The inevitable development of technology has raised questions regarding the ethical and moral issues in regards to its utilisation. One of the consequences of massive growth within the media for past decades, most particularly the internet, is that information, ideas and images are more freely available now than they have ever been. In addition to the rapid progression of technology, criminal organisations are also embracing the developments in order to facilitate criminal acts.
Cybercrimes has been defined as offences that are committed against groups or individuals with the intention to harm their reputation and physical or mental state directly or indirectly using telecommunication networks. The absence of a nationally accepted and comprehensive framework impedes any efforts to accurately report, identify and monitor trends within cybercrime. Before jurisdiction comes into play, difficulties arise in discovering the location and identifying the criminal before authorities can think about making arrests. Cybercrime laws also differ from state to state.
An act that’s illegal in one location may be completely legal in another. This further complicates the situation if the perpetrator is in a location where the act he/she is committing isn’t even against the law. Effective law enforcement is clearly complicated by the transnational nature of telecommunication networks. This allows criminals to defy the jurisdictional realms of sovereign nations by originating an attack from almost any computer in the world. Cyber criminals also have the ability to design attacks that appear to be originating from foreign locations.
This clearly shows the expensive and long, drawn-out process that needs to be taken when developed technology goes beyond the scope of law enforcement. The Cybercrime Act 2001 (QLD) was introduced into Australian Parliament as a result of terrorist attacks that occurred on 11 September. However, there are concerns in regards to the breadth of investigative powers stipulated in the act. These concerns include broad definitions that were adopted by legislation and persuading stakeholders to report cybercrime incidents.
Division 477.2 of the Cybercrime Act 2001 (QLD) stipulates that those “who access or modify computer data from a computer that they are not authorised access with the intention of committing a serious offence are punishable by five or more years imprisonment. However, the nature of the evidence obtained makes cybercrime complex to investigate and prosecute in contrast to crimes committed in the “real world”. One of the main problems with digital evidence is the limitations of its reliability and authenticity in capturing perpetrators. Digital evidence obtained can range from magnetisation, light pulses, radio signals and other means.
This type of evidence is not only fragile, but it can also easily be exploited through editing. Recommendations: It is imperative that computer forensics needs to obtain more conclusive evidence in order to avoid a long, drawn-out process. Tools should be available to authorities of all levels that allow them to examine digital evidence without tampering with it. Trained forensics examiners should also be more desired in police stations as they can preserve data in preparation to present in court and can even recover deleted data.
Also, an attempt should be made to reduce anonymity to a certain extend. A section should be added to the Cybercrime Act 2001 (QLD) that stipulates that whoever purchases a computer, handheld mobile device, tablet or laptop must have their contact details embedded into the devices before a transaction is complete. This would inarguably help authorities to discover the main perpetrator behind the use of any malicious programs if authorities were able to have access to aforementioned information during investigation.
Definitions within the Cybercrime Act 2001 (QLD) should be having more clarity and specificity within the scope. This allows offences to be confined to malicious activity. In particular to s476 of the Cybercrime Act 2001 (QLD) the word “unauthorised” should be further defined so that guidelines on identifying appropriate authority for access, destruction or modification of data can be used within cases. Both s477(2) and s477(3) should include the requirement of knowledge and intent, as opposed to “recklessness” which lacks clarity as a definition.