Roger writing the LAWmag

Cyber Crime: Behind The 8-Ball

Cyber crime pictureCyber crime may well be an oxymoron since so much of it is invisible, unobserved, unenforced and unpunished. If a tree falls in a forest and no one is around to hear it, does it make a sound?

Helping the cyber-criminals, there are no wagons to circle against the Injuns. Jurisdictions bicker, as jurisdictions have always bickered, over intellectual property enforcement while the Internet tsunami rages by in Blackberries a'twitterin' their interminable committee meeting.

Cyber Anarchy

The patchwork-shotgun approach suits the cyber criminal just fine.

In Canada, high noon approaches with the Conservative government’s royal flush of cyber crime bills bright on the order paper when 40th Canadian Parliament prorogued on December 30, 2009:

  • Bill C-27, a proposed Electronic Commerce Protection Act (ECPA) outlawed the sending of a commercial email unless it was consented to or identified the real sender and included an unsubscribe feature.
  • C-46, An Act to amend the Criminal Code, the Competition Act and the Mutual Legal Assistance in Criminal Matters Act proposed to force Internet service providers to divvy-up digital information required for crime investigation. Internet packs of digital information typically have short shelf-lives making it very difficult for crime investigators to harvest. The bill allowed for a preservation order that would require a phone or Internet service provider to preserve data related to a specific communication or a subscriber.
  • The title of C-58 was self-explanatory: An Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service. Much like reporting of child sexual abuse is now mandatory in most parts of Canada, this bill would of required Internet servers to report to the police any knowledge of child pornography on their servers.

These statutes will come back on the Federal order paper. They are desperately needed.

Ambivalent Judicial Response

Within the courts of the true north strong and free, many judges sit until 75 and many cannot type let alone log on to the Internet.

In R v Hamilton, an email was made where Mr. Hamilton offered to sell a CD with software which allowed a user to credit bogus credit cards. His advertising was over the top:

“GET ANY CREDIT CARD YOU WANT.ALL OF THESE METHODS HAVE BEEN PROVEN TO WORK OVER AND OVER, TIME AND TIME AGAIN!! THESE ARE THE SECRETS THAT MILLIONAIRES AND GOVERNMENT INSIDERS ONLY TELL THEIR FRIENDS ABOUT!! DON’T MISS OUT ON THIS CHANCE TO GET YOUR HANDS ON THESE TWO AMAZING PROGRAMS, THAT WILL FOREVER CHANGE YOUR LIFE”

The court in first instance acquitted and eventually, the Supreme Court split in a rare 5-4 decision and regretted being unable to convict on the charge of fraud because Hamilton’s motive wasn’t crime: it was commercial gain.

Justice Fish wrote:

“The Internet provides fertile ground for sowing the seeds of unlawful conduct on a borderless scale. And, at the hearing of the appeal, Crown counsel expressed with eloquence and conviction the urgent need for an appropriate prophylactic response.

“In my view, however, this task must be left to Parliament. Even if they were minded to do so, courts cannot contain the inherent dangers of cyberspace crime by expanding or transforming offences, such as counseling, that were conceived to meet a different and unrelated need. Any attempt to do so may well do more harm than good, inadvertently catching morally innocent conduct and unduly limiting harmless access to information.”

fake cyber crime adBut the law doesn’t always chew up cyber crime indictments and spit them out.

In R v Leask, an Ontario man crossed the border. He had child porn on his laptop. But his laptop was searched on his laptop. There was no reason to suspect Mr. Leask; it was a random Canadian Food Agency search.

What happened next is best described by the trial judge:

“(The Border Security Guard) … entered the cab of the tractor and seeing that it contained a tap-top computer, he booted it up … (on the) computer’s desk-top he saw a file icon called vid. Thinking that might mean video … he opened that file and read the names of some of the sub-files that it contained. One sub-file was called 10-year-old Asian boy. Another file was called 2 pre-teen boys and a man. (The Border Guard) opened the first of these files and discovered that it was a pornographic film depicting a 10-year-old boy being victimized by an adult male. (The Guard) shut down the computer and arrested Mr. Leask for possession of child pornography. Further investigation determined that Mr. Leaks’s computer held 33 videos of child pornography.”

The search results were challenged because here was no reason to search. But routine searches, random searches, in appropriate circumstances, and not unconstitutional. The results of the search of Leask’s laptop were held against him and he was convicted of possessing child pornography.

In the case of Sebastien Boucher, child porn was noted but suddenly the laptop shut down and the contents of the hard drive was automatically encrypted and password protected. Boucher had a special software designed to delete his child porn if his computer was opened by a person not immediately supplying the password (Pretty Good Privacy (PGP) software). The Vermont District Attorney went to Court to force disclosure of the password.

Was it a self-incriminating statement or just access to evidence?

In Boucher, after an appeal, the court ordered the disclosure of the hard-drive password.

Hare 1, Tortoise 0

There must have been a time when the hare raced the tortoise that all seemed gloom and doom for the tortoise.

We’re there now in the realm of cyber crime. Almost with impunity, those computer savvy, psychopaths or predators – especially the smart ones – race around on high bandwidths plucking up their victims and shaking out the gold coins before the RCMP even gets out of Tim Hortons.

To the politicians in Ottawa, and borrowing from a crowd at an Olympic gold medal hockey game held in Vancouver on February 28, 2010: Go Canada, go!

REFERENCES:

  • McCullagh, D., Judge: Man Can't Be Forced to Divulge Encryption Passphrase, cnetnews, 14 DEC 2007 [http://news.cnet.com/8301-13578_3-9834495-38.html]
  • O’Toole, T., Boucher Court: No Right to Refuse to Produce Encrypted Data, E-commerce and Tech Law[http://pblog.bna.com/techlaw/2009/02/boucher-court-no-right-to-refuse-to-produce-encrypted-data.html]
  • R v Hamilton 2005 SCC 47; also [2005] 2 SCR 432 (www.canlii.org/en/ca/scc/doc/2005/2005scc47/2005scc47.html)
  • R. v. Leask, 2008 ONCJ 25 (www.canlii.org/en/on/oncj/doc/2008/2008oncj25/2008oncj25.html)
  • US v Boucher 2007 WL 4246473; and 2009 US Dist. Lexis 13006

This article was inspired (and some assistance received from) by a presentation of Vancouver lawyer Peter Edelmann but the views contained in this article are those of Lloyd Duhaime only.

Posted in Internet & Intellectual Property
on
by