Assignment 2, Research Proposal Presentation

Research Proposal Presentation

Research Proposal Presentation.pptx

Transcript

Transcript: Research Proposal Presentation Presentation Topic: The challenges of Cyber Crime in law enforcement Research Question: How do jurisdictional overlaps and international legal disparities impede cybercrime investigations?

Author: Anja Kosar Student ID: 12692515 Module: Research Methods and Professional Practice University of Essex MSc Cyber Security

  1. Introduction

Hello my name is Anja Kosar, I am a full-time online student at the University of Essex, currently enrolled in the Masters (MSc) degree in Cyber Security. Today I will be presenting a Power Point presentation on the challenges law enforcement investigators face when investigating cybercrime. As we begin this presentation, it is important to understand the definition of cybercrime. According to the Cambridge dictionary, cybercrime is any crime or illegal activity that is done using the internet (Dictionary.Cambridge, N.D). However, there is still no universally accepted definition of cybercrime (Kiener-Manu, 2020). While some see it as a type of crime made possible by cyberspace, others see it as a typical crime that has moved online. There are numerous definitions that are dispersed throughout the continuum, but the fundamental causes of its lack can be attributed to the wide range of diverse perspectives and the lack of consensus regarding the fundamental elements of cybercrime, which differs from the never-ending quest for a definition of “terrorism” (Lagazio et al., 2014). From a legal perspective, cyber-dependent crimes, such as any crime that can be committed using computers, computer networks, or other information technology, and cyber-enabled crimes, such as conventional crimes made possible by the internet and digital technologies, are the two categories in which Europol (2018) divides cybercrime (McGuire et al., 2013; Europol, 2018).

  1. Significance/contribution to the research problem

The primary aim of this presentation is to highlight and understand the current jurisdictional challenges in cybercrime investigation. According to Petrosyan (2025), as of February 2025, there were 5.56 billion internet users globally, or 67.9 percent of the world’s population. While digitalization offers numerous benefits, it also presents challenges such as cybercrime, which has evolved into a major global threat, challenging traditional law enforcement mechanisms. With this rise of digital platforms, cybercriminals exploit advanced technologies such as encryption, anonymization and artificial intelligence (AI) to evade detection (Tamboli et al., 2024). Because national laws and practices on cyber security concerns differ greatly, international enforcement is a constant challenge. This will be discussed in section 5 case studies.

  1. Methodology

Based on a qualitative research methodology, this study examines the jurisdictional issues and enforcement tactics related to cybercrime under international law by analyzing laws backed by well-known case studies (Tomaszewski et al., 2020). The application of international laws by various national legal system is then compared, revealing inconsistencies, shortcomings, and barriers to harmonization (Singh, 2024).

  1. How do jurisdictional overlaps and international legal disparities impede cybercrime investigations?

The investigation and prosecution of cybercrime are fundamentally challenged by jurisdictional overlaps and international legal disparities. Unlike traditional crimes, cyber offences often transcend national borders, involving perpetrators, victims, and digital infrastructure spread across multiple jurisdictions. Bureaucracies with functions and responses constrained by jurisdiction reflect this. For example, a local agency’s restricted jurisdiction might prevent them from responding to a call if someone was the victim of a crime in which the perpetrator lived in a different state or nation (Holt et al., 2022). One of the primary impediments to cybercrime investigations is the difficulty in determining which jurisdiction holds legal authority over a particular offence. The absence of extradition pacts between the US, China, Russia and Ukraine is another problem. Because of these factors, criminals from these countries find the United States to be a desirable target (Holt et al., 2022). In a study by Goodman and Brenner (2002), an in-depth analysis was conducted of the emerging consensus on criminal conduct in cyberspace. Throughout the analysis, the study emphasized basic similarities among all country’s penal laws, since they all serve the same, consistent purpose of upholding social order by outlawing actions that have undesirable social repercussions (Goodman et al., 2002). In the United Kingdom (UK), the Computer Misuse Act 1990 is the main legislation that governs and criminalizes unauthorized access to computer systems and data, and the damaging or destroying of such, however it has been criticized for being outdated in addressing emerging threats like ransomware (UK Government, 1990; GOV.UK, 2023). Similarly, there are other legislations, such as The Fraud Act 2006 which focuses on offences carrying deception with intention of making a gain or causing a loss, such as phishing, and The General Data Protection Regulations (GDPR) which is enforced by the Information Commissioners Office (ICO), requiring organizations to protect personal data of individuals (WJEC.CBAC, N.D). Combined with legislation, the National Cyber Security Centre (NCSC) acts as a bridge between industry and Government, providing a source of advice, guidance and support on cyber security, including management of cyber security incidents (NCSC 2019). Conversely, in the United States, the US Computer Fraud and Abuse Act (CFAA) 1986 includes broader provisions that criminalize activities such as violating terms of service agreements. However, its expansive scope has raised concerns over prosecutorial overreach (Cornell Law School, 2014). Another significant disparity lies in data protection laws. Following Brexit, the UK continued to align with the EU’s General Data Protection Regulation (GDPR), which imposes strict requirements on data transfers and privacy protections. In contrast, the US employs a fragmented approach with federal and state level regulations varying significantly. The Schrems 2 ruling by the European Court of Justice (2020), which invalidated the US-EU Privacy Shield agreement due to concerns over US surveillance practices, has further complicated data sharing mechanisms between law enforcement agencies (GDPR Associates, 2017; European Parliament, N.D; Europa.eu, 2001). However, other than the established penal law commonalities, another component these countries have in common, is the Mutual Legal Assistance Treaties, commonly known as MLATs, which represent bilateral or multilateral agreements between states facilitating the exchange of legal assistance in criminal matters. Despite their existence, MLATs are often criticized for being slow and bureaucratic, due to taking months or even years to process (Criminal Justice, 2024). Another important Act is the Clarifying Lawful Overseas Use of Data (CLOUD), which was enacted in the US in 2018, facilitating cross border access to electronic data for law enforcement investigations, without having to go through the process of MLATs. The first such agreement was signed with the UK in 2019 (Justice.Gov, 2020). And lastly, the Budapest Convention of Cybercrime, which is arguably the most powerful and well-regarded international agreement. It is the first international agreement to handle crimes perpetrated through the internet and other computer networks, having been established by the Council of Europe in 2001. In order to successfully tackle cybercrime, it aims to harmonize national legislation and foster international collaboration. As of January 2025, 78 states have ratified the Convention (Council of Europe, 2014; Europeansources.info, 2025). Despite these treaties, investigators still face challenges when investigating cross border offences, which will be highlighted below.

  1. Key literature and case studies related to the project

5.1 ILOVEYOU Virus 2000

The first well known case of malware was introduced in 2000 in a form of a love letter, also known as the ILOVEYOU virus. This virus first appeared in the Philippines and was sent by email with the attachment love-letter-for-you.txt.vbs which, when viewed, caused the victim’s computer to run malicious code. Millions of computers throughout the world were swiftly infected by the malware, causing damages estimated at around $7 billion (Furnell, 2020; Sweet Gema, 2023). The investigation led to an arrest of two Philippine nationals, however, legal challenges quickly impeded the investigation resulting in all charges being dropped against the individuals. This was due to the lack of cyber crime and distribution of malware legislation in the Philippines at the time. Schmidt (2023), claims that the trial that followed determined that he had not broken any laws, because he had not committed physical property theft or the only computer related crime that was illegal, which was credit card fraud. Like most of the developing world, the Philippines had hardly given thought to the idea that someone may conduct crimes using a computer and an internet connection. A legislation prohibiting the development of malware and hacking was soon passed in the Philippines, however Guzman’s attempt for a criminal trial was unsuccessful (Schmidt, 2023). Several countries sought to prosecute Guzman, including the US and the UK, however there were no extradition treaties or legal provisions in place that allowed for this to happen.

5.2 Gary McKinnon v United States 2002-2012

From a different perspective, in the case of Gary McKinnon v United States, Mr. McKinnon was accused by the US authorities of unauthorized access of 97 government computers concerned with national defense and security, causing more than 2 000 computers to shut down (GOV.UK, N.D). Following Mr. McKinnon’s arrest and bail in 2005, a series of hearings and legal battles have taken place, with the US requesting his extradition. In November 2009 the Home Secretary ruled that extradition would not breach Mr. McKinnon’s human rights, which he used as his defense, as well as mental illness. That ruling, however, was not scheduled for judicial review until May 2010. Those procedures were then postponed to give the newly appointed Home Secretary time to address the concerns brought up by the case. In October 2012, the newly appointed Home Secretary, Theresa May concluded that Mr. McKinnon’s extradition would be a risk of him ending his life, a decision that was not compatible with his human rights. As a result, the UK declined the US’s extradition request (GOV.UK, N.D). This case highlights the lengthy 10-year legal battle.

5.3 Lauri Love v United States 2012-2013

Similarly, to the McKinnon case, the case of Lauri Love is a notable example, where the UK High Court blocked the extradition of Lauri Love, a British citizen accused of hacking multiple US government agencies, including NASA and the Federal Reserve. The US Department of Justice sought Love’s extradition under the UK-US Extradition Treaty (2003), citing significant impact on US national security. However, UK courts denied the request on human rights grounds, arguing that Love’s mental health conditions (depression) placed him at risk of suicide if extradited (Judiciary.UK, 2019). This case highlights jurisdictional conflicts arising from different legal priorities. The US sought prosecution affecting its institutions, whilst the UK prioritized human rights considerations and domestic prosecution feasibility.

5.4 Julian Assange WikiLeaks 2010

Julian Assange is an Australian national and founder of WikiLeaks, a non-profit organization that publishes news leaks and classified information provided by anonymous sources, via a highly encrypted drop box used by whistleblowers. In 2010, WikiLeaks leaked hundreds of thousands of State Department cables, military reports related to the Iraq and Afghanistan wars, and Guantanamo Bay detainee assessments. Around the same time, Sweden issued an arrest warrant for him, due to rape allegations (Restrepo, 2021). Having been detained for 14 years, Assange was released from a British prison following a plea deal, which included seven years in the Ecuadorian embassy in London. The plea deal allowed him to return to Australia, where he now resides with his family (Hughes, 2024). This case highlights jurisdictional conflicts between five states, Australia (his nationality), Ecuador (his asylum), Sweden (rape allegations), the UK (where he was arrested), and the US (Espionage Act charges).

5.6 Evgeniy Mikhailovich Bogachev hacker – GameOver Zeus (GOZ) malware

In this case, a Russian national, Evgeniy Bogachev, who has been labeled a notorious cybercriminal, is responsible for creating and deploying the GameOver (GOZ) malware. This sophisticated Trojan horse emerged in 2011 as a successor to the earlier Zeus Trojan and was designed to steal banking credentials and facilitate unauthorized fund transfers from compromised accounts. GOZ is estimated to have infected over one million computers worldwide, causing financial losses exceeding $100 million (Federal Bureau of Investigation, N.D). This case displays complexity in prosecuting cybercriminals operating from countries not willing to cooperate with the US authorities. For instance, the pursuit of Bogachev due to Russia’s inadequate extradition agreements with the US (Singh 2024).

  1. Ethical considerations and comparison

  2. The analysis of the cases and legal frameworks reveals significant legal disparities and gaps in addressing cross-border investigations. In the ILOVEYOU virus case, the lack of cybercrime laws in the Philippines at the time hindered prosecution, illustrating the critical need for comprehensive national legislation aligned with international treaties like the Budapest Convention. This was further illustrated in the International Journal of Law and Information Technology study by Marc Goodman and Susan Brenner (2002). Similarly, in the Gary McKinnon and Lauri Love cases, conflicting legal priorities between the UK’s human rights protections and the US’s expansive cybercrime laws, led to extradition challenges. The Julian Assange case further exemplifies the complex intersection of international laws, also supported in a study by Tripti Singh, who also highlighted these same challenges (2024). In a further study by Amoo et al., (2024), it is said that recognizing the global nature of cyber threats, international collaboration becomes imperative to effectively combat cybercrime (Amoo et al., 2024). Ethically, these cases highlight the delicate balance between privacy, security and human rights in cybercrime investigations. These ethical considerations underscore the complex moral terrain law enforcement must navigate in the globalized digital age.

  3. Conclusion
  4. Combating cybercrime is an extremely difficult task. Organizations are beginning to recognize the risks posed by cybercrime, even though they are still acclimatizing how to combat these issues. In the fight against and eradication of cybercrime, numerous national and international law enforcement agencies and organizations are collaborating to present a united front (Desnoyers, 2013). These efforts to unite nations, such as the Budapest Convention on cybercrime, are a first step but not a solution. The goal of this study was to provide additional understanding of the difficulties that our legislators and policymakers face in their efforts to lower the dangers of global cybercrime.

References:

Amoo, O.O., Atadoga, A., Abrahams, T.O., Farayola, O., Osasona, F., Ayinla, B. S., (2024). The legal landscape of cybercrime: A review of contemporary issues in the criminal justice system. World Journal Of Advanced Research and Reviews, 21(2), pp.205–217. doi: https://doi.org/10.30574/wjarr.2024.21.2.0438. [Accessed 27 March 2025].

Bing. (2025). cybercrime images - Bing. [online] Available from: https://www.bing.com/images/search?q=cyber+crime+images&form=HDRSC3&first=1. [Accessed 26 March 2025].

Cambridge Dictionary (2025). cybercrime. [online] @CambridgeWords. Available from: https://dictionary.cambridge.org/dictionary/english/cybercrime#google_vignette [Accessed 26 March 2025].

Cornell Law School (2014). 18 U.S. Code § 1030 - Fraud and related activity in connection with computers. [online] LII / Legal Information Institute. Available from: https://www.law.cornell.edu/uscode/text/18/1030. [Accessed 27 March 2025].

Council of Europe (2014). Budapest Convention and Related Standards. [online] Council of Europe. Available from: https://www.coe.int/en/web/cybercrime/the-budapest-convention [Accessed 27 March 2025].

Criminal Justice (2024). Mutual Legal Assistance Treaties (MLATs) - iResearchNet. [online] Criminal Justice. Available from: https://criminal-justice.iresearchnet.com/criminal-justice-process/international-aspects-and-extradition/mutual-legal-assistance-treaties-mlats/. [Accessed 27 March 2025].

Desnoyers, S. (2013). The challenges of cybercrime for international law enforcement (Order No. 1551187). Available from: https://login.uniessexlib.idm.oclc.org/login?url=https://www.proquest.com/dissertations-theses/challenges-cybercrime-international-law/docview/1498133652/se-2 [Accessed 27 March 2025].

Europa.eu. (2001). CURIA - Home - Court of Justice of the European Union. [online] Available from: https://curia.europa.eu/jcms/jcms/j_6/en/. [Accessed 27 March 2025].

European Parliament (N.D.) AT A GLANCE. The CJEU judgement in the Schrems case. Available from: https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA%282020%29652073_EN.pdf [Accessed 27 March 2025].

Europeansources.info. (2025). Budapest Convention on Cybercrime – European Sources Online. [online] Available from: https://www.europeansources.info/record/budapest-convention-cybercrime/ [Accessed 27 March2025].

Europol, 2018. Internet Organized Crime Threat Assessment 2018. INTERNET ORGANISED CRIME THREAT ASSESSMENT. doi: https://doi.org/10.2813/858843. [Accessed 26 March 2025].

Federal Bureau of Investigation. (n.d.). EVGENIY MIKHAILOVICH BOGACHEV. [online] Available from: https://www.fbi.gov/wanted/cyber/evgeniy-mikhailovich-bogachev. [Accessed 26 March 2025].

Furnell, S. (2020). Getting Bitten by the Love Bug, ITNOW, Volume 62, Issue 3, Pages 38–39, https://doi.org/10.1093/itnow/bwaa079. [Accessed 27 March 2025].

GDPR Associates. (2017). GDPR and Brexit - does the UK still need to comply? [online] Available from: https://www.gdpr.associates/gdpr-brexit/. [Accessed 27 March 2025].

Goodman, M.D., Brenner, S.W. (2002). The Emerging Consensus on Criminal Conduct in Cyberspace. International Journal of Law and Information Technology, 10(2), pp.139–223. doi: https://doi.org/10.1093/ijlit/10.2.139. [Accessed 27 March 2025].

GOV.UK (2023). Review of the Computer Misuse Act 1990: consultation and response to call for information (accessible). [online] GOV.UK. Available from: https://www.gov.uk/government/consultations/review-of-the-computer-misuse-act-1990/review-of-the-computer-misuse-act-1990-consultation-and-response-to-call-for-information-accessible. [Accessed 27 March 2025].

GOV.UK. (n.d.). Gary McKinnon extradition case: Home Secretary’s statement. [online] Available from: https://www.gov.uk/government/speeches/gary-mckinnon-extradition-case-home-secretarys-statement. [Accessed 27 March 2025].

GOV.UK. (n.d.). Latest on Gary McKinnon case. [online] Available from: https://www.gov.uk/government/news/latest-on-gary-mckinnon-case. [Accessed 27 March 2025].

Hughes, S. (2024). Julian Assange wants ‘dignity for all’ after six months of freedom. [online] Thetimes.com. Available from: https://www.thetimes.com/uk/society/article/julian-assange-wants-dignity-for-all-after-six-months-of-freedom-2j86msbpj?utm_source=chatgpt.com&region=global [Accessed 28 March 2025].

Holt, T., Bossler, A. and Seigfried-Spellar, K. (2022). Cybercrime and Digital Forensics. 3rd Edition. [Routledge]: Taylor & Francis. Available from: Vitalsource.com. (2025). https://essexonline.vitalsource.com/reader/books/9781000553406/epubcfi/6/2 [Accessed 26 March 2025].

Judiciary.Uk (2019). In the High Court of Justice, Queen’s Bench Division, Administrative Court. Lauri Love and the Government of the United States of America. Available from: https://www.judiciary.uk/wp-content/uploads/2018/02/lauri-love-v-usa.pdf [Accessed 27 March 2025].

Kiener-Manu, K. (2020). Cybercrime Module 1 Key Issues: References. [online] Unodc.org. Available at: https://www.unodc.org/e4j/en/cybercrime/module-1/key-issues/references.html [Accessed 26 March 2025].

Lagazio, M., Sherif, N. and Cushman, M. (2014). A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45(1), pp.58–74. doi: https://doi.org/10.1016/j.cose.2014.05.006. [Accessed 26 March 2025].

McGuire, M. and Dowling, S. (2013). Cybercrime: A review of the evidence Research Report 75. [online] Available from: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/246751/horr75-chap1.pdf. [Accessed 26 March 2025].

NCSC (2019). The National Cyber Security Centre. [online] Ncsc.gov.uk. Available from: https://www.ncsc.gov.uk/. [Accessed 27 March 2025].

Petrosyan, A. (2025). Worldwide digital population 2025. [online] Statista. Available from: https://www.statista.com/statistics/617136/digital-population-worldwide/. [Accessed 26 March 2025].

Restrepo, D. (2021). Modern Day Extradition Practice: A Case Analysis of Julian Assange. Notre Dame Journal of International & Comparative Law, [online] 11. Available from: https://scholarship.law.nd.edu/cgi/viewcontent.cgi?article=1134&context=ndjicl. [Accessed 26 March 2025].

Schmidt, B. (2023). I Love You (virus) - Mimms Museum of Technology and Art. [online] Mimms Museum of Technology and Art. Available from: https://mimmsmuseum.org/2023/02/07/i-love-you-virus/. [Accessed 27 March 2025].

Singh, T. (2024). Cybercrime and International Law: Jurisdictional Challenges and Enforcement Mechanisms. African Journal of Biomedical Research, pp.697–708. doi: https://doi.org/10.53555/ajbr.v27i3s.2101. [Accessed 27 March 2025].

Sweet Gema (2023). INTERNET CRIME CASE STUDY: ‘ILOVEYOU’ ATTACK - Sweet Gema - Medium. [online] Medium. Available from: https://medium.com/@sweetgema383/internet-crime-case-study-iloveyou-attack-28a3003bb93e. [Accessed 27 March 2025].

Tamboli, F. and Awadhut, O. (2024). The Evolution and Impact of Cyber Crimes. International Journal of Research Publication and Reviews Journal homepage: www.ijrpr.com, [online] 5. Available from: https://ijrpr.com/uploads/V5ISSUE9/IJRPR33275.pdf. [Accessed 27 March 2025].

Tomaszewski, L.E., Zarestky, J. and Gonzalez, E. (2020). Planning qualitative research: Design and decision making for new researchers. International Journal of Qualitative Methods, [online] 19(1), pp.1–7. doi: https://doi.org/10.1177/1609406920967174. [Accessed 27 March 2025].

UK Government (1990). Computer Misuse Act 1990. [online] Legislation.gov.uk. Available from: https://www.legislation.gov.uk/ukpga/1990/18/contents. [Accessed 27 March 2025].

United States Department of State. (2024). Evgeniy Mikhailovich Bogachev - United States Department of State. [online] Available from: https://www.state.gov/transnational-organized-crime-rewards-program-2/evgeniy-mikhailovich-bogachev/ [Accessed 28 Mach 2025].

UNODC. United Nations: United Nations Office on Drugs and Crime (2013). COMPREHENSIVE STUDY ON CYBERCRIME - Draft February 2013. [online] Available from: https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf. [Accessed 26 March 2025].

WJEC.CBAC (N.D). 2.3.2 Cyber security -Social engineering Social engineering. Available from: https://resource.download.wjec.co.uk/vtc/2022-23/qw22-23_1-10b/eng/4-cyber-security-social-engineering.pdf. [Accessed 27 March 2025].

www.justice.gov. (2020). Criminal Division Cloud Act Agreement between the Governments of the U.S., United Kingdom of Great Britain and Northern Ireland. [online] Available from: https://www.justice.gov/criminal/criminal-oia/cloud-act-agreement-between-governments-us-united-kingdom-great-britain-and-northern. [Accessed 27 March 2025].