Sophisticated computer crime threatens to outpace the development of legislation. Computer technology has created challenges for investigators and prosecutors due to the inadequacy of existing legislation. Traditional criminal laws are poorly prepared to handle cyber crime since legislations were not enacted with technology in mind. The laws are geared toward protecting physical property, not electronic property. Legal challenges result from laws and legal tools required to investigate cyber crime, which lag behind technological, structural, and social changes.
Laws defining computer offenses make it difficult for decision makers to enforce laws adequately. There exists a wide gap in cyber crime laws around the globe. Countries are not consistent in their efforts to develop strong laws governing the cyber crime issue. Nations are not taking the threat seriously. A report by McCormell International (2000) analyzing high-tech laws in 52 countries discovered that only nine countries had amended their laws to address cyber crimes in four categories: data-related crimes, network related crimes, access crimes, and associated computer related crimes.
In 1986, the U. S. Congress passed an independent statute, the Computer Fraud and Abuse Act (CFAA), Title 8 Section 1030, to address computer crimes. This Act consists of seven different sections that address specific types of cyber crimes: espionage, information violations, intrusions into government computers, fraud, hacking, viruses, denial-of-service attacks, password trafficking, and extortion (Hancock, 2000). This Act was enacted to help stop cyber crimes and has had many revisions to achieve its goal. Congress amended the Act in 1986,1988,1989, 1990, and 1994 (Wolf, 2000).
CFAA does not contain full legislative flaws, but Congress falsely believes that computers are fundamentally different from other things, and thus, criminal statutes must be separated from other statutes. Legislation is moving at a slower pace than the crimes, thus, creating loopholes due to the laws not being directly applied to many of the cyber crimes (Speer, 2000). The United States Sentencing Commission conducted a study in June of 1996, which reports that the CFAA resulted in only 174 convictions, thus, assessing the statute as ineffective due to unreliable statistics (Wolf, 2000).
A national survey of prosecutors conducted in 2001 concludes that only 42% of the prosecutors’ offices reported prosecuting computer related crimes under their state’s computer statutes (Bureau of Justice Statistics [BJS], 2002). Thus, cyber criminal acts are being prosecuted under other fraud statutes, thereby, rendering cyber crime statistics ineffective. Virtually every state has enacted legislation, rendering various computer and cyber activities illegal (Skinner & Fream, 1997). Furthermore, despite the enactment of such legislation, the war on cyber crime has experienced a problem of judicial leniency.
The legislation is slow, and the threat is outrageous. Some of the biggest cyber crime cases in history have resulted in dismissals or relatively light punishments. The few cyber crime cases that have passed through the legal system have not led to severe punishments (Sherizen, 1995). According to the Science Application International Corporation, the average bank robbery in the United States costs $1,900 and is prosecuted 82% of the time, whereas the average cyber crime costs $250,000 and is prosecuted less than 2% of the time (as cited in Overill, 1998).
Consequently, criminals learn the comfortable circumstances of the legal system and realize that it is non-probable for them to get caught, and if they do, very minimal will be done to penalize or punish them. Research has found that “controls over certain illegal behaviors were associated with moral commitment, fear or social disapproval, and fear of legal punishment” (Sherizen, 1995, p. 180). Thus, the literature suggests that greater enforcement of cyber crime laws and stiffer penalties would reduce the engagement of cyber criminals’ acts in illegal and deviant behavior.
Enacting legislation for private businesses to mandatorily report intrusions would maximize legal attention (Sherizen, 1995). Unless the private sector is required by law to report intrusions, computer crime would not be controlled. The National Law Enforcement and Corrections Technology Center ([NLECTC], 2003, June) reports that on July 1, 2003, a California law became effective, which requires organizations to notify state customers of any intrusions that may compromise the security of customers’ personal information.
Cyber crime has grown at such a radical pace that laws have been unable to keep up with technology. The limits of the state have become increasingly apparent. Lessig (1999) argues that cyberspace behavior is controlled through programming and architecture of information systems, and not through legislation. Technology is what regulates the cyber space, not law. There is a gap between old traditional laws that address tangible assets and new legal aspects that revolve around intangible assets.
The current laws lag behind technological and social changes, creating legal challenges to law enforcement agencies (Herrera, 2001). Evidence search and seizure laws were written years ago and have not kept pace with technological advances (Schmidt, 1998). In order to deter cyber criminals, legislators need to pass improved legislation to support detection and successful prosecution of offenders (Robinson, 2000). More apprehension and punishment must take place in order for deterrence to function, and the laws must directly address new technological development (Sherizen, 1995).
Bequai (1996) argues that the U. S. criminal justice system contains ineffective and outdated rales, procedures and laws that are not well suited, causing costly and time-consuming cyber crime prosecutions. The nation’s focus continues to lie in drugs and street violence, not information technology crimes. Laws are not consistent and vary from one jurisdiction to another, raising prosecution issues. The perpetrator could be operating in one state, while the victims could be in another state.
The Internet, which is a borderless environment, gives easy access to cyber criminals to cross state boundaries. State and local authorities investigating cyber crime are often times faced with jurisdictional challenges; therefore, they need adequate and uniform laws that provide enforcement services (McCaul, 2001). In theory, the U. S. legal system intends to be well prepared to deal with cyber crimes and to provide strict punishment. However, in practice, police agencies, along with prosecutors and the judiciary, are ill prepared to handle the challenges of cyber crime (Bequai, 1996).
Prosecutors shy away from a case unless there is a loss or damage, despite the fact that the Federal computer crime statutes emphasize two areas – unauthorized use and unauthorized access. In addition to technical and legal challenges, law enforcement agencies face significant operational challenges, which result from an increased demand for adequate resources, training, and equipment to address cyber crime. Traditional law enforcement agencies, taking into account the police culture and the constraints of their operation, are facing difficulties competing in the technology industry.
The constant and rapid change of the technologies requires serious cooperative attention devoted to the issue of cyber crime by well-trained and well-equipped investigators, prosecutors and forensic experts to meet investigative and prosecutorial needs (Marcella & Greenfield, 2002; Herrera, 2001). Cyber criminals’ actions are outpacing law enforcement’s ability to respond effectively. In order to be effective, law enforcement cyber crime investigators must not only possess investigative capabilities, but must also have specialized skills, training and technical expertise in computer technology.
Prosecutors must understand the jargon of high technology crimes and be able to explain it to a judge and jury. Forensic experts must be knowledgeable in recovering, analyzing, protecting, and handling digital evidence that is easily lost and altered (Herrera, 2001). We live in the Information Age where technologies are quickly changing. Binary numbers control the world; atomic police evidence is gradually shifting to electronic ones and zeros. Cyber criminals use cutting-edge technological equipment and tools to commit their crimes.
Thus, it is essential that investigators, prosecutors, and forensic experts are introduced to high tech equipment and are provided up-to-date technological training to be effective in combating cyber crime. Forensic computer training should become one of the in-service training courses in police academies nationwide. Law enforcement experts need to be properly equipped with the latest hardware and software in order to keep pace with the criminals. A review of the literature states that police agencies in general are slow in responding to cyber crimes.
Local law enforcement’s capabilities differ depending on the size, location, and resources (Gates, 2001). Many local law enforcement agencies do not possess the knowledge or the necessary equipment to enforce cyber crime laws (Speer, 2000). Police agencies are in lack of money, time and technology to maintain pace with the criminals who have unlimited time, unlimited resources and unlimited access to new technology (Stranberg, 1999). Computer crime poses a profound challenge to the investigator, which will grow and become a more profound challenge for police operations in the future (Laska, 1997).
Law enforcement agencies are discovering that technology has produced highly sophisticated criminals and has altered the way they must investigate crimes. Most law enforcement agencies lack adequate staffing or funding to handle cyber crime (Goodman, 2001). It is easy to explain to city officials during a budget process that violent crime is on the rise, because it fears citizens; yet, it is difficult to obtain funding for cyber crime that poses a huge financial damage, because the public views it as an intangible crime that does not pose physical violence (Groover, 1996).
Unfortunately, it appears that the public, along with law enforcement and government administrators, is unaware of the real dangers of cyber crime. Law enforcement management’s lack of training and experience in cyber crime carries costly and time-consuming ramifications (Bequai, 1998). According to a NU nationwide study (2001), 70% of respondents reported that upper management had limited or no awareness of cyber crime issues. The federal budget for law enforcement in 2000 was about $17 billion of which only $10 million – less than 0.
01% of all law enforcement related spending – was allotted for cyber crime related training, staffing, and support (Lormel & Johnston, 2001). A lack of support from the public and officials promotes Incompetent police forces, which in return, decreases the capacity to combat cyber crime. Cyber crime investigations require special investigative knowledge and technical expertise, which is another challenging area. Law enforcement officials have faced problems finding individuals that possess both technical and investigative knowledge and training to handle cyber crime cases.
Law enforcement training that prioritizes state and local police needs is a key element to deal with cyber crime threats (Johnston, 2002). Investigators must be properly trained In evidence recovery, and forensic specialists must be trained in processing the evidence (Clede, 1993). Combined training in investigative, legal, and forensic skills will address the cyber crime problems and issues police agencies face (Collier & Spaul, 1992). Computers continue to advance day by day, which results in more opportunities and more literacy for cyber criminals. Cyber crime will not disappear; instead it will continue to grow.
Estimates reveal the large growth of computer crimes as technology progresses. According to the literature reviewed, law enforcement in general lacks the necessary training, resources, and equipment to deal with cyber crime cases. The loss that cyber crime causes to our nation and to the world is substantial; thus, cyber crime must not be perceived as any less important than traditional crimes. The less attention devoted to cyber crime, the wider the gap will grow between the advanced technologies used by criminals and law enforcement’s investigative operational capabilities.
References Bureau of Justice Statistics. (Revised, July 2002). Prosecutors in state courts, 2001 (NCJ Publication No. 193441). Washington, DC: United States Department of Justice, Office of Justice Programs Hancock, B. (2000). Getting the laws to help combat cybercrime: There’s a grand idea. Computers and Security, 19(8), 669-670 McCormell International, LLC. (2000). Cybercrime… and punishment? Archaic laws threaten global information. Retrieved on December 10, 2008, available from http://www. mcconnellintemational.
com Overill, R. E. (1998). Trends in computer crime. Journal of Financial Crime, 6(2), 157-162. Skinner, W. F. , & Fream, A. M. (1997). A social learning theory analysis of computer crime among college students. Journal of Research in Crime and Delinquency, 34(4), 495-518. Sherizen, S. (1995). Can computer crime be deterred? Security Journal, 6(3), 177-181. Wolf, J. C. (2000). War games meets in Internet: Chasing 21st century cybercriminals with old laws and little money. American Journal of Criminal Law, 28(1), 95-117.