“Future of Criminology: A Causatum of Innovation”
Author: Gitika Dixit, Ph.D. student, and Teaching Associate
National Law School of India University, Bengaluru.
Co-Author- Anany Virendra Mishra,
Fifth-year student National Law University, Delhi
ISSN: 2581-8465
Abstract
A society is a social system that governs the lifestyle of people. It lays its foundation on pillars of mutual cooperation and morality. Crime has always been a dark facet of this society from time immemorial thereby a strong emphasis has always been given on the study of crime as well as criminals to end it in the future. Society is dynamic in nature and has been always evolving and technological advancement has revolutionized this evolution. With the development of the cyber world and modernization, human society has entered a new era of lifestyle. Crime the divine malice, over the years has unknowingly played a pivotal role in technological evolution.
21st century has witnessed a new trend in crime as well as demand for justice. New offenses like cybercrimes have shown the negative aspect of this development and challenged the dynamic nature of law which is slow in evolution as compare to crime. However, the activism created by this technology has added fuel to law evolution by supporting masses and their demand for justice against new crime.
Projecting on the aforesaid scenario, the paper has been framed on a doctrinal model of research. The research aims to highlight the new class of offenses that have immerged with the advancement of technology. It analyzes the nature of the offence and new trends of punishment that are been given to subdue crime. It aims to project the picture of new trends of crime in India resulting due to technological advancements. The research targets another key issue of the demand of the new criminal justice system by the mass protest keeping a view of famous cases by taking reference with the amendments of criminal procedure code as well as penal codes. The research critically explains the question that whether the new classification of crimes will help in solving crime in the sociological jurisprudential aspect of society or will it creates more complications.
Introduction:
Internet, though offers great benefits to society, also presents opportunities for crime using new and highly sophisticated technology tools. Today e-mail and websites have become the preferred means of communication. Organizations provide Internet access to their staff. By their very nature, they facilitate almost instant exchange and dissemination of data, images, and a variety of material. This includes not only educational and informative material but also information that might be undesirable or anti-social. Both the increase in the incidence of criminal activity and the possible emergence of new varieties of criminal activity poses challenges for legal systems, as well as for law enforcement. As per international data, in 2011, at least 2.3 billion people equivalent to more than one-third of the world’s total population had access to the internet. Developed countries enjoy higher levels of internet access (70 percent) than developing countries (24 percent). However, the absolute number of internet users in developing countries already far outnumbers that in developed countries. Some 62 percent of all internet users were in developing countries in 2011. In both developed and developing countries, younger people are online than older people. Some 45 percent of the world’s internet users are below the age of 25years a demographic that also broadly corresponds with an age group often at special risk of criminal offending.[1] Further adding as an exploration and elaboration the financial damage caused by cybercrime is reported to be enormous.[2] In 2003 alone, malicious software caused damages of up to USD 17 billion.[3] By some estimates, revenues from cybercrime exceeded USD 100 billion in 2007, outstripping the illegal trade in drugs for the first time.[4] Nearly 60 percent of businesses in the United States believe that cybercrime is more costly to them than physical crime. [5]These estimates clearly demonstrate the importance of protecting information infrastructures.31 Most of the above-mentioned attacks against computer infrastructure are not necessarily targeting critical infrastructure. However, the malicious software, Stuxnet, that was discovered in 2010 underlines the threat of attacks focusing on critical infrastructure.[6] In India as well the picture is not good and the cybercrime graph is ever increasing. As cybercrime is a multi-jurisdictional and a continuous crime. And as most of the time, the perpetrator is an outsider to curb the crime is a tricky business because of the clash of sovereignty and other International Normative Calls.
Cyber Crime Variables/Kinds/Types:
There are a good number of cybercrime variants. A few varieties are discussed for the purpose of completion. This article is not intended to expose all the variants. The readers are seeking to seek other resources as well. The Primary ones are further laid:
- Cyberstalking
Cyberstalking is the use of the Internet or other electronic means to stalk someone. This term is used interchangeably with online harassment and online abuse. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property.
- Hacking
Hacking is a crime, which entails cracking the security of computer networks and systems and gaining unauthorized access to the data stored in them.
- Phishing
Phishing is just one of the many frauds on the Internet, trying to fool people into parting with their money. Phishing refers to the receipt of unsolicited emails by customers of financial institutions, requesting them to enter their username, password or other personal information to access their account for some reason. Customers are directed to a fraudulent replica of the original institution’s website when they click on the links on the email to enter their information, and so they remain unaware that the fraud has occurred. The fraudster then has access to the customer’s online bank account and to the funds contained in that account.
- Vishing
Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and phishing. Vishing exploits the public trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the billpayer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
- Cyber Squatting
Cybersquatting is the act of registering a famous domain name and then selling it for a fortune. This is an issue that has not been tackled in the IT act 2000.
- Bot Networking
A cybercrime called ‘Bot Networks’, wherein seamsters and other perpetrators of cybercrimes remotely take control of computers without the users realizing it is increasing at an alarming rate. Computers get linked to Bot Networks when users unknowingly download malicious codes such as Trojan horse sent as e-mail attachments. Bot networks create unique problems for organizations because they can be remotely upgraded with new exploits very quickly,” and this could help attackers pre-empt security efforts.
Key Questions:
The scenarios present in cyberspace today raise a number of questions to be answered by the stakeholders and decision-makers. The primary questions are: Firstly Who owns the data in networked systems, and for how long? Who will distinguish between data misuse and legitimate use, and will we achieve consistency? What data will the authorities be able to access and use for the purposes of preventing and disrupting criminal activity? Who covers (and recovers) the losses, both financial and in terms of data recovery? Who secures the joins between services, applications, and networks? And how can objects that use different technologies operate safely in the same environment? Do we want local or global governance and security solutions? Will we be able to transit to new governance and business models without causing global shocks, schisms, and significant financial damage?
If these abovesaid questions remain unanswered, or the responses remain uncoordinated and unresponsive then, we shall be imposing significant barriers to the technological benefits and advantages promised by the future through cyber experts. This further raises the question of whether cybercrime should be covered by general, existing criminal law provisions, or whether new, computer-specific offences are required. The question cannot be answered generally, but rather depends upon the nature of individual acts and the scope and interpretation of national laws.
The Key Problems:
Jurisdictional Issues[7] are central to every Cyber Crime:
The problem is because of the lack of concern in evolution and amendments in current laws with a similar pace of technological advancements. The current problem is not only of jurisdictional matters as is more commonly cited out by many but it is much beyond. The technological developments associated with cybercrime mean that while traditional laws can be applied to some extent legislation must also grapple with new concepts and objects, not traditionally addressed by law. In many states, laws on technical developments date back to the 19th century. These laws were, and to a great extent, still are, focused on physical objects around which the daily life of industrial society revolved. For this reason, many traditional general laws do not take into account the particularities of information and information technology that are associated with cybercrime and crimes generating electronic evidence. These acts are largely characterized by new intangible objects, such as data or information.
While physical objects can usually be attributed exclusively to certain owners, attribution of information ownership can be significantly more challenging. This difference is relevant, for example, to the legal concept of theft, applied in the traditional laws of many countries. Theft of computer data, for instance even given the extension of the concept of objects to include data or information may not fall within the scope of the constituent elements of traditional theft. The data would still remain in the possession of the original bearer, thus depending upon national law Approaches possibly not meeting required legal elements, such as expropriation or taking of the object. Similarly, legal references to a public or private place in harassment or stalking laws may, or may not again, depending upon national approaches extend to online ‘places.’ Such examples illustrate a potential need in some areas for the adaptation of legal doctrines to new information technologies to which the current IT Act of 2000 does not stand the test of clarity and comprehensivity.
IPR and Crimes:
To describe the problem example can be cited from Intellectual property Law and criminal incidences associated with it. Application of intellectual property rights has resulted in a “locked down” approach, prompting illegal copying and a market for counterfeit products, and other aspects of creativity. With due consideration for the fact that under the current business model compromise of costly research and technology potentially entails direct financial losses, loss of competitive advantage and reduced investment, nevertheless the collaborative and (mostly) open nature of Internet connectivity, and the emergence of new commons models for licensing, are challenging the way ideas are monetized. ( Oxford and D.U Photocopy Case is the best example)
Increasingly, even large corporations are looking to extract value not from their ownership of intellectual property but from the access and usage rights of others. A major transition from absolute to conditional intellectual property is possible, but will be highly disruptive to traditional business models in the short- to mid-term, and could well provoke strikingly diverging policies from governments, depending on their global standing, economic growth, and political systems.
Data Protection and Privacy Issues:
Data protection is already a challenge in relation to the Internet. The future reality of large scale Radio Frequency Identification (RFID) deployment, global sensor proliferation, aggregation of data and highly personalized, augmented services will require the legal frameworks for privacy and security to further adapt.[8]
Existing national differences in viewpoints regarding the privacy rights of citizens could signal the adoption of a variety of approaches to these issues in the future. In some countries, misuse of sensors and augmented reality data could become a criminal offence. Likewise, countries may exercise their sovereignty to set their own rules about when such data can be processed and stored by the authorities “for legitimate purposes”. Lack of international approximation will inevitably result in a lack of clarity and asymmetry in national capabilities for fighting cybercrime.
Identity and Reputation Issues:
Reputation will be a prime issue, for governments, businesses and citizens alike.[9] Moreover, complexities of mixing up of offences in the nature of defamation, libel, slandering and impersonification, cheating, frauds of identity, hate crimes, sedition, etc will be instantaneous and the damage was done increasingly difficult to repair along with the classification of crimes. As such is visibly indicated in the narratives, the widespread use of multiple identities on social networking websites and other internet platforms.
All of this with varying levels of verification, pseudonymity, and anonymity is likely to give rise to new identity management services and tools. An emerging market for outsourced corporate online reputation management is a current signal for this. Any future lack of consensus on the circumstances under which citizens and authorities can be legitimately anonymous is likely to result in exploitation of these differences, including jurisdiction shopping by criminals.
Issues of Internet Governance:
The rise of hacktivism, known and inadvertent misuse of cyber technology in recent years serves as a current signal for increasing civil society engagement in issues of Internet governance and data protection. It is anticipated that citizens will require greater transparency and accountability from their service providers and governments and autonomy over their data.[10] Given the pace of expected technological developments such as augmented reality and global sensor proliferation, additional efforts will need to be made to convince Internet users of the trustworthiness of emerging technologies, and their own agency as regards Internet governance.
Lack of measures in Internet governance means a lack of cybersecurity. Absence of the precise number of governance authorities operating in near future, there will need to be broad consensus on standards, to ensure interoperability of emerging Internet-mediated technologies, including augmented reality and the other related issues that may erupt in doing so.
To further clarification it can be said here that the above-laid scenarios highlight new tensions and oppositions in the global cybersecurity environment. Internet connectivity has already fostered the creation of new global networks of citizens, some of which have challenged citizen, corporate and various governmental issues and interests. In the upcoming future, civil society networks like these could well be a powerful force in cyberspace.
Future Issues: CyberTechnology and Cyber Agencyship
Also expansion in the use of unmanned vehicles, robotic devices and automation will inevitably raise the issue of whether computers are intelligent agents. This could be a game-changer for criminal law, which historically exists to regulate interactions between human beings.[11] Equally so effective cybersecurity will be required for active risk management by all stakeholders.
Cybercriminal Threats and Criminological Perspectives:
At the most simplistic level, the cybercriminal threats envisaged in the above laid narratives can be broken down into the following categories:
- Intrusion for monetary or another benefit
- Interception for espionage
- Manipulation of information or networks
- Data destruction
- Misuse of processing power
- Counterfeit items
- Evasion tools and techniques
- Computers as Humanoids and Human Agents ( Cyber Robotics)
As criminology is a science to understand the reasons for crime and to evolve scientific and nonscientific measures for the social reintegration of the disturbance generated against social peace. Based on the above-laid simplification we need to go for sector-based general and specific research to find the cause and solutions to violations in the nature of cybercrime instances erupting.
Article 11 of the United Nations Guidelines for the Prevention of Crime[12] states that crime prevention strategies, policies, programs, and actions should be based on a ‘broad, multidisciplinary foundation of knowledge about crime problems.’ This ‘knowledge base’ should include the establishment of ‘data systems.’[13] The collection of data for planning interventions to prevent and reduce crime is as important for cybercrime as it is for other crime types. Measurement of cybercrime can be used to inform crime reduction initiatives; to enhance local, national, regional and international responses; to identify gaps in responses; to provide intelligence and risk assessment, and to educate and inform the public.[14]
The approach to the measurement of new forms and dimensions, of cybercrime, is to aim to characterize ‘who and how many are involved in ‘what’ and how much[15]. This requires a combination of data sources, such as information on perpetrators, including organized criminal groups; information on flows within illicit markets; as well as information on numbers of criminal events, harms and losses, and resultant illicit financial flows. Each of these elements has implications for the response to cybercrime. An understanding, for example, of organized criminal group structures and networks is central to the design of criminal justice interventions. An understanding of illicit markets, such as the black economy centered on stolen credit card details provides details of the underlying incentives for criminal activity (irrespective of the individuals or groups involved), and thus entry points for prevention programming. An understanding of the extent of harms, losses and illicit financial gains provides guidance on the prioritization of interventions.
Apart from this, we need to do comparative research on the working of cyber laws as prevalent in other countries so as to evolve a suitable control model against cybercrime best suited for our country and more than this best suited international collaboration to contain the issue effectively. The statement is made so because Cybercrime is by no means the first new form of crime to demand a global response.
Over the past decades, global action has been required to address challenges such as illicit drug trafficking and transnational organized crime, including through the development of international agreements. Nonetheless, it has become a truism that cybercrime today presents unique international cooperation challenges. During information gathering for a given study, more than half of countries reported that between 50 and 100 percent of cybercrime acts encountered by the police involved a ‘transnational element.[16] Of course, not all crimes occur neatly within the territorial jurisdiction. Where this is the case, international law has come to recognize a number of bases of extra-territorial jurisdiction in criminal matters.[17]
The starting point for state jurisdiction and international cooperation is sovereignty. The sovereign equality of states is protected by rules of customary public international law. These include the obligation on states not to interfere in any form or for any reason whatsoever in the internal and external affairs of other States.[18] Law enforcement and criminal justice matters fall within this exclusive domain of the sovereign state, with the result that, traditionally, criminal jurisdiction has been linked to the geographical territory. States must, therefore, refrain from bringing pressure to bear on other states regarding the behavior of specific national bodies, such as law enforcement agencies or the judiciary. Persons may not be arrested, a summons may not be served, and police or tax investigations may not be mounted on the territory of another state, except under the terms of a treaty or other consent given.[19]
Conclusion:
Crime prevention refers to the strategies and measures that seek to reduce the risk of crimes occurring, and their potentially harmful effects on individuals and society, through interventions that influence the multiple causes of crime.[20] The United Nations Guidelines for the Prevention of Crime highlight that government leadership plays an important part in crime prevention, combined with cooperation and partnerships across ministries and between authorities, community organizations, non-governmental organizations, the business sector, and private citizens.[21] Good crime prevention practice starts with basic principles such as leadership, cooperation, and the rule of law, etc. Suggesting further guidelines ask for forms of organization such as crime prevention plans, and leads to the implementation of methods such as the development of a sound knowledge base and approaches including reducing criminal opportunities.
Common to all of these principles is a broad sense of requirement that a sufficient connection or genuine link between the offence and the state exercising jurisdiction is needed. because of the international nature of cybercrimes which is a common factor generally in all of them( emphasis supplied). Hence to curb this international cooperation and a uniform model are a prerequisite condition otherwise success to curb them shall be a distant dream.
It is important to note that the use of such forms of jurisdiction by countries either on the basis of national law or international agreements does nowhere automatically override the operation of sovereignty and non-interference principles of other countries as the subject here is common i.e nabbing and penalization of culprit who was injurious to both or more interconnected sovereign countries. The physical conduct of a criminal investigation on foreign soil. To cite an example under the protective principle of passive nationality principle, the consent of the foreign state is still a primary requirement.[22] To which if they collaterally agree universally then this issue would not erupt and furthermore a uniform treaty will act as a check and balance in law. The jurisdiction that a state claims to assert is thus related, but separable, from the question of non-interference and infringement of sovereignty. As a result, improvement in terms of enhanced international cooperation plays an important and critical role in the development and implementation of cybersecurity strategies and anti-cybercrime strategies.
[1]European Commission, 2012.Special Eurobarometer 390: Cyber Security Report. See also Fawn, T. and Paternoster, R., 2011. Cybercrime Victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1):773-793, 782.
[2]Kindly SeeHayden, Cybercrime’s impact on Information security, Cybercrime and Security, IA-3, page 3.
[3]CRS Report for Congress on the Economic Impact of Cyber-Attacks, April 2004, page 10, available at: www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf.
[4]See: O’Connell, Cyber-Crime hits $ 100 Billion in 2007, ITU News related to ITU Corporate Strategy, 17.10.2007, available
at: www.ibls.com/internet_law_news_portal_view_prn.aspx?s=latestnews&id=1882.
[5]IBM survey, published 14.05.2006, available at: www.03.ibm.com/industries/consumerproducts/doc/content/news/pressrelease/1540939123.html.
[6]Regarding the discovery and functions of the computer virus, see: Matrosov/Rodionov/Harley/Malcho, Stuxnet Under the Microscope, Rev. 1.2, 2010, available at: www.eset.com/resources/whitepapers/Stuxnet_Under_the_Microscope.pdf; Falliere/Murchu/Chien, W32.Suxnet Dossier, Version 1.3, November 2010, Symantec, available at:
www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf.
[7]The distinction between legitimate and illegal activity has become increasingly blurred, since practices such as dataharvesting and interception, and reputation manipulation will beeven more closely associated with profit generation. Currentproximity between criminal spamming and legitimate marketingtechniques such as behavioural advertising already serves as anindicator for this. The challenge for legislators will be to delineatethe circumstances under which these activities may legitimately beconducted, and to ensure that as far as possible these measures areharmonised internationally. Criminalisation will naturally also require sufficient capacity to investigate, disrupt and prosecute.
[8]Many of the citizen-facing government functions traditionally performed by personnel have now been entirely automated. These include voting (now entirely online), taxation, and some aspects of policing, in particular surveillance. Sensors and Radio Frequency Identification (RFID) track citizen movements, while advanced behavioural profiling helps intelligence operatives to identify individuals at risk of engaging in criminal or terrorist activity.
[9]The Julian Assange Matter of Wikileaks.
[11]Greater automation and artificial agency concept of computer generated solutions lead us to the question of whether computers and robots can be criminal agents becomes increasingly pertinent
[12]Guidelines for the Prevention of Crime, annex to United Nations Economic and Social Council Resolution 2002/13 on Action to promote effective crime prevention, 24 July 2002.
[13]Ibid. Art. 21(f).
[14]Fafinski, S., Dutton, W.H. and Margetts, H., 2010.Mapping and Measuring Cybercrime.Oxford Internet Institute Forum Discussion Paper No. 18., June 2010.
[15]European Institute for Crime Prevention and Control, affiliated with the United Nations (HEUNI), 2011. Data Collection on [New] Forms and Manifestations of Crime.In: Joutsen, M. (ed.) New Types of Crime, Proceedings of the International Seminar held inConnection with HEUNI’s Thirtieth Anniversary, 20 October 2011, Helsinki: EICPC. See also UNODC, 2010. The Globalization of Crime: A Transnational Organized Crime Threat Assessment
[16]Kindly See http://www.whitehouse.gov/administration/eop/nsc/transnational-crime/threat.
[17]Jeschek, H. H., Weigend, T., 1996.Lehrbuch des Strafrechts.AllgemeinerTeil. 5th edn. Berlin: Duncker&Humbold. pp.167 et seq..
[18]See Declaration on the Inadmissibility of Intervention in the Domestic Affairs of States, annex to GA resolution A/RES/20/2131 (XX), 21 December 1965. Please also refer to the Corfu Channel case, ICJ Reports 1949, 35, the Military and Paramilitary Activities case, ICJ Reports 1986, 202, and the Nicaragua case, ICJ Reports 1986, 14, 109-10.
[19]Brownlie, I., 2003. Principles of Public International Law.6th ed. Oxford: Oxford University Press. p.306.
[20]Guidelines for the Prevention of Crime, annex to United Nations Economic and Social Council Resolution 2002/13 on Action to promote effective crime prevention, 24 July 2002, para. 3.
[21]Ibid Arts.7 & 9
[22]See, for example, Council of Europe Cybercrime Convention, Art. 22(1)(a); League of Arab States Convention, Art. 30(1)(a); UN OP-CRC-SC, Art. 4(1); COMESA Draft Model Bill, Art. 40(a)(1); ITU/CARICOM/CTU Model Legislative Text, Art. 19(a); Commonwealth Model Law, Art.4(a).