Global Cyber Intermediary Liability: A Legal & Cultural Strategy

This Article fills the gap in the debate on fighting cybercrime. It considers the role of intermediaries and the legal and cultural strategies that countries may adopt. Part II.A of this Article examines the critical role of intermediaries in cybercrime. It shows that the intermediaries’ active participation by facilitating the transmission of cybercrime traffic removes a significant barrier for individual perpetrators. Part II.B offers a brief overview of legal efforts to combat cybercrime, and examines the legal liability of intermediaries in both the civil and criminal context and in varying legal regimes with an emphasis on ISPs. Aside from some level of injunctive relief, intermediaries operate in a largely unregulated environment. Part III looks at what we can learn from other countries. The cleanest intermediary country, Finland, and the worst country, Lithuania, were selected in order to explore the causes for the differences between country performances. The section examines the remarkable distinctions between national cultures to explain differences in national cybercrime rates. Part III.A of this Article argues that the criminal code laws do not account for the difference in host and ISP performances between Finland and Lithuania. There are few differences in the codified laws pertaining to cybercrime between these countries. Instead, it is Finland’s cultural and business environments that appear to drive its cybercrime ranking. Part IV suggests reforms to shift a country’s culture to make it less prone to corruption. However, changing a culture takes time so Part IV also proposes a private law scheme in which intermediaries are unable to wave the “flag of immunity,” as they do now. The guiding philosophy for this proposal is that harmed parties should be permitted to recover damages directly from “bad” intermediaries

The effect of cyber-attacks on stock returns

A widely debated issue in recent years is cybercrime. Breaches in the security of accessibility, integrity and confidentiality of information involve potentially high explicit and implicit costs for firms. This paper investigates the impact of information security breaches on stock returns. Using event-study methodology, the study provides empirical evidence on the effect of announcements of cyber-attacks on the market value of firms from 1995 to 2015. Results show that substantial negative market returns occur following announcements of cyber-attacks. Financial entities often suffer greater negative effects than other companies and non-confidential cyber-attacks are the most dangerous, especially for the financial sector. Overall findings seem to show a link between cybercrime and insider trading

Secure web application development and global regulation

The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today’s global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization’s policy compatibility, needs to be acknowledged in secure Web application development methodologies

The Australian Cyber Security Centre threat report 2015

Introduction: The number, type and sophistication of cyber security threats to Australia and Australians are increasing. Due to the varied nature of motivations for cyber adversaries targeting Australian organisations, organisations could be a target for malicious activities even if they do not think the information held on their networks is valuable, or that their business would be of interest to cyber adversaries. This first unclassified report by the ACSC describes the range of cyber adversaries targeting Australian networks, explains their motivations, the malicious activities they are conducting and their impact, and provides specific examples of activity targeting Australian networks during 2014. This report also offers mitigation advice on how organisations can defend against these activities. The ACSC’s ability to detect and defend against sophisticated cyber threats continues to improve. But cyber adversaries are constantly improving their tradecraft in their attempts to defeat our network defences and exploit the new technologies we embrace. There are gaps in our understanding of the extent and nature of malicious activity, particularly against the business sector. The ACSC is reaching out to industry to build partnerships to improve our collective understanding. Future iterations of the Threat Report will benefit from these partnerships and help to close gaps in our knowledge

On the complexity of collaborative cyber crime investigations

This article considers the challenges faced by digital evidence specialists when collaborating with other specialists and agencies in other jurisdictions when investigating cyber crime. The opportunities, operational environment and modus operandi of a cyber criminal are considered, with a view to developing the skills and procedural support that investigators might usefully consider in order to respond more effectively to the investigation of cyber crimes across State boundaries

Asia-Pacific cyber insights

This report aims to give insight into the wealth of cyber perspectives across the Asia–Pacific and amplify the regional voice on the key themes and questions of the Global Conference on CyberSpace 2015 in April 2015. Overview The Asia-Pacific region incorporates some of the most mature cyber actors in the world as well as some of the least connected. Governments throughout the region are becoming increasingly aware of the importance of cyberspace, however the capabilities, needs, and priorities of each state lie across a wide spectrum. Asia–Pacific cyber perspectives are far more diverse and dynamic than the dominant narratives coming from the ‘cyber great powers’ and it is important that the region’s distinct voices are heard in international cyber discussions. This report aims to give insight into the wealth of cyber perspectives across the Asia–Pacific and amplify the regional voice on the key themes and questions of the Global Conference on CyberSpace 2015 (GCCS) in April 2015. To achieve this the Australian Strategic Policy Institute’s International Cyber Policy Centre partnered with the Institute of Strategic & International Studies Malaysia to host a multistakeholder workshop to gather and collate the expertise of a broad cross-section of Asia–Pacific cyber experts. With generous support from the Ministry of Foreign Affairs of the Kingdom of the Netherlands, the workshop brought together participants from government, the private sector, academia, think tanks, non-governmental organisations (NGOs), as well as regional and international organisations from 12 Asia–Pacific countries. The report represents a collation of the thoughts and perspectives from the workshop and subsequent discussions. It is based on the key themes and questions of the GCCS and structured around the GCCS agenda. The intention was not to achieve consensus but instead accurately portray the points of convergence and divergence across the region. Throughout the process the recurring themes of clarity, capacity, and responsibility emerged as ways to ensure a more reliable, secure, and stable cyberspace. The findings of this effort will be presented at an Asia-Pacific Borrel, an official side-event of the GCCS

Improving security for remote payments

Given the growing popularity of e-commerce and m-commerce over the past few years, remote payments have become commonplace. Unfortunately, remote payments fraud has grown in response. On September 26, 2011, the Federal Reserve Bank of Chicago and the Secure Remote Payment Council (SRPc) co-hosted a symposium to discuss strategies that help reduce such forms of fraud.Fraud ; Payment systems

U.S./European Summit on Missing & Exploited Children

In October 2005, representatives from 20 countries, the United Nations, European-Union institutions, and the Council of Europe participated in the first-ever U.S./European Summit on Missing and Exploited Children. They discussed, compared, and assessed the effectiveness of: national and international legal instruments enacted to combat child abduction and the sexual exploitation of children;national and supranational initiatives that address the increasingly complex moral, societal, and legal challenges; andcurrent private and non-governmental initiatives and practices that support the protection of children. Specifically, participants sought to provide a common, universally agreed upon definition of the problem of child sexual exploitation