These practices satisfy the requirements for scalability( large numbers of operators and interveners), accountability( audits and reviews), and public confidence( by establishing a formal vetted process and by not asserting the process as a substitute for legal course of action to resolve disputes over intellectual property or copyrights). Voluntary action through AMDoS or similar processes only partly fills a void. In particular, where legal rather than voluntary actions are necessary, the processes involving multiple jurisdictions, court orders or mutual legal assistance treaties take too much time to be effective. As a result, information cannot be shared and action cannot be taken against online criminal activities that are global in scale, and in many cases, affect thousands of victims or millions in global currencies.
Extending Cross-Border Frameworks to Combat Cybercrime Cross-border frameworks should consider certain processes that private sector frameworks employ for circumstances where law enforcement must collaborate to identify or prosecute criminal conduct. The processes provide for:
• Information sharing
• Rapid response to cyberattack
• Timely and effective action
• Confidence, transparency and accountability
Law enforcement’ s most reliable process today for requesting access to data is through mutual legal assistance( MLA). The process is based on international treaties that are“ bilateral, multilateral, or regional agreements detailing how and what kinds of data foreign governments may request.” The MLA workflow is a time-consuming process by which cross-border requests for access to data are communicated through formal correspondence. Law enforcement passes requests through its local central authority to the central authority for the receiving jurisdiction in a format specified in the applicable treaty. The receiving central authority reviews the request to determine whether disclosing the requested data complies with the local law and local standards of data protection. If the request complies with local laws, the receiving central authority processes the request. When reacting to online crimes, minutes matter, but requesting data through the MLA process can take weeks or months. In circumstances where a treaty does not exist, countries may base data sharing on reciprocity or use letters rogatory( letters of request), or they may conduct joint investigations; all of these processes are also timeconsuming. The limited scalability or uniformity of the MLA process is exposed in circumstances where law enforcement officers request data from multiple jurisdictions.( For example, when law enforcement officers attempt to dismantle a global botnet, the botnet resources or the conspirators may fall under multiple jurisdictions.) Several recommended improvements to the MLA process adopt characteristics from private sector frameworks, including:
• Agreement on a cross-border framework that expedites access to data while satisfying human rights and due process with transparency and accountability
• Agreement across jurisdictions on what content or metadata can be shared and what data protections must be guaranteed
• Agreement of submission format, preferably digital, to accelerate, securely route and more efficiently process requests
• Reconsideration of the role of the central authority to lower the administrative burden and focus more on international cooperation
• A rocket docket, where prosecutors and magistrates with cyber – and MLA processing expertise can process requests quickly
Today, the burden of online criminal investigations falls on private sector actors for phishing, malware distribution, counterfeit goods, identity theft or other fraudulent acts.
Solutions to combatting cybercrime must not compromise the public’ s confidence and trust in international legal systems. These critical changes are worth exploring further, as they would enable law enforcement to operate in Internet time, and at the same time preserve due process. We can nullify criminal advantages in technology and expertise by dramatically improving cybersecurity practices, by building capacity among law enforcement, and by harmonizing international criminal law. In addition, private sector frameworks for data sharing demonstrably mitigate or contain certain cybercrimes, but they are only triage measures. What is required is an international cooperative framework for data sharing that incorporates the positive aspects of private sector frameworks so we can methodically strip cybercriminals of their cross-border advantages. ■
REFRENCES FireEye.“ Threat Actor Tactics and Targeting Predictions for 2014.” https:// www. fireeye. com / blog / threat-research / 2013 / 12 / threat-actor-tactic-targeting-predictions-2014. html Sponchioni, Roberto.“ The phishing economy: How phishing kits make scams easier to operate.” http:// www. symantec. com / connect / blogs / phishing-economyhow-phishing-kits-make-scams-easier-operate InfoSec Institute.“ LOIC( Low Orbit Ion Cannon) – DOS attacking tool.” http:// resources. infosecinstitute. com / loic-dos-attacking-tool / Cottrell, Lance.“ Today’ s Hackers Are Way More Sophisticated Than You Think.” http:// readwrite. com / 2015 / 02 / 04 / sophisticated-hackers-defense-in-depth / Piscitello, David.“ Can we extend trust-based collaboration beyond handshakes and face-to-face?” http:// www. securityskeptic. com / 2015 / 03 / can-we-extend-trust-basedcollaboration-beyond-handshakes-and-face-to-face. html Amazon. com“ AWS Acceptable Use Policy.” https:// aws. amazon. com / aup / Piscitello, David.“ Making Sense of Shutdowns, Takedowns, Seizures and More.” http:// www. securityskeptic. com / 2012 / 05 / making-sense-of-shutdowns-takedowns-seizures-and-more. html Piscitello, David.“ Dizmantling botnets: Dealing with DNS and Whois.” http:// www. securityskeptic. com / 2015 / 08 / dismantlingbotnets-dealing-with-dns-and-whois. html Trend Micro.“ Bulletproof Hosting Services: Cybercriminal Hideouts for Lease.” http:// www. trendmicro. com / vinfo / us / security / news / cybercrime-and-digital-threats / bulletproofhosting-services-cybercriminal-hideouts-for-lease Anti-Phishing Working Group.“ APWG Malicious Domain Suspension Process( AMDoS 2.0).” http:// antiphishing. org / apwg-news-center / amdos / Brehmer, H. J.“ The MLAT Problem: A major roadblock for law enforcement worldwide.” http:// www. crimlawpractitioner. com /#! The-MLAT-Problem-A-major-roadblock-for-lawenforcement-worldwide / cdog / 5707f3f80cf2e0dbcac871e5 Mutual Legal Assistance Treaty FAQ.“ Frequently Asked Questions.” https:// mlat. info / faq Daskal, Jennifer, and Andrew Keane Woods.“ Cross-Border Data Requests: A Proposed Framework.” https:// www. lawfareblog. com / cross-border-data-requests-proposed-framework SYNTHESIS, Issue 3, July 2013.“ Cross Border Data Flows and National Sovereignty.” http:// www. internetjurisdiction. net / wpcontent / uploads / 2013 / 08 / Internet-Jurisdiction-SYNTHESIS-3- July-2013. pdf Kent, Gail.“ Sharing Investigation Specific Data with Law Enforcement- An International Approach.” http:// papers. ssrn. com / sol3 / papers. cfm? abstract _ id = 2472413 Swire, Peter and Justin Hemmings.“ Re-Engineering the Mutual Legal Assistance Treaty Process.” http:// www. heinz. cmu. edu /~ acquisti / SHB2015 / Swire. docx
111