclusive de facto control” over the objects within the game environment and lost control of those objects through the actions of the defendant and the co-accused. Difference between data and virtual object + the fact that they represent real value/money + remove the possession from one person. Intangible object may be considered a good considering that it was removed from one person.

Answer 4

Because: to be able to prosecute these crimes, keeping in mind the international dimension of cybercrime. Legal certainty, also bc not all traditional provisions that apply to crime also apply to cybercrime. Because u cannot be punished unless the activity has been declared illegal (nulla poena principle). to prevent dual criminality. In CoC we are mainly looking at preservation, access/ collection and storage out of the steps

Answer 5

Digital leads: (1) IP Addresses - IP addresses often do not specifically identify the device that an individual utilises, but they do provide law enforcement officials with a clue about the particular network that a person uses for his internet connection. (2) Online Handles - a name an individual uses to interact with other individuals on the Internet Online handles are a digital lead for three reasons. They: (1) can allow law enforcement officials to gather publicly available information about an internet user, (2) can direct law enforcement officials to an online service provider that may hold information about an internet user, and (3) can enable law enforcement officials to interact (undercover) with the individual.

Answer 6

Manual gathering of online information Automated gathering of publicly available online information Observation of the online behaviour of an individual Examination of data that is on the servers/computers systems of others Online undercover investigative methods

Answer 7

Digital evidence- any info of probative value that is either stored or transmitted in a digital form Digital evidence can be extracted from a great variety of sources (eg storage media, computing devices, network communications, cloud…) Can a phone be used in trial as evidence? Information generated, stored or transmitted using electronic devices that may be relied upon in court. To guarantee that the evidence is accepted in court, it is necessary to obtain the information following very well-defined processes using specialised personnel and operating within an adequate legal framework

Answer 8

1. Expedited preservation – of stored data – of traffic data 2. Production order 3. Search and Seizure - of stored data - of real-time - interception

Answer 9

Definition of traffic data can be found in art 1(d) "traffic data" means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service Who would preserve the traffic data? - ISPs

Answer 10

Makes sure this data is not deleted Right has a maximum of 90 days If u need to keep info longer than u need to prove… The first thing LE do is ask for data and preserve it

Answer 11

"computer data" means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function; - article 1(b) CoC

Answer 12

Article 17 - expedited preservation of partial disclosure of traffic data Some measures of disclosure a, ensure that such expeditious preservation of traffic data is available regardless of whether one or more service providers were involved in the transmission of that communication; and b, ensure the expeditious disclosure to the Party’s competent authority, or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted. Eg who has communicated with u, when, but not the actual content of the messages Art 16 is about preserving data, in particular traffic data Preservation of data in art 16 -> max 90 days but can be extended Art 17: also about preservation and partial disclosure of traffic data Starts releasing some of the stored data Creates laws for partial disclosure of this data Eg see is SP were involved, so we could ask for preservation orders of that data as well

Answer 13

What is the second additional protocol about? Among other things, subscriber info and traffic data Art 7 protocol 2: parties can make laws that can provide that a competent authority asks directly for subscriber info We're trying to create direct lines: directly from LE in one country to an SP in another

Answer 14

The legal basis used was for market regulation, thus there was no law enforcement for the legal basis This directive obliges the data to be retained so the police could access even previous data There were no safeguards in this directive Is this against fundamental rights? This was the question in digital rights Ireland The court said that the directive goes against the right to private life and data protection As there were no limits or safeguards this resulted in mass collection of data The directive was then revoked but some states as they have already implemented these laws still have that level of data retention.

Answer 15

Gives us the definition of subscriber information, and the way for states to access it. what if the service provider is in another country tho? A SP offering its services has to submit subscriber info relating to such services in the SP Possession or control Why do we have to stop at subscriber data? The countries negotiating were also thinking about their national laws If art 18 allowed to order the SP to submit all the info that they had we would have difficulties of getting any data from eg Meta, bc in the US u need a probable cause, so if there were no this we would get no data Art 16 and 17 do not give us access to the data; they only preserve it! Recap: If the service provider is within the same country the national law applies, easy to ask for submission for any specified data Difficulty when its in another country; bc difference in national laws Some countries have a really high threshold, eg the USA So art 18 helps- can release subscriber data The police asking still have to abide by the national laws of that country, but the laws around subscriber data are less tight Subscriber info we still have to abide by the rules of that country, mutual legal assistance procedure (takes time)

Answer 16

Mutual legal assistance procedure: A court or judicial authority wants info from another country From that, the request is transferred to the central authority of the country that we want the data from Then it goes to another court, to check if it abides by their legal rules If yes, the police collect that data from the SP Goes back to the court then back to the central authority Then goes to the country asking This takes cca 6 months

Answer 17

Second additional protocol To not change the main text of CoC, new additions to the convention have been put in a protocol (racist and xenophobic content, and making the process of mutual legal assistance procedure faster). Need 5 rectifications for the second protocol Can the EU sign and ratify this? Not a member of the council of europe, so it cannot rectify the second protocol But all the MS can do so What is the second additional protocol about? Among other things, subscriber info and traffic data Art 7 protocol 2: parties can make laws that can provide that a competent authority asks directly for subscriber info Were trying to create direct lines: directly from LE in one country to a SP in another

Answer 18

Sometimes to follow a law of the country being asked, u may violate the law of the asking country Eg under US law u have to follow a law bc u have to, u may violate EU laws due to a lack of disclosure (Microsoft case) If it compiles with the order it breaks the law, if it complies with the law it breaks the order This made it to the supreme court, the court didn't say anything bc the US came up with the Cloud Act to solve this As long as the US has a prior agreement with other countries US individually enters into an agreement with other states The Cloud Act does not recognise the EU being allowed to negotiate on the behalf of the whole union, each MS has to negotiate for itself

Answer 19

– For the purpose of this article, the term “subscriber information” means any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:  the type of communication service used, the technical provisions taken thereto and the period of service;   the subscriber’s identity, postal or geographic address, telephone and other access numbers, billing and payment information, available on the basis of the service agreement or arrangement;   any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement

Answer 20

Does not explicitly mention it, but art 16 and especially 17 with the identification of some traffic data u can start identifying how that particular computer has communicated with others, together with subscriber information can lead to information

Answer 21

Does the state have the legislative power to regulate the relevant conduct   (‘prescriptive jurisdiction’)?  Do the courts have the power to hear the particular dispute (‘adjudicative jurisdiction’)?  Does the state have jurisdiction to enforce the law (‘enforcement jurisdiction’)? 

Answer 22

Does law enforcement have jurisdiction to investigate alleged criminal activity (‘investigative jurisdiction’)? This is what is missing rn to have effective cybercrime

Answer 23

1 Each Party shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence established in accordance with Articles 2 through 11 of this Convention when the offence is committed: a. in its territory; or b. on board a ship flying the flag of that Party; or c. on board an aircraft registered under the laws of that Party; or d. by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State. Covers a number of territoriality principles: * -objective territoriality * -nationality territoriality * -extra-territoriality

Answer 24

When more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution. Yahoo!,Inc. v La Ligue Contre Le Racisme et L’Antisemitisme

Answer 25

Does the state have jurisdiction to enforce law? * See Art.24 CCC on Extradition There is a way to look at it from a way that it does have the power to enforce the law bc extradition eg.

Answer 26

Question(s): – Should a country be allowed unilaterally to access computer data in another country without the consent and mutual legal assistance of another country? In preservation orders, we can expeditiously preserve, but needs to be followed up w mutual legal assistance Second additional protocol and EU approach for production orders, asking directly SP in the second country without MLA. But by signing the protocol the countries give their consent We can argue that these developments are moving towards investigative jurisdiction – Are art.16-17 a way ‘round’ the difficulties: asking for the cooperation of communication and internet service providers with law enforcement? What are the limitations? – How should we deal with ‘cloud’ and ‘deep web’ and (indirectly) ‘loss of location’/’loss of exact location’? * E.g. seeking direct access/assistance without involvement of foreign authorities * “What considerations must be taken into account in order to create a framework (whichever form it takes) for facilitating lawful LEA access to evidence held by cloud providers, by way of direct contact with those providers, while safeguarding the rights and interest of individuals, as well as the rights and interest of the provider, and those of other States? Dan Svantesson (2016) – the concept of ‘investigative jurisdiction’ In essence “In the absence of an obligation under international law to exercise jurisdiction, a State may only exercise jurisdiction where: (1) there is a substantial connection between the matter and the State seeking to exercise jurisdiction; (2) the State seeking to exercise jurisdiction has a legitimate interest in the matter; and (3) the exercise of jurisdiction is reasonable, given the balance between the State's legitimate interests and other interests.”

Answer 27

A Party may, without the authorisation of another Party: a. access publicly available (open source) stored computer data, regardless of where the data is located geographically; or b. access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system. Part a is a custom so not a problem Part b is not very much used, bc it exposes the investigation too much * Art 32 is an exception to the principle of territoriality and permits unilateral transborder access without the need for mutual assistance under limited circumstances. “A Party may, without the authorisation of another Party: a. access publicly available (open source) stored computer data, regardless of where the data is located geographically;” - the mere fact that data are publicly available does not imply an absence of restrictions to researching them - What is the legal basis for this activity? - Should there be limitations? b. access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system. “stored computer data located in another Party” = location needs to be known? “lawful and voluntary consent of the person who has the lawful authority” = who is lawful authority? Where should the lawful authority be located? “consent” = is lawful and voluntary= explicit?

Answer 28

Probably only if location of server is known and consent obtained – The dominant interpretation of international law implies that accessing data stored on a foreign server without the prior foreign state’s consent breaches the territorial integrity of that state. The wrongfulness is not mitigated by the fact that the location of data may be unclear or unknown. According to Walden (2013), LEAs seeking access to electronic evidence that is held by a foreign cloud provider typically have four possible courses of action. The LEA may: (1) seek the assistance of the relevant foreign LEA via formal mutual legal assistance (MLA); (2) seek informal assistance from the relevant foreign LEA; (3) seek direct assistance of the foreign cloud provider (that is, without intervention by foreign authorities) or (4) seek direct access to the data (without third party cooperation). Svantesson and van Zwieten (2016) add: (5) (spontaneously) share information from the criminal investigation with the foreign LEA, in order to enable them to initiate a domestic investigation – that way, evidence may be acquired domestically, to be subsequently (and spontaneously) shared with the LEA from the original country; (6) (spontaneously) share information from the criminal investigation with the foreign LEA, which may then investigate and prosecute domestically – this would prevent the need to transfer cloud evidence over borders altogether

Answer 29

Conventions are generally independent of bilateral or other treaties * Cybercrime Convention - hybrid – convention serves as a basis – existing treaties take precedence – convention supplements or applies in absence of other treaties

Answer 30

▪ Mutual legal assistance remains a primary means to obtain electronic evidence for criminal justice purposes ▪ MLA needs to be made more efficient - Most cooperation mechanisms take months (or years!), not minutes ▪ Often subscriber information or traffic data is needed first to substantiate or address an MLA request ▪ MLA often not feasible to secure volatile evidence in unknown or multiple jurisdictions

Answer 31

* Afford MLA to the widest extent possible * MLA subject to the law of requested state or applicable treaties (locus regit actum) * If no pre-existing arrangement, supplement with new provisions * System of central authorities: no direct transmission, except in case of urgency (cc central authority) – Transmission through central authorities * temporary transfer or transit of persons in custody * exchange of information on criminal records. – grounds for refusal based on public order and essential national interest – execution ruled by the law of the requesting country – forms of assistance: notifications, taking of evidence, handing of objects, request for search and seizure (subject to double criminality)...

Answer 32

EncroChat, platform used by criminals which allowed criminals to delete messages after they have sent them   - In early 2020, EncroChat served as one of the largest providers of encrypted digital communication. A very high share of its users presumably engaged in criminal activity. User hotspots were often in countries known as cocaine and cannabis trade, and in money laundering centers.   - EncroChat phones were offered to customers as a mechanism to have anonymity. They were not connected with a device or SIMcard on the customer's account. Customers could acquire EncroChat under circumstances guaranteeing the absence of traceability. EncroChat offered perfect discretion both of the encrypted interface (dual) operating system and the encrypted interface hidden so as not to be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port). EncroChat offered discretion with the terminal itself, since the camera, microphone, GPS, and USB port were removed.   - EncroChat provided functions designed to ensure the "impunity" of users, since messages were automatically deleted on the terminals of their recipients. Recipients used a specific PIN code intended for the immediate deletion of all data on the device. In addition, all data was deleted in the event of consecutive entries of a wrong password. EncroChat had functions apparently making it possible to quickly erase compromising messages, i.e., at the time of arrest by the police. In addition, the reseller/helpdesk could erase the device from a distance.   - The phones had a dual operating system   - The phones also had burn messages, once both parties have seen the message, the  messages would self-destruct, not delete but burn meaning it cannot be retrieved.   - The phones also had a ‘panic wipe’, they could be wiped permanently even from a  distance.   - Largest investigation of organized crime in EU   - The authorities had monitored the network for over two months before closing it down.  Europol, Eurojust, and law enforcement authorities are still analyzing the data and expect it will lead to hundreds of new investigations in the coming months.4 As a result of the widespread use of the EncroChat among international criminal networks around the world, French law enforcement authorities opened a case in 2019 with the EU Agency for Criminal Justice Cooperation (Euro just), with the Netherlands.   - In April 2020, Eurojust facilitated the establishment of a joint investigation team between France and Holland with the participation of the European Union Agency for Law Enforcement Cooperation (Europol).5 Europol has actively participated in the joint investigations. It served as an information hub. Europol also contributed its extensive analytical and technical support system. Europol established and offered unique and global insight on the scale and operation of organized crime arising out of the

Answer 33

The sword function: Traditionally, when a human right is violated it triggers criminal law HR: sword function Offensive role: triggering criminal law Eg criminalisation of cybercrime Eg criminalisation of a racist and xenophobic nature committed through computer systems Sword and shield functions need to balance each other

Answer 34

The shield function: opposite, it serves to neutralise criminal law, to prevent extensive use of and misuse of power by the government and police HR: shield function Defensive role: neutralising criminal law Eg intrusive investigative means: Torture v evidence Sword and shield functions need to balance each other

Answer 35

Cloud platforms Data for investigation is increasingly being kept on cloud platforms, they are wrongly empowered to mitigate between crime and law Digital service providers Interpol and Europol Ensure expertise in law enforcement, and collecting data, DPA told Europol to delete vast shares of personal data Privacy and data protection

Answer 36

Was there an interference? Is the interference: - In accordance with the law - pursues a legitimate aim - necessary in a democratic society? Necessary in a democratic society? To check use the Robert Alexy test

Answer 37

effectiveness: is a measure actually contributes to realising the set goals Proportionality: assesses the extent to which the impact of a measure is proportionate to the goals it aims to contribute to Subsidiarity: assesses if there are alternatives that interfere less with privacy and other HR than the proposed measures The issue with proportionality sometimes: The softness of surveillance measures contributes to their receptiveness: accumulated non-intrusive measures?   Accumulating the legislative measures over time  Eg license plate scenario, u can have the correct safeguards, but accumulating  its use over time in combination with analytics = mass surveillance

Answer 38

Efficiency: - insufficient use of existing investigative powers - encryption, wireless communication and cloud computing? - harmful side-effects of decryption (cross-jurisdictional) - even if allowed- will this evidence be reliable and used in court? Proportionality: - deeply affect the fundamental human rights of citizens (suspects` privacy) - oversight - predictability and the authenticity and integrity of the data collected? Subsidiarity: - use less intrusive measures? - the police to use the power to hack only to disrupt

Answer 39

Efficiency: - the scale of serious and organized crime - use of resources (legal and technical) - no other measure? criminals get suspicions …(hide the big fishes?) Proportionality: - hacking is a process… on each step? - additional safeguards are possible: technical + legal + cross-border cooperation - reliable evidence? (accountability) Subsidiarity: - other less intrusive measures? … or the measure to be less intrusive?

Answer 40

Human rights remain rich source of universal principles for criminal procedure * Need to transpose and adapt both their sword and shield function

Answer 41

New criminal justice paradigm Innovative techno-legal solutions that ensure efficiency and human rights safeguards

Answer 42

Criticism of the Cybercrime convention and data protection regime Extending the procedural requirements outside of the traditional criminal justice model Integration of criminal justice values and data protection principles!

Answer 43

All information that we do not need a warrant to obtain, eg departments for statistics u just pay a subscription and u can use the data, even if the police has to pay for it.

Answer 44

National request prepared and judicially approved based on individual national standard Submitted to central authority for review Sent from central authority to central authority Assessed by receiving central authority and assigned Transformed into national order Served on service provider SP responds to executing Na if possible Executing national authority sends to requesting national authority Requesting national authority sends to requesting judicial authority Content data introduced as evidence in court admissibility verified Only becomes an order in stage 5, up until that point it is a request

Answer 45

MLA remains a primary means to obtain electronic evidence for criminal justice purposes MLA needs to be more efficient - most cooperation mechanisms take months or years, not minutes Often subscriber info or traffic data needed first to substantiate or address an MLA request MLA often not feasible to secure volatile evidence in unknown or multiple jurisdictions

Answer 46

Mutual legal assistance: request, no deadline set, Mutual recognition: order from one country to another - legal instrument European Investigation Order and EIO: EIO can only be done by a judicial authority  EIO directive does not apply to Ireland and Denmark EIO can only be used for investigative measures

Answer 47

MLA is for mutual assistance in criminal matters EIO is for obtaining evidence in criminal matters MLA is a request from a requesting state to a requested state EIO is an order from a state issuing the order (issuing state) to the receiving/executing state

Answer 48

* Form: Judicial decision  * Method: Issued or validated by a judicial authority of a Member State (the Issuing State) * Goal: To have specific investigative measure(s) carried out in another Member State (the Executing State) to obtain evidence in according with the EIO Directive

Answer 49

What is a JIT?  * A joint investigation team (JIT) is a team consisting of judges, prosecutors and law enforcement authorities established for a fixed period and a specific purpose.  * Established by way of a written agreement between the States involved.  * Purpose to carry out criminal investigations in one or more of the involved States. * Led by a person from the Member State in which the JIT operates. Advantages of a JIT:  * Simplifies communication, coordination and cooperation between members and participants Real-time exchange of intelligence and evidence without MLAs/EIOs  * Jurisdictional and evidential issues can be addressed  * Development of a common strategy  * Strengthens mutual trust and interaction between team members from different jurisdictions Joint working – JIT members can be present in other jurisdictions 

Answer 50

EIO: Bilateral setting- requesting and executing MS Formalities of the form Only in EU setting Gathering of evidence is limited to requested investigative measures Limited participation of requesting authority- support role and no LE powers In principle no investigation in executing state JIT: Multilateral setting Partners on equal footing, no leading role Also for cooperation with non-EU MS Unlimited, real-time exchange of information Active participation of seconded members, agreement to take part in a joint investigation for common purposes Parallel processing

Answer 51

Nature of the case:  ✓ Degree of complexity of the case and sophistication of the criminal network  ✓ Degree of complexity of investigations in the countries involved  ✓ Case connections between countries involved; ‘international view’ of the case; importance of cross-border police exchanges; role of Europol (if EU case)

Answer 52

Personalised: there is a concrete victim and suspect Prioritises fairness over efficiency: there is minimum state intervention Investigation after the crime has already occurred Traditional forensics (eg fingerprints) Trial-centred: the investigation is a preparatory stage and the trial is where the facts of guilt or innocence is presented

Answer 53

Cross-jurisdictional Data volumes and criminal profiling (data is collected before there is a concrete suspect) Bypass fairness and legitimacy Proactive Scientificaition of factual inquiry (lack of safeguards of traditional forensics) Investigation: outcome-determinative

Answer 54

Para 1. Equality of arms of the parties at the trial Para 2. Presumption of innocence Para 3. Non explicitly stipulates some of the minimum defence rights which should be guaranteed in the trial The article doesn’t mention explicitly how the evidence has to be obtained but inexplicably hints at it, eg to be informed about the nature and cause of the investigation and based on which facts- there should be a procedure for that In article 6 paragraphs 1 and 3 deal with the equality of arms. The procedural requirements for this are: fair procedure to evaluate the lawfulness and lawful use of evidence; the possibility to challenge evidence (fair disclosure and information about evidence); possibility to maintain equality of arms against expert evidence Paragraph 2 deals with the presumption of innocence. The procedural requirements for this are: accurate fact finding; protection against prejudicial efforts in the evidence procedure; protection against reverse burden of proof.

Answer 55

Lawfulness When u conduct investigations usually there is interference with other human rights but it should be kept to what is strictly necessary Law that allows this investigative power should be very strict and specific There should be more procedural guarantees, bc technology is becoming more sophisticated Lawful use: Whether the circumstances in which it was obtained cast doubt on its reliability or accuracy The opportunity of challenging the authority of the evidence and of opposing its use Questionable evidence must be evaluated in the light of supporting evidence Fair disclosure: possibility to challenge the evidence There is an obligation for the prosecution to challenge the evidence Other evidence that might relate to the admissibility, reliability, and completeness of the former There is a positive obligation to investigate and collect evidence in favour of the accused In Rook v Germany: We have the possibility for the disclosure of exculpatory and non-exculpatory evidence The defence needs to be involved in the definition of the criteria for determining what may be relevant To conduct further searches for exculpatory evidence

Answer 56

reliance on technology for delivering methods lack of reliability validation for tools and methods Law enforcement as amateur scientists and software as a silent witness The presumption of innocence “Must be interpreted in such a way as to guarantee rights which are practical and effective as opposed to theoretical and illusionary” The court should not start with the preconceived idea that the accused has committed the offence  The burden of proof is on the prosecution Any doubt should benefit the accused Accurate fact-finding The obligation to collect both inculpatory and exculpatory evidence The standard of proof can be a challenge in digital investigations

Answer 57

Prejudicial effects in evidence procedure Protection against prejudicial statements about the facts by: The court   State officials at the pre-trial   The prosecutor   - Challenges in digital investigations   - What about prejudicial effects embedded in technology   Challenges in digital investigations ● Data expeditions   ● Data analytics, profiling (risk-based)  Even if u are guilty, there could be exculpatory evidence that may lower the sentence, Always need not just data but more evidence  

Answer 58

Bulletproof hosing is a technical infrastructure service provided by an internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks.

Answer 59

1. Cybercriminals involved in the primary criminal process 2. Facilitators: bulletproof hosting providers - provide tools that allow cybercrime to take place in a way that is beneficial to cyber criminals

Answer 60

Datacenter -> hosting provider -> reseller -> service provider -> end user

Answer 61

Anonymity of customers Protecting the continuity of criminal service Accepting customers who want to commit criminal offences Hosting provider is known as a favourable hosting provider for criminals more criminal content on its servers than what is generally observed in hosting networks with the same characteristics having a company registration in an offshore company location such as the Seychelles or Dominica having social and/or technical relationships with other bulletproof hosting providers or criminals allowing pseudo-criminal services on its servers, such as gambling sites and websites that distribute copyrighted material The price they charge Investigation and prosecution of bulletproof hosting providers in the Netherlands Intent

Answer 62

Strategies to hide and deny any involvement in and knowledge of criminal offences committed by customers By presenting themselves as a legal hosting provider Not accepting crystal clear criminal behaviour Reseller constructions Secret language

Answer 63

An intermediary which provides a communication service that consists of the transfer or storage of data from a third party, shall not be prosecuted as such for an offense committed using that service if he complies with an order as referred to in Article 125p of the Code of Criminal Procedure. Complicity in the criminal offences -> not protected by article 54a DCC Article 54 DCC and being an accessory to a criminal offence Art 54a is meant to reduce the risk that intermediaries feel pressured to use preventative censorship - protecting freedom of speech Legislator seems to be under the impression that the possibility of criminal liability for being an accessory to a criminal offence encourages hosting providers to use preventive censorship A real risk? Investigating authorities need to prove that the hosting provider has intent on being an accessory and intent on the crime The investigating authorities only have the capacity to investigate and prosecute the worst hosting providers Art 54a Dutch Criminal Code An intermediary which provides a communication service that consists of the transfer or storage of data from a third party, shall not be prosecuted as such for an offence committed using that service if he complies with an order as referred to in Article 125p of the Code of Criminal Procedure Hosting provider does not have a normal level of alertness/does not adhere to the rules of the notice and takedown code of conduct? -> then not protected by article 54a DCC and prosecution for being an accessory to a crime possible Indictment needs to express that hosting provider has not acted ‘as such’ (as an intermediary) -> hosting provider hast not acted with the required level of alertness.

Answer 64

In the event of a suspicion of a crime as described in Article 67, first paragraph, DCC the public prosecutor may order a provider of a communication service as referred to in Article 138g to immediately take all measures that can reasonably be expected of him to make certain data that is stored or transmitted inaccessible, insofar as this is necessary to end a criminal offense or to prevent new criminal offences.

Answer 65

the company has made a reputation in cyber-security circles for being a hotspot for DDoS botnets, with cyber-criminals renting KV servers to host their bot scanners, malware, and command-and-control (C&C) servers, knowing they'd be safe from “harm.” The botnets have been created using so-called "IoT malware," which is malware designed to infect Linux-based operating systems that run on routers and other "smart" (Internet of Things) devices. KV never took action against bad customers

Answer 66

Can a public prosecutor prosecute a bulletproof hosting provider for being an accessory? Yes Does the indictment need to express that the hosting provider has not acted ‘as such’ (as an intermediary) No

Answer 67

Hacking and illegal interception

Answer 68

Considering data as goods would have the consequence that data would receive full protection via property offences. This would amount to a undesired situation, in view of the interest of the human right of 'free flow of information' (art. 10 ECHR). Because data are multiple: when you take away data from someone, you usually copy them and the original owner may still have access to them. Compared to a good or property that is unique.

Answer 69

The mere unauthorized intrusion may lead to impediments to legitimate users of systems and data and may cause alteration or destruction with high costs for reconstruction. Such intrusions may give access to confidential data (including passwords, information about the targeted system) and secrets, to the use of the system without payment or even encourage hackers to commit more dangerous forms of computer-related offences, like computer-related fraud or forgery.

Answer 70

No, the device must be designed or adapted primarily for the purpose of committing a computer offence. This will usually, but not always, exclude dual-use devices.

Answer 71

The traditional concept of forgery is often about the creation of false documents in tangible form (like a paper form). Traditional forgery offences often require the alteration of a readable statement or a visual representation. Text in words or pictures. Data does not have to be directly readable, or readable at all when there is no expression of a human thought.

Answer 72

If you want to answer this question you need to know if this behavior (this communication) is an offence in the jurisdiction in which it is sent or received? Did it cause a recognized harm, or occur in proscribed circumstances, such that it constitutes a criminal offence? In this particular case: most likely not.

Answer 73

Persons who posess this metrial stimulate the demand for such material and that could lead to ongoing production of these materials. It contributes to the continuing harm of a child, since a child can suffer psychological harm by the knowledge that people watch the footage.

Answer 74

Directive 2013/40/EU

Answer 75

The perpetrator arriving at the meeting place. (s. 160 explanatory report).

Regulating Cybercrime Flashcards

(103 cards)