6.4.1 Cybersecurity
Cybersecurity, which requires protecting
network infrastructure, as well as individuals’ data privacy, pose substantial technical
and legal challenges to law enforcement.1 First, increasing use of and reliance
on ICTs means that even temporary service disruptions can cause significant
economic losses. Secondly, with billions
of Internet users worldwide, the number of potential targets for cybercrime
makes it difficult to identify and track cybercriminals. Third, cybercrimes are
often committed across national boundaries in which the offender is in one
country while the victim is in another and the means for committing the crime
may be in a third country. Without effective international cooperation, it is
likely to be difficult—if not impossible—to locate, arrest and prosecute
cross-border cybercriminals.
Due to the law enforcement and
transnational components of cybersecurity, ICT regulators have not taken the
lead on drafting and implementing cybersecurity regulations. Instead, these issues are typically addressed
in national legislation, as well as through international and regional
initiatives seeking to harmonize the legal frameworks of various countries. For
example, the Group of Eight (G8) adopted Ten Principles to combat cybercrimes,
which included commitments to 1) ensure that there would be no safe havens for
cyber criminals anywhere in the world and 2) implement a coordinated
international legal framework capable of investigating and prosecuting
cybercrimes regardless of where the harm has occurred.2 As addressed in Section
4.4.4, the Council of Europe’s Convention on Cybercrime also sets out specific
measures to be implemented by Member States to ensure that domestic laws
regarding confidentiality, integrity and availability of computer data and
systems, such as illegal access or interception, were consistent. Additional
regional commitments to the prevention and prosecution of cyber crimes have been
implemented through the Asian Pacific Economic Cooperation (APEC), Organization
of American States (OAS), Association of South East Asian Nations (ASEAN), the
Arab League and the African Union.
However, ICT regulators are in a
position to leverage certain core competencies within the ICT sector to make
significantly contribute to cybersecurity, particularly with respect to
facilitating the mobilization of various stakeholders and coordinating the
efforts of these stakeholders in the fight against cybercrime.3 Additionally,
ICT regulators can use their expertise to participate in developing or
reviewing national legislation and policies related to data protection, data
transmission, spam, and the responsibilities of ISPs and other Internet
intermediaries. Particularly in developing countries with limited or no
legislation to specifically address cybercrime, the ICT regulator is playing an
advisory role to help draft effective legislation. For example, the Ugandan
Communications Commission was a member of the multi-stakeholder National Task
Force established in 2003 to draft cybercrime legislation.4 This draft
legislation is now part of a regional initiative called the East African
Countries’ Task Force on Cyber Laws seeking to develop and harmonize cybercrime
laws throughout the region. In Zambia,
as a member of the National Working Group on Cybersecurity, the Zambia
Information and Communications Technology Authority (ZICTA) has also played an
advisory role in drafting the country’s cybersecurity legislation,5
Some countries are exploring the
possibility of expanding the ICT regulator’s role beyond that of an advisor to
assisting with the enforcement of cybercrimes, particularly regarding copyright
infringement and spam. For example, the United Kingdom passed a digital piracy
law in 2010, called the Digital Economy Act (DEA), which places most of the
implementation and enforcement powers with the ICT regulator, Ofcom, rather
than with a law enforcement agency.6 The DEA details a three-stage notification
process for informing subscribers of copyright infringements and requires ISPs
to provide infringing subscribers’ IP addresses to the relevant copyright
holders. Ofcom’s powers include deciding upon the appropriate enforcement
action against any person found to have breached the code, including imposition
and collection of a financial penalty up to £250,000.
ENDNOTES
1 Janet Hernandez, Daniel Leza and
Kari Ballot-Lena, Regulation for the
digital economy, GSR-10, Discussion Paper (Nov. 2010) at http://www.itu.int/ITU-D/treg/Events/Seminars/GSR/GSR10/documents/GSR10-paper2.pdf.
2 ITU Global Cybersecurity Agenda (GCA),
High-Level Experts Group, Global Strategic Report (2008) at http://www.cybersecurity-gateway.org/.
3 Marco Gercke, Role of ICT Regulation in Addressing Offences in Cyberspace,
GSR-10, Discussion Paper (Nov. 2010) at http://www.itu.int/ITU-D/treg/Events/Seminars/GSR/GSR10/documents/GSR10-paper6.pdf.
4Report of the Second EAC Regional
Taskforce Meeting on Cyber Laws. June, 2008, Kampala, Uganda, at http://r0.unctad.org/ecommerce/event_docs/kampala_eac_2008_report.pdf.
5 Mukelabai, Cybersecurity Efforts in Zambia. Presentation at ITU Regional
Cybersecurity Forum for Africa and Arab States, 4-5 June 2009 Tunis , Tunisia, at
www.itu.int/ITU-D/cyb/events/2008/lusaka/docs/mukelabai-caz-zambia-lusaka-aug-08.pdf.
6 Digital Economy Act of 2010 (DEA)
at http://www.legislation.gov.uk/ukpga/2010/24/contents.
Previous Page
Next Page
Toolkit user contributions for this section
 One moment...
|