Much debate always ensues when it comes to determining whether what someone does online is lawful or not. Enter cyber law, which may differ in scale from country to country. But what is cyber law exactly?
What Is Cyber Law?
Cyber law, also referred to as “cybercrime law,” is legislation that tells people what technology uses are acceptable. The technology, in this case, includes computer hardware and software, the Internet, and networks.
Cyber law protects users from harm by allowing law enforcers to investigate and prosecute illegal online activity. It applies to individuals, groups, the public, governments, and private organizations.
What Crimes Does Cyber Law Apply To?
The various online crimes that cyber law applies to include all forms of cybercrime, such as fraud, forgery, money laundering, and other illegal activities meant to obtain profit performed via computers, the Internet, and networks. It also applies to targeted attacks that are typically meant to disrupt a country’s political stability.
Cybercrime and targeted attacks include those performed in the physical world but enabled by computers, the Internet, and networks. An example would be using the Internet to distribute illegal substances. Theft of intellectual property stored in a computer system, even if performed physically (e.g., by transferring confidential files from a corporate network onto an external disk drive), is also considered a cybercrime.
Do Cyber Laws Differ from Country to Country?
The quick answer is yes. The latest data from the United Nations Conference on Trade and Development (UNCTAD) reveals that 79% of the countries worldwide have cyber laws. Around 5% have draft legislation, 13% do not have any cyber laws, and 2% did not disclose any information. A list of these countries can be found on the UNCTAD Cybercrime Legislation Worldwide page.
In general, national cyber laws get added to penal codes. Some countries, meanwhile, just amended existing federal regulations with legislative language about cybercrime.
Do Some Cyber Laws Transcend National Boundaries?
Again, the quick answer would be yes. An example of this would be the General Data Protection Regulation (GDPR) that applies to not only the country members of the European Union (EU) but all EU citizens wherever they may be residing.
The GDPR thus applies to a German citizen living in the U.S. That means that companies that have his/her personal information on hand can only share this with others if he/she gives express permission. Any violation would be considered a data breach against the said German national.
Are Cyber Laws Easy to Implement?
Due to the global nature of the Internet, meaning you can’t really pin down which country has jurisdiction over the attackers who may be operating in various locations, it is quite challenging to implement cyber laws.
Even just in Europe, where legal frameworks vary from one country to another, making cross-border cybercrime investigation and prosecution effective is already extremely challenging. These differences lie on which actions are considered criminal offenses and how investigations should be conducted. Each country may have its own way of collecting electronic evidence and monitoring illegal activities online. That said, evidence gathered in one way in say, Germany, may not be admissible in a court in the Netherlands.
This issue has, in fact, resulted in the clamor for a common global legal framework or at least rules to employ international cooperation in cybercrime investigations. According to security experts, this is the only way to ease the burden on investigators and law enforcement agents when dealing with large-scale cyber attacks that span multiple nations or even continents.
What Multinational Organizations Help Enforce Cyber Laws?
One of the more popular organizations that aid national law enforcement agencies in cybercrime investigations is the International Criminal Police Organization (INTERPOL). The agency has a cybercrime investigation unit that focuses on tracking down crimes related to spreading malicious domains, ransomware, data-harvesting and malware; engaging in botnet-related activity and cryptojacking; and hiding in the darknet to proliferate cybercrime as a service (CaaS).
While most countries worldwide already implement some form of cyber law, cybercrime investigations and litigations remain slow. If we are to listen to security experts’ views, is it time for nations to come together and create a global set of cyber laws?