1 / 41

TAIEX Seminar

TAIEX Seminar. Cybercrime challenges in Romania. Issues related to international judicial cooperation Bucharest, 8-9 October 2009 Raluca Simion, MoJCL. Outline of the presentation. What are the challenges?Some general remarks

auberta
Download Presentation

TAIEX Seminar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TAIEX Seminar • Cybercrime challenges in Romania. Issues related to international judicial cooperation • Bucharest, 8-9 October 2009 • Raluca Simion, MoJCL

  2. Outline of the presentation • What are the challenges?Some general remarks • The transnational character of cybercrime and issues that derive from it • What are the challenges emerging from the international judicial cooperation in cybercrime cases? • What are the possible solutions? • Some final ideas about sentencing cybercrime in Romania, deterrent effect and prevention policies

  3. What are the challenges? • Challenges for law enforcement Challenges related to substantial issues; Challenges related to procedural issues; Challenges related to international judicial cooperation; • Challenges for industry • Challenges for users (legal entities or individuals) • Without promoting a unilateral approach, the present lecture will touch upon the legal challenges

  4. Transnational character of cybercrime • Some of the challenges emerging from the transnational character of cybercrime are: • Specificity of cybercrime which means volatility of data, , consequently urgent MLA requests ; • Lack of double criminality; • Multitude of instruments applicable in MLA cases related to cybercrime; • Possible positive conflicts of jurisdiction.

  5. Transnational character of cybercrime • What does transnational mean in this case? • The offender A from Romania causes multiple prejudices to individuals situated in USA, Canada, Holland, Germany, Australia etc.. • one individual or a group of individuals, dozens or even hundreds of victims, different jurisdictions which could lead to substantial, procedural and international judicial cooperation challenges altogether • Due to harmonization processes the first two type of legal challenges can to a high extent be addressed , the last one still represents a field that needs to be worked upon

  6. Transnational character of cybercrime • Challenges emerging from substantial and procedural law issues • These challenges have been dealt efficiently by Romania by adopting a legislative framework compatible with the international legislation, mainly Council of Europe Cybercrime Convention and the relevant Framework Decisions adopted by the European Union • The domestic legislation is represented by Law 161/2003, Law 8/96 and other relevant provisions from the Criminal Procedural Law, Criminal Code, Law 302/2004, Law 365/2002, etc..

  7. Challenges emerging from international judicial cooperation • But as the Internet as a global nature, MLA in cybercrime cases are crucial for solving the cases, which leads us to another challenges more difficult to address • The question to start from- do we need special regulations when it comes to mutual legal cooperation as regards cybercrime? • In order to answer that question, let' s have a look at • Applicable instruments; • Competent authorities; • Communication channels.

  8. Challenges emerging from international judicial cooperation • Applicable instruments • Domestic legislation • Law nr. 302/2004 regarding the international judicial cooperation in criminal matters • Law no.161/2003 Title 3, Prevention and combating of cybercrime Chapter 5 • International legislation

  9. Challenges emerging from international judicial cooperation • Applicable instruments • International legislation-there is no single legal instrument which can become applicable, which leads to the necessity of applying for the same request , 3, 4 different international instruments, whether international, regional or bilateral • Sometimes no legal instrument is applicable, need to make use of international courtship • What does it all mean?different channels of communication, different competent authorities, different periodization for solving the request

  10. Challenges emerging from international judicial cooperation • Applicable instruments • Some examples of applicable instruments already used by Romania in MLA requests in cybercrime cases; • European Convention on Mutual Legal Assistance in Criminal Matters, Strasbourg, 1959 and its due additional protocols; • Convention of 29 May 2000 on Mutual Legal Assistance in Criminal Matters between the member-states of the European Union and its Additional protocol of 2001;

  11. Challenges emerging from international judicial cooperation Applicable instruments • United Nations' Convention against Transnational Organized Crime, Palermo, 2000; • Bilateral instruments (e.g bilateral treaties between Romania and Canada, USA and China); • CoE Cybercrime Convention, Budapest, 2001 • In the absence of a multilateral or bilateral treaty the guarantee of reciprocity is necessary; • These instruments are also mentioning the competent authorities and channels of communication so....

  12. Challenges emerging from international judicial cooperation • Competent authorities • Which are the authorities that could become competent in cybercrime MLA requests ? • It depends on the country or the treaty applicable • Usually the competent institution is the MoJ, in some cases it could be the Ministry of External Affairs or the Ministry of Interior • What about Romania? • The situation looks a little bit atypical compared with the majority of other states

  13. Challenges emerging from international judicial cooperation • Competent authorities • In Romania there are in general two central authorities responsible for issuing/receiving MLA requests, cybercrime cases included • MoJ-for requests issued during the trial • Prosecutors'Office Attached to the High Court of Cassation and Justice-for requests issued during the pretrial phase • Exception: Some bilateral treaties mention MoJ as the only competent authority, no matter the stage of the trial

  14. Challenges emerging from international judicial cooperation • Competent authorities • Important for cybercrime cases is the 24/7 point of contact-relevant for urgent requests such as data preservation • The declaration Romania made with regard to art.35 of the Cybercrime Convention and corresponding internal provisions Law 161/2003, art. 62 establish as the 24/7 point of contact the Service of Combating Cybercrime within the Prosecutors's Office by the High Court of Cassation and Justice-unlike the majority of the states, it is a judicial authority and not police authority

  15. Challenges emerging from international judicial cooperation • Competent authorities • Among its attributes the Service of Combating Cybercrime is an issuing and executing authority for data preservation requests, and executing authority for rogatory letters forwarded by other states • Important to know exactly which institution is responsible for a particular type of request before sending it • But taking into account that cybercrime means also volatile date, important are also...

  16. Challenges emerging from international judicial cooperation • Channels of communication • The ideal scenario would involve the direct contact between the issuing and receiving judicial authority whether the request is issued in the pretrial stage or the trial stage, and if possible using the expedited means of communication, such as fax and email • This ideal scenario is provided by the EU Convention 2000 as a rule but not by other previous Conventions • E.g 1959 Convention is establishing as the main rule the contact between central authorities by post.

  17. Challenges emerging from international judicial cooperation • Channels of communication • Many of the existing applicable Conventions are using classical channels such as post and diplomatic channels (special reference is made to countries outside Europe and the UNTOC Convention) • Some countries have internal provisions that do not allow transmitting or receiving MLA requests but through diplomatic channels (e.g Korea can receive and transmit MLA requests through the Ministry of External Affairs, no matter the legal instrument applicable) • Serious consequences in solving a cybercrime case

  18. Some examples of MLA requests in cybercrime cases • Let's see the specificity of cybercrime by having some concrete examples from the caseload of the MoJ • Examples during the pretrial phase • Examples during the trial phase

  19. Some examples of MLA requests in cybercrime cases • Examples during the pretrial phase • Example no.1 active rogatory letter • Receiving state-Malaysia/direct contact/post • Organized criminal group • Offences allegedly being committed: computer related fraud, computer related forgery and swindling • Object of the request: identity of the potential victims • Sent in November 2008, no answer up to now

  20. Some examples of MLA requests in cybercrime cases • Examples during the pretrial phase • Example no.2 active rogatory letter • Receiving state-Nigeria/diplomatic channels • Organized criminal group • Offences allegedly being committed: computer related fraud, computer related forgery and swindling • Object of the request: identity of a potential offender of Nigerian citizen • Initial request June 2008, reminder February 2009

  21. Some examples of MLA requests in cybercrime cases/Trial stage • Offence: computer-related fraud committed in an organized manner • Object of the request: service of documents to the injured parties • Countries involved as requested states: USA, Brazil, Ireland, Canada, Dominican Republic • Let's have a look at the instruments applicable, channels of communication and authorities responsible

  22. Some examples of MLA requests in cybercrime cases post Conv 1959 central Romania Ireland CA DOM USA Brazil post Bilteral Treaty central post UN 2000 central Bilateral Treaty Diplo channels post central UN 2000 central

  23. Some examples of MLA requests in cybercrime cases post Conv 1959 central Romania Greece Spain IT USA UK fax EU 2000 judicial post UE 2000 central Bilateral Treaty fax. post central Conv 59 central

  24. MLA requests in cybercrime cases • What are these examples showing? • There are different type of requests, more often encountered are • Rogatory letters - most of them refer to identify owners of IP addresses, potential victims/interviewing victims, owners of cell phone numbers, intercepting phone conversation • Service of documents - the most common scenario is related to the trial stage when the victims needs to be informed about the trial taking place

  25. Complexity of MLA requests • A MLA request can be in these cases very complex • Let's have an example: • Rogatory letter the suspects allegedly have committed computer related forgery, computer related fraud and swindling, all offences committed in an organized manner • The criminal activity was undertaken in USA, Greece, Spain, Italy, UK- see ex. above applicable treaties, timing, communication channels • How does a rogatory letter addressed to one country looks like?

  26. Complexity of MLA requests • 1. request referring to the victims that have already been identified • 2. request in order to confirm the identity of other potential victims, verify contact details, verify Moneygram, Western Union forms • 3. request to be forwarded to an email company • 4. request to be forwarded to the social networking company. • Other supplements of request followed...e.g identifying the owner of a telephone number

  27. Cybercrime is getting organized true or false? • Looking upon the recent caseload of MoJCL, there is a constant growth of MLA requests in cybercrimes cases committed in an organized manner • That means complex requests, as in the previous example, not only multiple victims on various continents but also very well organized networks of cybercriminals • Concerted investigation needed, constant contacts between police and prosecutors from various countries • Some very good examples can also be offered as regards the EAW

  28. EAW and cybercrime committed in an organized manner • Romania applies the EAW since 2007. • Computer crimes are included in the 32 list of offences mentioned in art.2 paragraph 2 of the EAW FD. • That means that the double criminality requirement does not have to be verified anymore • Romania executed a lot of requests coming from Italy, Holland, Germany, France and Belgium • E.g in 2007 around 40% Romania received from Italy were issued for cybercrime, mostly phishing and skimming offences many of them committed in an organized manner

  29. EAW and cybercrime committed in an organized manner • Some relevant examples offered by the Eurojust Annual Reports 2007 and 2008 • In the 2007 cases Eurojust undertook coordination meetings between the countries involved, Romania included in order to establish a coherent action plan and to expedite the execution of letters rogatory and resulted also in issuing of EAW which were executed by Romania • Some of the operations needed to be executed in real time, suspects need to be arrested simultaneously

  30. EAW and cybercrime committed in an organized manner • The situation is following the same pattern in 2009 • A lot of EAW issued by other EU member-states for cybercrimes and executed by the Romanian authorities • A recent and highly publicized example is. represented by a criminal network which allegedly committed skimming and managed to clone 15 000 credit cards, the estimated prejudice being around 6.5 mil EUROS • The operation needed simultaneous arrests (25 outside Romania and 11 in Romania) and searches, therefore coordinated actions of the prosecutors in all the countries involved

  31. EAW and cybercrime committed in an organized manner • The organization in cells makes the investigation harder • So to cut it short, at least from our point of view, the answer is YES, cybercrime is getting organized and this is not just a rhetoric discourse • We are not talking about organized crime and cybercrime, we are talking about organized criminal groups that commit computer crimes • These organized criminal groups are highly specialized, each member having a specific task as in the following example

  32. Example of a criminal network specialized in committing card offences Free lancers Heads of the network Persons bulding up the skimmers IT technician in charge with the software and Data protection Organizers Cells Dutch cell Italian cells Torino and Verona English cell Participants Participants Participants

  33. What are the possible solutions for enhancing MLA? • We need a single instrument able to facilitate the mutual legal assistance requests in cybercrime cases taking into account the specificity of cybercrime - implementing such an instrument globally needs time • Currently there are regional and bilateral instruments in place and also international treaties, • At EU level the instruments are facilitating expedited communication but cybercrime is not regional, countries outside Europe will very often be involved

  34. What are the possible solutions for enhancing MLA? • The CoE Convention comprises the needed provisions but even though it will be adopted by as much countries as possible from outside Europe, preeminence will still have the existing multilateral and bilateral treaties already established between member-states, according to the provisions of the Convention-see art 25 paragraph 4 • Up to the moment no single global instrument can be used worldwide, we have to adjust what we have, use as much as possible the expedited means of communication and the institutional networks • We got to find valid solutions together

  35. Sentencing, deterrence and prevention policies in Romania • general prevention: by applying effective, dissuasive punishments the deterrence paradigm should made its presence felt as concerns the general public. -Q1-is deterrence really efficient in Romania? • special prevention: by the punishment imposed in a particular case the offender is not only re-educated but also prevented from causing prejudices to the society -Q2-situational prevention could work in this particular context? Yes, but not enough, education plays an important role in the construction of any prevention policy

  36. The role of the punishment in building up the general and special prevention is under discussion as long as: the trial can take on average 2,3 years until it gets to its final outcome, sometimes it lasts even more, such as in the following examples: Case A-a first instance court competent-the criminal investigation was finished in March 2002 and the sentence was issued in March 2006, after more than 4 years. In the motivation of the criminal judgement it was specified the cause of the delay Deterrence?

  37. “the criminal proceedings were undertaken with difficulty due to the fact that the 13 civil parties have their residence abroad, so the request of service of documents for all these civil parties was executed only for today's term” Case B: the trial was still in course in March 2009, pending since 2002, there are 8 defendants and 26 injured/civil parties from Netherlands, USA, China and Canada, the cause have been postponed again. The delay again is caused by the impossibility to receive the proof of service for all the injured/civil parties although the terms are very generous of more than 6,7 months. Deterrence?

  38. What role for the media? • The current image created by the media-is concentrating on cybercriminals and cybercrime in general, Romania makes no difference in this respect • What is the actual image created by the media and how does this contribute to the perception of cybercrime? • Is the Romanian press taking into account the educational aspects related to cybercrime? • Can one find victim orientation articles for examples? • What does legal criminality shows with regard to cybercrime in Romania?

  39. What role for the media? • The press is propagating the image of the mythical hacker • A concrete example (March 2009) • Special bus line for Superman (the website of RATB- Bucharest public transportation lines)

  40. The MLA requests are taking very long time, due to the fact that they are forwarded worldwide under different legal backgrounds and subject to different rules and procedural rules So the international cooperation in cybercrime cases represents one of the major challenges posed by cybercrime The problem has be acknowledged by the European Union and the Council of Europe This problem needs to be acknowledged though globally The greatest domestic challenge- to acknowledge the real dimension of cybercrime and leave the sensational aside Instead of conclusion

  41. Thank you for your attention! dreptinternational@just.ro rsimion@just.ro Cybercrime Challenges in Romania

More Related