Digital technology has transformed modern life, but it’s also been embraced by fraudsters, hackers and social media trolls. It’s time for policymakers to get to grips with cybercrime.
From hacking to trolling, identity theft to online harassment, cybercrime is making headlines every day. Modern technology has created new classes of crime and allowed existing offences to be committed in different ways. The law has largely failed to keep pace with this rapid change – although technology may offer solutions to tackle the very problems it has created.
Morag Rea, Head of Business Crime and Investigations for Thomson Reuters Practical Law, says technology has had a profound effect on the UK’s crime statistics and fraud is now one of the most prevalent crimes in England and Wales. According to the Crime Survey of England and Wales, there were 5.4m incidents of fraud and computer misuse offences in 2016 (3.5m fraud and 1.9m computer misuse offences).
One of the difficulties in combating cybercrime is that it is global; victims can be located in one country, while the perpetrators are in another. The number of Mutual Legal Assistance agreements (MLAs) – where different jurisdictions work together to solve crime – rises every year. Such agreements are essential to fighting cybercrime, but the UK has added another potential problem: Brexit.
“The number of MLAs has increased fourfold since 2013,” says Rea. “Life post-Brexit will pose new challenges for many businesses, particularly should the UK withdraw from key international legal assistance and enforcement agreements, as well as cybersecurity standards.”
Perhaps the most effective tool to combat cybercrime is therefore prevention – using advances in artificial intelligence (AI) to beef up cybersecurity. AI can process huge amounts of data and ‘learn’ from it, which, say experts, means cybersecurity systems can be developed that not only spot known malware, but also recognise new malicious code based on past experience.
A contempt for libel?
Paul Tweed has worked as a barrister for more than 30 years and specialises in media law. He has been involved in many high-profile libel cases, both for and against newspapers. Tweed believes new laws are needed to regulate social media giants such as Twitter, LinkedIn and Facebook.
“The law is totally impotent to deal with many of the problems that are coming out of cybercrime,” he says. “Criminal law is gradually coming up to speed, but civil laws are way, way, out of step.”
Tweed believes social media companies need to follow the same rules as newspapers and other publishers on areas such as libel and contempt of court.
“Social media companies will say they are not publishers and that they are merely a facility,” he says. “I would invite anyone to tell me the difference between a newspaper being liable for defamatory content published on its letters page from a member of the public, and somebody posting a defamatory commentary on Facebook.
“The bottom line is [social media companies] have put themselves in this position of power,” he says. “They are profiting from it; they have created the situation, so it’s up to them to find a solution. Both the British and Irish governments can take action against Twitter, Facebook and Google – they all have their European headquarters in Dublin.”
At the European level, new laws designed to provide greater protection for consumers are on the way. The general data protection regulation (GDPR), which comes into force in the UK in May 2018, focuses on data – the so-called ‘oil’ of the digital economy.
GDPR will force companies to rethink their data storage practices and make themselves less vulnerable to breaches. It will also give consumers stronger rights to know what information businesses hold about them and create what’s become known as the ‘right to be forgotten’, which allows individuals to request the deletion or removal of personal data.
The regulation comes with a big stick attached. Companies that fall foul of the GDPR could face fines of up to €20m, or 4 percent of annual turnover, whichever is greater.
Digital has taken us to new and unfamiliar territory. Mass communication via a connected computer is very different to public speaking, emboldening some people to say things they never would in public. Some also adopt online personas and avatars, masking their identities. This has led to the rise of social media trolls.
Tweed says social media should and could be forced to take more action against trolls and other online miscreants. “This should be the responsibility of the social networking sites. They are providing the facility, and the platform, so they should be blocking any non-attributable posts,” he says.
But the issue of anonymity is controversial and many in the internet industry argue it is both necessary and beneficial. Among them is Sarah Jamie Lewis, a former IT security engineer at Amazon, who now works as an anonymity and privacy researcher. Jamie Lewis has devoted a lot of time to researching the dark web, accessed via anonymising browsers, such as Tor. She says the internet should be about experimentation and freedom, and that anonymity can be liberating.
“I think anonymity is critical to a functioning democracy,” she says. “Across the world, there is a rich history of anonymous publications – where people could trial ideas without having those ideas being attached to a particular person or party.”
For many, the internet is about freedom and uninhibited creativity. Finding a way to guarantee the safety of the public without dampening the zeal of the world’s brightest minds is a tough balancing act, and there will surely be many ups and downs before we find a workable solution.
