CC BY
62
Austrian Journal of Humanities and Social Sciences 1-2 (2017)"^^« Science of law
< iAgTWEST >
K»*EUHrTTS
- ISSN 2310-5593 (Print) / ISSN 2519-1209 (Online) -
UDC 349 DOI: http://dx.doi.org/10.20534/AJH-17-1.2-236-241
E. A. Kirillova 1
1 Southwest State University, Kursk, Russia
THE USE OF PERSONAL DATA FOR THE PURPOSE OF COMMITTING CRIMES
Abstract
Objective: is to determine specific features of modern cybercrime, to develop conceptual framework, to specify new forms of cybercrime and to define the main directions in combating cybercrime.
Methods: was based on dialectical, comparative legal, sociological, system-structural and statistical methods, as well as on social experiment.
Results: The study highlighted two new types of cybercrime — cyber-terrorism and identity theft with the view of committing crimes, which could be included into the Convention on Cybercrime.
Scientific novelty: The study gave the possibility to disclose specific features of cybercrime, provided a universal definition of cybercrime, which can be used in the international conventions as well as in the international criminal investigation.
Practical significance: Developed a universal conceptual framework that can be used in international legal instruments and international cooperation in combatting cybercrime and formed a unified approach to address some legal issues related to cybercrime in the global information and communication networks.
Keywords: cybercrime, Internet resources, methods used to combat cybercrime, social networks; information technology.
INTRODUCTION
The problem of cybercrime has two components [8, P. 87-116]. First, there are new crimes such as violation of the integrity, availability and confidentiality of online data being the subject of new legally protected interests arising from the development of information technology [13, P. 433-443]. Second, global information networks are used to commit acts already criminalized in the legislation of many countries. These include theft of property, distribution of child pornography and violation of privacy [18, P. 590-595].
According to Symantec Security, 12 people in the world are exposed to cyber attacks every second, and about 556 million cybercrimes are committed annually in the world, causing damage over US$ 100 billion. (http://www.gemalto.com/brochuressite/download-site/Documents/entBreach_Level_Index_Annual_ Report_2016.pdf). Cybercrime is intertwined not only with other types of crime, but also with a number of negative social phenomena (drug addiction, "grey" economy, prostitution, etc.) [5, P. 39-46]. International organizations recognize the danger of cybercrime, and its cross-border nature, limited one-sided approach to the
problem and the need to promote international cooperation in taking the required technical measures and in the development of international law. OECD, Council of Europe, European Union, United Nations and Interpol — all these organizations play an important role in the coordination of international efforts and in the development of international cooperation in combatting crimes related to high-tech industry [20, P. 70-78]. Police services in the United States and around the world establish special units to combat cybercrime, since cybercrime accounts for a sizable proportion of offenses investigated by these departments. National Cybercrime Training Partnership (NCTP) includes local, state, and federal law enforcement agencies of the United States [2, P. 28-44]. International Association of Chiefs of Police (IACP) serves as host to the annual conference on law enforcement information management, dealing with IT-security and cybercrime [11, P. 207-220]. The Forum on Cybercrime was created within the European Union. Many countries signed the Council of Europe Convention on Cybercrime, which is trying to standardize the European laws on crimes committed via the Internet and other computer networks.
Science of law
< BAiTWEST >
SdB*ELMTTS
Austrian Journal of Humanities and Social Sciences 1-2 (2017)
In recent years, use of the Internet has given rise to increasingly sophisticated illegal practices [10, P. 540545]. Against the background of rapid criminalization of social relations, one can notice furter transformation of cybercrime (its rise, organizational developments, expansion of criminal interests, and complication of criminal schemes) as a natural worldwide process, directly related to the significant development of information and communication technologies in the information society. Criminological situation in the Internet today is defined by organized crime, which infringes on the economic, political, legal, and moral spheres of any society [12, P. 618-621].
Development of information technology always outstrips the development of any legal system that does not have time to adapt to new technological realities [16, p. 92]. This is particularly evident by the example of the Internet, which significantly changes our lives, constantly providing users with new opportunities. The benefits of an open Internet are undisputed. But it must remain open: Open for commerce, innovation, and speech; open for consumers and for the innovation created by applications developers and content companies; and open for expansion and investment by providers (Protecting and Promoting the Open Internet. A Rule by the Federal Communications Commission on 04/13/2015. https://www.federalregister. gov/articles/2015/04/13/2015-07841/protecting-and-promoting-the-open-internet#h-7). Unfortunately, the law and judicial practice do not always react promptly to these changes, which leads to gaps in law and entails breach of the legitimate rights and interests of citizens; the legislation should adapt to new realities [6].
This is especially true for countries with bi-juridical jurisdiction [3, P. 108-127]. Pronounced priority of the written law compared to the judicial practice makes the national legal system act somewhat slowly and leads to the fact that the laws do not have enough time to adapt to technological types of illegal activities. In particular, this determines the fact that cybercrime takes the lead in terms of latency, and certain types of crime in the Internet (such as pornography) are virtually unpunished.
Europol experts say that currently only about 30% of all cybercrimes are detected and predict future increase in the number of related criminal acts, linking the growth of cybercrime with increasing importance of the Internet in everyday life [15, P. 590-595]. In addition, these experts note that increase in the value of
mobile devices as the primary means of access to Internet resources can lead to a wider use of these devices by various criminals (The EU Serious and Organized Crime Threat Assessment (S0CTA),2015.https://www. europol.europa.eu/latest_publications/31).
Definition of "cybercrime" is a question of research debate among different scholars since this phenomenon includes both "traditional" criminal acts committed by using new technologies, and actions aimed at new obj ects of the offence [19, P. 540-545]. The term "cybercrime" is now often used along with the term "computer crime", these concepts are often used interchangeably. These terms are very close to each other by meaning, but they are not synonymous. The concept of "cybercrime" is wider than the concept of "computer crime" and more accurately reflects the nature of such phenomena as crime in the information space. For example, the Oxford Dictionary defines the prefix "cyber- as a component of a compound word. It means "relating to or characteristic of the culture of computers, information technology, and virtual reality". Almost the same definition is provided by the Cambridge Dictionary. Thus, "cybercrime" is a crime, both associated with the use of computers and the use of information technology and global networks. At the same time, the term "computer crime" generally refers to crimes committed against computers or computer data.
The term "cybercrime" refers to crimes related both to the use of computers and information technology and global networks. At the same time, the term "computer crime" applies only to crimes committed against computers or computer data [21, P. 67-68]. The international law distinguishes the terms "cybercrime" and "computer crime", and the term "cybercrime" is actually used. The Council of Europe adopted the Convention on Cybercrime on 23 November 2001. In that document, the term "cybercrime", in contrast to "computer crime" was used. Currently, the common, legally enshrined definition of cybercrime is missing. Some researchers suggested defining cybercrime as a crime committed in cyberspace [1, P. 433-443], however, this definition does not fully disclose such a broad and multidimensional concept as cybercrime.
In 2013, the United Nations Office on Drugs and Crime, in its report "Comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector" notes that definitions of cybercrime mostly depend upon
Austrian Journal of Humanities and Social Sciences 1-2 (2017)
< IASTWEST >
Science of law
the purpose of using the term [4, P. 28-44]. At the same time, as noted in the same document, the term "cybercrime" includes any computer-related act for personal or financial gain or harm, including forms of identity-related crime, and computer content-related acts in cyberspace [14, P. 39-46].
Cybercrime includes a set of crimes stipulated by the criminal law aggressing information infrastructure, information contained therein, as well as crimes committed in relation to other objects in cyberspace or by using its capabilities. Communication from the European Commission "Towards a general policy on the fight against cyber crime" adopted on 22 May 2007 envisaged three categories of this type of criminal activity:
1) Traditional forms of crime such as fraud, forgery, though in a cyber crime context this relates specifically to crimes committed over electronic communication networks and information systems;
2) Publication of illegal content over electronic media (i. a. child sexual abuse material or incitement to racial hatred);
3) Attacks against information systems, denial of service and hacking [9, pp. 119-132].
One should note a need for a universal definition of cybercrime, which could be used in international conventions as well as in terms of international cooperation in the field of cybercrime investigation. Cybercrime can be defined as the totality of crimes committed in cyberspace by using computer systems, computer networks and other means of access to cyberspace within the computer systems or networks and against computer systems, computer networks and computer data.
It is necessary to focus on another group of crimes that should be included into the Convention on Cybercrime as a separate category — the use of personal data for the purpose of committing crimes.
Some countries consider these crimes as a separate category, while others believe that these actions fall under several articles of criminal law [7, P.149-164].
Therefore, some researchers noted difficulties associated with removal (deletion) of previously posted, publicly available personal data [17, P. 375-399]. This requirement may relate both to a particular resource, which repeatedly used available personal data of a particular persona and to other information resources (information portals, search engines). Especially sharply This problem is especially relevant for children and young people, who recklessly placed their personal information in vari-
ous networks and for whom deletion of their profile data may become the only way to stop various forms of persecution not only within a certain network. According to p. 93 of the EU Court ruling, "individuals have the right — under certain conditions — to ask search engines to remove links with personal information about them. This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data processing" (Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, 2014). In fact, this problem is graver than the notorious "right to oblivion" related to personal data by the search engines, which was legalized by the European Court ofJustice (this problem once caused proceedings based on 180 grievances of the EU citizens forwarded to Google).
Meanwhile, not all users regard availability of their personal data on the Internet as a drawback. "Many are finding that sharing a certain amount of information online has clear benefits:
- Internet users are now twice as likely to be found by friends from the past- 40% of internet users say they have been contacted by someone from their past who found them online, up from 20% who reported the same in 2006.
- Half of online adults (48%) agree that getting to know new people now is easier and more meaningful because you can learn things online about the people you meet " (Mary Madden and Aaron Smith Reputation Management and Social Media, 2010).
The EU legislation establishes the right for Internet users to restrict third-party access to their personal data. Significant attention to the fight against cybercrime is paid by the Stockholm Programme, which enshrines the EU priorities in the field of the rule of law, freedom and security for the period 2010-2016. Section 2.5 of this document "Protecting citizen's rights in the information society" emphasizes the importance of respect for citizens' rights of privacy and protection of personal data in terms of increasing data exchange through electronic communications. However, in late 2011, the Anonymous group hacked the site of private US-based think tank — Strategic Forecasting (Stratfor). As a result, they published e-mail addresses and passwords of thousands of American and British military, intelligence, police, NATO counselors and politicians, along with personal data of the former US Secretary of State Henry Kissinger and the former US Vice President Dan
Science of law
< EAiTWEST >
Austrian Journal of Humanities and Social Sciences 1-2 (2017)
Quayle, who worked under President George W. Bush. Approximately at the same time, the group Team Poison hacked one of the UN servers and stole passwords to the accounts of 1,000 employees. Cyber attacks hit not only senior officials but also ordinary citizens. Thus, in January 2012, criminals hacked and published data of several thousand owners of credit cards in Israel. In these circumstances, it is difficult to ensure protection of personal data.
According to the requirements of Directive on privacy and electronic communications (2002/58/EC) users should be provided with clear and comprehensive information regarding the use of cookies in relation to their terminal equipment, including information about the purpose of data processing. Users should also be given the opportunity to refuse using cookies or other similar means on their terminal equipment. At that, the information about the possibility to refuse using cookies should be forwarded as user-friendly as possible. Data transfer for the purpose of law enforcement is a special kind of personal data transfer. In the European Union, for example, personal data processing on the Internet is governed by a special act — Directive 2002/58/EC concerning the processing of personal data and the protection ofpri-vacy in the electronic communications sector.
In the US, no single legislative act in the field of personal data protection exists: there are only acts that regulate certain aspects of personal data processing in the various spheres of social relations, such as the California Online Privacy Protection Act of 2003 (OPPA). According to this Act, an operator of a commercial Web site or online service that collects personally identifiable information through the Web site or online service from individual consumers who use or visit the commercial Web site or online service and who reside in California are required to provide a clear and conspicuous hyperlink in the operator's privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice. In May 2008, there was a question, associated with compliance of Google Corporation policies with OPPA requirements. As stated by a number of sources, link to Google's privacy policy has been placed in the section About Google, not in the Home page section. The issue was resolved through peaceful negotiation, without court procedures. As a result, the corporation posted a direct link to the privacy policy on the home page (http://allthingsd.Com/20080707/google-
values-users-privacy). Whereas the OPPA application only requires proof that California residents have access to a particular site, the act has broad application far beyond the state borders. However, when using the Internet users should bear in mind that the information posted by them can be transferred to the state under certain conditions. It should be noted that the US adopted the Electronic Communications Privacy Act (ECPA), which stipulated that law enforcement authorities could gain access to electronic communications of citizens stored on the server for more than six months without obtaining a court order. In 1986, when the Act was adopted, emails were stored on the servers of the recipient for a very short period of time, namely, until the recipient downloaded relevant message through a special program on his computer. This rule is still valid and applies to information stored on the cloud and other servers. The bill related to the abolition of this rule is currently under consideration by the US Congress.
It should be noted that, despite its reputation of the country of unlimited freedom, the US introduced the legislative requirement that restricted the use of online resources by children under the age of 13, which, in turn, restricted the possibility of putting their personal information on the Internet; personal data of underage users should be collected and processed only with the consent of their parents (Proceedings of the Eleventh United Nations Congress on crime Prevention and Criminal Justice, 2005).
CONCLUSION
It should be noted that legal regulation of the fight against cybercrime in the EU is carried out through the issuance of regulations, decisions and framework decisions. In addition, regular reports of the European Commission to the European Parliament also contain information about the problematic situation in the European Union related to cybercrime as well as legal comments and recommendations for its improvement, which allows maintaining effective cooperation in the fight against crimes related to high technologies. At the same time, the European Union still has not adopted a universal instrument on cybercrime, which creates certain enforcement problems. In addition, there is a tendency for regionalization of cooperation in the fight against computer crime within the European Union. However, taking into account transnational nature of cybercrime, more active cooperation with all states seems to become a promising trend.
Austrian Journal of Humanities and Social Sciences 1-2 (2017)
Science of law
< iAgTWEST >
You need that two types of crimes (as a separate category) be added to the Convention on Cybercrime:
1) Identity theft and use of personal data for the purpose of committing crimes.
2) Cyberterrorism or the use of cyberspace for terrorist purposes.
Some countries consider these crimes as a separate category, while others believe that these actions fall under several articles of criminal law.
References:
1. Al-garadi M. A., Varathan K. D., Ravana S. D. (2016) Cybercrime detection in online communications: The experimental case of cyberbullying detection in the Twitter network. Original Research Article. Computers in Human Behavior, Volume 63, October 2016, pp. 433-443.
2. Andreas Berger, Alessandro DAlconzo, WilfTied N. Gansterer, Antonio Pescapé (2016) Mining agile DNS traffic using graph analysis for cybercrime detectionOriginal Research Article. Computer Networks, Volume 100, 8 May 2016, pp. 28-44.
3. Ben Brewster, Benn Kemp, Sara Galehbakhtiari, Babak Akhgar (2015) Chapter 8 - Cybercrime: Attack Motivations and Implications for Big Data and National Security. Application of Big Data for National Security, 2015, pp. 108-127.
4. Berger A., DAlconzo A., Gansterer W. N., Pescapé A. (2016) Mining agile DNS traffic using graph analysis for cybercrime detection. Original Research Article. Computer Networks, Volume 100, 8 May 2016, Pages 28-44.
5. Christian Konradt, Andreas Schilling, Brigitte Werners (2016) Phishing: An economic analysis of cybercrime perpetrators. Original Research Article. Computers & Security, Volume 58, May 2016, pp. 39-46.
6. Hughes J. (2003) The Internet and the Persistence of Law. 44 B. C. L. Rev.359 (2003). http: lawdigitalcommons. bc.edu/bclr/vol44/iss2/4
7. Jahankhani H., Al-Nemrat A., Hosseinian-Far A. (2014) Chapter 12 - Cybercrime classification and characteristics. Cyber Crime and Cyber Terrorism Investigator's Handbook, 2014, pp. 149-164.
8. John Sammons, Michael Cross (2017) Chapter 5 - Cybercrime. The Basics of Cyber Safety, 2017, pp. 87-116.
9. Kimberly A. DeTardo-Bora, Dhruba J. Bora (2016) Chapt er 8 - Cybercrimes: an overview of contemporary challenges and impending threats. Digital Forensics, 2016, pp. 119-132.
10. Levin J., McDevittJ. (2015) Hate Crimes. International Encyclopedia of the Social & Behavioral Sciences (Second Edition), 2015, pp. 540-545.
11. Marius-Christian Frunza (2016) Chapter 4D - Cybercrime Introduction to the Theories and Varieties of Modern Crime in Financial Markets, 2016, pp. 207-220.
12. Mihail Antonescu, Ramona Birâu (2015) Financial and Non-financial Implications of Cybercrimes in Emerging Countries. Original Research Article. Procedia Economics and Finance, Volume 32, 2015, pp. 618-621.
13. Mohammed Ali Al-garadi, Kasturi Dewi Varathan, Sri Devi Ravana (2016) Cybercrime detection in online communications: The experimental case of cyberbullying detection in the Twitter network. Original Research Article. Computers in Human Behavior, Volume 63, October 2016, pp. 433-443.
14. Christian Konradt, Andreas Schilling, Brigitte Werners (2016) Phishing: An economic analysis of cybercrime perpetrators. Original Research Article. Computers & Security, Volume 58, May 2016, pp. 39-46.
15. Procedia - Social and Behavioral Sciences, Volume 182, 13 May 2015, pp. 590-595.
16. Schjolberg S. and Ghernaouti-Helie S. A (2009) Global Treaty on Cybersecurity and Cybercrime. Oslo, 2009, 92 p.
17. Shipley T. G., Bowker A. (2014) Chapter 16 - Detection and Prevention of Internet Crimes. Investigating Internet Crimes, 2014, pp. 375-399.
18. Solak D., Topaloglu M. (2015) The Percept ion Analysis of Cyber Crimes in View of Computer Science Students. Original Research Article. Procedia - Social and Behavioral Sciences, Volume 182, 13 May 2015, pp. 590-595.
19. Suleman Ibrahim (2016) Social and contextual taxonomy of cybercrime: Socioeconomic theory of Nigerian cybercriminals. Original Research Article International Journal of Law, Crime and Justice, In Press, Corrected Proof, Available online 11 August 2016.
Science of law <' Austrian Journal of Humanities and Social Sciences 1-2 (2017)
< BAiTWEST >
SdB*ELMTTS
- ISSN 2310-5593 (Print) / ISSN 2519-1209 (Online) -
20. Shatalov M. A., Ahmedov A. E., Smolyaninova I. V., Mychka S.Yu. The formation of adaptive strategies of development of the enterprises of agro-industrial complex in the conditions of realization of import substitution. Modern Economy Success. 2016. № 1. pp. 70-78.
21. Tropina T. (2010) Cybercrime and Organized Crime, Freedom from Fear Magazine. 2010. Issue 3.
Information about the author:
Kirillova Elena Anatolievna,
candidate of legal sciences, associate professor of department of civil law, of Southwest State University Adres: 242611, Bryanskaya oblast', g. Fokino, ul. K. Marksa d. 52 kv. 9, Telefon: 8920-601 7042 E-mail: debryansk@mail.ru ORCID: http://orcid.org/0000-0001-7137-901X
