Loopholes in Current
Legal Frameworks
Cybercriminals are already exploiting vulnerabilities and loopholes in
national and regional legislation. There is evidence that they are shifting
their operations to countries where appropriate and enforceable laws are not yet
in place, so they can launch attacks on victims with almost total impunity, even
in those countries which do have effective laws in place.
With the spread of networks of hijacked computers over different countries,
criminals can launch cyberattacks using a decentralized model based on
peer-to-peer arrangements, making it difficult for any single national or
regional legal framework to deal adequately with this problem. Such far-reaching
challenges can only be addressed at the global level.
Many countries have adopted or are working on legislation to combat
cybercrime and other misuses of information technology. These laws are drawn up
so as to be enforceable in well defined geographical boundaries that are either
national or regional. However, even if all countries introduce legislation,
cybercriminals cannot be easily extradited between the country where the
cybercrime was instigated and the country where it was committed, unless these
legal frameworks are inter-operable. This is far from the case today.
Some efforts to address this challenge have been undertaken, by establishing
bilateral agreements and Memoranda of Understanding between countries. However,
bilateral agreements may be limited in their scope and effectiveness, due to the
complexities involved in negotiating numerous bilateral agreements based on
different terms and conditions. Further problems arise, where countries may need
to extend such agreements to various others countries. A strategy based on
cooperation through bilateral agreements may also result in differences in
agreed responsibilities – for example, where, say, five countries are
signatories to one agreement (first agreement) and one of these countries signs
another bilateral agreement with a sixth country. Does that imply that the five
parties that are signatories of the first agreement agree to extend this
cooperation to the sixth country?
Clearly, these attempts – although valuable – are not the solution to the
tackle the far-reaching legal challenges we face today in dealing with
cyberthreats. At best, they may only shift the problem from one country to the
next and result in creating cybercrime-havens for cybercriminals who are
protected by the extraterritoriality of their activities.
|