The stages of cybercrime investigations: Bridging the gap between technology examination and law enforcement investigation

Cybercrime investigation can be argued as still in its infancy. The technical investigation practices and procedures of global law enforcement are also still evolving in response to the growing threat of the cybercriminal. This has led to considerable debate surrounding the adequacy of current technical investigation models, examination tools and the subsequent capability of law enforcement to tackle cybercrime. To bridge the gap between low-level technology recovery and digital forensic examination, and to overcome the many technical challenges now faced by law enforcement; this paper presents an extended cybercrime investigation model capable of guiding the investigative practices of the broader law enforcement community. The Stages of Cybercrime Investigations discussed throughout this paper, demonstrate the logical steps and primary considerations vital to investigating cyber related crime and criminality. The model is intended to provide both technical and non-technical investigative resources, covering mainstream law enforcement, partner agencies and specialist technical services, with a formal and common structure when investigating the complex technical nature of cybercrime. Finally, the model is further aimed at providing cybercrime investigators with a means to consolidate understanding, share knowledge and communicate the resulting outcomes as an investigation moves through each relevant stage.     

‘The Sky is Falling!’ – Responses to the ‘Going Dark’ problem

The shared concern expressed in the two quotes below is that modern technologies provide criminals with a capability to evade investigation. This comment piece examines some of the policy and legal options available to governments and law enforcement agencies to try to address this concern. While accepting the claim that this phenomenon represents a real challenge to law enforcement agencies, we currently have insufficient evidence to show the true extent of the problem. What this piece does not accept is the implication contained in the quotes, and often made explicit by others, that the use of encryption represents a fundamental and irreversible shift in the balance of power between criminals and their investigators from what previously prevailed. Such claims tend to lack historical perspective, which is one of the themes of this 200th issue of Computer Law and Security Review.     

Police investigations in Internet open sources: Procedural-law issues

Analysing large amounts of data goes to the heart of the challenges confronting intelligence and law enforcement professionals today. Increasingly, this involves Internet data that are ‘open source’ or ‘publicly available’. Projects such as the European FP7 VIRTUOSO are developing platforms for open-source intelligence by law enforcement and public security, which open up opportunities for large-scale, automated data gathering and analysis. However, the mere fact that data are publicly available does not imply an absence of restrictions to researching them. This paper investigates one area of legal constraints, namely criminal-procedure law in relation to open-source data gathering by the police. What is the legal basis for this activity? And under what conditions can domestic and foreign open sources be investigated?     

Data attack of the cybercriminal: Investigating the digital currency of cybercrime

It is increasingly argued that the primary motive of the cybercriminal and the major reason for the continued growth in cyber attacks is financial gain. In addition to the direct financial impact of cybercrime, it can also be argued that the digital data and the information it represents that can be communicated through the Internet, can have additional intrinsic value to the cybercriminal. In response to the perceived value and subsequent demand for illicit data, a sophisticated and self-sufficient underground digital economy has emerged. The aim of this paper is to extend the author’s earlier research that first introduced the concept of the Cybercrime Execution Stack by examining in detail the underlying data objectives of the cybercriminal. Both technical and non-technical law enforcement investigators need the ability to contextualise and structure the illicit activities of the cybercriminal, in order to communicate this understanding amongst the wider law enforcement community. By identifying the potential value of electronic data to the cybercriminal, and discussing this data in the context of data collection, data supply and distribution, and data use, demonstrates the relevance and advantages of utilising an objective data perspective when investigating cybercrime.     

The Cybercrime Convention Committee's 2017 Guidance Note on Production Orders: Unilateralist transborder access to electronic evidence promoted via soft law

This article provides a critical analysis of the Council of Europe Cybercrime Convention Committee's Guidance Note of Production Orders, published on 1 March 2017. The article looks at the legal controversies surrounding production orders with a cross-border element. It explains the Guidance Note's background and origins, the basic provisions in the Cybercrime Convention allowing the law enforcement authorities to order and obtain certain information and discusses the requirements that follow from the relevant provisions of the Convention. This analysis is complemented by four critical remarks on the way the Guidance Note pushes the boundaries of acceptable treaty interpretation on the necessity of the Guidance Note, its position in regard to extraterritorial enforcement jurisdiction and sovereignty, its reticence towards fundamental rights and its refusal to define or clarify the important notion of “subscriber information”. The article argues that unilateralism is not a solution. Instead of soft law plumbing, what is needed is an agreement between sovereign states checked by their constituencies.     

Governmental filtering of websites: The Dutch case

Following the example of Norway and other European Countries, such as Sweden and Denmark, in April 2007 the Dutch government started filtering and blocking web pages with child pornographic content. In this paper we present a research into the technological, legal and practical possibilities of this measure. Our study leads us to the conclusion that the deployment of filters by or on behalf of the Dutch government is not based on any founded knowledge concerning the effectiveness of the approach. Furthermore, the actions of the Dutch law enforcement authorities do not avail over legal powers to filter and block internet traffic. Consequently the Dutch filtering practice was found to be unlawful. The government could enact a law that provides the police with the relevant powers. However, child porn filters always cause a certain amount of structural overblocking, which means that the government is then engaged in structural blocking of information that is not against the law. This would be in conflict with basic rights as laid down in the European Convention on Human Rights and Fundamental Freedoms and in national legislation. Maintaining a blacklist that is serious in size (a necessary condition for being effective), and at the same time is up-to-date and error-free (which is needed to prevent overblocking), is very labour-intensive, if not impossible to maintain. From the Dutch national police policy perspective it follows that putting so much labour in maintaining a blacklist cannot be considered as a police task. Why then did the Dutch police start filtering? In a society where child pornography is judged with abhorrence, in which safety is rated higher then privacy, and in which managers and politicians frequently have a naive faith in technology, the advocates of internet filters against child pornography quickly find wide-spread support. Although this paper refers to the situation in The Netherlands, it includes a number of elements and issues that are relevant to other European States as well.     

Organised crime groups in cyberspace: a typology

Three categories of organised groups that exploit advances in information and communications technologies (ICT) to infringe legal and regulatory controls: (1) traditional organised criminal groups which make use of ICT to enhance their terrestrial criminal activities; (2) organised cybercriminal groups which operate exclusively online; and (3) organised groups of ideologically and politically motivated individuals who make use of ICT to facilitate their criminal conduct are described in this article. The need for law enforcement to have in-depth knowledge of computer forensic principles, guidelines, procedures, tools, and techniques, as well as anti-forensic tools and techniques will become more pronounced with the increased likelihood of digital content being a source of disputes or forming part of underlying evidence to support or refute a dispute in judicial proceedings. There is also a need for new strategies of response and further research on analysing organised criminal activities in cyberspace.

论公私协作执法

公私协作执法是公共执法和私人执法基于各自特点进行协作的法律执行模式,可以有效弥补公共执法动力不足、腐败和信息劣势的缺陷,也可以有效弥补单纯私人执法过程中的执法过度、缺乏强制力等缺陷.长期以来,我国法律执行活动被公共执法机构垄断,公私协作执法的制度空间不大.为此,应当通过扩张诉讼当事人资格、建立罚金分享制度、增加惩罚性赔偿规定以及放宽风险代理诉讼限制等方式为公私协作执法开辟空间,使公私协作执法能够成为我国法律执行机制改革的重要方向.     

县域社会违建执法的组织形态与治理绩效辨析

县域社会违建执法需要一定的组织载体,但在不同农村类型中,体制层面执法资源配置不均和社会层面违建个体情境差异共同塑造了不同类型的政府执法组织,并产生不同治理绩效。在城中村,正式化执法组织具备常规执法权且执法密度大,虽能够强化执法效果,但在执法过程中始终存在政府与征拆居民的利益博弈;在城郊村,正式化与半正式化相结合的执法组织有助于强化政府执法力量和权威,但受信息制约和人情关系影响容易产生灰色利益空间,进而侵蚀执法目标;在远郊村,半正式化执法组织本身没有专业执法权,政府常在一定时期内通过组织动员手段来补强执法力量,但执法绩效具有不稳定性。三类农村违建执法组织的治理绩效差异,反映出国家法律在县域城乡社会落地的非均质性。     

“警察人性化执法”刍议

警察人性化执法,是指警察在执法过程中,在依法保障当事人合法权益的前提下,依照法定的职权和法定的程序,改变执法观念和执法方式,以人为本,实现执法公正的一项专门活动。在警察人性化执法中,严格执法是前提,依法保障当事人的合法权益(包括警察自身的合法权益)是核心内容,人文关怀是方式,实现执法公正是终极目标。而"懦弱执法"、"人情执法"、"不平等执法"和"首次不罚"的执法都不是警察的人性化执法。警察人性化执法实现的途径主要有三:一是完善公安法律制度;二是提高人民警察自身的素质;三是加强监督,从严治警。     

论法治理性视野下警察执法和谐的构建

以法治理性的价值判断和价值选择审视和优化警察执法环境,是坚持以人为本、以自由秩序原则和民主法治精神构建警察执法和谐的关键所在。以自由秩序原则和民主法治精神构建警察执法和谐是法治理性的基本要求;尊重和保障人权是警察执法和谐的真谛;体现法治理性的宽容精神是警察执法和谐的需要。警察执法和谐呼唤体现法治理性的积极守法精神。培养积极守法精神对于促进公民理性守法,警察理性执法,实现警察执法效益的最大化以及构建和谐社会都具有重要意义。     

乡村基层执法的空间制约与机制再造

中国的基层执法深受政治体制和社会生态的影响和塑造,“治理空间”可以同时容纳这两种因素,是理解中国基层执法的新视角。乡村治理空间为基层执法提供具体场景,其“拥挤社会”特性和“权力分散”特性,严重制约着基层执法能力。空间区域化机制通过建立综合治理(执法)体系,实现了执法机构的统合和区域化;通过将村级组织、村干部、网格员等纳入执法体系,实现了执法空间的分界和局部化;通过对时间和资源进行情境化配置,实现了时空分区。区域化机制重构着乡村治理空间,回应了基层执法权薄弱和执法能力不足的问题,通过再造基层执法,提高了基层执法效度。     

规范行政执法行为 提高政府公信力

提高政府公信力是建设人民满意的服务型政府和法治政府的必然要求。行政执法是依法行政的重要环节,执法行为是否规范,直接关系到政府的形象和政治文明的实现。提高政府公信力应把规范行政执法行为作为行政法治建设的重中之重,应在深化执法理念、提高执法能力、强化执法监督和营造执法环境等方面下功夫。     

城镇规划区违建执法困境及其解释——国家能力的视角

既有理论框架难以全面解释违建执法的困境.实际上,违建执法的困境反映执法领域国家能力的不足.从执法的结构和过程看,国家能力不足表现在多个层面:执法机构的"孤岛现象"普遍,不同机构之间难以有效合作;一线执法人员的素养欠缺,且其工作难以被执法机构有效考核;执法人员在进入社区空间、处理执法事务时受阻严重.由于国家能力的不足,执法人员常常接受执法对象的讨价还价,违建执法表现出"日常惰性—专项治理"的循环结构,强力执法与违法不究处于共生状态.改善社会治理,需要在执法领域强化国家能力,需要从执法机构、执法人员及其与社会的互动等多方面着手.     

北京市城管综合行政执法的发展困境及解决思路

北京市城管综合行政执法工作已经开展十余年,在北京城市管理中发挥了重要作用。目前该领域存在的职权界定标准模糊、执法物质保障缺乏、执法队伍结构不合理、职权配制不科学、执法理念、执法方式简单化等障碍直接影响了城管综合行政执法效能的发挥。对此,首先应科学划定城管综合行政执法的权限范围,其次加强城管执法物质保障和执法队伍建设,再次建立城管执法多项职权的协调体制,最后转变执法观念,改进执法方式,提高执法能力。     

对优化基层行政执法环境的探讨

行政执法环境是直接或间接地影响或作用于执法活动的环境因素,它决定了执法的难易程度和最终落实程度,直接关系到国家法律法规的正确实施。本文在探讨基层行政执法环境的现状和影响基层行政执法环境因素的基础上,从更新执法理念,追求执法合力,营造和谐的执法环境等方面对优化基层行政执法环境提出建议。     

警察选择性执法之规范

选择性执法在警察行政中相当普遍，而选择性执法形成原因的复杂性，社区警政模式的兴起，对个案正义的追求，行政效率的提升等因素决定了规范机制的复杂和困难。基于此，选择性执法规范机制必须建立在对其更为深入而全面的了解基础之上，而且还应该通过多种措施的组合，尤其是警察执法规则的适用，才能有效规范选择性执法。     

中国土地执法摇摆现象及其解释

中国土地执法实践呈现“摇摆现象”,即有时执法有效,有时执法失灵。执法摇摆现象的发生,并非完全因为法律不完备或者土地执法部门能力有限,还在于中国集中体制下的“嵌入式执法”。在中国国家体系中,土地执法部门被嵌入在集中体制及其建构的中心工作中。在中心工作完成过程中,土地执法部门真正完成的并非其职能目标,而是集中体制目标。不同中心工作的建构,导致土地执法效果可能有效也可能失灵,呈现出摇摆不定的执法效果。集中体制本身的分化,即中央和各级地方政府目标重点的不同,也使得土地执法效果更不可预期。