Last Week in Tech Policy #54: Challenges of Apprehending and Combating Cybercriminals

(by Jordan Demo, Colorado Law 2L)

The recent Equifax breach affecting approximately 143 million people has left many to call for justice—but justice for whom? After-the-fact investigations have tended to focus on whether the targeted entities took sufficient or reasonable measures to protect their systems. But what is the process for bringing attackers to justice? How are attackers who take the personal information of companies and individuals held accountable? What can be done to help deter this kind of behavior?

The Difficulty in Prosecuting Cyber Criminals

  • Jurisdictional issues arise in incidents involving the apprehension of attackers, particularly those located outside the United States. In many instances, attackers are located outside the United States or outside the jurisdiction of the American courts and prosecutors who are seeking a conviction.
  • A related issue is legal collaboration with countries, such as Russia or China, to extradite attackers. Some of these efforts prove successful, while others do not.
  • The legal system must also continuously adapt to catch attackers. With the global nature of the internet and attackers’ ever-changing and increasingly sophisticated methods of operation, the U.S. legal system relies on criminal laws that largely predate the internet, including the Computer Fraud and Abuse Act.

The Difficulty in Reporting, Under-Reporting and the Transaction Costs of Recovery in Cyber Crimes

Continuing Issues & Questions

  • Nick Selby, a Texas detective who focuses on cybercrime issues argues that the FBI taking the lead on cybercrime after 9/11 led to local law enforcement viewing cybercrime as a primarily federal issue. But the FBI may lack the time and resources to take on all cases. Is there a way to close this gap?
  • The EU has established a joint task force to combat cybercrime in coordination with the US. But what, if anything, can be done to coordinate with these countries that often are hostile or refuse to cooperate with the EU or US?
  • Not all cybercriminals are overseas. Many of these incidents occur through social engineering such as a friend’s hacked email sending out phishing attacks to all their contacts, or a keylogger being placed on a public computer at the local library. What are some ways that we can continue to improve our security awareness to help prevent social engineering?