Wondering what cyber crime is in relation to UK laws? This edition of the Law Guide series explores the different types of cyber crime, the law and how this crime affects business.
The definition of cyber crime often encompasses cyber data theft, however the meaning of cyber crime is wider and can include stealing actual assets via the internet as well as general hacking and cyber terrorism.
Traditional organised crime syndicates have also started to embrace technology and cyber crime as a means of facilitating their more traditional criminal activities. In one European court case, it was revealed that a Dutch-Turkish organised crime group recruited two technology consultants to hack into the Port of Antwerp’s computer systems. The consultants were then able to manipulate the unique nine-digit PIN numbers assigned to every freight container and digitally mark those containing cocaine as customs cleared.
The types of cyber crime can be divided into two categories:
Cyber-centric crimes include unauthorised access to computer systems. These are new crimes such as hacking, which have been brought about by the existence of computers.
By contrast, cyber-enabled crimes are established offences such as fraud that have always existed but are committed with the aid of computer technology, for instance, the hacking into the Port of Antwerp customs system.
The European Police Force’s Serious and Organised Crime Threat Assessment 2017 has revealed that a large proportion of criminal activity has now gone digital. Recent reports have also indicated that almost half of UK businesses are affected by cyber crime.
The main reasons for this are cyber crime’s higher returns and lower risk. For instance, online debit and credit card fraud is notoriously difficult to trace – the victim may think they are shopping on a legitimate online website in Dubai while the criminal collects their bank details from the comfort of their living room in Florida.
Learn more about identity theft next with this blog post >>
This international element has been an additional challenge when it comes to cyber crime law enforcement.
The hackers themselves are also different from stereotypical criminals; they are usually young individuals with an affinity for the “dark web” and no criminal record. This makes cyber criminals difficult to trace since they are rarely known to the police and security agencies before they commit the offence.
While the European Police Force have an established cyber crime centre, the advance of encrypted communications is making law enforcement far more difficult.
The threat is now so severe that Chancellor, Philip Hammond, has announced that £1.9 million of public funding would be used to improve the UK’s cyber threat defenses. The new Metropolitan police commissioner, Cressida Dick, has also highlighted that fighting cybercrime will be among her top priorities.
In the UK, a wide range of national and European legislation governs the offence of cyber crime and cyber hacking.
Just some of the statutes include:
The changes brought about by the Serious Crime Act were intended to address the requirements of the EU Cyber Security Directive 2013/40/EU. As well as including additional offences, the offences under s.3A of the Act no longer require any intent which makes establishing the offence far easier. Another key change has been made by the amended s.43 of the Computer Misuse Act.
Under this section an offence is committed in the UK even if the cyber criminal perpetrated the crime from another country, as long as the act is illegal in that other jurisdiction and the offender is a UK national. Ideally, similar provisions would exist in all jurisdictions meaning each nation would take the responsibility for prosecuting cyber criminals which are their own nationals. However, such harmonisation of laws can be an almost insurmountable challenge.
In response to the international nature of cyber crime, extradition has been used as a significant threat. The UK has extradition relations with over 100 territories around the world and the Extradition Act 2003 provides for extradition of offenders to both EU and non-EU countries. However, the power of the Secretary of State to order extradition is confined by certain limitations. Most notably, an individual cannot be extradited to a country where they will face the death penalty and when considering extradition the courts must determine whether it would be in the interests of justice.
Ultimately, when it comes to UK law, there is a significant number of acts, directives and regulations to consider on the topic of cyber crime. Like most newly-emerged crimes, the legal framework is still adjusting alongside the technology to enable better regulation and enforcement.
Words: Mariya Rankin
Loading More Content