It seems not a day goes by that we don’t hear about some form of ransomware, major database theft or breach of a corporate or government network. Then there’s fake news and alleged election hacking across a number of western democracies. There is little doubt that cyber crime is on the rise. But how do governments deal with it?
Jurisdictions, Prosecution & The Burden of Security
Each country has a different approach to cyber crime laws. And they all vary in the degree to which they proceed with prosecuting them. The other major challenge is that cybercrime today is often conducted from a country outside the target. This is certainly the case with alleged election tampering, ransomware and data thefts. Corporations and governments are struggling to deal with the rising threats and right now the heaviest burden rests on them to implement better cybersecurity practices.
An International Cybercrime Court?
Even when cyber criminals are identified, if they’re outside the country where the crime takes place, catching and then prosecuting them is hard. Extradition treaties need to be in place and the justice system in the country where the crime originated has to have some motivation to assist. Unfortunately, many of these attacks come from countries where such motivation is minimal and treaties don’t exist. And obtaining proof can be burdensome at best. And what about when the crime, such as wannacry, potentially comes from a foreign state actor?
Solving geopolitical cybercrime is complex and there is no easy answer. Perhaps though, it is time to consider an international cybercrime court? Modelled off the ICC (International Criminal Court?) Perhaps it could be added to the ICC run from The Hague?
Such a court however, would require countries to sign on and agree to the rules of conduct and bringing alleged perpetrators to justice. Not a simple task by any means. It would be expensive as well. Then there’s agreeing to legal commonalities, data and privacy laws. And of course, at what point is a cybercrime considered serious enough to warrant such a degree of prosecution?
Certainly this is no easy task. There are many other issues to consider. There are estimates on the costs of cybercrime, but it’s hard to know for sure; some companies never report breaches and some don’t know about them for months or years. Then too, is the question of whether such an approach would even deter cybercriminals at all?
What do you think?
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s