Sunday, March 21, 2010

FBI to Create International Cyber-Law Enforcement Agency

Link to us http://snipurl.com/uz44x
Source from http://mashable.com/2008/03/20/fbi-cyberlaw/

One of the beauties, if you can call it that, of organized crime is that while the criminal organizations of the world respect none of the boundaries that we call jurisdictions and countries, and by definition, the rule of law must respect those boundaries. These criminals, whether they be the traditional mob that we all know and love or the terrorist organizations bent on the destruction of civilization as we know it, have for more than a decade or two have known about and exploited this fact.

In fact, during the last decade and a half, organized crime has collaborated amongst the various sects (Italian, Russian, Columbian, etc) according to their various specialties across international jurisdictions and boundaries, much to the consternation of law enforcement of all nationalities. What’s even worse is the explosion of digital crimes that take place on a grand scale (as ‘inconsequential’ as spamming or bot-nets or as significant as money laundering) thanks to advances in the Internet and communication technology.

Technovelgy today is reporting that the FBI has finally had enough of this problem, and is hosting a gathering of the world’s intelligence organizations this May for a three day conference. Invited to participate is, aside from the FBI, the Royal Canadian Mounted Police, Australian Federal Police, New Zealand Police and the UK’s Serious Organised Crime Agency.
Amongst other goals of the conference, the most interesting is to set up a special area on Law Enforcement Online, the FBI’s secure Internet portal, to share intelligence internationally and create a bulletin system that will make member agencies more aware of accidental leaks that occur from thefts or accidentally dropping classified documents into your porn thumb drive or shared folder on your P2P client.

On the one hand, it does seem a bit like an issue of “What, you’re just now getting around to this?”. On the other, though, it does seem like this sort of international collaboration can lead to the circumvention of legal hurdles that we’ve constitutionally created preventing international spy agencies from becoming domestic spy agencies, and vice versa (separation of powers). Unfortunately, I’m not up on my domestic spying laws and regulations, so smarter policy wonks than I should be tackling this issue soon, but it is a significant development in terms of online law enforcement, and worthy of note.
Posted by Victor Chew at 3/21/2010 04:25:00 PM View Comments
Labels:

The Obstacles Facing Cyber Law Enforcement

***

The online community is cruel and ruthless leaving no margin of error for anyone. Once you make a bona fide mistake you get crucified immediately. It is because of this general attitude among many people in social communities, that people jump to unfair and unjustified conclusions. Most participants of these communities are used to this behaviour and are not bothered by it too much. Most of these unjustified remarks often cause embarrassment for the comment maker, which is well deserved, because you should take the consequences of your actions for speaking out loud without thinking. Where am I going with this? What does this have to do with fighting cyber crime?

Let me explain with an example: When a big company like Microsoft cause a security risk for users of Internet Explorer out of negligence, you can be sure that the press (including the online community) will throw some big stones at them. This response is justified because the safety of innocent users is put at risk because of the negligence of a respectful organisation. But when Microsoft makes a remark that is misunderstood by some people, without causing any security threats because of this ill formulated remark, why should they be crucified? Microsoft is run by people and people make mistakes. If the community wants to rant and rave about something, then find something that deserves some ranting and raving and stop wasting time on things that can be excused. The company has to waste valuable resources to put out the fires caused by this overreaction instead of using those resources to improve the security of their products. No, I am not a Microsoft prophet, I am simply using them as an example.

Investigating spam and determining the origin of a scam letter is not as simple as tracking an IP address. Most people think so, but that is because they never really tried to locate a spammer on their own after being spammed. It is very easy to forge an e-mail header and that makes it almost impossible to locate the real sender of the e-mail. Even if the header is not forged, you never know whether it is a case of identity theft. Computer criminals hack into e-mail accounts, they hijack web sites and use it to their advantage under the identity of an innocent victim. This enables them to operate undetectable by moving from one account to another. Jurisdictional constraints makes it is hard for federal organisations of one country to prosecute crimes committed in another crime, not even to speak of locating the criminal.

Abuse departments of hosting companies and service providers are so swamped with so many daily reports of spam and network abuse that it is impossible for them to respond to each and every spam report individually. It obviously creates the impression that they do not really take action against the guilty parties. Of course, some companies appear to have an abuse department, but it is only a front to make people believe that they take action against spammers. This discourages people from reporting cyber crime and it effectively allows cyber criminals to operate in the open without the risk of getting caught.

People take cyber crime lightly, cyber crime is being handled as crime committed in another dimension, a dimension not regulated by law. Cyber crime is just like any other crime committed in the normal world, the only difference comes in the methods of investigation. Cyber swindlers are real life criminals, they should never be underestimated. The fact that they operate behind a computer screen makes no difference. Law enforcement agencies do not really care about the person robbed from a couple of dollars, they only pursue the big fish. Unfortunately this is how most scammers operate. They steal a bit from one victim, they steal a bit from another victim, they steal a bit from hundreds of helpless victims and pocked thousands of dollars in the end. Law enforcement agencies will take this crime more serious if everyone starts to report it to their local police department. Sooner or later they will realise that something has to be done. Many police departments are also not equipped to handle digital evidence effectively and many police officers still do not have the skills to conduct proper cyber crime investigations.

Cyber crime is very volatile and cannot always be solved using conventional methods, so I appeal to the online community not to question the unconventional methods of cyber crime investigators. At least they are doing something about an epidemic that is ignored by many influential and powerful organisations.
Posted by Victor Chew at 3/21/2010 04:18:00 PM View Comments
Labels:

Controlling of Online Crimes Through Cyber Law Enforcement Practices

Link to us: http://snipurl.com/uz44g

***

source from http//www.online-law.co.uk/127

Organizations like Cyber Crime Law Enforcement Organization, Cybercrime Coordinate Unit, Cybertip.ca, INHOPE, Cyber Crime Control Unit, Internet Crime Complaint Center, Internet Fraud Complaint Center, etc. are some of the most important units that stop cyber crime to expand in rapid succession, across the globe. For instance, cyber law enforcement organization is an international panel that tracks down the different pockets of crime that goes on throughout the internet. There are proper vigilance processes that go over cyberlaws, investigative processes and techniques as well as locations of interactions that keep going on online. There are processes of cyberstalking along provisions of online education and spreading of knowledge regarding the different forms of cyber crimes that keep on going. There are spreading support groups that locally function near you in order to lodge and assess your complaints regarding anything that bothers you online. Pedophile activities, pornography, fraudulent processes, etc. all can be tracked down through these media. Even hacking and virus attack can be protected and addressed when understanding or taking help from cyber crime control units.

International units of varying degrees and order bring forth standardization of relations and communications between the crime control department and the local police. The Internet Service Providers can also be tracked down through IP address and the root of the crime can be spotted this way. There are worldwide groups extended to check on the varied pockets of cyber crime. There are law groups that support victims and bring advocacy groups together in order to help legal justice to prevail. When complained of any harassment or reported deals with cyber crime, there can be complete tracking down of the root of the problem through proper investigation. Support groups and online counseling are even provided for the victims so that they can rise up against the emergency of such problems. Cybertip.ca, for instance, is Canada’s international tipline for reaching for help in any cyber related problems. From online sexual exploitation to abuse and misuse of children’s photos to any form of harassment or non paid services, all issues can be addressed with hope at this point.

There are varied degrees of cyber crime reports including extremes of racism, unlawful acts or abuse within communities and forums, any form of threat or misuse of information and so on. Misuse of animals, any form of humanity related issues and even spreading of viruses or spam through email can be complained against through complain. Any form of repeated abuse source is in fact easy to track down as the cyber police have their own ways to track down these sites and their owners.

The internet can be a scary place without understanding the protecting and governing forces of cyber laws but then there have been proper establishment of laws that are there to control all these illegal processes. In terms of any unlawful entry, one should not hesitate to complain at any of the centers. There are plenty of legal aid support and protection areas that bring positive results in terms of cyber crime increase.
Investigation and assessment of any root of crime is always promised through the local team that deals with cyber law assistance.

Posted by Victor Chew at 3/21/2010 04:10:00 PM View Comments
Labels:

Saturday, March 20, 2010

CyberLawTimes.com

***

Souce from http://www.cyberlawtimes.com/

Welcome to CyberLawTimes.com, a Cyber Law Portal !
CyberLawTimes.com brings to you cyber law news and cyberlaw updates from all around the world since 2006. They have a team of researchers and cyber laws experts to make this possible. As a member, you can gain knowledge as to changes in various cyber laws including the latest amended Information Technology Act 2000 or contribute cyber law articles. Further, CyberLawTimes.com also offer free basic consultancy to the cyber crime victims with the help of the panel of cyber law experts and cyber crime investigators or you can even try registering at the Discussion Forums and seek help from other members.

For any other help/guidance required in the field of Cyber Laws or Cyber Crime, you are welcome to ask question from their experts !

CyberLawTimes.com also provide consultancy services as to Cyber Law issues, Help to Cyber Crime Victims, Carry out Cyber Crime Investigations, etc. For the purpose they have panel of advocates/consultants specializing in Cyber Law matters and practicing at various High Courts/District Court in different cities all over India.

Further, the team of Cyber Law Consultants and Legal Experts can help you to make your websites cyber law compliant. CyberLawTimes.com can also help you to put up a disclaimer & Privacy Policy for your website to minimize your liability in case of any violation of law by a third-party user.
Cyber Law Consultancy is rendered subject to payment of fees in the name of Archer Softech Pvt Ltd. But you can get your basic cyber law queries answered for FREE. If you are interested in the Web-Development Services, please visit them at: www.archersoftech.com
P.S. They hold all the rights in the following Domain Names:

About CyberLawTimes.com
Archer Softech Pvt Ltd is a New Delhi based website designing firm mainly engaged in outsourcing of Web-Technologies. This Portal was launched in 2006 with a aim to provide a global platform to the cyber law students and professionals all around the world.
They have a team of Techno-Legal experts from all over India, who can help you solve your CyberLaw queries and guide you through the complicated Cyber Laws. Further you can browse through various sections like Forums, News, Articles, Newsletter, Consultancy, etc to help you gain extensive knowledge on the subject.
Other Features
  • Newsletter
  • Forums
  • Resources
  • Consultancy
  • FAQs
  • Contact
Posted by Koli Law at 3/20/2010 01:44:00 PM View Comments
Labels:

Group Offers Alternative to Cyber Regulations

***

CreditInternet Security Alliance Suggests 9 Incentives to Secure IT
EligibleDecember 3, 2009 - Eric Chabrow, Executive Editor, GovInfoSecurity.com

The Internet Security Alliance, an industry group affiliated with Carnegie Mellon's cybersecurity laboratory, issued a report Thursday that argues that giving businesses incentives and not regulating them will better safeguard the nation's IT systems.
Entitled Implementing the Obama Cybersecurity Strategy Via the ISA Social Contract Model, the ISA contends the process of developing effective regulations is inherently time consuming and that any regulations specific enough to assure improved cybersecurity would become outdated soon after their enactment.

The ISA report says cybersecurity is an enterprise-wide risk management that must be understood as much for its economic perspective as for its technical issues.
"Government's primary role ought to be to encourage the investment required to implement the standards, practices and technologies that have already been shown to be effective in improving cybersecurity," the 74-page report says.
Photobucket
ISA proposed nine incentives it contends could alter economic perspective with respect to investment in cybersecurity procedures, encouraging private entities to improve their security posture in the broad national interest:
  • Enact a Cyber Safety Act, patterned after the Safety Act that spurred physical development after the 9/11 attacks, by providing marketing and insurance benefits for companies that design, develop and implement of cybersecurity technology, standards and practices.
  • Tie federal monies - grants, Small Business Administration loans and stimulus and bailout money - to adoption of designated effective cybersecurity standards and best practices.
  • Leverage purchasing power of the federal government. Government could increase the value of security in the contracts it awards to the private sector, thereby encouraging broader inclusion of the level of security provided to government, which in turn could facilitate broad improvement of the cybersecurity posture among the owners and operators of the national critical IT infrastructure.
  • Streamline regulations and reduce complexity. Regulatory and legislative mandates and compliance frameworks that address information security, such as Sarbanes-Oxley, Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act, along with state regimes, could be analyzed to create a unified compliance mode for similar actions and to eliminate any wasteful overlaps.
  • Tax incentives for the development of and compliance with cybersecurity standards practices and use of technology. Tax credits can be made contingent upon compliance with established and pre-identified cybersecurity practices. Such incentives could encourage small and midsize businesses to implement cyber protections.
  • Provide grants and/or direct funding of cybersecurity research and development to companies that are developing and implementing cybersecurity technologies or best practices. Alternatively, R&D could be run through one or more of the federally funded R&D centers.
  • Limit liability for good actors. The government could create limited liability protections for certified products and processes or those certified against recognized industry best practices.
  • Create a national award for excellence in cybersecurity, akin to the Commerce Department's Malcolm Baldridge Award. Organizations may strive to receive the award as a means of differentiating themselves in marketing, particularly in a marketplace in which security concerns continue to increase.
  • Promote cyber insurance. Cyber insurance, if more broadly employed, could provide a set of uniform and constantly improving standards for corporations to adopt and to be measured against, all while simultaneously transferring a portion of risk that the federal government might face in the case of a major cyber event.
  • Besides incentives, the report also suggests ways to craft a new, practical model for information sharing; create an enterprise education program to properly structure industry; address the technical and legal disconnect created by digital systems; manage the global IT supply chain; and address the international nature of cybersecurity issues.
Posted by Koli Law at 3/20/2010 10:53:00 AM View Comments
Labels:

Friday, March 19, 2010

The Cyber Appellate Tribunal

***

Source from http://law.indiainfo.com/viewpoint/cyber-tribunal.html

Ever since the passing of the Information Technology Bill by both the Houses of Parliament, a lot has been said both for and against the Act. The controversy seems to have largely revolved around the fact that the police have been given unfettered powers to enter and search any place as well as the powers to arrest any person who is reasonably suspected to have committed or is about to commit an offence under the I.T. Act. The Government, on its part, has defended the above provisions by arguing that there is nothing new in enacting such a law and that similar provisions already exist in other statutes as well. Besides, there are adequate safeguards in the I.T. Act itself, which provides that the provisions of the Code of Criminal Procedure shall apply in relation to any entry, search or arrest made under the I.T. Act.

Be it as it may, it will not be long before the above provisions are subject to judicial scrutiny and ultimately it would be for the High Courts and the Supreme Court to decide whether the provisions of search, seizure and arrest are arbitrary or not.

What have so far escaped the public eye are the provisions relating to the Cyber Regulations Appellate Tribunal (CRAT) and more specifically, its composition. The I.T. Act envisages the establishment of CRATs at one or more places as the Government may deem fit. These Tribunals are placed lower in hierarchy to the High Courts and higher in hierarchy to the "adjudicating officer" The primary function of an "adjudicating officer" would be to hold an inquiry into whether any person has contravened the provisions of the I.T. Act and impose penalty accordingly. Although the CRAT does not seem to be vested with any original jurisdiction, it has been vested with the powers of a Civil Court in respect of, interalia,

  • summoning and examination of witnesses
  • requiring production of documents
  • receiving evidence
  • issuing commissions and
  • reviewing its decisions.

Typically, such powers are vested in a judicial body having original jurisdiction. Therefore, by being juxtaposed between the High Court and the "adjudicating officer", the CRAT would be both, an appellate authority as well as a fact finding authority, whose function would be to determine whether the provisions of the I.T Act have been contravened. Interestingly, the Act provides that the Tribunal shall consist of one person only (presiding officer) who is qualified to be a High Court judge or a member of the Indian Legal Services holding a Grade I post.

Apart from the factual issues that would be raised, the disputes before the CRAT are invariably going to involve the following legal issues as well:
  1. application of Private International Law (including the issue of "conflict of laws") in case the parties to the dispute belong to different nationalities;
  2. issues regarding jurisdiction; and
  3. application and interpretation of complex contractual, intellectual property and penal laws
Since the above issues are to be resolved vis- a -vis the laws pertaining to Information Technology, one would also need an in-depth knowledge of computer applications in the field of information technology. It is essential for the Tribunal to understand the technical aspects pertaining to digital signatures, cryptography etc. apart from keeping abreast with the latest developments in the field of Information Technology. While one cannot call into question the legal acumen of the presiding officer, as adequate safeguards are contained in the enactment to ensure that he possesses the requisite legal qualifications, it is still doubtful whether such presiding officer would possess the technological expertise and knowledge which is to be harmonized with the legal knowledge for resolving I.T. related disputes. It would therefore have been ideal for the CRAT to comprise of at least one judicial member and one technical member (with a computer science background) to effectively hear and resolve disputes before it. The omission of a technical member is all the more glaring since several tribunals/quasi judicial bodies like the Income Tax Appellate Tribunal, Sales Tax Tribunal, Central Administrative Tribunal, Company Law Board, Board for Industrial and Financial Reconstruction etc. have departmental members who assist the Presiding Officer or the judicial member in resolving the disputes.

Considering the fact that the case laws with respect to Information Technology are almost non-existent in our country and the decisions of the Cyber Regulations Appellate Tribunal are going to be trend setting, it is still not too late for the Government to consider amending the I.T Act and providing that the CRAT comprise of one technical member as well, which undoubtedly, is going to go a long way in ensuring that the correct concepts of Information Technology are applied while resolving I.T. disputes.
Posted by Koli Law at 3/19/2010 01:33:00 PM View Comments
Labels:

In The Uinted States Internet Crimes Will Not Remain Unreported Anymore

Link to us: http://snipurl.com/uwx0k
***
Source from http://www.ibls.com/internet_law_news_portal.aspx

According to the United States Federal Bureau of Investigation (FBI), the vast majority of cyber crimes are not reported, which allows the perpetrators to continue to carry out their crimes and victimize others. Reporting Internet-related crimes to appropriate law enforcement agencies at local, state, federal, or international levels, depending on the scope of the crime, is advisable as the first step to combat Internet illegality.

Who cyber crime victims should contact?
Should they contact the local police authorities, should they contact Internet Service Providers?

This article provides information on those law enforcement authorities with jurisdiction over certain cyber crimes. Despite technology and surveillance best efforts, cyber criminals continue raising their cyber crime statistics. Users may update software, install a firewall, monitor children’s internet habits, avoid unfamiliar emails; and still, fall victims of phishing scam, identity theft, internet pornography or many other cyber crimes. Internet users must know what to do if they are victims of a cyber crime; whether the crime involves identity theft, fraud, online solicitation, or stalking. In the United States for instance, many government agencies take the notice of cyber crimes.

The following are some of the primary U.S. Federal law enforcement agencies that investigate domestic crime on the Internet:
  1. the Federal Bureau of Investigation (FBI),
  2. the United States Secret Service,
  3. the United States Immigration and Customs Enforcement (ICE),
  4. the United States Postal Inspection Service, and
  5. the Bureau of Alcohol, Tobacco and Firearms (ATF)
These agencies have offices suitably located in every U.S. State to which crimes may be reported. Ordinarily, Federal crimes are reported to the proper local law enforcement office by a telephone call requesting the officer on duty. Some Federal law enforcement agencies have headquarters in Washington, D.C. These headquarters have agents who specialize in particular areas. For instance, the FBI and the U.S. Secret Service both have headquarters-based specialists in computer hacking cases.
Federal law enforcement agencies have various investigative units in charge of particular cyber crimes. Following there is a list of some Federal agencies with jurisdiction on certain cyber crimes,
  • For Computer intrusion (i.e. hacking) one should report to FBI local office, U.S. Secret Service or Internet Crime Complaint Center.
  • For password trafficking the reporting authorities are FBI local offices, U.S. Secret Service and the Internet Crime Complaint Center.
  • For counterfeiting of currency report to U.S. Secret Service.
  • For Internet fraud and SPAM person may contact to FBI local office, the U.S. Secret Service (Financial Crimes Division), and the Federal Trade Commission (online complaint). If the cyber crime involves securities fraud or investment-related SPAM e-mails, then one should approach the Securities and Exchange Commission (online complaint) and the Internet Crime Complaint Center.
  • For Internet harassment, the FBI local office is the reporting authority.
  • Internet bomb threats must be reported to the FBI local office and ATF local office.
  • For Internet trafficking in explosive or incendiary devices or firearms over, reports should be filed before the FBI local office and ATF local office.
Following there is a list of additional U.S. cyber crime reporting offices,
  • The Internet Crime Complaint Center (IC3): It is a partnership between the FBI and the National White Collar Crime Center (NW3C). Its mission is to serve as a vehicle to receive, develop, and refer criminal complaints pertaining to cyber crime.
  • Incidents relating to national security and infrastructure issues are to be reported before the Department of Homeland Security's National Infrastructure Coordinating Center.
  • The U.S. Computer Emergency Readiness Team (U.S. CERT) is the appropriate reporting authority for online technicians.
Posted by Koli Law at 3/19/2010 01:17:00 AM View Comments
Labels:
Subscribe to: Posts (Atom)