Computer Crime Research Center

Trends & issues in crime and criminal justice

Date: December 13, 2004
Source: Australian Institute of Criminology
By: Russell G Smith

... is located, then problems of extradition will be avoided. But if the charges originate from the country in which the victim is located, or where the effect of the conduct occurred, then the offender may need to be extradited to that country. Importantly, it will often be the case that only some of the essential elements of the offence occur within one jurisdiction, making prosecution practically impossible.

The problem of 'negative international jurisdiction' also arises. This refers to cases that are not investigated because they could be prosecuted in one of many countries, but none wants to take action. There is also the reverse problem of too many countries wanting to prosecute a particularly noteworthy case. What may be needed to deal with this situation is the creation of an international instrument along the lines of the United Nations protocol on negotiating jurisdiction, setting out how jurisdiction is best determined in these cases. Generally, the rule is that if a country refuses to extradite an offender and it has power to take action, then it should be obliged to do so.

Search and seizure

Two methods of obtaining data from a computer system can be distinguished on technical and legal criteria:

This is an important distinction because remote access to computers via the internet can sometimes result in the search amounting to an interception of telecommunications that may require a warrant in order to be legal (see Box 3).

Box 3: Search and seizure
Two Russian computer hackers who allegedly stole large numbers of credit card details and attempted to extort money from account holders were investigated by the FBI in the United States. In an undercover operation, FBI agents posed as representatives of a security firm and made contact with the accused, ostensibly to discuss employment prospects in the United States. The two accused demonstrated their hacking expertise for the agents who then invited them to come to the United States. While in the United States the FBI agents used a key logging program to discover the accused persons' passwords in order to get access to their computers in Russia. The suspects were then arrested and charged with various offences. In order to preserve the computer evidence in Russia, the FBI agents immediately copied data from the servers in Russia via the Internet prior to obtaining a search warrant in the United States. The defence raised various objections to this, arguing the search was unconstitutional as it breached the Fourth Amendment which requires warrants to be issued prior to searches being conducted. The court held that the Fourth Amendment did not apply to these actions as the data had been obtained outside the United States. The court also held that there had been no seizure of the data as it had merely been copied but not read prior to the warrant being obtained (United States v Gorshkov 2001 WL 1024026 No CR-550C; WD Wash 23 May 2001).

Difficult problems arise in obtaining digital evidence in high tech crime cases, although in some ways computers have made the process easier through the ability to conduct searches of hard drives remotely via the internet. Some of the main difficulties include:

Often transnational high tech crime operations need to be closely coordinated. Warrants may need to be simultaneously executed in different countries in order to ensure that suspects do not collaborate in the alteration or destruction of evidence. In recent years, police have been successful in mounting such operations. One case of online child pornography involved the execution of 30 warrants for 12 suspects in 10 different countries (US Customs Service 2002).

A final problem concerns the retention of material by investigators. If child pornography has been seized by police, they may be unable to return it to accused persons as this would entail the illegal distribution of obscene materials. In the United Kingdom, the Possession of Unlawful Items Act could be used to enable police to dispose of child pornography that had been found on computers, but this is not yet in force (see also the English Police Property Act 1894).

Problems of encryption

A difficult problem facing high tech crime investigators concerns data that have been encrypted by accused persons who refuse to provide the decryption key or password (see Box 4).

Box 4: Encryption
In a 1998 investigation of a paedophile network, Operation Cathedral, police in 15 countries uncovered the activities of the W0nderland [sic] Club, an international network with members in Europe, North America and Australia who used the Internet to download and exchange child pornography including real-time video images. The Club used a secure network with regularly changed passwords and encrypted content. In Europe alone, over 750,000 images were recovered from computers, along with over 750 CDs, 1,300 videos and 3,400 floppy disks. The encryption devices were circumvented because one member of the Club cooperated with police and provided access to the files. This led to approximately 100 arrests around the world in September 1998 (Australasian Centre for Policing Research 2000: 126).

Access to encrypted data may, alternatively, be achieved in some countries by installing a key logging program onto a computer to detect the password used for decryption. The installation of such a program, of course, must be done without the knowledge of the accused, and a special warrant must be obtained for this. In one case in the United States, evidence obtained by key logging was challenged on the grounds that it involved the illegal interception of wire communications. It was held, however, that the key logger only operated when the computer's modem was not connected, thus excluding any interception of telecommunications (United States v Scarfo, 2001-see In Australia, the Surveillance Devices Bill (No. 2) 2004 may, if enacted, enable police to apply for warrants to install key logging programs remotely. If all else fails, investigators may seek to break encryption codes, although this is difficult, time-consuming and costly, and would be inappropriate in all but the most serious of matters.

Some computer crime legislation is beginning to expand the range of investigatory powers available to law enforcement agencies, for example, by making it an offence for a person with knowledge of a computer system to refuse to divulge passwords or to refuse to provide information about encryption. The Australian Cybercrime Act 2001 (Cth), for example, provides a maximum penalty of six months' imprisonment for failure to comply with a magistrate's order to provide such information to investigating officials (see s 3LA, Criminal Code Act 1995 (Cth) and s 201A, Customs Act 1901 (Cth)).

Mutual assistance

In order to facilitate international criminal investigations, use is often made of mutual assistance treaties. These provide a legal basis for authorities in one country to obtain evidence for criminal investigations at the request of authorities in another country. Instruments of this kind cover a range of activities including:

Each year Australia is the originator of over 100 mutual assistance requests, and receives a further 100 requests by other nations pursuant to the Mutual Assistance in Criminal Matters Act 1987 (Cth). At present, very few of these requests concern high tech crime, although as the prevalence of transnational high tech crimes increases the problems associated with using mutual assistance arrangements are likely to escalate. The central difficulty is the slow and cumbersome nature of official requests. There are also problems with the direct transmission of documents as mail can only be faxed in an emergency and to a court tribunal. It is also difficult to use direct requests for assistance unless the person seeking assistance knows specifically to whom the request should be sent.

Box 5: Successful cooperative action
In March 2003, an Australian man was charged in the United States with one count of conspiracy to commit criminal copyright infringement and one count of criminal copyright infringement. The charges were in connection with his alleged involvement in an illegal Internet software piracy group founded in Russia in 1993 which operated globally. The group produced and distributed some US$50 million worth of pirated software, movies, games and music. Another 20 offenders have been convicted in the United States and others charged in the European Union in relation to the group's activities (US Department of Justice 2003).

Costs associated with mutual legal...

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo