Crime control in the sphere of information technologies in the Republic of Turkey

Cybercrime is considered an issue of both local and global concern. Therefore, this study focuses on the local experience in cybercrime control of different countries, including the Republic of Turkey. The article discusses issues in cybersecurity policy and analyzes the legislative framework of the Republic of Turkey on cybercrime issues. The findings underlie the continuing education policy for cybersecurity employees. The study concludes that Turkey handles the current cybercrime situation with efficiency.     

Redefining borders: The challenges of cybercrime

Cybercrime is the newest securitythreat in the world today, and is distinct from anyother threat facing the world. This paper attempts toplace cybercrime in relation to other securitythreats, as well as illustrate the uniquecharacteristics of cybercrime. First, aninvestigation of the major elements of cybercrime willbe conducted. After the parameters of cybercrime havebeen laid out, cybercrime will be analyzed as asecurity threat on both domestic and internationallevels. Finally, current security structures will beexamined for their effectiveness in controlling thethreat posed by cybercrime.     

Laws of encryption: An emerging legal framework

This article examines the emerging legal framework of encryption. It reviews the different categories of law that make up this legal framework, namely: export control laws, substantive cybercrime laws, criminal procedure laws, human rights laws, and cybersecurity laws. These laws are analysed according to which of the three regulatory subjects or targets they specifically address: the technology of encryption, the parties to encryption, or encrypted data and communications. For each category of law, illustrative examples of international and national laws are discussed. This article argues that understanding the legal framework of encryption is essential to determining how this technology is currently regulated and how these regulations can be improved. It concludes that the legal framework is the key to discerning the present state and future direction of encryption laws and policies.     

The stages of cybercrime investigations: Bridging the gap between technology examination and law enforcement investigation

Cybercrime investigation can be argued as still in its infancy. The technical investigation practices and procedures of global law enforcement are also still evolving in response to the growing threat of the cybercriminal. This has led to considerable debate surrounding the adequacy of current technical investigation models, examination tools and the subsequent capability of law enforcement to tackle cybercrime. To bridge the gap between low-level technology recovery and digital forensic examination, and to overcome the many technical challenges now faced by law enforcement; this paper presents an extended cybercrime investigation model capable of guiding the investigative practices of the broader law enforcement community. The Stages of Cybercrime Investigations discussed throughout this paper, demonstrate the logical steps and primary considerations vital to investigating cyber related crime and criminality. The model is intended to provide both technical and non-technical investigative resources, covering mainstream law enforcement, partner agencies and specialist technical services, with a formal and common structure when investigating the complex technical nature of cybercrime. Finally, the model is further aimed at providing cybercrime investigators with a means to consolidate understanding, share knowledge and communicate the resulting outcomes as an investigation moves through each relevant stage.     

Cybercrime: Towards an Assessment of its Nature and Impact

This paper discusses some approaches for a comprehensive analysis of cybercrime for both a better understanding of the phenomenon and policies to control it. We first discuss the nature of cybercrime, and review some of the related research issues. In view of its newness, we develop taxonomies for a more systematic classification of the different types of cybercrimes. Next, we explore some of the main empirical questions that need to be studied regarding cybercrime and describe some modeling approaches as well as the data requirements for a better understanding.     

The impact of cybercrime on businesses: a novel conceptual framework and its application to Belgium

Despite growing indications and fears about the impact of cybercrime, only few academic studies have so far been published on the topic to complement those published by consultancy firms, cybersecurity companies and private institutes. The review of all these studies shows that there is no consensus on how to define and measure cybercrime or its impact. Against this background, this article pursues two aims: 1) to develop a thorough conceptual framework to define and operationalize cybercrime affecting businesses as well as its impact, harms, and costs; and 2) to test this conceptual framework with a survey of businesses based in Belgium, which was administered in summer 2016 and elicited 310 valid responses. Consisting of five types, our conceptualization of cybercrime is, unlike others, technology-neutral and fully compatible with the legislation. Drawing on Greenfield and Paoli’s Harm Assessment Framework (The British Journal of Criminology, 53, 864–885, 2013), we understand impact as the overall harm of cybercrime, that is, the “sum” of the harms to material support, or costs, and the harms to other interest dimensions i.e., functional (or operational) integrity, reputation and privacy. Whereas we ask respondents to provide a monetary estimate of the costs, respondents are invited to rate the severity of the harms on the basis of an ordinal scale. We claim that this “double track” gives a fuller, more valid assessment of cybercrime impact. Whereas most affected businesses do not report major costs or harm, 15% to 20% of them rate the harms to their internal operational activities as serious or more, with cyber extortion regarded as most harmful.     

Cybersecurity,safety and robots: Strengthening the link between cybersecurity and safety in the context of care robots

This paper addresses the interplay between robots, cybersecurity, and safety from a European legal perspective, a topic under-explored by current technical and legal literature. The legal framework, together with technical standards, is a necessary parameter for the production and deployment of robots. However, European law does not regulate robots as such, and there exist multiple and overlapping legal requirements focusing on specific contexts, such as product safety and medical devices. Besides, the recently enacted European Cybersecurity Act establishes a cybersecurity certification framework, which could be used to define cybersecurity requirements for robots, although concrete cyber-physical implementation requirements are not yet prescribed. In this article, we illustrate cybersecurity challenges and their subsequent safety implications with the concrete example of care robots. These robots interact in close, direct contact with children, elderly, and persons with disabilities, and a malfunctioning or cybersecurity threat may affect the health and well-being of these people. Moreover, care robots may process vast amounts of data, including health and behavioral data, which are especially sensitive in the healthcare domain. Security vulnerabilities in robots thus raise significant concerns, not only for manufacturers and programmers, but also for those who interact with them, especially in sensitive applications such as healthcare. While the latest European policymaking efforts on robot regulation acknowledge the importance of cybersecurity, many details, and their impact on user safety have not yet been addressed in depth. Our contribution aims to answer the question whether the current European legal framework is prepared to address cyber and physical risks from care robots and ensure safe human–robot interactions in such a sensitive context. Cybersecurity and physical product safety legal requirements are governed separately in a dual regulatory framework, presenting a challenge in governing uniformly and adequately cyber-physical systems such as care robots. We conceptualize and discuss the challenges of regulating cyber-physical systems’ security with the current dual framework, particularly the lack of mandatory certifications. We conclude that policymakers need to consider cybersecurity as an indissociable aspect of safety to ensure robots are truly safe to use.     

Disability Law as an Academic Discipline: Towards Cohesion and Mainstreaming?

This article calls for a strengthening of Disability Law as an academic discipline and offers orientation for its future development. It argues that there is a need for enhanced cohesion among those already applying a critical disability perspective within disciplines such as Equality Law, Mental Health and Capacity Law, and Social Care and Protection Law and also for greater mainstreaming of this approach across the full breadth of sociolegal scholarship. The article is divided into three main sections. The first contextualizes Disability Law by reflecting on its relationship with other legal disciplines and broader pools of scholarship. The second focuses on issues of scope and structure. The third offers orientation for future Disability Law work by outlining four key cross-cutting challenges with the potential to bring together scholars with expertise in different areas of substantive law.     

《网络犯罪公约》中的证据调查制度与我国相关刑事程序法比较

20 0 1年 11月 8日欧洲委员会《网络犯罪公约》是国际社会合作打击网络犯罪的第一个国际公约 ,其主要目标是在缔约方之间建立打击网络犯罪的共同的刑事政策、一致的法律体系和国际协助。该公约第二章“国家层面上的措施”的第二部分“程序法”规定了有关电子证据调查的特殊程序 ,为各国制定电子证据刑事调查制度提供了一套具有开创价值的立法模型。本文对《网络犯罪公约》中的程序法规定和我国相关立法进行了比较 ,并提出了完善我国电子证据刑事调查措施的立法建议     

An inquiry into the legal status of the ECOWAS cybercrime directive and the implications of its obligations for member states

On 19 August 2011, the ECOWAS Council of Ministers adopted Directive C/DIR.1/08/11 on Fighting Cybercrime at its Sixty Sixth Ordinary Session in Abuja, Nigeria. The adoption of the Directive at that time arose from the need to tackle the growing trend in cybercrime within the ECOWAS region, as some Member States were already gaining global notoriety as major sources of email scams and Internet fraud. Accordingly, the Directive established a legal framework for the control of cybercrime within the ECOWAS region, and also imposed obligations on Member States to establish the necessary legislative, regulatory and administrative measures to tackle cybercrime. In particular, the Directive required Member States to implement those obligations “not later than 1st January, 2014″. This article undertakes an inquiry into the legal status of the Directive as an ECOWAS regional instrument in the domestic legal systems of Member States.In this regard, the article examines whether the requirement regarding the superiority or direct applicability of ECOWAS Community laws such as ECOWAS Acts and Regulations in the domestic legal systems of Member States also apply to ECOWAS Directives such as the Cybercrime Directive. The article also examines the legal implications of the Directive's obligations for Member States. The article argues that while some Member States have not implemented the obligations under the Directive, that those obligations however provide a legal basis for holding Member States accountable, where the failure to implement has encouraged the perpetration of cybercrime that infringed fundamental rights guaranteed under human right instruments such as the African Charter on Human and Peoples’ Rights or under their national laws.     

How organised is organised cybercrime?

To some writers and commentators, fully fledged organised cybercrime is currently emerging. Law enforcement spokesmen and Internet security firms have even made comparisons between the structure of cybercriminal enterprises and organisations like La Cosa Nostra. But, in reality, conventional criminal labels applied to cybercrime are themselves often poorly understood by those who employ them. The purpose of this research note is to apply scholarly rigor to the question of whether profit-driven cybercrime can fit underneath formal definitions of organised crime and mafias. It proceeds in three sections: the first section outlines academic definitions of organised crime, mafias and cybercrime; the second section assesses whether online cybercriminal trading forums, perhaps the most visible and documented examples of cybercriminal organisation, might constitute mafias as some contend; the third section briefly discusses some other less documented examples of ‘organised’ cybercrime and assesses the broader possibility of online groups being classified as organised crime groups.     

Digital Realism and the Governance of Spam as Cybercrime

Spamming is a major threat to the formation of public trust in the Internet and discourages broader civil participation in the emerging information society. To the individual, spams are usually little more than a nuisance, but collectively they expose Internet users to a panoply of new risks while threatening the communications and commercial infrastructure. Spamming also raises important questions of criminological interest. On the one hand it is an example of a pure cybercrime – a harmful behaviour mediated by the Internet that is the subject of criminal law, while on the other hand, it is a behaviour that has in practice been most effectively contained technologically by the manipulation of ‘code’ – but at what cost? Because there is not an agreed meaning as to what constitutes ‘online order’ that renders it simply and uncritically reducible to a set of formulae and algorithms that can be subsequently imposed (surreptitiously) by technological processes. The imposition of order online, as it is offline, needs to be subject to critical discussion and also checks and balances that have their origins in the authority of law. This article deconstructs and analyses spamming behaviour, before exploring the boundaries between law and code (technology) as governance in order to inform and stimulate the debate over the embedding of cybercrime prevention policy within the code itself.     

What the Hack: Reconsidering Responses to Hacking

Like most criminological research, much of the research on hacking has predominantly focused upon the Northern Metropolis. As a result, there is a lack of focus on cybercrime within the Global South, particularly on illegal intrusions into computer systems, more colloquially known as hacking. This article provides a critical overview of hacking in the Global South, highlighting the role of strain in this offending behaviour. In particular, the authors note the role of Australian, American, and Taiwanese immigration policies that act to block offenders’ transitions from illicit hacking to legitimate employment in technological hubs outside of the Global South. To address these blocked opportunities, this article suggests the use of innovative justice paradigms, particularly restorative justice and regulatory self-enforcement, that respond to innovation-based cybercrime while also facilitating offender movement into “white hat” employment, even in cases of technology-facilitated sexual violence.

     

Developments in cybercrime law and practice in Ethiopia

With increasing access to information and communication technologies such as the Internet, Ethiopia has recently taken responsive legislative measures. One such legislative measure is enactment of cybercrime rules as part of the Criminal Code of 2004. These rules penalize three items of computer crimes namely hacking, dissemination of malware and denial of service attacks. The cybercrime rules are however slightly outdated due to changes that have occurred in the field of cybercrime since the enactment of the Code. The surge of new varieties of cybercrimes previously uncovered under the Code and the need to legislate tailored evidentiary and procedural rules for investigation and prosecution of cybercrimes have recently prompted the Ethiopian government to draft modern and comprehensive cybercrime legislation, but the draft law still needs further work on cybercrimes in light of other major legislative developments at regional and national levels. This article closely examines major developments in cybercrime law and practice in Ethiopia since the enactment of the first set of cybercrime rules and proffers recommendations towards a unified cybercrime regime.     

Cybercrime victimization among young people: a multi-nation study

This study examines cybercrime victimization, what some of the common characteristics of such crimes are and some of the general predictors of cybercrime victimization among teenagers and young adults. A combined four-country sample (Finland, US, Germany and UK; n = 3,506) is constructed from participants aged between 15 and 30 years old. According to the findings, online crime victimization is relatively uncommon (aggregate 6.5% of participants were victims). Slander and threat of violence were the most common forms of victimization and sexual harassment the least common. Male gender, younger age, immigrant background, urban residence, not living with parents, unemployment and less active offline social life were significant predictors for cybercrime victimization.     

“In the public interest”: The privacy implications of international business-to-business sharing of cyber-threat intelligence

This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence.The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date.This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU member countries, a major focus of the international cyber threat sharing project. The research also reveals that EU data protection requirements, particularly the currently applicable law of the Data Protection Directive 95/46/EC (1995 Directive) (the rules of which the GDPR will replace in practice in 2018), generally form the basis of current data protection requirements in countries outside Europe. It is expected that this influence will continue and that the GDPR will shape the development of data protection internationally.In this article, the authors examine whether static and dynamic IP addresses are “personal data” as defined in the GDPR and its predecessor the 1995 Directive that is currently the model for data protection in many jurisdictions outside Europe. The authors then consider whether sharing of that data by a business without the consent of the data subject, can be justified in the public interest so as to override individual rights under Articles 7 and 8(1) of the Charter of Fundamental Rights of the European Union, which underpin EU data protection. The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives. The article concludes by summarizing the project findings to date, and how they inform international sharing of cyber-threat intelligence within the private sector.     

The European legal framework on cybercrime: striving for an effective implementation

This article analyzes the European legal framework on cybercrime. Initially, it argues the challenges of cybercrime to traditional criminal justice systems. Subsequently, it focuses on the criminal law framework on cybercrime with a mainly European perspective. The European legal framework provides a three-path solution: the reduction of frictions among national legislations, the introduction of new investigative powers and the facilitation of international cooperation. The article presents and discusses each solution. Further, it argues that the effective implementation of the main legal instruments does not seem to depend on the legal enforceability of these international measures. Contrarily, other, non legal, factors such as national security, politics, the economy and the public opinion appear to stimulate the spontaneous implementation of the European legal framework. In this context, the added value of the EU action is rather low, although the Treaty of Lisbon and the Stockholm Programme may improve this situation in the long term.     

Cybercrime Tendencies and Legislation in the Republic of Macedonia

The advancement of information and communication technologies opens new venues and ways for cybercriminals to commit crime. There are several different types of cybercrime offences that need to be treated in a separate and different manner. The major international source that provides guidelines for treatment of cybercrime is the Convention on Cybercrime adopted by the Council of Europe and the European Commission Action Plan. The purpose of the paper is to present, discuss and analyze the Macedonian legislation treating cybercrime, with respect to the specific cases typically encountered in practice and the international guidelines concerning cybercrime. The major source of cybercrime legislation in Macedonia is the Criminal Code with provisions thereof in ten of its articles; it addresses cybercrimes such as personal data abuse, copyright and piracy issues, production and distribution of child pornography, computer viruses, intrusions into computer systems, computer fraud and computer forgery. We also present and analyze reports on cybercrime complaints and victims from Macedonia, issued by the Internet Crime Complaint Center and the Macedonian Ministry of Internal Affairs. The reports reveal the unusually high number of complaints for perpetrators and victims originating from Macedonia. Furthermore, we highlight several recent cybercrime cases reported in Macedonia. All things considered, the Macedonian penal legislation is modern and it follows the current European and world standards. It provides guidelines for successful resolution of cybercrime committed in the Republic of Macedonia. However, it could be improved by a more active inclusion of Macedonian authorities in the global response to cybercrime and by stronger enforcement of cybercrime prevention measures and strategies.     

An analysis of cybersecurity in Dutch annual reports of listed companies

In this paper we study the disclosure of cybersecurity information in Dutch annual reports, such as cybersecurity measures and cyber incidents, from a financial law and economics perspective. We start our discussion with an analysis of the requirements in financial law to disclose cybersecurity information in annual reports. Hereafter, we discuss the incentives for the board regarding disclosing cybersecurity related information and its effect on stakeholders and shareholders. We draft hypotheses regarding the actual disclosure of cybersecurity information and propose a research design of an exploring empirical study. The results of our study show that although there is no strict legal obligation to do so, 87% of the companies mention cybersecurity or similar words in their annual report in 2018. However, only 4 out of 75 companies disclosed more than six specific cybersecurity measures, while openness would generate the highest surplus for society from a social welfare perspective. Some major Dutch banks and employment agencies did not disclose any specific information with regard to their cybersecurity strategy, while those companies are highly vulnerable for cybersecurity incidents. This hampers the protection of creditors, investors and other stakeholders. Our analysis aims to propel the debate on stimulation of self-regulation or possible obligations in financial law concerning cybersecurity in annual reports.