Data Theft? Cybercrime and the Increasing Criminalization of Access to Data

The use of computers in the commission of crime, so-called ??cybercrime??, presents a considerable challenge to law enforcement. Central to the prosecution of cybercrime is the offence of unauthorised access to a computer, or ??hacking??. Originally conceived of as analogous to trespass, the trend in some jurisdictions has been toward punishing access to computer data per se. This issue also arises under the Council of Europe Convention on Cybercrime which criminalizes ??offences against the confidentiality, integrity and availability of computer data and systems??. As the criminal law traditionally provides protection only to limited forms of information, the increasing use of the criminal law to protect computer data therefore confers on it a status not enjoyed by information stored in other forms. Drawing upon the laws of Australia, the United Kingdom and the United States, this article explores the increasing criminalization of access to computer data. It describes the evolution of cybercrime laws and considers ways in which problems of over breadth may be avoided. Questions will also be raised as to the appropriate role of the criminal law in protecting information.     

Counterterror intelligence operations and terror attacks

We present a formal model of an intelligence agency that must divide its resources between the collection and analysis of information pertaining to terror plots. The model highlights the negative consequences of queues which form when collection exceeds analytic capacity. We incorporate the response of a terrorist organization to the operating characteristics of the intelligence system it faces, and solve for equilibrium strategies for the intelligence system and terrorist organization. Our results demonstrate the importance of properly balancing resources between collection and analysis, and stand in contrast to the observed state of overcollection in US intelligence agencies.     

Profiling the mobile customer – Is industry self-regulation adequate to protect consumer privacy when behavioural advertisers target mobile phones? – Part II

Mobile customers are increasingly being tracked and profiled by behavioural advertisers to enhance delivery of personalized advertising. This type of profiling relies on automated processes that mine databases containing personally-identifying or anonymous consumer data, and it raises a host of significant concerns about privacy and data protection. This second article in a two part series on “Profiling the Mobile Customer” explores how to best protect consumers’ privacy and personal data through available mechanisms that include industry self-regulation, privacy-enhancing technologies and legislative reform.¹ It discusses how well privacy and personal data concerns related to consumer profiling are addressed by two leading industry self-regulatory codes from the UK and the U.S. that aim to establish fair information practices for behavioural advertising by their member companies. It also discusses the current limitations of using technology to protect consumers from privacy abuses related to profiling. Concluding that industry self-regulation and available privacy-enhancing technologies will not be adequate to close important privacy gaps related to consumer profiling without legislative reform, it offers suggestions for EU and U.S. regulators about how to do this.²