These practices satisfy the requirements for scalability ( large numbers of operators and interveners ), accountability ( audits and reviews ), and public confidence ( by establishing a formal vetted process and by not asserting the process as a substitute for legal course of action to resolve disputes over intellectual property or copyrights ). Voluntary action through AMDoS or similar processes only partly fills a void . In particular , where legal rather than voluntary actions are necessary , the processes involving multiple jurisdictions , court orders or mutual legal assistance treaties take too much time to be effective . As a result , information cannot be shared and action cannot be taken against online criminal activities that are global in scale , and in many cases , affect thousands of victims or millions in global currencies .
Extending Cross-Border Frameworks to Combat Cybercrime Cross-border frameworks should consider certain processes that private sector frameworks employ for circumstances where law enforcement must collaborate to identify or prosecute criminal conduct . The processes provide for :
• Information sharing
• Rapid response to cyberattack
• Timely and effective action
• Confidence , transparency and accountability
Law enforcement ’ s most reliable process today for requesting access to data is through mutual legal assistance ( MLA ). The process is based on international treaties that are “ bilateral , multilateral , or regional agreements detailing how and what kinds of data foreign governments may request .” The MLA workflow is a time-consuming process by which cross-border requests for access to data are communicated through formal correspondence . Law enforcement passes requests through its local central authority to the central authority for the receiving jurisdiction in a format specified in the applicable treaty . The receiving central authority reviews the request to determine whether disclosing the requested data complies with the local law and local standards of data protection . If the request complies with local laws , the receiving central authority processes the request . When reacting to online crimes , minutes matter , but requesting data through the MLA process can take weeks or months . In circumstances where a treaty does not exist , countries may base data sharing on reciprocity or use letters rogatory ( letters of request ), or they may conduct joint investigations ; all of these processes are also timeconsuming . The limited scalability or uniformity of the MLA process is exposed in circumstances where law enforcement officers request data from multiple jurisdictions . ( For example , when law enforcement officers attempt to dismantle a global botnet , the botnet resources or the conspirators may fall under multiple jurisdictions .) Several recommended improvements to the MLA process adopt characteristics from private sector frameworks , including :
• Agreement on a cross-border framework that expedites access to data while satisfying human rights and due process with transparency and accountability
• Agreement across jurisdictions on what content or metadata can be shared and what data protections must be guaranteed
• Agreement of submission format , preferably digital , to accelerate , securely route and more efficiently process requests
• Reconsideration of the role of the central authority to lower the administrative burden and focus more on international cooperation
• A rocket docket , where prosecutors and magistrates with cyber – and MLA processing expertise can process requests quickly
Today , the burden of online criminal investigations falls on private sector actors for phishing , malware distribution , counterfeit goods , identity theft or other fraudulent acts .
Solutions to combatting cybercrime must not compromise the public ’ s confidence and trust in international legal systems . These critical changes are worth exploring further , as they would enable law enforcement to operate in Internet time , and at the same time preserve due process . We can nullify criminal advantages in technology and expertise by dramatically improving cybersecurity practices , by building capacity among law enforcement , and by harmonizing international criminal law . In addition , private sector frameworks for data sharing demonstrably mitigate or contain certain cybercrimes , but they are only triage measures . What is required is an international cooperative framework for data sharing that incorporates the positive aspects of private sector frameworks so we can methodically strip cybercriminals of their cross-border advantages . ■
REFRENCES FireEye . “ Threat Actor Tactics and Targeting Predictions for 2014 .” https :// www . fireeye . com / blog / threat-research / 2013 / 12 / threat-actor-tactic-targeting-predictions-2014 . html Sponchioni , Roberto . “ The phishing economy : How phishing kits make scams easier to operate .” http :// www . symantec . com / connect / blogs / phishing-economyhow-phishing-kits-make-scams-easier-operate InfoSec Institute . “ LOIC ( Low Orbit Ion Cannon ) – DOS attacking tool .” http :// resources . infosecinstitute . com / loic-dos-attacking-tool / Cottrell , Lance . “ Today ’ s Hackers Are Way More Sophisticated Than You Think .” http :// readwrite . com / 2015 / 02 / 04 / sophisticated-hackers-defense-in-depth / Piscitello , David . “ Can we extend trust-based collaboration beyond handshakes and face-to-face ?” http :// www . securityskeptic . com / 2015 / 03 / can-we-extend-trust-basedcollaboration-beyond-handshakes-and-face-to-face . html Amazon . com “ AWS Acceptable Use Policy .” https :// aws . amazon . com / aup / Piscitello , David . “ Making Sense of Shutdowns , Takedowns , Seizures and More .” http :// www . securityskeptic . com / 2012 / 05 / making-sense-of-shutdowns-takedowns-seizures-and-more . html Piscitello , David . “ Dizmantling botnets : Dealing with DNS and Whois .” http :// www . securityskeptic . com / 2015 / 08 / dismantlingbotnets-dealing-with-dns-and-whois . html Trend Micro . “ Bulletproof Hosting Services : Cybercriminal Hideouts for Lease .” http :// www . trendmicro . com / vinfo / us / security / news / cybercrime-and-digital-threats / bulletproofhosting-services-cybercriminal-hideouts-for-lease Anti-Phishing Working Group . “ APWG Malicious Domain Suspension Process ( AMDoS 2.0 ).” http :// antiphishing . org / apwg-news-center / amdos / Brehmer , H . J . “ The MLAT Problem : A major roadblock for law enforcement worldwide .” http :// www . crimlawpractitioner . com /#! The-MLAT-Problem-A-major-roadblock-for-lawenforcement-worldwide / cdog / 5707f3f80cf2e0dbcac871e5 Mutual Legal Assistance Treaty FAQ . “ Frequently Asked Questions .” https :// mlat . info / faq Daskal , Jennifer , and Andrew Keane Woods . “ Cross-Border Data Requests : A Proposed Framework .” https :// www . lawfareblog . com / cross-border-data-requests-proposed-framework SYNTHESIS , Issue 3 , July 2013 . “ Cross Border Data Flows and National Sovereignty .” http :// www . internetjurisdiction . net / wpcontent / uploads / 2013 / 08 / Internet-Jurisdiction-SYNTHESIS-3- July-2013 . pdf Kent , Gail . “ Sharing Investigation Specific Data with Law Enforcement - An International Approach .” http :// papers . ssrn . com / sol3 / papers . cfm ? abstract _ id = 2472413 Swire , Peter and Justin Hemmings . “ Re-Engineering the Mutual Legal Assistance Treaty Process .” http :// www . heinz . cmu . edu /~ acquisti / SHB2015 / Swire . docx
111