Tuesday, May 10, 2016

Authorship Attribution And Cross Border Cyber Attacks Convictions

Legal issues of Internet and cyberspace are very difficult to manage. There are many challenges that nations around the world are facing in this regard and the same can be managed only by establishing an international techno legal framework. From conflict of laws in cyberspace to civil liberties protection in cyberspace, governments around the world have to manage many sensitive, crucial and constitutional norms. This situation is further made complicated due to absence of international treaties on cyber law and cyber security (pdf).

It is common knowledge that there is a cyber tussle between United States and China for long. While US claims that China is the cyber villain yet China maintains that it is a victim and not a villain. Till the time we are capable of ascertaining the real force behind a cyber attack, we cannot prove the guilt of an organisation, nations, individual or corporation. Granting of legal immunity to state supported hackers has further complicated this international fight against cyber attacks.

Recently the US Supreme Court approved amendments in the Rule 41 of the Federal Rules of Criminal Procedure. This would give a long arm jurisdiction to US law enforcement agencies to meddle with the sovereignty and laws of other nations. For instance, the trans border hacking and search activities of FBI would violate civil liberties and cyber laws of different nations. These types of rules and regulations must be avoided by all nations, including India.

Who are behind a cyber attack or cyber crimes is a very crucial aspect to decide to punish the guilty. Of course, this requires tremendous cyber forensics and cyber crime investigation capabilities. Cyber crimes and cyber attacks are increasing world over. The semi anonymous nature of Internet has also encouraged these criminal activities. Besides there are many methods to conceal the identity of an accused and mixing within the crowd is one such method. In many cases the offender hides himself among law abiding and legitimate Internet users. Many times even the identity of such law abiding users is stolen to commit the crime or launch a cyber attack. Even worst, many computers are compromised and made part of the botnet that are used for all sorts of illegal activities over the Internet.

When an accused commits a cyber crime by mixing among the legitimate and law abiding crowd, it becomes imperative to ascertain, with great certainty, that a particular culpable act has been committed by a particular person alone. We at Perry4Law Organisation (P4LO) believe that “authorship attribution” is an important aspect of “determining the culpability” of an offender where the means to commit the offence are common and accessible to many people simultaneously. Data mining and profiling of the accused to “attribute culpability” to him/her alone is an emerging area of cyber crime investigation and India must pay more attention to this branch.

Friday, April 29, 2016

US Supreme Court Expands The Long Arm Jurisdiction Of US Subordinate Courts Regarding Computer Searches And Hacking

In an over ambitious move, the US Supreme Court has expanded the applicability of Rule 41 of the Federal Rules of Criminal Procedure to not only US citizens but also those living in other countries.

When even limiting the applicability of the Rule 41 to entire US jurisdiction is troublematic it is too much to expect that other countries would take it in a friendly manner when their sovereignty is violated. For instance, if a warrant issued by a judge allows the FBI to investigate a matter in China, will China take it in a friendly manner?

Similarly, if the FBI hacks into a computer system located in India, will Indian government accept such an approach? It seems the US Supreme Court was carried away while protecting the interests of law enforcement agencies of US rather than the actual victims. Indian Supreme Court has also committed a mistake in the past regarding limiting the cyber law due diligence in India. We need a stronger cyber law due diligence and not a weaker one.

It is good to hear that Supreme Courts of US and India are trying to adopt technology and accordingly are modifying the laws of US and India. But their actual impact and constitutional effects must also be kept in mind.

The approach of the US Supreme Court would only result in an increased use of state sponsored cyber attacks that is already on rise. Intelligence agencies around the world are asking for legal immunity against cyber deterrent acts. India is also following this path and this approach of US Supreme Court would only complicate the matter further.

Conflict of laws in cyberspace are further going to increase due to this self centered approach of various nations. This is more so when there is no uniformity regarding international legal issues of cyber attacks and cyber security as on date.