17:34 20.07.2021

Cybercrime legal framework

5 min read

Global digitalization of the modern society applies to all spheres of human life: economy, internet data transferring, digital signatures, key certificates, digital contracts and payments, which became subject for illegal activities, says attorney, PhD, Senior Partner of the law firm  “Legal Welt”  - Sergii Malomuzh. That is why the matter of cybersecurity of society and the state arises as an important point.

During recent years Ukraine has had a high level of latency of cybercrimes due to industrial cyber espionage, which is ignored, as it is difficult to detect the leakage of confidential information such as personal data, information that contains a bank or trade secret, etc. The most common types of cybercrime are: carding, phishing, vishing, skimming, shimming, online fraud, but the list is much wider.

Ukrainian experience

According to the law "On the basic principles of cyber security of Ukraine" cybercrime (computer crime) means socially dangerous criminal act in cyberspace and / or with its use, liability for which is designated by Ukrainian law on criminal liability and / or which is recognized as a crime by international treaties of Ukraine, encroaching on enterprises, institutions and organizations regardless of ownership related to technological processes and / or the provision of services of great importance for the economy and industry, the functioning of society and public safety, the disabling or disruption of which may affect national security and defense of Ukraine, environment, cause property damage and / or pose a threat to human life and health.

Sergii Malomuzh notes, - cybercrime is cross-border in nature, i.e. the offender and the object of the crime can be located in one country or in different ones. At the same time, the investigation of traces of cybercrime committed from other countries in connection to the critical parts of Ukrainian is not allowed without the permission of the local authorities of the country from which such a crime was committed, so it is important to establish international cooperation in this area. Thus, attention should be paid to the lack of a legal mechanism to regulate cybersecurity, storage and use of digital evidence and the regulatory framework for international cooperation, as some countries may not recognize acts as cybercrime and prohibit investigations on their territory. Currently, the formation of the regulatory framework for regulating cybersecurity is underway. Ukraine is gradually achieving the goals of the ITU «Connect 2020» program and consolidating its efforts with international partners to achieve maximum progress in the development of the information society and take advantage of innovative information and communication technologies, for the prosperity of the economy and the state. The Government of Ukraine has adopted the Concept for the Development of the Digital Economy and Society of Ukraine until 2020. This is the Digital Strategy for Ukraine's transformation in promising areas through stimulating the economy and attracting investment, overcoming digital inequality, reinforcing cooperation with the EU in the digital sphere and developing the country's innovation infrastructure.

International experience

Cybercrime Substantive law

From the point of view of fundamental law doctrine - cybercrime consists of criminal acts committed by using electronic information and communication means. 

Otherwords, cybercrime can be any traditional offline crime (e.g., theft, fraud, money-laundering) but perpetrated in the Internet network. Some researchers also allocate 'hybrid' or 'cyber-enabled' crimes, and cyber-dependent crimes which only became possible due to the development of the Internet and supporting digital technologies.

A number of countries have developed special laws which are designed to deal with cybercrime. For example, Germany, Japan, and China, have amended the relevant provisions of their criminal codes to describe cybercrime and deal with it. 

Some countries instead of separating cybercrimes into freestanding criminal acts, just added to their national legislation and codes specific paragraphs to criminalize illegal use of digital technologies to commit any crime. Such an approach caused two crimes will be claimed to the offender at the same time.

Cybercrime Procedural law

One of the main issues is to consider the jurisdiction of cybercrime, because the digital world has no clearly delineated borders and geographic territories. For that reason, the nationality principle is commonly used to define a  jurisdiction, e.g. it could be bound to the nationality of the offender (active personality principle) or the nationality of the victim (passive personality principle). Some countries assign jurisdiction even for a crime from other state if it has impacted the interests and security of that country abroad (protective principle).

What all the countries have mostly in common - Internet service providers are obliged to keep users' data and provide it to investigation authorities upon request.

EU experience

Some crimes like terrorism, human trafficking, child sexual abuse and drugs trafficking, mostly moved to the digital world or became to be facilitated online. Due to this, criminal investigations in most of such crimes have a digital component.

EU concentrated its efforts on the above types of cybercrimes and Council of Europe Convention on Cybercrime has developed following rules:

  • Directive on combating the sexual exploitation of children online and child pornography - 2011
  • Directive on attacks against information systems - 2013
  • Proposals for Regulation and Directive facilitating cross-border access to electronic evidence for criminal investigations - 2018
  • Directive on non-cash payment fraud - 2019
  • Proposal for Interim Regulation on the processing of personal and other data for the purpose of combatting child sexual abuse - 2020

Also the European Cybercrime Centre was created by Europol, and acts as the key body to fight cybercrime in the EU. Its aim is to pool European cybercrime expertise to support cybercrime investigations in Member States'.