Several recent scientific studies have highlighted critical issues in the field of cybersecurity and cybercrime that require the immediate attention of legislatures around the world. These studies emphasize the need to address the growing problem of identity theft and cyberfraud, as well as to develop effective measures to identify, prosecute and punish those responsible, actions that it is crucial to implement to safeguard online users’ identity, assets, and integrity.
Security in technological environments is a relatively new issue that requires attention due to the vulnerability to which users are subjected. In this context, fraud is one of the most recurrent crimes and one of the most damaging to property. For this reason, the population and its representatives must acquire the means to combat it on all possible fronts, including the legislative one.
Identity theft and fraud occur when personal data is obtained illegally and subsequently used, for example, to obtain credit accounts, open bank accounts, buy goods, and accumulate debts in the name of the victims, committing impersonation and misuse of documents. The cyber or virtual nature is defined precisely by the means through which the crime is committed.
Regulating cybercrime in a borderless world
Sophisticated criminal networks are using cyberspace to commit new crimes against users who carry out their daily activities in this environment. This puts to the test the ability of legislators to effectively regulate this area as they operate in a multi-jurisdictional environment, which makes it difficult to track and prosecute these criminals, as well as being a problem whose particularities (such as their modus operandi) mutate rapidly.
It is of utmost importance that countries have comprehensive regulations on cybercrime, aligned with international standards, with which measures are taken to reduce the digital divide and increase cybersecurity awareness among countries and their user population. In particular, a flexible, adaptable, and agile development approach is required from the regulatory framework.
Given the nature and speed with which this phenomenon is evolving, it is a public concern that challenges the legislative powers and calls for their actions to adopt international standards on the subject, as well as the available scientific evidence.
The legislative factor in the prevention of cybercrime
The weakness of legislation and the lack of awareness and prevention campaigns are factors contributing to the increase in cybercrime in the world. As a way to address the problem, the Budapest Convention is a binding instrument that provides a comprehensive and functional solution for investigating and prosecuting cybercrime, as well as other treaties, international agreements, and model laws.
The bulk of recent research on the subject is oriented (or at least has elements) to prove that effective attention from the Legislative Branch significantly reduces the risk of suffering crimes of this nature by users, especially in terms of establishing provisions that use the technical elements and international standards on cybersecurity.
It is important, for example, to classify cyberfraud as a crime with three defining characteristics: 1. the manipulation of data or programs; 2. the production of damage to the property of others; and 3. the presence of a profit motive. Requirements that must be met simultaneously in order to be able to affirm that it is such a crime.
Protecting privacy: legal and ethical challenges
The scientific literature also shows concern about the legal and ethical implications of police research in this area, assuming it may violate users’ privacy and other rights. This leads to the need for more specific and clearer guidelines and standards for researchers to enable them to carry out their work within an appropriate legal framework. In addition, the literature underlines the need for laws that consider the increasing severity and frequency of cyber deception, as well as the transition between online and offline crimes, which legislation must be able to differentiate.
On the other hand, studies on cyberfraud in the financial sector and cryptocurrencies highlight the importance of incorporating advanced technologies, such as the internet of things, big data, robotic process automation, and blockchain, in order to detect and prevent this type of crime. Some legal and regulatory issues that need to be addressed are identified. For example, different financial systems can work together, there is enough wave space for communications, protecting users from hackers, and keeping their personal information safeguarded. This will help make financial products and services more secure, easier to use, and available to everyone.
Toward comprehensive cybersecurity
Artificial intelligence has an important role to play in identifying suspicious patterns, preventing cyber-attacks, and protecting data in the cryptocurrency and banking system; along with e-banking user awareness, education, and proactive communication to reduce vulnerability to cyber fraud.
In terms of the public sector, cybersecurity training and certification of personnel in government and improved cyber laws are critical to protect the data and security of users of government services and combat impunity.
Finally, in terms of forensic investigation, it is essential to use the most advanced and appropriate technical tools, comply with legal procedures and standards, and work collaboratively to achieve fast and accurate results in the prosecution of cybercrime.
It is important to highlight the need for a multidisciplinary approach, where technology, regulation, education, and cooperation between different actors converge to address cyber fraud and protect financial systems and user data.
In order to effectively combat cybercrime and substantially reduce its incidence, it is of utmost importance to have clear, precise, and updated legislation. It is essential to typify and delimit it adequately, as well as to promote the benefits of cooperation between nations and the adoption of precepts from international legal instruments, in favor of legislative work at the national level.
*This text is taken from the article “Ciberseguridad y ciberdelincuencia. Current Regulation and Legislative Pending in Identity Theft and Fraud,” Quorum Legislativo, 142, pp. 75-105, https://bit.ly/4dmUnG5.
Autor
PhD student and Master's in political science at the University of Salamanca, Spain.