Cybercrime

Programme on “Strengthening the Rule of Law in the Arab States –
Project on the Modernization of Public Prosecution Offices”
Regional Conference Booklet on:
“CyberCrime”
19-20 June, 2007

Kingdom of Morocco
Table of contents
Foreword 5
Agenda 9
Presentations
Cyber Crime -New Matter or Different Category? Legal Harmonization Is the Only
Way. Mr. Ehab Maher El-Sonbaty 15
Crimes related to the Gratifying Desire to Use the Computer. Mr. Khaled Muhied-
dine Ahmad 32
Specific Crimes: Offences Related to Child Pornography and those related to In-
fringements of Copyright and Related Rights: Definition and Forms. Ms. Christina
Schulman 35
Legislative Confrontation of Cybercrimes in light of International and National Leg-

islation. Ms. Sina’ Abdullah Mohsen 45
International Standards related to Cybercrime. Ms. Christina Schulman 53
Cybercrime in Moroccan Legislation. Mr. Abdel Razzak Sindali 59
Human Resources Capacity Building in Investigations, Prosecution and Trials on

Cybercrimes. Mr. Khaled Saleh Kaid Al Mawri 69
Human Resources Capacity Building in Investigations, Prosecution and Trials on

Cybercrimes: Practical Applications. Mr. Nassib Elia and Mr. Jamal Abdallah 74
CyberCrime: The Challenge for Law Enforcemen. Mr. Tyner Russell 79
L’importance de la Collaboration Internationale et L’expérience Belgedans L’échange

d’informations Policières et de Coopération Judiciaire. Mr. Jean-Francois Hen-
rotte 85
The Importance of International Cooperation in Preventing Cybercrime. Mr. Tyner

Russell 102
Prevention Measures and International Cooperation to Combat Cybercrime. Ms.

Christina Schulman 108
Recommendations 117
Foreword
Cyber crime is a serious phenomenon threatening the security of societies and the interna-
tional community as a whole. International cooperation has been particularly active to face this
dangerous plague, to determine preemptive measures and punish the perpetrators. Since in-
formation and communication technologies, currently representing the basic infrastructure for
all computer-based facilities, have become global media of communication used by states and
companies alike, ignoring these technologies is tantamount to excluding oneself from the inter-
national community.
Tackling cyber crimes is then crucial, since individuals, institutions and even governments are
further exposed to these crimes; cyber crime is, in fact, committed on a larger scale than con-
ventional crime. At a time of technological progress, society is increasingly aware of its poten-
tially negative repercussions. As information and communication technologies provide major
platforms for transactions, government and company infrastructure become potential victims
of cyber crime. This crime is also drawing near individuals, threatening their personal data in
banks or government institutions. While technology has largely contributed to progress and
development, it also led, one way or another, to the development of new ways to commit crime
through electronic means. Hence, criminals took advantage of technology and exploited cyber-
space and the computer to commit crimes.
Cyber crimes are defined as criminal actions resulting from or committed through informa-
tion technology, the computer or any other electronic means. Experts from the OECD define
cyber crime as “any illegal, unethical, or unauthorized behavior involving the transmission or
automatic processing of data”1 . Based on these definitions, the computer can be a tool for
crime such as theft and fraud, a channel or a location of crime such as data destruction, and
an object of crime such as the theft of computer chips. The computer can then be used to com-
mit a conventional crime such as individual or mechanical fraud, phishing, stealing patterns of
invention, counterfeiting or facilitating prostitution. It can also be used to commit unconventional
crimes such as website hacking, content destruction, data theft, and credit card theft2. The
computer might also be used to commit complex criminal activities, such as money laundering.
This crime is of major importance for law enforcement authorities in technologically-advanced
states namely, which fear that financial transactions are often impossible to trace, while e-
banking systems allow clients to access bank accounts from anywhere in the world and execute
a number of transactions in several directions in just a few seconds. Finally, the computer might
1 AL-SHAWWA, Mohammed, Information Revolution and its Repercussions on Penal Law, Dar Al-Nahda Al-Arabiyya, Cairo,
1998, p. 7.
2 The Council of Europe Convention on Cybercrime defines computer-related crimes as: computer-related offences such as
forgery and fraud, content-related offences such as child pornography, offences related to infringements of copyright such
as the illegal online sharing of copyrighted material, offences against the confidentiality, integrity and availability of computer
data and systems such as illegal access, illegal interception, data interference and system interference.
5
be used to commit highly serious crimes, such as cyber-terrorism. Terrorist organizations are
using the internet and other electronic media to spread and market their terrorist ideas, recruit
the young to execute terrorist activities, share messages and instructions between terrorists,
access information networks to collect data and updates, use the internet to train the execu-
tors, broadcast terrorist activities and advertise for them. While our existing legal systems are
unable to deal with this new series of cyber crimes, it becomes urgent to adapt national penal
legislation to these crimes, and facilitate the work of law enforcement authorities, including pub-
lic prosecution offices in Arab countries.
As cyber crimes pose complicated legal, economic, social and security dilemmas, the interna-
tional community sought, in recent years, to take a set of international and regional measures,
namely the creation of a communication network for sharing information on these crimes.
Under international efforts, a number of conventions on computer-related crimes were signed,

including the 2001 Council of Europe Convention on Cybercrime3, which is the sole multilateral
convention on fighting cybercrime. Since it entered into force on the 1st of July 2004, it is seen
as a cornerstone for member States in the European Union. Several non-member States in
the Council of Europe such as Canada, Japan and South Africa signed the convention, which
was also ratified by the United States, where it entered into force on the 1st of January 2007.
This convention aims at inviting member states to align national laws and complete legal tools
in procedural matters to strengthen the capacities of public prosecution offices to conduct
inquiries and collect evidence. The Additional Protocol to the Convention on Cybercrime4, was
also adopted, by which signatory states are bound to criminalize racist or xenophobic material
published online. In addition, the United Nations General Assembly issued Guidelines for the
Regulation of Computerized Personal Data Files5. Also in 1994, the 15th United Nations
Conference for Penal Law on Computer-related Crimes, was held in Brazil, and issued important
decisions.
In the Arab countries, regional cooperation is critical to fight these crimes, as they originate
from different locations with modern techniques. The Arab region desperately needs to consoli-
date regional cooperation mechanisms to fight these types of crime already spreading in the
region, under the absence of any special laws to counter them. The Council of Europe Conven-
tion on Cybercrime establishes a list of states with “effective and developed legislation”, which
does not, however, include any Arab state. Nonetheless, serious efforts are deployed to adopt
a special convention on Arab regional cooperation to fight computer-related crimes or cyber-
crimes, which so far is still a mere attempt; furthermore, an Arab Guiding Law on Combating
Information Technology Crimes6 was also adopted.
3 Signed on 23 November 2001 and entered into force on the 1st of July 2004.
4 Open for signature in January 2003.
5 45/95 of 14 December 1990
6 Issued according to decision number D 417-21/2004, and adopted by the Technical Secretariat of the Arab Justice
Ministers of the Arab League. It was also called the UAE Guiding Law to fight IT crimes and related crimes, as the UAE sub-
mitted this draft law, which was adopted by Arab Justice Ministers’ Council in its 19th session through decision 495-D19
– 8/10/2003, and the Arab Interior Ministers’ Council in its 21st session.
6
Nationally, the United Arab Emirates has issued Federation Law no. 2/2006 on Fighting Infor-
mation Technology Crimes. Tunisia also issued Electronic Exchange and Electronic Commerce
Law no. 83, dated 9 August 2000, with few provisions regarding information technology and
cybercrimes7.
Raising awareness and spreading knowledge in the Arab region becomes necessary, consist-
ing of effective cooperation between different national judiciary and security institutions to fight
these crimes and training public prosecution officers and related bodies in this field, as they are
in charge of inquiries and collecting evidence.
Under UNDP-POGAR’s project on the modernization of public prosecution offices in the Arab
countries, launched since 2002, a series of activities have been organized with educational
seminars and training sessions to provide a deeper knowledge of modern crimes to members
of public prosecution offices and promote their role in enforcing the rule of law and build their
capacities in using modern investigation techniques.
The Project, with an aim towards fighting cybercrimes, organized a regional conference entitled
“Cybercrimes”, in Morocco on 19 and 20 June 2007, at the request of public prosecution
offices in a number of Arab pilot countries. The conference aimed at building and promoting
the knowledge of public prosecution members on cybercrimes, and modern techniques used
to counter these crimes. During this conference, one of the most pressing issues in diagnosing
computer-related crimes was carefully studied: defining, classifying and studying these crimes
and the challenges they pose; it also tackled several types of these crimes such as copyright
infringements, pornographic crimes and child pornography, electronic spying, data counterfeiting,
money laundering and economic crimes. Computer-related legislations were also reviewed,
with special emphasis on fighting these crimes through national and international legislation,
building the capacities of human resources in investigation, prosecution, and trial of computer-
related crimes, taking preemptive measures, and strengthening international cooperation in
this regard.
Given the importance of this conference, the valuable presentations and important
recommendations adopted at the final session were compiled into this booklet to serve as a
reference on “Cyber crimes”, not only in the Arab region but also worldwide.
Wassim Harb
Senior Rule of Law Advisor
Programme on Governance in the Arab Region
United Nations Development Programme
7 HIJAZI, Abd-Al-Fattah, Introduction to Arab Electronic Trade, Book 1: Explanation of the Tunisian Electronic Exchanges and
Electronic Commerce Law, Dar Al-Fikr Al-Jami’i, Alexandria, 2004, starting p. 255.
7
Agenda8
Opening Session - Welcoming Statements
First session: Part 1
Introduction to Cybercrime: Identification and Specification

Overview of the concept and types of Cybercrime
- Specific Crimes:
• Traditional forms of crime committed through the use of computer: Computer-
related offences: definition and forms
• Offences against the confidentiality, integrity and availability of computer data
and systems: definition and forms
Chairman of the session:

- Dr. Wassim Harb, Chief Technical Advisor - Project on Modernization of Public Prosecu-
tion Offices - Programme on Strengthening the Rule of Law in the Arab States
Rapporteur of the session:

- Mr. Abdallah El Alaoui ElBalghiti - Public Prosecutor of the Appeal Court in Casablanca -
Morocco
Speakers:
- Mr. Alexander Seger - Expert - Council of Europe
- Mr. Ehab El Sonbati - Expert - Council of Europe
- Mr. Hadi Shaif Chaibanou - Morocco

First session: Part 2

- Specific Crimes:
• Offences related to infringements of copyright and related rights: definition and
forms
• Offences related to child pornography: definition and forms
8 This booklet only comprises the presentations that were provided to the Programme on Strengthening the Rule of Law in
the Arab States and not all presentations listed in the conference’s agenda.
9
- HE Mr. Abdel Megeed Mahmoud Abdel Megeed - Attorney General - Egypt

- Mr. El Hassan El Oufi - Public Prosecutor of the Appeal Court in Rabat - Morocco
Speakers:
- Ms. Cristina Schulman - Expert- Council of Europe
- Mr. Khaled Ahmad - Regional Expert - UNDP-POGAR
Second Session
Relevant Legislation on Cybercrime

• International standards related to Cybercrime (Council of Europe, G8, United Na-
tions, and European Union)
• Current legislative situation in the pilot countries of the project (experience pre-
sentation)
• Elements and topics that should be encompassed by national criminal legisla-
tions
• Importance of enhancing a national legal framework that encompasses all types
of Cybercrime.

- H.E. Mr. Ali Ben Fadel Al Bou Aynan - Public Prosecutor - Bahrain

- Mr. Abdelilah Elmestari - Public Prosecutor of the Appeal Court in Marrakech - Morocco
Speakers:
- Ms. Cristina Schulman - Expert - Council of Europe
- Mr. Mohamed Kasem - Egypt
- Mr. Naji Zu’bi - Jordan
- Mr. Roukoz Rizk - Lebanon
- Mr Abderrazak Sandali - Morocco
- Ms. Sena Abdullah Mohsen Saleh - Yemen
10
Third session
Building the capacity of human resources in the investigation, prosecution and trial of Cy-
bercrime
• Introducing public prosecutors to modern investigative techniques and informa-
tion collection methods.
• Introducing public prosecutors to means of prosecution in these types of
crimes
• The role of public prosecutors in assessing evidence of Cybercrime: proof sys-
tems
• Enhancing the capabilities of public prosecutors in examining the crime scene of
Cybercrime

- HE Mr.Mohamed Abdel Nabaoui - Head of the Criminal Affairs in the Ministry of Justice
- Morocco

- Mr. Abdel Aziz Bouziane - Public Prosecutor of the Appeal Court in Fes - Morocco
Speakers:
- Mr. Tyner Russell - United Kingdom
- Mr. Ehab El Sonbati - Expert - Council of Europe
- Mr. Bouchaab Rmil - Expert - Morocco
- Mr. Mohamed Ramsy - Egypt
- Mr. Ali Abou Zaid - Jordan
- Mr. Nassib Elia/Jamal Abdallah - Lebanon
- Mr. Mohamed Benalilou - Morocco
- Mr. Khaled Saleh Kaid Al Mawri - Yemen
Fourth session
Prevention measures and international cooperation to combat Cybercrime

• Role of public and private-sector cooperation in addressing cybercrime
• Importance of international cooperation in the exchange of police information
and judicial cooperation
• Importance of establishing an international network of contact points
• Enhancing channels of communication between countries through identifying a
focal point in each country
11
- H.E. Mr. Youssef Hmoud - Head of Public Prosecution Offices - Jordan

- Mr. Abdel Salam Bouhouche - Morocco
Speakers:
- Ms. Cristina Schulman - Expert - Council of Europe
- Mr. Tyner Russell - United Kingdom
- Mr. Jean-Francois Henrotte - Belgium
Closing session: Recommendations
12
Session one

Cyber Crime - New Matter or Different Category? Legal Harmonization Is The Only Way!
Mr. Ehab Maher El Sonbaty
Computer presence in our daily life is very obvious; it has become the major tool used in many
sectors not only at the public levels such as governments and companies but also at the level
of private individuals9. Many of us would be in big difficulty if found suddenly without computers.
With this huge role played by computers in our lives, many fears and worries arise. Much at-
tention is paid to make the use of this important tool secure and reliable, and as integrated and
functional as possible.
This paper - divided into three sections - examines the interaction between computers and crim-
inal law at the national and international levels, the need to develop controls that would hold over
cyber crime, the challenges to these controls, and how such challenges can be addressed.
1. Regulate or not regulate, is this the question?
It is not true what is frequently stated that the cyber activity is not regulated. We see every day
how governments and different organizations play a huge role in regulating the computer and
related areas such as the Internet and e-commerce10.
When I say “the cyber activity must be regulated” I do not mean limiting its potential develop-
ments, but rather making it more functional, less complicated and most importantly as safe and
reliable as possible.
A main function of any legal system – within the context of regulating the relations among the
entire nation’s individuals – is to respond to the new developments settled in the society11.
Therefore, it is necessary that the legal system should regulate the cyber activity. Like any
other issue, the cyber activity should be regulated at two levels; first, by prescribing what has,
or has not, to be done; and second, by determining the procedures to do what has, or has not,
to be done. Thus, when a legal system regulates the cyber activity, it does what the community
expects it to do.
Against this background, the law plays several roles; it not only should respond to and deal with
the different developments in the society but also change or even create norms of behaviour to
be adopted by the citizens. The faster the new developments are regulated properly, the lesser
9 Unfortunately computers are the main mean of communication most of terrorists’ activities are recorded and announced
through.
10 Jay Forder and Patrick Quirk, Electronic Commerce and the Law, Willey, 2001, p. 8.
11 Toshiyuki Kono, Christoph G. Paulus and Harry Rajak (ed.), Selected Legal Issues of E – Commerce, Kluwer Law Intern -
tional, 2002, P. 146.
15
the litigations and disputes will occur.
It is better to prevent the problems from happening rather than waiting for them to occur and
then start struggling about the right cure for them, considering – of course – the usual rush in
these situations with many parties like the media and some businesses screaming that some-
thing should be done!
1.1 Different approaches

In the era of regulating the computer world12, there are many opinions and approaches. We can
say that there are three general approaches13.
The first approach argues that there is no need to panic, nothing is new about computers and,
thus, the existing legal structures are capable of controlling and organizing its different aspects.
The supporters of this opinion claim that they had worked with all the other mediums such as
telephone and fax. They also say that all the crimes done through or with computers can be
handled by the existing legal systems.
The second approach is the opposite completely. Its main idea is that the computer world is a
new world and it needs a whole new and complete system to control it. Proponents of this ap-
proach are sure that over days such system will be developed thanks to the initiatives and be-
havior of the actors involved in the cyber activity. Therefore, they do not believe that there should
be one system to organize both the old and new worlds of “cyber space” which is unique14’ 15.
The third approach combines the two previous approaches. Its proponents argue that the ex-
isting legal systems are not capable of controlling the cyber activity in a comprehensive way.
But, they maintain that developing a new legal system to organize the cyber space is completely
unrealistic. Therefore, according to them, the best solution is to make the existing legal system
capable of the accommodating the new concepts of the cyber space.16
1.2 The correct approach

I agree with the third approach and I emphasize that the existing legal system covers many
areas which computers did not change or affect from the practical legal point of view. However,
there are some new concepts and challenges which must be covered by different means of law
12 Toshiyuki Kono, Christoph G. Paulus and Harry Rajak (ed.), Selected Legal Issues of E – Commerce, Kluwer Law Intern -
tional, 2002, P. 146.
13 See Jurgen Basedow & Toshiyuki Kono, Legal Aspects of Globalization, Conflict of Laws, Internet, Capital Markets and Inso -
vency in a Global Economy, Kluwer Law International, 2000, P. 29.
14 See Lawrence Lessig, Code and other laws of Cyber Space, Basic Books, 1999, P.6. And also see John Perry Barlow, Selling
Wine Without Bottles, The Economy of Mind on the Global Net, http://www.eff.org/IP/idea_economy.article
15 See also this Website which is devoted for the defending of that approach http://www.eff.org/.
16 For further reading see E.A. Cprioli & R.Sorieul, Le commerce international elecronique: ver l’emergence de regales j -
ridiques transnationales, Clunet 1997, p. 323.
16
nationally and internationally or even within a self-regulated system for some issues.
Obviously, the first approach takes the easy way. Everything is OK. We do not need to bother!
This opinion is very naïve and is based on an incorrect idea about the nature and process of
computer and their repercussions. The concept that nothing needs to be added to the legal
system means that in a short time the state adopting this approach will be completely out of
the game and will be tied and restricted from interaction with other actors. This, also, places
the courts in a very difficult situation dealing with new subjects with old tools using a classical,
traditional and slow process which was widely criticized.
On the other hand, the idea that a new legal system should be developed to respond to the
evolution of cyber space is also unrealistic. Firstly, no matter how much new practices will cre-
ate some legal principles; this will not ever achieve a real legal system with all the necessary
features (such as stability, fairness, etc.). Secondly, the assumption that the online world is sepa-
rated from the real world is a fantasy. Both worlds are interacting in a very complicated and
connected way every second. Therefore, making a different legal standard for each of them will
create chaos17. Finally, internet crime is increasing sharply and the victims of these crimes - be-
ing individuals, institutions or sovereign states - find their property, security and privacy violated
by criminals, who remain free to perpetrate these crimes. Privacy, personal liability and even
individual and institutional security are already the subject of attacks by these criminals18 .
Therefore, the main objective should be encouraging individuals to use computers, but under
the umbrella of the existing legal system after filling the empty gaps between the existing rules
and the new features and concepts of computers.
Regulating the cyber activity should achieve the main aim of creating trust. This trust may be
created by adopting a high level of security for computer systems and a proper legal framework.
This concept must be handled carefully because the legislator may tend to adopt sophisticated
level of technology for securing transactions; a matter which may create difficulties for busi-
nesses and other involved actors in applying them. In addition, the growth of the technological
ways to defeat these security standards must be faced19.
While legislating for the cyber activity, we should not be distracted by detailed technological
issues, but rather concentrate on a main framework which enables the law to adopt the best
technology in order to apply its provisions properly. This is not an easy job, because the legisla-
tion used by in many governments to control the cyber activities properly are challenged by the
17 See Christopher Reed, Internet Law, Text and Materials, Butterworths, 2000, P.188.
18 Natasha Jarvie, CONTROL OF CYBERCRIME - IS AN END TO OUR PRIVACY ON THE INTERNET A PRICE WORTH PAYING?
PART 1, Computer and Telecommunications Law Review, 2003, 9(3), 76-81
19 Xxxx We have to keep in mind the failure of the German Digital Signature law thanks to the complex of its sophisticated
technological standards which was not commercially beneficent for the businesses or even individuals to apply.
17
rapid development of technology which constantly causes new problems. These problems are
difficult to handle because of the problems related to communication between technicians and
lawyers. This may even get worse when it comes to judges and law enforcement officers who
may resist any new ideas or methods.
1.3 The current situation

Many countries were aware of the importance of responding to cyber crimes by legislation. Examples
of these countries are Italy (1978); Australia (state law, 1979)20; United Kingdom (1981, 1990)21’
22
; United States of America (federal and state legislation in the 1980s); New Zealand (1994)23;
Canada and Denmark (1985); the Federal Republic of Germany and Sweden (1986); Austria,
Japan and Norway (1987); France and Greece (1988); Finland (1990, 1995); the Nether-
lands (1993)24; Taiwan (1997)25; Luxembourg (1993); Switzerland (1994); Spain (1995); Israel
(1995)26, and Malaysia (1997).
Intervention by all the above-mentioned countries is good evidence that our approach, men-
tioned above, is the most accepted and applied one worldwide.
2. Challenges posed by cyber crimes to criminal laws
After discussing the notion of regulation of cyber activity17 to respond to the new developments,
we shall review the challenges posed by cyber crimes to the existing classical, both substantive
and procedural, criminal laws.
2.1. Challenges to the substantive rules

Cyber crimes may result in challenges to the substantive provisions of the criminal law. First,
we will define cyber crime, and then we will see the different kinds of cyber crimes and how the
current substantive laws can respond to them.
2.1.1 Definitions
Defining cyber crime is very important and challenging. It is very important because it draws the
boundaries for any legislation or international convention. Cyber crime, therefore, must be de-
20 See Anne Fitzgerald, AUSTRALIA: E-CRIME - PROPOSED LEGISLATION, Computer and Telecommunications Law Review, .
2001, 7(2), N17-18.
21 See Ian Walden, UPDATE ON THE COMPUTER MISUSE ACT 1990, Journal of Business Law, 1994, Sep, 522-527.
22 See Peter Alldridge, COMPUTER MISUSE ACT 1990, International Banking Law, 1990, 9(6), 339-342.
23 Malcolm Webb, NEW ZEALAND: CRIMINAL LAW AND TELECOMMUNICATIONS, European Intellectual Property Review,
1995, 17(11), D314-315.
24 See Nora Mout-Bouwman, THE NETHERLANDS: NEW LAW TO COMBAT CYBER CRIME, European Intellectual Property
Review, 1993, 15(5), D108-109.
25 Hubert Hsu, TAIWAN: COMPUTERS - CRIMINAL LEGISLATION - TAIWAN REVISED ITS CRIMINAL CODE -CYBER CRIME
PROVISIONS, Computer and Telecommunications Law Review, 1997, 3(6), T139-140.
26 See Neil J. Wilkof, ISRAEL ATTEMPTS TO LEGISLATE COMPUTER-RELATED ISSUES: THE COMPUTER LAW 1995, 1996,
2(4), 150-155.
18
fined very carefully otherwise the result will be either a large scope which will govern unrelated
issues, or a narrow scope which will fail to cover all the required matters.
Many terms are used to reflect the same meaning such as ‘cyber crime,’ computer crime’, ‘In-
formation Technology crime,’ and ‘high-tech crime’. All these terms refer to crimes committed
with, via, or by computer and other electronic media such as the cellular phone.
Some countries, such as the United Kingdom, France and Germany, preferred not to define
“computer”. In contrast, the United States defined “computer” in the Computer Fraud and
Abuse Act as “an electronic, magnetic, optical, electrochemical, or other high speed data pro-
cessing device performing logical, arithmetic, or storage functions, and includes any data stor-
age facility or communications facility directly connected to or operating in conjunction with
such device”27’28.
2.1.2 Different types of cyber crimes

We have to differentiate between three kinds of cyber crimes: the crimes where the computer
is used as a tool or instrument such as fraud; the crimes where the computer is the object of
the crime such as hacking and the release of viruses; and the crimes where the computer is
incidental to the crime such as when it is used as a medium for the storage of the records of
criminal transactions29.
In the light of comparative laws and international conventions, we can see that cyber crimes can
be divided into three groups: computer-related crimes, content-related crimes, and computer
sabotage offences.
2.1.2 (a) Computer-related crimes

Cyber-crimes are the crimes which had already existed before the emergence of computer.
The computer provided a new tool by which the offence is done. Examples of this type are theft,
fraud, industrial espionage, facilitation of prostitution, terrorism and forgery.
Theft and Fraud

Using computer in fraud has many shapes. It may be by altering information stored into a sys-
tem or altering the outputs. In most legal systems, computer fraud does not need a new law. It
can be covered by the existing legal rules.
Yet there may be some problems in accommodating the computer techniques of fraud under
the existing laws30. An example of these problems may occur when the law makes it a condition
27 18 U.S.C. section 1030(e)(1)

28 See also the Singapore Computer Misuse Act 1988,s.2.1
29 See Ian Walden in Chris Reed and John Angel, Computer law, Oxford University Press, Fifth edition, 2003, P. 295.
30 See Simon Dawson, COMPUTER FRAUD: PART 1: THE RISK TO BUSINESS, Computer and Telecommunications Law
19
that a person should have been deceived. This would appear as if this crime does not include
fraud made against automated systems.
Another problem in most legal systems is that the theft must be committed against tangible
property. Where the object of crime is information or data, the property in question may be
intangible. In the world of computers, materials and properties have different meaning. In spite
of the classical shape of tangible property, in cyber space, many properties are not of a mate-
rial nature21. In this situation, we have assets which need protection but may not fall under the
normal categorization of the classical penal laws22.
There is also an interesting example of these problems, in the case of copying but not stealing.
Again, the protection of trade secrets will have another challenge31.
Industrial espionage
Industrial espionage is a classical crime and is criminalized under the existing criminal laws. Yet,
computers open new dimensions for this crime.
Computers may be a very good tool for industrial espionage. For example, industrial secrets may
be downloaded from a company’s computer and sent via e-mail immediately to its competitor.
Information technology itself may be an interesting target for this crime. An innovation in com-
puter technology may be stolen and sold for a large amount of money.
In all the cases, the criminal law should cover the two possibilities and special attention should
be given to civil remedies since the subject of this crime may equal millions of dollars.
Facilitation of prostitution
Computer provides largely new option to facilitate the prostitution. On the web, there are thou-
sands of websites which advertise and market prostitution without any control by national or
international laws.
Massive amounts of money are invested in this secret world business, therefore, criminals will
use the most recent technologies in the world and their tracing will be difficult.
Forgery
Information technology has made forgery much easier to achieve and extremely hard to discov-
er32. This is very good news for forgers but it makes the life of law enforcement officers harder.
Review, 1999, 5(3), 70-73 and Simon Dawson, COMPUTER FRAUD: PART 2: PREVENTION AND DETECTION, Telecom-
munications Law Review, 1999, 5(4), 114-117.
31 See Sue Grossey, Goodness, hasn’t it grown since last year, F.I. 2000, 32(Nov), 1-4.
32 Take the example of Adobe Photoshop program.
20
Apart from the classical forgery under the existing legal systems, many new challenges may
arise. Can illicit use of a password be criminalized as forgery? Will creating an electronic signal
be deemed forgery? The last challenge is that in many legal systems there is a “person” to be
deloused; in this case, how would forgery be purported to induce a computer system or a net-
work?
Terrorism
Terrorists can communicate, advertise and even conduct their operations by computer.
Our existing legal systems may be able to comprehend these operations in many cases, but
certain amendments may be required.
I believe that our existing legal systems can comprehend this type of computer-related crime
in many cases. However, in respect of the challenges I mentioned above, it would be better if
some articles of the penal code are amended to make it malleable and easy for all the involved
actors, such as law enforcement agencies and judges, to deal with them (but not the criminals,
of course!).
2.1.2 (b) Content-related crimes

The data which are processed by computers are often much more valuable than the hardware
itself. That is why the crimes committed against the content of computers are of a great impor-
tance.
Copy rights
In many existing copyright laws, information is protected in relation to the know-how and trade
secrets. However, in cyber crimes, information itself may be a product and therefore needs
protection.
“Domain names” are another non-materialistic product. They are of great importance in e-com-
merce transactions24. They are like identifications for businesses on the Internet, and are often
a part of the advertisement, brochures, and the like of a business. Until recently, states have
tended not to intervene in the distribution of domain names33. They only intervened when there
was a decision to be made about a domain name dispute (apart from the areas governed by
ICANN systems). But one may wonder about the extent the states will become more active in
this important area34.
33 For more information about the administration of domain names see www.icann.com.
34 in any way the problems rise from domain names not only for the general generic names but also for the national domain
names with the possibility of different parties registering different domain names will obviously challenge the existing copy
rights and trade marks rules considering that the whole system of domain names administration is managed in a very
unprecedented way.
21
Stalking, Harassment, Hate Speech
Stalking and harassment are malicious activities directed at a particular person. They may not
be deemed criminal activities, depending on the jurisdiction. But, when these activities are com-
mitted via computers, all jurisdictions will be able to receive them. This poses a serious chal-
lenge to every domestic criminal law even if it is updated to cover cyber crimes.
Offences against Morality

This is a very sensitive issue for many countries, since standards and definitions vary widely
from one place to place35.
In all cases, a question arises: will making pornography available online fall under the criminal-
izing articles? Would a pornography saved in a computer data constitute a “copy”? Would the
cache memory36 savings be a criminalized “copy”? Issues of proof may make prosecution dif-
ficult.
Another related matter is receiving the criminalized pornography via e-mail. Would an unin-
tended recipient be criminally liable? It is argued that most, if not all, of the difficulties posed by
computer offences against morality are ones that can be remedied relatively easily by amend-
ments to the statutory definitions37 and by giving a wider scope of what may be considered a
copy of a pornographic material38.
Once again, like in the other above-mentioned types of crimes, these crimes make it inevitable
to update the existing penal articles so that they can comprehend them without need to change
the law entirely.
2.1.2 (c) Computer sabotage crimes

This type of cyber crimes covers the crimes which affect the security, integrity, confidentiality,
and reliability of computer systems. It includes the unauthorized access and unauthorized modi-
fication.
Unauthorised access to computer systems

Unauthorized access to computer systems crimes can be divided into two parts; unauthorized
access per se and unauthorized access with the intention to commit another crime.
35 Such as in England where the criminalized sub-sector of pornography is only in relation to Pedophilia, see Children Prote -
tion Act 1978 and the Criminal Justice Act 1998.http://www.hmso.gov.uk/
36 This part of the computer saves a copy of each page entered online for efficiency reasons.
37 See Colin Manchester, COMPUTER PORNOGRAPHY, Criminal Law Review, 1995, JUL, 546-555.
38 See MORE ABOUT COMPUTER PORNOGRAPHY, Criminal Law Review, 1996, SEP, 645-649.
22
Unauthorized access
This type of crimes covers the famous “hacking”39 and “cracking” crimes where a person who is
unauthorized to enter a particular computer system does this. It also covers the unauthorized
interception of data.
But, would unsuccessful attempts also constitute a crime? Would merely switching on an un-
authorized access computer fall under this type of cyber crimes? We should be careful about
criminalizing unconditional access without exception; there are many possibilities where this
access should be legitimate. An example of this is where a person sees the contents of a laptop
unintentionally.
Hence, there is a need to define clearly unauthorized access as there will be chaos if all cases
of unauthorized access to any electronic device, such as mobile phones, are criminalized. Ex-
amples of giving broad definitions of computer can be seen in the English40, Singapore41 and
Malaysian42 acts43. This was a mistake.
According to the Cyber Crime Convention44, unauthorized access is criminalized only when en-
try is done by another computer. I disagree with this. A factual harmful access can occur by a
physical person and not by another computer. In all cases, we have to know whether the crimi-
nalization of this crime should depend upon a minimum level of security made by the victims or
upon particular knowledge of the criminal.
Another important issue arises from an employee’s use of their authorized access, especially
when such employee uses his/her authorized access for an unauthorized purpose45.
Unauthorized access with the intention to commit another crime

Unauthorized access often occurs for committing another crime. An example of this is collect-
ing bank data of a particular person to use it in transfer money from his/her account to the
criminal’s account. Would it still constitute a crime if the ultimate objective was impossible to
achieve? Perhaps, yes, if the focus is on intent.
Some argue that hackers are merely curious individuals who seek adventure. Not only does this
ignore the victims, but also ignores many cases where hackers obtained unauthorized access
39 Hacking means gaining unauthorized access to a computer system, programs or data.

40 See the U.K. Computer Misuse Act 1990.
41 See the Singapore Computer Misuse Act 1993.
42 See the Malaysian Cyber crimes Act 1997, section 2.
43 See for a comparative study between the English, Singaporean and Malaysian cyber crime acts, Nagavalli Annamalai,
CYBER LAW OF MALAYSIA - THE MULTIMEDIA SUPER CORRIDOR, International Trade Law & Regulation, 1997, 3(6),
213-220.
44 See Sec. 9.5.1.of the Council of Europe Convention.
45 See D. Bainbridge, ‘Cannot employees also be hackers?’, pp. 352-354, Computer Law and Security Report, vol. 13, no. 5,
1997; and P. Spink, ‘Misuse of Police Computers’, P.219-231, Juridical Review, 1997.
23
to do something worse. In these days, where many critical infrastructures depend on computer
systems, we should make no mistakes.
In some cases, an employee of an organization may help a criminal by providing him with pass-
words. This accomplice should receive the same level of punishment as the perpetrator, espe-
cially in those cases where the main perpetrators did not touch the computer system himself
and left this part to his accomplice inside the victim organization. There is also the case where
the authorization is limited to viewing, copying or altering.
In Europe, several decisions46 were taken on the criminalization of unauthorized access. This
criminalization forms a formidable barrier to piracy of digital content in different platforms in-
cluding the internet47.
Unauthorized modification
The crime of unauthorized modification is a serious one since it affects the integrity and the
availability of the computer system. It has a clear example in the terrorist attempts to ruin a
critical infrastructure of a particular nation. Viruses are also a usual tool in this sort of crimes.
A modification can be made by changing, adding or deleting data on the computer system. It can
be either permanent or temporary48. Singapore law provides for two years of imprisonment for
this crime49.
Deleting or modifying data in a computer system might fall under the concept of property dam-
age, if the law scope is broadened to cover damage of intangible property.
At issue here are the intention and knowledge of the perpetrator, especially in the case of virus
writing where the criminal does not know which computer his virus is going to hit. Other con-
siderations include whether the unauthorized modification does not affect the content of the
computer system, or whether it has actually improved the system.
Unauthorized modification also can affect copy rights, as when some software companies pro-
gram their software not to function properly if the client does not pay in time.
After reviewing the previous types of cyber crimes and their position under the existing legal
system, we can stress that the existing protection provided by the Criminal Code is not eroded
46 such as the European Parliament and Council Directive 98/84 on the legal protection of services based on, and consis -
ing of, conditional access, The European Parliament and Council Directive 2001/29 on the harmonization of certain as-
pects of copyright and related rights in the information society the Proposal for a Council Framework Decision on attacks
against information systems COM(2002) 173 final.
47 See Rico Calleja, Conditional Access Piracy, Computer and Telecommunications Law Review, 2003, 9(8), 239-240.
48 See The Malaysian Cyber crimes Act 1997, Section 5.
49 See sections 3(2), 5(2) and 6(2) of the Computer Misuse Act (Chapter 50) Singapore
24
by the technology developments. Although criminal laws, in their existing state, were in some
cases used successfully to prosecute e-crime, certain key amendments will clarify unsettled is-
sues and facilitate e-crime prosecutions and trials.
2.2. Challenges to procedural rules and law enforcement

In this section, we shall discuss the cyber crime challenges to the rules of procedures and law
enforcement.
2.2.1. Challenges to procedural rules

Criminalizing cyber crimes is not enough; still remain the problem of how to prove them, and the
forensic issues such as how to search and seize the related evidence. This sort of evidence will
be challenged in the court and any error or technological malfunction may result in destroying
the power of this evidence. In addition, there is the question of whether law enforcement should
be empowered to “hack” in order to trace a criminal50.
Evidence derived from computer must have all the attributes of conventional evidence; it must
be admissible, authentic, accurate and complete. But it also has certain qualities which create
difficulties for those who wish to rely on such evidence; it is very volatile, easily altered without
obvious trace, and highly novel, thus, creating problems not only in respect of explanation but
also forensic testing. Computer forensics is now a reasonably well-established subject area51,
but unlike most forms of forensic science many of its techniques have not been around long
enough to have been properly tested by peer-reviewed publication.
A simple way of procedural regulation may be an article of law which provides for the search of
any premises and seizure of any evidence with a warrant, if there is reasonable cause to believe
that an offence has been committed. This may be accompanied by legitimizing the activities of
the various units that investigate and prosecute cyber crime. This should cover new means of
scrutinising activity on the internet, use of new and advanced techniques to retrieve data from
seized computers and data media, and by procedures to infer actions and intent on the part
of defendants by interpreting the way in which a computer may have been set up and, over a
period of time, used.
2.2.2 Challenges to law enforcement

There is a need to ensure that the police have the required resources and expertise to handle
the investigations. It is a big challenge to law enforcement because the subject of these crimes
may be new to them and they have to deal expertly with technological issues. They are required
to apply the applicable law to criminal activities in cyberspace while they are concerned that
publication of some of its methods may make future investigations more difficult. This some-
50 See for some new forensic techniques, Peter Sommer, EVIDENCE IN INTERNET PAEDOPHILIA CASES, Computer and
Telecommunications Law Review, 2002, 8(7), 176-184.
51 Regulation of Investigatory Powers Act 2000, Anti-terrorism, Crime and Security Act 2001
25
times leads to coyness in their witness statements, or attempts to exclude particular aspects
on public interest grounds.
Answering these challenges needs not only a law to specify the procedures to be followed in
cyber crime but also to develop a sort of Quality Assurance protocols that are used in more
established areas of forensic science. It needs also to provide an adequate level of training
for police, prosecutors and also judges. Training of police officers should cover all the related
forensic issues of cyber crime such as searching, seizing, recording, intercepting, etc. Prosecu-
tors should be trained in how to use electronic evidence before the court. They should also be
trained in writing their warrants in a way that would ensure flexibility of movement for the police
and maintains the basic human rights of the accused.
Very often, calls are voiced for training law enforcement officers and, sometimes, prosecu-
tors but I find no reason why judges should not receive this type of training. The argument that
there is no need for this training as there will be an expert testifying before the court after the
evidence is examined, is a false argument, because when it comes to this type of complicated
crimes, a good (if not excellent) background about this area of activity should be possessed by
judges. Speaking about myself, I believe that I should seek to be trained in any new medium or
norm which may arrive to my court. In Egypt, the National Judicial Centre located within the Min-
istry of Justice, organized many training courses on the new developments in the world such as
the WTO, copyrights law, digital signature, etc.
The same reasoning is true of legislators; a good training may be needed to help legislators
understand the different aspects of cyber crimes while they are tailoring the laws.
3. International cooperation and harmonization

Cyber crime is unique because it may be committed from any place in the world in any other
place in the world with evidence flying through the telephone lines every second. A criminal may
commit all the steps of crime in a country in which he has never set foot. The classical criminal
co-operation between the countries cannot handle this type of crime; it may take months to
conduct a procedure in another country or to operate a particular investigation on the territo-
ries of different jurisdictions. Mechanisms of co-operation across national borders to solve and
prosecute crimes are complex and slow.
From the practical (and logical) point of view, there is not much to be achieved if we keep on
working individually and each state proceeds on its own. There is a clear need to develop com-
parable substantive and procedural laws.
3.1. Important background

To identify the international trends in the field of cyber crimes, three elements must be exam-
ined; the Declaration of the 10th UN Congress on Crime Prevention and Criminal Justice and
26
the workshop held on its peripherals, the Guide to the discussions of the11 th UN Congress on
Crime Prevention and Criminal Justice, and the regional preparatory meetings for that Con-
gress.
3.1(a) The Declaration of the 10th Congress and the related workshop
It is important to examine the Declaration of the 10th Congress issued in Vienna in the year
200052, and the background paper of the workshop53 held in preparation for workshop. Obvi-
ously, the workshop has made a significant progress in combating the cyber crimes in unusual
ways. Logical sequence and the very nature of the issues tabled for discussion make it inevitable
for the coming workshop to take a step, or say steps, forward. Therefore, we should focus on
developing visions and measures which would create a new opportunity for the international
community.
3.1(b) The Discussions Guide

The Discussion Guide54 opens a wide horizon for international performance concerning com-
puter-related crimes since it declares the importance of facing them with many extraordinary
mechanisms. These include introducing legislation amendments, training of law enforcement
officers, and respecting fundamental human rights without violating country’s national sover-
eignty.
The Guide mentions the actions and the initiatives which some international organization had
undertaken. It also points to the different horizon for international cooperation in the field of
computer-related crimes and brings up the idea of technical cooperation and the idea of prepar-
ing a model law guiding all local legislations.
3.1(c) The regional preparatory meetings

The United Nations, in the process of preparing for the 11th Congress, held many regional meet-
ings. The conclusions these meetings came up with indicate the international approach towards
this important issue.
In the West Asia preparatory meeting held in Beirut, April 2004, Egypt presented an excel-
lent initiative of eight points for international measures to combat cyber crimes55. The recom-
mendations of the meeting’s final report56 focused on enhancing cooperation and exchanging
expertise between governments and the private sector to develop and implement a mechanism
for cyber crime prevention. The recommendations also stressed the need to explore methods
52 See the United Nation tenth Conference Report, A/CONF.187/15.

53 See the Background paper for the workshop on crimes related to the computer network, A/CONF.187/1.
54 Discussion Guide for the Eleventh United Nations Congress on Crime Prevention and Criminal Justice Bangkok, 18-25
April 2005, A/CONF.203/PM.1.
55 See the Egyptian declaration presented at the West Asia preparatory meeting, April 2004, Beirut.
56 See the final report of the West Asia preparatory meeting, April 2004, Beirut, A/CONF.203/RPM. 4/L.2.
27
to enhance the governmental ability to modernize and use sufficient investigation and tracing
methods.
The final report of the African preparatory meeting held in Addis Ababa, March 200457 did not
include any important remarks on cyber crime prevention and only made mention of the titles of
the workshops due to be held including the workshop on computer-related crimes.
The report of the Asia region and pacific preparatory meeting held in Bangkok in March 200458
included positive remarks which are largely similar to those issued by the West Asia meeting.
3.2 The solution should be international

When addressing an international phenomenon, such as cyber crime, the solution must be
international. When it comes to the substantive and procedural laws, which raises the question
of the application of different legal systems, the international solution is more than a must59 es-
pecially with the complications of classical norms of international co-operation in this connection
such as extradition 60.
A major convention on cyber crime is the convention of the Council of Europe61. It is a very good
piece of work but it is not what may be a truly “international convention”. None of the developing
countries was involved. Many technical problems were neglected. Many criticisms were raised,
especially concerning human rights62. If the Council of Europe seeks to expand this convention
they have to take into mind these criticisms.
An international solution may be achieved by different ways; for example, by unifying the substan-
tive or procedures rules and establishing standards for cooperation between countries. We
should seek to establish a global legal system that can govern cyber crime with unified, similar,
or harmonized rules.
This international work must cover points such as mutual legal assistance, establishing centers
working around the clock all days of the week in each state to co-operate in any investigation as
may be required by another state including, of course, extradition.
Such international cooperation may give birth to an international organization responsible for
57 See the final report of the African preparatory meeting, A/CONF.203/RPM. 3/L.2.
58 See the final report of Asia and the Pacific preparatory meeting A/CONF.203/RPM.1/1.
59 For more about the international solution see Yaman Akdaniz, Clive Walker and David Wall (eds.), The Internet, Law and
Society, Longman Pearson Education, 2000, P. 12.
60 See Marc D Goodman & Suzan W Brenner, The Emerging Consensus On Criminal Conduct In Cyberspace, INTERN -
TIONAL JOURNAL OF LAW AND IT, 2002.10(139)
61 See http://www.coe.int/DefaultEN.asp (last visited 10/07/04) the convention was done at Budapest, on the 23rd of
November 2001, see also the Explanatory Report adopted on 8 November 2001.
62 See for example Indira Carr. & Katherine S. Williams, CYBER-CRIME AND THE COUNCIL OF EUROPE: REFLECTIONS ON
A DRAFT CONVENTION, International Trade Law & Regulation, 2001, 7(4), 93-96.
28
governing and regulating the cyber crime globally.
3.2 (a) Model laws and guidelines

Several international and supranational organizations have recognized the inherently trans-bor-
der nature of the cyber crime; namely, the fact that it crosses the border of the state. They also
recognized the limitations of unilateral approaches in addressing this crime, and the need for
international harmonization of legal, technical, and other solutions.
This is a very good starting point. Thus, international work may be based on the work done by
international organizations such as The Organization for Economic Co-operation and Develop-
ment (OECD)63, the European Union64’65, the Interpol, and the G8 group66. These model laws or
guidelines are a great step since they usually result from consensus between several countries
through long negotiations. Perhaps, we should also be cautious towards the private organiza-
tions’ efforts as they reflect the interests of different lobbying groups67.
3.2 (b) Successful examples

Some commentators may argue against the idea of developing unified substantive rules be-
cause of the great practical difficulties that stand in the way of reaching an international conven-
tion. However, this ignores the mere fact that this has happened many times. Take the example
of the World Trade Organization with 147 members68 and a successful dispute settlement
mechanism. There are also the Convention on the Recognition and Enforcement of Foreign
Arbitral Awards (New York 1958) (the “New York” Convention) with 162 member states69; the
United Nations Convention on Contracts for the International Sale of Goods (CISG) 1980 with
72 member states70, and the successful Bern convention 1886 with 155 member states71.
These and many similar organizations and conventions make a case against the argument that
difficulties hinder developing harmonized rules. They prove that harmonization is possible and
its results are superb.
63 See in general www.oecd.org (last visited 10/06/2004)

64 See http://europa.eu.int/index_en.htm (last visited 13/07/04)
65 See COMMISSION PROPOSES TO COMBAT CYBERCRIME, Sweet and Maxwell Limited and Contributors, EU Focus, 2002,
99, 11-13.
66 See http://g8.market2000.ca/about_g8.asp (last visited 13/07/04)
67 Toshiyuki Kono and others, Selected Legal Issues of E-Commerce, Kluwer Law International, 2002, p.21.
68 See http://www.wto.org/english/thewto_e/thewto_e.htm(last visited 10/06/2004)
69 See http://www.kluwerarbitration.com/arbitration/arb/home/cstates/default.asp?ipn=cstates;legis:nyc (last visited
10/06/2004)
70 See http://www.cisg.law.pace.edu/cisg/countries/cntries.html (last visited 10/06/2004)
71 See http://www.wipo.int/treaties/en/documents/word/e-berne.doc(last visited 10/06/2004)
29
3.2 (c) Civil and common law; the gap between the legend and the reality72!
Another argument against the unified substantive rules is centered on the differences between
the civil and common law systems. Some scholars in each system are fond of making the other
system look very “far-away” and complicated. Many literatures in the countries of both systems
underline the “wide” gap between the two systems.
As a matter of fact and logic, this is untrue. We should not forget that a judicial system is pri-
marily established to achieve justice. At the same time, the interaction between different cul-
tures (including the concepts of law) continues. This normally creates norms and principles for
the law, which are not completely equal (thanks to the different cultures and environments) but
are similar in many aspects. Thus, the main concepts and aspects of both systems are more
alike than some commentators claim. It is only the way in which these concepts are applied and
adopted that makes the difference. In criminal law, may be it is easier to overcome differences.
The differences usually stem from the methods of application which usually depend on several
elements such as culture, traditions, habits and life styles.
For example, common law scholars believe that in civil law countries the court decisions are
not given due weight, particularly, those of the lower courts. But, this opinion is incorrect. The
decisions of the cassation court in France and in Egypt, for example, are highly respected by the
judges and the lawyers. These decisions are collected in a book published yearly and the prin-
ciples made by the judges are strictly adopted by all the players in the legal field. For example, a
court decision inconsistent with a principle made by the cassation court will most probably be
cancelled in the appeal court, unless of course it has a great justification which may convince
the cassation court to change its principle.
The claimed gap between the two legal systems is not a big problem so far as there is the inten-
tion to arrive at a harmonized agreement.
4. Conclusion
1- Computers play a very important role in our life and this importance will increase. There is
an urgent need to safeguard the integrity, confidentiality, availability, reliability and security
of computer systems and networks.
72 In the world of law, there are two main legal systems which are the source for most - if not all - the national legal systems.
These are the common law system and the civil law system. The leader and the creator of the common law system is the
United Kingdom, it was followed by many of its ex-colony and other Anglo-effected countries such as the United States of
America, Australia and Malaysia. The civil law system finds its routs in the famous Napoleon French code, so France is a
very significant country in this concern, in addition to it many other countries adopted the civil law system either in Europe
such as Italy or in Africa such as Egypt and many others.
In this concern Egypt is a civil law country; the Egyptian laws are affected greatly from the French law. Most of the Egyptian
codes were drafted in the light of the French ones. Most of the scholars and legislators had done their post graduate
studies in France. Given also that Egypt is an effective member of the “Francophone” .In Egypt’s laws there are also some
principles or ideas taken from Sharia. The government is always keen to observe that in any law drafting there is no con-
travention with the principles of Islam. Generally speaking Egypt is a model for a civil law legal system either from the side
of legislations or from the side of the judicial system.
30
2- Therefore, there is a need to regulate the cyber activity – and all the other related areas
such as Internet and e-commerce – comprehensively, especially as protection is the main
function of any law.
3- The criminal law should be updated so that it can accommodate the particular nature of
the cyber crime. This updating may be done by amending certain articles on conventional
crimes committed via new methods, abolishing others which are inadequate, or even by
creating new rules to address completely new issues.
4- Punishment, being imprisonment or fine, imposed against the perpetrator should be recon-
sidered. An accomplice should receive the same punishment the perpetrator of the crime
receives.
5- For the law to be successfully updated, it should be amended so that it also provides for civil
remedies in the case of cyber crimes.
6- Training is extremely important, not only for law enforcement officers and prosecutors but
also for judges and legislators.
7- The international nature of cyber crime calls for the need for unified rules governing inter-
national co-operation in the procedural and substantive matters. This cooperation may be
conducive to establishing a global legal system for responding to the cyber crime and, thus,
creating an international organization to combat this type of crimes.
31
Crimes related to the Gratifying Desire to Use the Computer
Mr. Khaled Muhieddine Ahmad
In light of globalization and the widespread use of machinery, it has become inevitable to avoid
the technological advances which have managed to sweep all forms of life; particularly advance-
ments in the computer and internet which have become the most important elements of mod-
ernization. These developments have allowed for the emergence of different and novel forms of
crimes on the legal and legislative arenas, in addition to new measures to combat these crimes,
which necessitates the increase in awareness of existing law enforcement officials in order to
combat these new crimes that have been invading societies.
The pornography industry and the scandalous pictures of children on the Internet are consid-
ered one of the most chief forms of internet crime/cyber crime that have come to the attention
of all law enforcement agencies. The main problem behind these crimes is that while they are
usually committed in countries far away from us, still they are transmitted through electronic
media to the various parts of the world. In order to reach the causes behind this phenomenon, it
is essential to define the legal concept of child pornography which is to offer anything (pictures,
film, fees, or any product using the computer) in any means, revealing sexual organs of children,
or children committing acts of sexual conduct, whether as true and realistic or imaginary.
It is clear from this definition that for the completion of these crimes, it is necessary that cer-
tain basic pillars are present, which can be summarized as follows: the subject, a minor (male
of female) that has not yet attained the age of 18 years, ought to be the involved in the visual
or audible display of pornography which includes a description and presentation of the sexual
organs of a child, or a of sexual act being committed by the child himself. Under these circum-
stances the crime is considered complete, irrespective of whether the presentation is real or
acted out, as long as the purpose behind the presentation is to publish or distribute the material
for profit.
As for the legally sinful acts, they can be summarized as follows:

1. The production of child pornographic and obscene materials with the intention to distrib-
ute it though the web.
2. Facilitate the presentation of pornographic material to others using a computer.
3. Distribution or transportation of child pornography using a computer.
4. The purchase of this pornographic material for oneself or others.
5. Possession of child pornography on a computer or its storage on a personal database.
The spread of this industry is limited to a number of states, while its trade is booming in all parts
of the world. However this does not deny that there are many countries that prevent child por-
32
nography sites. Heading the list is the Kingdom of Saudi Arabia, followed by Iran, Syria, Egypt,
Bahrain and United Arab Emirates, Kuwait and Indonesia, Malaysia and finally Singapore.
As for the production of pornography, the United States ranks the first among the most produc-
tive countries, as statistics indicate that about 28% of those industries are in the United States
of America. As for the display of pornographic material on the Internet, numerous international
statistics centers such as the British Internet Watchdog, assert that 51% of sites that offer
these pornographic images are administered by the United States, and 21% of the sites are
managed from Russia, while Japan ranks third with 5%.
Relationship between child pornography and human trafficking:

It is also necessary to note that global statistics indicate that about 53% of the children involved
in the pornography industry are already victims of child trafficking within and outside states.
South-East Asia is considered the main supplier of children participating in the pornography
industry.
It should also be noted that most countries incriminate - in one way or another – human traffick-
ing, however a few countries link the phenomena of child trafficking with the child pornographic
industry, despite the fact that international standards link between the two phenomena. How-
ever the enforcement mechanisms are still powerless in the face of increasing demand for
manufacturing child pornography.
Legislative protection at the national level:

Until now, legislative protection against pornographic crimes is unable prevent it from occur-
ring, as only 79 countries have laws against child pornography, whose strength and effective-
ness vary from one country to another, while there is no legislation to combat child pornography
in 95 countries. More seriously, 138 countries do not criminalize the possessing of child por-
nography, while 122 countries do not criminalize the manufacturing of child pornography.
The American model of protection:

Although the United States ranks first among countries in manufacturing child pornography
and the number of sites that offer pornography, the United States legislator remains the most
effective in issuing control mechanisms. It is also worthy to note that the First Amendment of
the Constitution did not include the protection of the production and distribution of child por-
nography to persons other than those relating to adults. In the same vein, there is a package of
federal laws of which the most important is law No. 18 USC § 2256, which provided a compre-
hensive definition of the crime and all forms and activities under the relevant law. The criminal-
ization of this law included the following acts: incitement, assistance or participation, production
and distribution, and the listing of penalties against those who commit any of these acts.
33
As for the international standards for controlling child pornography, they can be listed as:
1. The ILO Convention on the prevention of the worst forms of child labor for the year (1999).
2. The Optional Protocol to the Convention on the Rights of the Child on the sale of children,
child prostitution and child pornography (2000).
3. Council of Europe Convention on Cybercrime.
4. Council of the European Union’s decision No. 68 of the year 2004 on the fight against chil-
dren’s exposure to pornography and the sexual corruption of children.
As for child pornography and pornography in the Arab world, the Arab region is not considered
an exporting region, and production is regarded an individual behavior which is very low, while
the proportion of consumption is very high, and actually is one of the highest on the international
level and therefore the proportion of the distribution, circulation and acquisitions is very high,
reflecting the urgent need to discuss the necessity for research on such crimes, and the devel-
opment of more effective control mechanisms.
34
Specific Crimes: Offences Related to Child Pornography and Those Related to
Infringements of Copyright and Related Rights: Definition and Forms
Ms. Christina Schulman
1- Introduction
Making use of the unlimited possibilities for exchange and dissemination of the information of-
fered by Internet, both these types of crimes - infringements of copyright and related rights and
child pornography – can be much easier committed.
The advantages of using Internet to produce, distribute or access such materials are obvious
since they can be made available for many users all over the world and at low costs.
Child pornography harms the children used to produce such materials and it makes those
children victims every time when the images are viewed. In this way all children are shown as
objects for sexual exploitation. Thus criminalizing the unlawful production, dissemination and
possession of child pornography through computer systems is an urge.
Another significant area concerning the illegal activities committed by using computer systems
are infringements of intellectual property, which are among the most commonly committed of-
fences on the Internet. Reproduction and dissemination of protected works through Internet,
without the approval of the copyright holder, is extremely frequent.
2- Council of Europe Convention on Cybercrime (ETS 185)

The efforts of the international community to respond to these challenges have been material-
ized by adopting in 2001 the Convention on Cybercrime. The treaty has been developed by the
Council of Europe in cooperation with Canada, Japan, South Africa and the United States of
America and it was opened for signature in Budapest in 23.11.2001 and entered into force on
1.07.2004.
The Convention is open to any country around the world that may seek accession. Being a
valuable instrument many countries, including Romania, have used the Convention in drafting
their national legislations on cybercrime. Currently, it is the only international treaty that defines
computer offences, contains specific procedural law and international cooperation provisions,
aiming principally at:
 Harmonizing the domestic criminal substantive law elements of offences and connected
provisions in the area of cybercrime;
 Providing for domestic criminal procedural law powers necessary for the investigation
and prosecution of such offences as well as other offences committed by means of a
computer system;
 Setting up a fast and effective framework for international cooperation.
35
The Convention covers a broad range of criminal offences, namely: Title 1 - Offences against the
confidentiality, integrity and availability of computer data and systems, which requires criminal-
ization of illegal access, illegal interception, data interference, system interference and misuse
of devices; Title 2 covers computer-related offences (computer-related forgery and computer-
related fraud); Title 3 criminalizes content-related offences (offences related to child pornogra-
phy) and Title 4 offences related to infringements of copyright and related rights.
First Topic: Child Pornography
The attempt to criminalize child pornography has been seen in some opinions as a pretext for
introducing rules to control global networks and an intrusion into the private life of Internet us-
ers or an infringement of the freedom of expression.
Despite such opinions it has been generally accepted that the protection of children cannot
represent a control and it is important to create a security online environment for them. In such
cases the legal interest to protect children takes priority to the interest to protect freedom of
expression
International organizations, states, governments, NGO-s have been deeply concerned about this
issue and the efforts to fight against child pornography have been materialized in some impor-
tant international documents:
- The International Labour Organization’s Convention Concerning the Prohibition and

Immediate Action for the Elimination of the Worst Forms of Child Labour (1999)
- The United Nations’ Optional Protocol to the Convention on the Rights of the Child on
the sale of children, child prostitution, and child pornography (2000)
- The Council of Europe Convention on Cybercrime (2001)
- The Council of EU Framework Decision 2004/68 of 22 December 2003 on com-
bating the sexual exploitation of children and child pornography.
There is no doubt that child pornography is a serious threat that harms children while children
should be always protected. This threat has been in last year’s an issue of great concern to
international community considering that production and distributing of child pornography using
computer systems is one of the most dangerous modus operandi.
Using the Internet production, storage, transmission and retrieval of information can flow with
an unprecedented speed and low visibility. It is therefore very important that states to provide
adequate legislation, which criminalizes child pornography in all its manifestations.
Many countries do not have adequate legislation on child pornography and this will prevent
those countries not only to efficiently fight against this phenomenon at national level but also to
cooperate at international level in an investigation of a child pornography case.
3- Definition
The efforts to define child pornography has raised controversial opinions on aspects like con-
sent, perception and reality, the relevance of context, the importance of differing moral, reli-
gious, social economic and cultural factors and often it was invoked the principle of freedom of
36
expression.
Although sometimes the definitions of child pornography may seem similar there are differ-
ences in understandings and also it has many implications for law enforcement. For example,
in many countries, legal definitions of pornography refer to definitions of obscenity that identify
a wide range of different images, only some of which may be illegal. This limits the response of
law enforcement.
Similarly, in some countries it is assumed that there is no legal basis for the police to take action
against the abusers and exploiters of a child if that child has reached the legal age of consent,
which may be below 18.
It is very difficult to agree on a universally accepted definition of what child pornography is, but
what is important at the end is to criminalize all the manifestations of child pornography and
provide adequate sanctions. This is the way that countries can achieve a common foundation in
order to obtain the dual criminality basis for mutual assistance in criminal matters.
3.1. Child pornography under Article 9 of the Convention of Cybercrime73

Article 9 of the Convention seeks to strengthen protective measures for children, including
their protection against sexual exploitation covering unlawful production or distribution of child
pornography by use of computer systems.
Most of the national legislations contain provisions that criminalize the offence of child pornog-
raphy when is committed by traditional means. Because the Internet offers unlimited opportuni-
ties for trading such material, it was strongly felt that specific provisions in an international legal
instrument were essential to combat this new form of sexual exploitation and endangerment of
children. It is widely believed that such material and on-line practices, such as the exchange of
ideas, fantasies and advice among paedophiles, play a role in supporting, encouraging or facili-
tating sexual offences against children (Exp. Report, 93).
According to the Convention each party should establish as a criminal offence: producing for the
purpose of distribution, offering or making available, distributing or transmitting, procuring for
oneself or for another person child pornography through a computer system; possessing in a
computer system or on a computer-data storage medium of child pornography.
Under Convention it is also required to be defined the terms “child pornography’’ and ‘’minor’’.
The term “child pornography” includes pornographic material that visually depicts:
a. a minor engaged in sexually explicit conduct;
b. a person appearing to be a minor engaged in sexually explicit conduct;
c. realistic images representing a minor engaged in sexually explicit conduct.
The term “minor” refers to persons less than 18 years of age. A Party may require a lower age-
limit, which shall be not less than 16 years.
73 See also the new Convention on the Sexual Exploitation and Abuse of Children (ETS 201) of the Council of Europe (opened
for signature in October 2007) which introduces additional concepts and definitions.
37
3.2. Legislation on child pornography in Romania
Before ratifying the Convention child pornography was already incriminated in Romania by two
other laws, namely, Law no. 678/2001 to prevent and combat trafficking in persons and Law
no. 196/2003 on prevention and combating pornography or some provisions from the Crimi-
nal Code.
Law 678/2001 for prevention and combating of trafficking human beings, for example, estab-
lishes as an offence the acts of: showing, selling or spreading, renting, distributing, manufactur-
ing or keeping with the intent of spreading objects, movies, photos, film slides, emblems or other
visual devices, which show positions or sex acts of pornographic nature, which present or imply
under-aged people younger than 18 years, or importing or transmitting such objects to a car-
rier or distributor for their trading or publishing.
In order to harmonize the Romanian legislation with the provisions of the Convention on cyber-
crime in 2003 it was adopted Law 161. TITLE III of this Law regulates the combating and pre-
vention of cybercrime by implementing specific measures to prevent, discover, and punish the
offences committed through computer systems.
It establishes special offences committed through a computer system:
• production of child pornography for the purpose of distribution,
• offering or making available
• distributing or transmitting
• procuring for oneself or for another person child pornography through a computer sys-
tem or
• possession, without right, child pornography in a computer system or in a computer-
data storage medium.
According to the Law the term “pornographic materials with minors” refer to any material
presenting a minor with an explicit sexual behaviour or an adult person presented as a minor
with an explicit sexual behaviour or images which, although they do not present a real person,
simulates, in a credible way, a minor with an explicit sexual behaviour.
Regarding investigation of these crimes within the Directorate for Combating Organized Crime
and Antidrug of the Romanian Police there is a special unit for cybercrime, which deals with
child pornography on Internet.
Statistics provided by this unit showed that in 2006 there have been investigated 10 cases re-
lated to images distributing or downloading from the Internet and teenagers who made movies
and posted on Internet.
There were no cases of producing child pornography material in Romania. It can be concluded
that fortunately child pornography offences are not very spread in Romania.
38
3- Infringement of Copyright and Related Rights
3.1. Convention on Cybercrime

Infringements of intellectual property rights, in particular of copyright, are among the most com-
monly committed offences on the Internet, which cause concern both to copyright holders and
those who work professionally with computer networks. The reproduction and dissemination
on the Internet of protected works, without the approval of the copyright holder, are extremely
frequent (Exp. Report, 107). Thus the Convention requires Parties in Article 10 to establish as
criminal offences under domestic law the infringement of copyright and related rights taking
into account the obligations provided by the relevant international documents in the area, where
such acts are committed wilfully, on a commercial scale and by means of a computer system.
3.2. Situation in Romania

Offences related to infringements of copyright and related rights are covered in Romania by
Law No. 8/1996 on copyright and related rights (amended several times in order to harmonize
the Romanian legislation with the European Union). It is a very extensive law covering many is-
sues related to IPR.
The law provides among other offences:
- making available to the public including by Internet or other computer networks the
protected work, without the consent of the owner of the copyright or other related
rights so that the public can access them anytime and anywhere individually;
- Unauthorised reproduction of computer software in any of the following ways: install,
storage, running or execution, display or intranet transmission;
- distributing, importing in order to make available to the public so that they can be
accessed anytime and anywhere, especially individually, without right, by digital tech-
nology, the protected works of which the information in electronic form on copyright
or related rights were removed or altered without authorisation (Article 143 para-
graph b).
Infringement of copyright and related right represents a problem for the Romanian authorities,
most of the offences that have been prosecuting in the last years referring to unauthorized
reproduction on computer systems of computer games, which are rented in internet café, as
well as counterfeiting of CDs and DVDs with music and movies (sometimes downloaded from
Internet).
Statistics74 showed that during 2005, the Romanian Police dealt with a total 3.326 frauds in
the Intellectual Property Rights area of which:
• 501 offences under the Law no.84/1998 (30.13%);
• 158 offences incriminated by the Law no. 11/1991 regarding the unfair competition
(92.69%);
• 1978 offences under the Law no.8/1996 regarding the copyright;
74 Statistics provided by the competent department of the Prosecutor Office of the High Court of Cassation and Justice
39
• 44 offences under the Law no.504/2002-Audiovisual Law (29.41 %);
• 309 offences regarding the fraud related to the quality of goods (26.12%);
• 336 other offences.
Most of the offences refer to unauthorized reproduction on computer systems of computer
games, which are rented in internet café as well as counterfeiting of CDs and DVDs with music
and movies some of them downloading from Internet.
Some examples of case investigated:
P.M.R. from Bucharest produced for commercial purposes and offered for sale pirated goods.
He sold them on a web page.
- items seized: 13 049 DVDs and CDs and 5 computers used for writing the DVDs and
CDs.
S.A.L. from Timisoara produced and offered for sale video grams and pirated computer pro-
grams.
- items seized: 5532 CDs and DVDs (containing movies, music and computer pro-
grams), 8 hard-disks, 6 CD writers, 2 catalogues produces for advertising the CDs,
136 stickers containing the titles of the movies/music, 2250 blank CDs and 1700
blank DVDs.
D.C. from Iasi offered for sale or rent pirated products through public announcements, using a
web page.
- Following the domicile search, the police seized two computers (including CD and DVD
writers) used for piracy, as well as over 5000 CDs and DVDs used as sources for the
pirated copies
Committing such crimes in Romania has been increasing. However, accurate statistics are not
available and therefore a PHARE Program 2005/017-553.03.05 with Danish partners aims
at strengthening the capacity building of Romania for protecting IPR having also the objective to
create a database for Public Ministry, Ministry of Justice, Romanian Police and other institutions.
Special measures have been required in order to give a better protection of intellectual prop-
erty.
In June 2005, based on the agreement of the institutions involved, “The Action Plan on urgent
measures with a view to improve the enforcement in the area of IPR (2005-2007)”, which fo-
cuses on:
- improving the activity of the Romanian institutions with prerogatives in the area of IPR;
- achieving an efficient cooperation between the public institutions and the organizations
with specific prerogatives in the field of IPR;
- improving the legal framework in the area of IPR;
- organizing seminars and professional training courses
It should be noted that in 2006 in Bucharest it was organized the Eastern Europe and Central
Asia Regional Congress on Combating Counterfeiting and Piracy - 11-12 July 2006. On this
40
occasion it was adopted “The Bucharest Declaration”, which provided the establishment of a
National IP Strategy, with the assistance of World Intellectual Property Organization, and the
undertaking of a comprehensive Action Plan.
The purpose is to ensure that Romanian intellectual property infrastructure and enforcement
capacity are compatible with the mechanisms of the European Union and also to establish a
“Working Group” to identify IP concerns, trends and future actions.
The improved effectiveness of government agencies as demonstrated by the increased number
of seizures of counterfeit and pirated goods and enhanced efficiency in investigating, prosecut-
ing and judging IP cases.
As a result the Romania Monitoring Report from May 2006 reflected:

- the new legislation that allows ex-officio investigation and prosecution of IPR crimes
through a specialised department in the Prosecutor’s Office of the High Court of Cassa-
tion and Justice;
- the role of the Prosecutor’s Office as central coordinating body has been strengthened;
- a specialized department within the Prosecutor’s Office was created that monitors the
complex causes investigated by the prosecutor’s offices and by the Police;
- exchanging information, coordinating and cooperating between all institutions and law
enforcement authorities have been improved;
- strong efforts have been made in order to improve communication between the institu-
tions and it was concluded a Protocol on cooperation between the institutions respon-
sible.
The conclusion of the Monitoring Report: The Significant progress has been made in the area
of protection of intellectual and industrial property rights.
4- Conclusion
Considering the international dimension of cybercrime it can be concluded that it is not possible
to succeed in this fight by a country alone but only by cooperating internationally. But we know
that cooperation depends on countries’ legal systems and harmonization between different
national legislations. Therefore, states must provide an adequate legislative framework that
addresses child pornography in all its manifestations and through all the means by which these
offences can be committed and as well as infringements of copyright.
In order to combat these types of crimes as well as other forms of cybercrime it is essential
for all countries to create the adequate legal framework, both nationally and internationally, ca-
pable of providing the legislative and investigative tools for fighting cybercrime while taking into
account its complexity.
Using the Council of Europe Convention on Cybercrime in the process of drafting national leg-
islations can help achieve a minimum of international harmonisation and establish an efficient
framework for fighting cybercrime.
41
Session 2
Relevant Legislation on Cybercrime

Legislative Confrontation of cybercrimes in light of International and National Legislation
Ms. Sina’ Abdullah Mohsen
Introduction
Crimes in communities are considered an integral part of deviant human behavior, regardless
of the individual’s degree of culture and economic and scientific maturity. In this regard, each
state strives to set limits to reduce the crime rates. However, statistics indicate that crime
rates have in fact increased, especially in the wake of the technological progress which has
been occurring worldwide. The technological outbreak led to the emergence of new crimes that
differed from traditional ones in terms of their parties, location, topics and methods of perpe-
tration. Different names were given to them, such as new crimes, electronic crimes, IT crimes,
advanced technology crimes, internet crimes and clean crimes, etc…
Regardless of their different names, these crimes are regarded as resulting from the modern
technology, where the computer lies at the basis of its emergence.
Internet crimes have been defined as those transnational crimes, which are committed on the
internet or via the internet by someone who is well acquainted with it75.
The emergence of the first internet crime dates back to 1988. The first crime was the viral at-
tack, known as Morism worm 1988.
The Internet is utilized to commit all types of electronic crimes, such as the theft of credit
cards for online purchasing, theft of passwords for accessing websites and sending emails,
obstructing them, and causing dysfunction; or obtaining security, military, political, economic
and commercial data, plant destructive viruses, sneaking into personal secrets and disseminat-
ing pornographic material, whether filmed or recorded material, which tamper with the moral
values of a society76.
Internet crimes are divided into two parts:
First, when the internet network is the target of the crime, or what is known as the IT crime on
the internet, such as attacking the net with viruses, or damage the network or the operation
system and render the devices non-operational, or invade or jam or booby-trap the net.
Second, when the internet network is the means used to commit the crime, or what is known as
the non-information crimes on the internet. Such crimes include the following:
1- Crimes against people; they include ethical crimes, such as defaming, insulting and
slandering others via the internet, the sexual exploitation of children, and the assault
on a person’s private life.
2- Money crimes; they include theft, swindling, money laundering, drug promoting, e-
commerce crimes, the most important of which are crimes of theft, swindling and
fraud via the internet.
75 Nabila Hiba Herwal- Procedural aspects of internet crimes in the phase of gathering evidence, comparative study- Dar
al-Fikr al-Jami’, p. 30
76 Arab encyclopedia for computer and internet: Http://www.c4arab.com/showac.php?acid
45
3- Infringement of intellectual property, such as the assault of copyrights and computer
software, as well as assault on patents of invention.
4- Phenomenon of e-terrorism77.
Internet crimes or electronic crimes differ from traditional crimes in terms of their parties. A
perpetrator of an internet crime enjoys high-tech skills, as he enjoys a great experience in com-
puter and internet. This is why most perpetrators of such crimes are experts in computer.
In this regard, researchers categorized the electronic crime perpetrates into three groups:
1- Young individuals working in computer centers, and who experiment with the IT world
as something novel to them. These do not necessarily have the intention to commit the
crime, but do so to satisfy their urge to achieve technical victories. They represent the
majority.
2- Individuals working in computer centers at companies and ministries. Their acts begin
as a hobby however it turns into a profession where they commit illegal acts against the
institutions they work at.
3- The malignant hacker, who is considered the most distinguished and dangerous internet
criminal.
With regard to identifying the victim of these crimes, he/she might be a natural or corporate
individual. The tools employed are of high-technology, and the location of perpetration is flexible
since it does not require that the perpetrator move to that location himself since the crime is
committed using communication networks between the perpetrator and the crime scene.
In addition, electronic crimes are considered ‘clean crimes’ as it is difficult to discover any evi-
dence left behind; there are no traces of any violence or blood, only figures and data that are
altered or deleted from records and saved in the computer’s memory. Hence they do not have
any physical external trace78. This is because its perpetrator enjoys excellent savoire-faire in
internet, which facilitates the hiding of the crime’s marks and getting rid of its traces. Hence, it
would be difficult to investigate into them and track down their perpetrators. This is in addition
to the fact that these crimes rely on the smartness, skills and deception when perpetrated.
It goes without saying that the phenomenon of electronic crimes, as a phenomenon resulting
from technological progress in general and computer technology in particular, needs a law to
regulate it in order to create harmonization between the society and the normal regulation of
that phenomenon that has emerged in reality79.
In this paper, we will tackle the legislative confrontation of this aggravating risk in society as fol-
lows:
First: international legislative confrontation of cyber crimes
Second: national legislative confrontation of cyber crimes
77 Nabila Hiba Herwal, same previous reference, p.57, 62-63.

78 Mohammed Ali al-Aryan- IT crimes- Dar al-Jamia’ al-Jadida for printing and publication, p.53-63.
79 Dr. Omar Mohammed Abu Bakr Bin Younes- Crimes resulting from use of internet (substantive provisions and proc -
dural aspects)- Dar al-Nahda, p.85.
46
First: International Legislative Confrontation of Cyber Crimes
Technologically advanced countries rushed to promulgate special laws to confront such type of
crimes, such as:
• IT law or computer and internet law (Cyber law) which had an impact on the divisions of
other laws. It included some of the penal legal rules about the misuse of modern tech-
nological systems.
• The Privacy or the Right to Privacy Law in the field of protection of rights and freedoms
to safeguard personal data and secrets, such as the health condition of an individual,
hobbies, and credit cards in light of the comprehensive communication environment, and
this in its moral character and not the physical one. Constitutions of countries across
the world guaranteed the individual the legal protection. That protection did not come
unless after expecting that such information could be breached.
• E-commerce law. This law has to do with electronic banking transactions since banks are
the first to be affected by modern technology. Thus, it is normal that they resort to using
modern technology in dealing with others. The banks’ use of computer and networks of
information transfer, credit card applications and the comprehensive banking service
via the internet deemed it necessary that a legislative regulation be found to guarantee
the exchange of banking data and documents electronically, etc…Thus, these laws ap-
peared on the Arab and international levels80 and included laws such as the electronic
transactions law in Jordan, Dubai, Tunisia, Bahrain. Also in Yemen, Law No.40 of 2006
was promulgated, which will be discussed later.
In addition, international efforts are being deployed to combat internet crimes, the most
important include:
1- The First International Human Rights Conference on the Impact of Technological
Progress on Human Rights (Tehran Conference in 1968). The UN General Assem-
bly adopted its recommendations. The right to privacy was acknowledged, and so
was the individual’s right to live alone and not to have his secrets disclosed. Some
countries in the world in Europe, Asia, America and Japan enacted their legislations
in the field of protection of privacy from assault. These legislations obliged the inter-
net sites concerned with gathering of information to register their purposes and
subject their operations to the monitoring of the privacy commissioner in the state,
in his capacity as the judicial authority concerned with the protection of individuals
from any assault against them.
Such protection practices have found n place in Arab legislations. There are a couple
of sub-texts in different laws, such as the protection of civil status records in the Civil
Status Law, and the protection of social security data which should not be used for
other purposes in the Social Security Law. Such texts cannot be viewed as special
legislations that protect the right of privacy. They are merely simple applications of
this right. They should be enacted in special legislations that are in harmony with
80 Http://www.ammanet//look/artide.tpl?/dlange=181dpuplication=3oonrarticle=1759&NrISSUe=5&Nrsection=1&
search.x=17&search.y=13
47
these.
2- The UNCITRAL Model Law on Electronic Commerce, which was adopted by the UN
Commission in 1996, is considered one of the most essential international efforts
aimed at combating internet crimes in e-commerce. The commission drafted it as a
model law, based on its mandate to enhance the coordination and standardization
of the International Trade Law. It is aimed at eliminating any unnecessary obstacles
hindering international trade and which might be the result of gaps and differences
in the law on trade exchange. Basically, drafting this law came as a response to the
main change in the means through which the communication is carried out between
parties using computer technology in their work or other modern technologies.
The purpose behind it was that it would serve as a model to be followed by countries in
terms of the assessment and the updating of some aspects of their laws and practices
in trade relations. It also aimed at assisting all countries in improving their legislation
and realizing the disadvantages resulting from the shortage in legislations on the na-
tional levels. Moreover, it has provided national legislators with a group of internationally-
accepted rules in this regard81.
3- The Model Law on Electronic Signatures in 2001 as a new legal instrument, derived
from the UNCITRAL Model Law on Electronic Commerce, where it is in total consis-
tence with it and in details82.
4- The European Convention which resembled an invitation to the countries of the world
to interact with internet. This convention was the result of many attempts since the
19080’s, until they concretized on 23/11/2001 in Budapest. It was signed by 30
European countries, including the four non-Member countries in the European Coun-
cil which participated in drafting this agreement: Canada, Japan, South Africa and
USA.
This convention included the following parts:
1- Use of terms
2- Measures to be taken in the national legislation domain
3- International cooperation
4- Final provisions on adhering to the Convention
The convention identified the crimes which should be included in the national legislations of
Member States as follows:
1- Crimes related to the security of networks (illegal access and monitoring, abuse of trust
in data or abuse of system).
2- IT crimes, as is the case with computer forgery and computer fraud, etc..
3- Ethical crimes, such as producing or broadcasting or possessing materials related to
child pornography.
4- Crimes of infringement of literary and intellectual property rights, such as the copying of
81 Model Law on Electronic Commerce with the guide of its legislation, 1996- UN- New York- paragraphs (128-150), p.59.
82 UNCITRAL Model Law on Electronic Signatures- 2001- p.39
48
protected compilations.
5- Criminal liability of legal persons.
The convention also observed the criminal procedures, especially during the investigations
and judicial follow-up phase, such as reservation of evidence, inspection, seizure, etc…
This convention had a directive character for the steps that should be taken on the national
legislation level in every country with respect to the substantive and procedural provisions
as mentioned above.
The convention obliged the Member Countries to respect human rights and fundamental
freedoms stipulated in international conventions as well as national legislations and to com-
mit not to breach them.
Other countries which are non-Members in the convention may seek the assistance of this
convention when drafting national legislations since it is considered as a historic source in
combating internet crimes83.
Second: National Legislative Confrontation of Cyber Crimes

With respect to the national penal legislations in the Republic of Yemen on cyber crimes, it is
doubtless to say that the Yemeni Criminal Law is rooted in combating crime in terms of assault
on funds, such as theft, fraud, blackmail, breach of trust, and forgery in the following articles
210, 310, 313, 318 of Law No.12 of 1994 on Crimes and Sanctions.
The Yemeni law also has an experience in dealing with assault on people, such as threats,
infringement on the freedom of correspondence, infringement on private life and threats to
disseminate private secrets. Articles 254, 255, 256 and 257 of the same law deal with these
crimes. It also tackled moral crimes, such as disgrace and scandalous acts, and prostitution in
articles 270, 274 and 279 of the mentioned law.
However, the increasing use of IT in different fields of life, and the emergence of IT and its mul-
tiple applications, and the resulting new techniques in committing the traditional crime such as
embezzlement of money via IT fraud or sending of an email that includes a threat of murder or
the penetration of the IT networks rendered the criminal law suffering from gaps to confront
those crimes84.
This is because the articles of criminal law provided for in the existing laws are traditional texts
which were set to protect physical things against a traditional assault. Therefore, those texts
could not be implemented on the cases of assault against the non-physical components of IT
systems85. Added to that is the special nature of IT crimes, the modernity of the computer and
the IT criminal. Hence, a legislative vacuum has emerged in the field of IT crimes, making it inevi-
table for the legislator to intervene to promulgate national legislations which include legal texts
that guarantee the incrimination of activities resulting from the new technology in light of the
traditional texts which have become inadequate to apply in the field of IT. The legislator also tries
83 Dr. Omar Mohammed Abu Bakr Bin Younes, same previous reference, p.213-214.
84 Nabila Hiba Herwal, same previous reference, p.9.
85 Mohammed Ali Aryan, same previous reference, p.103.
49
to redraft the laws in force so that they can reflect the specificity of these crimes and compre-
hend the aspects of technicality in them.
Therefore, the Yemeni legislator issued Law No.40 of 2006 on 28/12/2006 regarding the
systems of payment and financial and electronic banking transactions in order to combat the
electronic crime which is considered as one of the most significant and serious challenges fac-
ing e-commerce due to the several risks that they incite on each of the party owning the website
and the website users86.
The Yemeni legislator divided this law into nine chapters as follows:
Chapter 1: Nomination and Definitions (Articles 1-2).
Chapter 2: Objectives and Scope of enforceability (Articles 3-6).
Chapter 3: Payment systems (Articles 7-9)
Chapter 4: Consequences of electronic register, contract, message and signature (Articles
10-19), and it is of the most important chapters since it includes the substantive
provisions of electronic transactions.
Chapter 5: Conditions of transferability of electronic instrument (Articles 20-25)
Chapter 6: Procedures of Payment and electronic transfer of funds (Articles 26-31).
Chapter 7: Procedures of Documentation of electronic record and signature (Articles 32-
36).
Chapter 8: Sanctions (Articles 37-41)
Chapter 9: Final provisions (Articles 42-46)87.
The purpose behind this law is to develop the payment systems, facilitate the use of electronic
means in payment, enhance the role of the Yemeni Central Bank in managing and updating the
payment systems, and supervising and monitoring them in order to ensure that the procedures
and rules are functioning well and to encourage their use to promote the operational compe-
tence of the financial and banking system in particular and the economic system in general and
preserve financial and monetary stability. This law applies to the electronic payment systems
and all financial and banking transactions conducted via electronic means, as well as to the data
messages and electronic information, electronic records, electronic signature, codification and
electronic documentation.
The law imposed on banks with ATMs to adapt their status in accordance with the provisions of
the law within two years of its issuance.
The law also empowered the Central Bank to determine the specifications of the ATM and to
specify the number of ATMs for every licensed bank. As per the law, the Central Bank may give
license to any financial institutions that wants to operate an ATM according to the regulations
and conditions that it sets. The Central Bank drafts the payment and collection procedures via
the electronic system to transfer money, and it advises the banks about that. These procedures
86 Http://www.c4arab.com/showac.php?acid.1037
87 Law No.40 of 2006 on systems of payment and financial and banking transactions.
50
have the power of evidence88.
With respect to sanctions, the provisions provided for criminal protection for some aspects
that could be regarded as electronic crime. They are as follows:
- Article 37 of Law No.40 of 2006 on the systems of payment and financial and electronic
banking transactions state: “Without prejudice to any severer sanction stipulated by any
other law enforced, anyone violating the provisions of this law shall be punished with the
sanctions mentioned in this chapter.”
- Article 38 stipulated: “Any person who established or published or provided a certifica-
tion using means of fraud for the purpose of embezzlement or obtain a financial benefit
for himself or others shall be imprisoned for a period not less than 2 years and pay a
fine that is not less than 1 million Riyals. The sums embezzled or obtained or facilitated
for others to get shall be returned.”
It can be noted that the Yemeni legislator combined the imprisonment and the fine: imprison-
ment for not less than 2 years and fine for not less than 1 million Riyals with the returning of the
sums embezzled. With this sanction, the Yemeni legislator would have set a deterring penalty
for the perpetrators of these crimes as he combined these two sanctions (imprisonment and
fine) without authorizing the judge to select one of these two sanctions, based on his discretion-
ary authority as is the case in criminal laws.
Due to the modernity of the Yemeni Law No.40 of 2006 as it was issued late in 2006, until
now, there have been no problems or difficulties which hindered its implementation just like any
other new law.
However, we can say that the abovementioned Yemeni Law, just like other laws in Arab coun-
tries, such as the electronic transactions law No.85 of 2001 in Jordan, the Dubai Law No.2
of 2002, and the Tunisian and Bahraini Law, even if they have ensured legal protection to the
electronic banking means, they still have some shortages, as they have not provided sufficient
protection to the electronic banking means, especially with the increase in theft and robbery of
citizens’ accounts and the forgery and misuse of credit cards.
Moreover, there is no Arab legislation that incriminates all types of cyber crimes, where every
type has its own sanction that is adequate to its riskiness since illegal access to the system is
not similar to the theft of credits from banks via information fraud or to the triggering of dis-
turbance, libel and promotion of ideas via the computer and email and which cause disorder in
society89.
This cannot be achieved except through drafting special laws to confront electronic crimes in
their diverse images and set the sanction that is adequate to their risk. This can be done by
benefiting from the expertise of advanced countries in this field and increasing the level of Arab
cooperation via treaties, conventions and joint seminars. Moreover, judges and public prosecu-
88 http://www.newsyemen.net/showdetails.asp?subno=12007 0512 13213

89 Http://www.ammanet//look/artide.tpl?/dlange=181dpuplication=3oonrarticle=1759&NrISSUe=5&Nrsection=1&
search.x=17&search.y=13
51
tors should undergo training programs on such type of crimes so that this helps them issue
judicial verdicts.
Conclusion
In conclusion, we cannot but say that with the continuous scientific progress, the rate and
types of electronic crimes have been increasing. They constitute a greater threat to society
as their perpetrators always seek to develop their tools, benefiting from the progress in using
technology in diverse fields. Hence, efforts should be deployed to combat those crimes in a way
that curbs them or even eradicate them by looking for the latest developments in electronic
protection and promulgating and implementing legislations which are adequate to electronic
crimes that infringe on the privacy of individuals or on monetary and commercial transfers and
transactions via the internet, or that violate the traditional moral values or intellectual property
rights, etc… Awareness should be raised in the society, especially among the youth, as they con-
stitute the categories that mostly use the computer and the internet. Legislations relevant to
electronic crimes should also be taught at universities in order to get to know the risks of using
the internet and the sanctions imposed as per the laws. Judicial police officers should undergo
training in order to face such crimes when looking for and inspecting them in a way that differs
from what is usually adopted in traditional crimes.
References List
1- Books and publications:
1- Dr. Omar Mohammed Abu Bakr Bin Younes- Crimes resulting from use of internet
(substantive provisions and procedural aspects)- Dar al-Nahda- Cairo.
2- Dr. Abdel-Fattah Bayoumi Hijazi- Advisor in the State Council- Legal Advisor at the
Federal National Council- Adolescents and Internet- Profound Study on the impact of
internet in the delinquency of adolescents- Dar al-Fikr al-Jami’- First edition- 2002.
3- Mohammed Ali al-Aryan- PhD researcher- Faculty of Law- University of Alexandria- IT
crimes- Dar al-Jamia’a al-Jadidah for publishing, 2004.
4- Nabila Herwal- Masters in Law- Procedural Aspects of IT crimes at the phase of
gathering evidence- comparative study- Dar al-Fikr al-Jami’.
2- Studies and Articles on the internet:
- Interview with Lawyer Younes Arab- from Arab Group Foundation for Computer Law
and Security of Private Information- published on March 26, 2005 on: http://www.
ammannet/Look/article.tp
- Article, entitled: Electronic Crimes- By Amr Ahmed Izzat- published on May 16, 2007
on: http://www.c4arab.com
- Study, entitled: Electronic Crimes- By Adel Hamad Abu Ezza, published on May 16,
2007 on: http://www.al-jazirah.com
52
International Standards related to Cybercrime
(Council of Europe)
The Threat of Cybercrime

Societies all over the world rely on information and communication technologies (ICT). The num-
ber of Internet users worldwide increased by four times from 300 million in 1999 to almost
1.2 billion in 2007.
Threats include virus, worms, spyware, bots and other malware compromising the confidential-
ity, integrity and availability of public and private computer systems. This may include attacks
against the critical infrastructure of a country. Malware is used for identity theft in order to
commit credit card, e-commerce and other types of fraud, and ICT are used for a wide range of
other serious offences such as money laundering, trafficking in human beings, child pornogra-
phy, extortion or other forms of organized crime.
Cybercrime is very much transnational crime requiring extensive international cooperation.
The legislative response

In order to meet this challenge, countries need to equip themselves with a comprehensive legal
framework
1. They should criminalise certain conduct in their substantive criminal law. As a minimum this
should include:
 Illegal access to a computer system (“hacking”, circumventing password protection, key-
logging, exploiting software loopholes etc)
 Illegal interception (violating privacy of data communication)
 Data interference (malicious codes, viruses, trojan horses etc)
 System interference (hindering the lawful use of computer systems)
 Misuse of devices (tools to commit cyber-offences)
 Computer-related forgery
 Computer-related fraud
 Child pornography
 Hate speech, xenophobia and racism
 Infringement of copyright and related rights
2. They should give law enforcement and other criminal justice authorities the means to inves-
tigate, prosecute and adjudicate cybercrimes in their criminal procedure law. Among other
things this should allow for the possibility to take immediate action to preserve electronic
evidence. As a minimum this should include specific provisions for:
53
 The expedited preservation of stored computer data
 Expedited preservation and partial disclosure of traffic data
 Production order
 Search and seizure of stored computer data
 Real-time collection of traffic data
 Interception of content data
 Procedural safeguards
3. They should allow for efficient international cooperation, that is, harmonise legislation with
that of other countries, provide for mutual legal assistance and police cooperation and join
international agreements such as the Budapest Convention on Cybercrime of the Council
of Europe.
The Convention on Cybercrime

The Convention on Cybercrime provides a guideline for the development of such legislation.
This treaty has been developed by the Council of Europe (currently 47 member States) in co-
operation with Canada, Japan, South Africa and the United States of America and was opened
for signature in Budapest in 2001. It entered into force in 2004. The Convention is open to
any country from around the world that may seek accession. For example, in February 2007
Costa Rica and Mexico were invited to become a party, and a number of other countries from
different regions of the world are about to seek accession. In September 2007, the Philippines
requested accession to the Convention. Equally important is that many countries are currently
preparing new cybercrime legislation (such as Argentina, Brazil, Colombia, India, Indonesia and
others) using the Convention as a model.
The treaty is structured as follows:
Chapter I: Definitions of a computer system, computer data, service provider, traffic data
Chapter II: Measures to be taken at the national level
- Section 1 - Substantive criminal law, that is, conduct that is to be made a criminal of-
fence
- Section 2 - Procedural law, that is, measures for more effective investigations of cy-
bercrimes. It should be underlined that these procedural measures can be used for
any criminal offence involving a computer system. For example, they can be used in the
case of terrorism, money laundering, trafficking in human beings, corruption or other
serious crimes where ICT are involved
- Section 3 – Jurisdiction
Chapter III: International cooperation
- Section 1 - General principles of cooperation, that is, general principles on international
cooperation, principles related to extradition, principles related to mutual legal assis-
tance, spontaneous information, mutual legal assistance in the absence of applicable
54
international instruments, and confidentiality and limitation on use
- Section 2 - Specific provisions for more effective cooperation. These permit parties to
the Convention to apply procedural tools also internationally. This Section also provides
for the creation of a network of contact points which are available on a 24/7 basis to
facilitate rapid cooperation
Chapter IV: Final provisions. This chapter is of particular interest to non-European countries as
it provides for the accession of non-member States to the Convention.
The Convention on Cybercrime thus is not only a guideline for the development of national legis-
lation but provides a framework for international cooperation:
 It helps ensure the harmonisation and compatibility of criminal law provisions on cyber-
crime between countries
 It provides tools for the gathering of electronic evidence and tools for the investigation
of cyber laundering, cyber terrorism and other serious crimes. Through the Convention
these tools can also be applied in international cooperation
 Chapter 3 of the Convention provides the legal basis for international law enforcement
and judicial cooperation with other Parties to the Convention
 It requires Parties to establish 24/7 points of contact
 The Convention is open for accession to any country
 Parties to the Convention participate in the Cybercrime Convention Committee (T-CY) and
thus in any future work to further develop the Convention.
Many countries have implemented the Convention in their national law. An example is the legis-
lation of Romania which follows very closely the text of the Convention. The Romanian legislation
is rather complete, easy to understand and at the same time effective.90
The Implementation of the Council of Europe Convention on cybercrime in Romania

Romania signed the Convention on Cybercrime on 23.11.2001 and ratified the Convention on
12 May 2004 by Law 64/2004.
In order to harmonize the national legislation with the provisions of the Convention on cyber-
crime it was adopted the Law no. 161/2003. TITLE III of this Law regulates the combating and
prevention of cybercrime by implementing specific measures to prevent, discover, and punish
the offences committed through computer systems.
According to the Romanian Law on cybercrime there are three categories of criminal of-
fences:
1. Offences against the confidentiality and integrity of computer data and systems:
90 See the country profiles of Romania and other countries at www.coe.int/cybercrime.
55
1.1 illegal access to a computer system (article 42); Romanian Law also criminalizes as
offences the illegal access committed with the intent of obtaining computer data and
by infringing the security measures.
1.2 illegal interception of a transmission of computer data (article 43);
1.3 data interference (article 44); it is also sanctioned the unauthorised transfer of data
from a computer or unauthorised data transfer from computer data storage medi-
um.
1.4 system interference (article 45);
1.5 misuse of computer devices or programs (article 46).
2.2. Computer-related offences

2.1 computer-related forgery (article 48);
2.2. computer-related fraud (article 49).
2.3. Child pornography through computer systems (article 51). Child pornography was al-
ready criminalized in the Romanian legislation but Article 51 establishes a new offence stipu-
lating as a mean to commit the offences the computer systems or computer data storage
medium.
Regarding the offences related to infringements of copyright and related rights of which crim-
inalization is required by the article 10 of the Convention, in Romania it was adopted since 1996
the Law no. 8 on copyright and related rights. The act provides by Article 1398, Article 143
paragraph b of this Law are related to computer systems.
The Law on cybercrime includes also some specific procedural law provisions in the Articles
54-59:
 The expeditious preservation of computer data or traffic data where there are grounds to
believe that that the computer data is in danger of destruction or alteration (over a period
of maximum 90 days and can be subsequently renewed, only once, by a period not longer
than 30 days).
 The obligation for any service provider or any other person possessing computer data -
based on the prosecutor’s ordinance or the court decision - to expeditiously preserve them
under confidentiality conditions.
 The obligation for service provider to immediately make available the information necessary
to identify the other service providers when several service providers were involved in the
transmission of that communication in order to know all the elements in the communication
chain used.
 The prosecutor (on the basis of the motivated authorisation of the prosecutor specially as-
signed by the general prosecutor of the office attached to the court of appeal or, as appro-
priate, by the general prosecutor of the office attached to the High Court of Cassation and
Justice) or the court can order seizing of the objects containing computer data, traffic data
56
or data on users, from the person or service provider possessing them.
 Whenever for the purpose of discovering or gathering evidence for the investigation the
competent authority may order to search a computer system or a computer data storage
medium.
 Making copies that would serve as evidence if the competent authority considers that seiz-
ing the objects that contain computer data, traffic data or data on users would severely
affect the activities performed by the persons who possess these objects.
 When, on the occasion of investigating a computer system or a computer data storage me-
dium it is found that the computer data searched for are included in another computer sys-
tem or another computer data storage medium and are accessible from the initial system
or medium, the authorisation to perform the search in order to investigate all the computer
systems or computer data storage medium searched for can be given at once.
 The access to a computer system, as well as the interception or recording of communica-
tions carried out by means of computer systems are performed when useful to find the
truth and the facts or identification of the doers cannot be achieved on the basis of other
evidence.
The relevant provisions of the Criminal Procedure Code on search, procedures on audio or
video recordings, and the prevention measures are applied accordingly.
International cooperation provisions

According to the Law no. 161/2003, the Romanian legal authorities cooperate directly with
the institutions with similar attributions in other states, as well as with the specialised interna-
tional organisations.
The cooperation can have as scope:

 international legal assistance in criminal matters including extradition matters;
 the identification, blocking, seizing or confiscation of the products and instruments of the
criminal offence;
 carrying out common investigations;
 exchange of information;
 technical assistance or of any other nature for the collection of information;
 specialised personnel training;
 as other such activities.
Law No. 302/2004 on international judicial co-operation in criminal matters regulates coop-
eration procedures on: extradition, surrender based on European Arrest Warrants, transfer
of proceedings in criminal matters, recognition and execution of judgments, the transfer of
sentenced persons, rogatory letters, appearance of witnesses, experts and requested persons,
service of procedure documents, criminal record.
57
Competent Romanian authority
The Service for combating cybercrime was established within the Prosecutor’s Office of the
High Court of Cassation and Justice. Currently, the Service for combating cybercrime is oper-
ating within the central within the Direction for Investigating Organized Crime and Terrorism
Offences.
The competences of the Service for combating cybercrime meet the requirements set out in
the European Convention on Cybercrime regarding international cooperation and it is a liaison
point available 24/7.
58
Cybercrime in Moroccan Legislation
Mr. Abdel Razzak Sindali
Introduction:
Industrial and economic progress and development paved the way for the emergence of huge
transcontinental companies, increase in the number of banks, contracts, associations and air-
ports. This progress was accompanied by another development in the field of commercial, in-
dustrial and economic activities, manifested in the emergence of the computer. There is no
activity that does not use the computer in its business. The computer has become one of the
means through which one can overcome the difficulties shadowing life in this universe.
The necessity in life and requirements of this age which led to the invention of the computer also
led to the creation of internet. It is a modern technology and a developed and renewable means
of communication which provides its users with an infinite space of information.
Based on the aforementioned, it is clear that there are crimes which might take place on the
computer or via this apparatus. There are crimes linked to the internet. Hence, cyber crimes
are those crimes in which the computer is the means to commit the crime, such as fraud via
the computer. However, this usage is not a rule and it is not prevalent. And so is the case with
respect to the internet which uses the same terms, as the internet, according to the compre-
hensive concept of the information system, is composed of the components of this system
and because the system once again is being referred to as the “computer system.” This is why
some add “internet” to the “computer” to avoid confusion with respect to the recipient and say
“computer and internet” crimes so that the recipient realizes that all the information-related
crimes are included in this term. In other words, it includes computer crimes in their forms
prior to the emergence of the huge information network embodied in the internet, which is the
most popular and prevalent. Others use the term “cyber crime” as was the case in Europe, and
it has expanded beyond it. This term was considered as inclusive of the computer crimes and
the network crimes, as the majority use the term “cyber” to refer to the internet or the virtual
world; whereas, according to researchers, this term means the computer world or age, and
there is no longer differentiation between the computer and the internet due to the integration
between them in the environment of data processing and exchange.
This is why it has been decided to divide this intervention into three topics. The first will tackle the
characteristics and the types of criminals, as well as the method of perpetrating the crimes of
tampering with the systems of automatic processing of data. In the second topic, we will exam-
ine some of the crimes committed by those criminals and material activity in the cyber crime.
The third topic will embark on the Moroccan legislation and the sanctions implemented on this
type of crimes.
59
First Topic
Characteristics and types of criminals, and perpetration of cyber crime
A perpetrator of computer or internet crimes or cyber crimes in general is different from per-
petrators of other crimes. He is very smart; especially that he does not use violence or force
to commit the crime. Therefore, he has huge capacity to accommodate inside the society even
though he has a criminal personality- so to speak. Moreover, his criminal danger increases with
the increase in his smartness which makes it easier for him to accommodate inside the society.
Thus, it would be difficult to detect him as an ordinary criminal. A perpetrator of a cyber crime
might be either an amateur, i.e. pirates called as “crackers” who exercise their acts as part of
their hobby. They might have the capacity of good programming and research on internet pages
to reach files to bypass the security in order to use them.
They might have illegal copies of programs. As for the term “hackers”, it is used with criminals
who originally work to sabotage important websites or buy programs and products in a twisted
matter. They also tend to obtain important information from different websites. The most dan-
gerous hackers are those who create viruses and security-breaking files. In this framework, they
are regarded as specialized programmers who enjoy very high potentials.
It goes without saying that the incentives leading to the perpetration of crimes linked to the
systems of automatic processing of data might only be the desire to obtain information. Such
type of criminals believes that obtainment of information should not be restricted, and this is
why they devote all their efforts to learn how to break through banned websites. Those crackers
are often organized in groups, the purpose of which is to cooperate, exchange information and
share programs. They are also very keen that they remain unknown.
Most often the incentive to commit such crimes is to achieve financial gains and profits. For
example, they embezzle information and then bargain on it, or they might use a counterfeited
or expired ATM card. This incentive might be the feeling of power and the capacity to break into
the targeted system. Or it might be hatred or grudge. The same as a young accountant while
he was leaving his job, he tampered with the computer programs of the company he works in,
by programming it in a way that all the data related to the company’s debts would disappear six
months as of the date he leaves his job. And this is what happened in fact, as six months after
he left his job, the data relevant to the company’s debts disappeared totally from the computer.
Moreover, the incentive to perpetrate such crimes might be sectarian. For example, the Red
Brigades Group in Italy tended to attack its own systems, especially if we know that such groups
consider the computer as a dangerous weapon against terrorism since it is capable of saving
data.
Second Topic
The Material Element in cyber crime and some types of crimes
Crimes of attacking saved programs and stored information often take place inside the com-
60
puter via introducing viruses to the apparatus. The viruses destroy the programs or obstruct its
performance or copying the program and the information from the device.
Moreover, the material activity in the cyber crime might be via the illegal entry in the data
systems and bases, whether this illegal entry resulted in the tampering with the data or not.
Illegal entry to the sites of information and programs is regarded as an electronic crime. Such
criminal act might take several forms, such as attack on websites through deleting or modify-
ing or tampering with data, or through hindering the operation of the system. Furthermore, the
violation of confidentiality and privacy of personal data and harm done to their owner, as well
as access to electronic correspondence, adduce of false data in electronic transactions and
operations are considered as the most significant material aspect of the cyber crime.
The material activity, such as theft, swindling and infidelity, might also be a material element in
the perpetration of the cyber crime, such as assault on e-money, which are the funds circulated
electronically, whether in the framework of e-commerce or others, just like operations of money
deposit and withdrawal via bank ATMs. Such money could be subject to theft, swindling and
infidelity via counterfeited, expired or stolen credit cards.
Among the most dangerous images of assault on e-money is the assault on other people’s
money via electronic means, such as entry to bank websites and clients’ accounts or the entry
of data or the deletion of data for the purpose of embezzlement of funds or their transfer from
one account to another.
Moreover, the material activity in a cyber crime might include the forgery or the imitation of the
electronic signature consisting in codes that distinguish the owner of this signature. Hence, it is
considered as a mean used in electronic operations substituting the written signature.
Third Topic
Legal processing of Cyber crime in Moroccan legislation
The Moroccan legislator introduced the chapters which punish acts constituting cyber crimes,
and this is in Section 10 of the penal code, chapters from 3-607 to 11-607, under the title of
“tampering with the system of automatic processing of data”, and this is per Law No. 07.003,
issued on Ramadan 16, 1424 (11 November, 2003).
The Moroccan legislator did well when he called this type of crime as the “tampering with the
system of automatic processing of data”. It is a general and comprehensive designation that
includes all crimes and types of activity via which a cyber crime can be perpetrated.
It is also noticed that this law did not exclude the other laws which are inclusive of stricter crimi-
nal requirements or even stricter sanctions.
This is how the Moroccan legislation progressed from the mistake to fraud when committing a
61
cyber crime. It considered tacitly that entry into the system of automatic processing of data by
mistake without being authorized to access it is not incriminated, on condition that the person
should not stay inside the system of automatic processing of data or in part of it. Yet, it has pun-
ished every person who has accessed the entire or part of the system of automatic processing
of data via fraud by imprisonment from one to 3 months and a fine ranging between 2,000 to
10,000 Dirhams, or by one of the two. It imposed the same punishment on the person who
accessed it by mistake but remained in it or in part of it. The law doubled the sanction against
the criminal if his access resulted in the deletion or modification in the data in the system of
automatic processing of data, or in its dysfunction (Chapter 3-607).
The Moroccan legislator introduced firm sanctions without breaching the stricter criminal re-
quirements with respect to everybody who perpetrated the abovementioned acts against the
suite or part of the system of automatic processing of data, which is supposed to include infor-
mation relevant to internal or external security of the State or secrets relevant to the national
economy. The sanction increases if the mentioned acts resulted in the change or the deletion
of the data enlisted on the system of automatic processing of data or the dysfunction of the
system, or if these acts are perpetrated by an employee or a user while exercising his tasks or
because of them, or if he facilitated the acts to others. (Chapter 4-607)
It is noteworthy that the Moroccan legislator, as part of including all images of tampering with
the system of automatic processing of data and so that some criminals do not escape punish-
ment, incriminated the acts of deliberate hindrance or incitement of dysfunction in the system
of automatic processing of data. The legislator sanctioned the entry, destruction or deletion of
data from the system or the modification of the data in it or the change of the method of pro-
cessing or sending the data via fraud. (Chapters 5/6-607).
It is also noted that the Moroccan legislation allocated texts relevant to the counterfeit or use
of data without breaching the stricter criminal requirements. It also provided for the counterfeit
and the forgery of information documents, regardless of their form if the counterfeit or forgery
is aimed at causing harm to others. The same sanctions are implemented on anybody using the
mentioned documents, knowing that they are counterfeited or fake. (Chapter 7-607).
However, this chapter did not clarify the method of counterfeit or forgery related to the informa-
tion documents. As such, it has left it open to go back to the chapters which punish the forg-
ery crime in the penal code. Moreover, the attempt to commit misdemeanors stipulated from
chapters 3-607 to 7-607 and chapter 10-607 is sanctioned by the punishment applied on the
consumed crime.
The legislator punished everybody who has taken part in a gang or an agreement to prepare
one or more crimes stipulated in this part if there is preparation for one act or more of the
material acts.
The legislator provided for a severe punishment of imprisonment from 2 to 5 years and a fine
62
of 50,000 to 2,000,000 Dirhams against anyone who manufactured devices or tools or pre-
pared IT programs or any data which were specifically prepared or used to commit crimes pun-
ished in this part or which he owned or relinquished to others or presented them or set them
at the disposal of others.
Moreover, the legislator did not forget to stipulate in this chapter the sanctions of confiscation
and deprivation from exercising one or more rights that are stipulated in Chapter 40 of the
penal code for a period ranging between 2 and 10 years. He also provided for the sanction of
deprivation from exercising all the public tasks and functions for a period of 2-10 years. The
indictment verdict shall also be published or posted.
We would like to stress that the Moroccan legislator did well when he entitled this section as
“tampering with the systems of automatic processing of data”. Hence, in addition to filling the
legislative gap related to this type of crimes which were not punished before. The legislator
ended a jurisprudential dispute that has always been evoked, as the expression “tampering with
the systems of automatic processing of data” is general since it includes every apparatus that
has a system for automatic processing of data, regardless of its type, and the appraisal of that
is left to the competent judges. Yet, he included in this section a chapter related to the coun-
terfeit or forgery of information documents. The term “document” can be used with other that
the electronic or information crime even if it is related to it. He should have left the punishment
related to the forgery of documents to the chapters on forgery as detailed in the penal code.
Importance of evidence role in IT crimes

Training officers of the judicial police, public prosecution judges and court judges to look for
evidence in the field of IT crimes is very significant. They should have the sufficient know-how in
this type of crimes, which uncovering and proving is faced with many hardships. In the world of
“information technology and computer crimes” that stands on the communication technology,
connections and electronic media, the detective and investigation authorities cannot implement
the traditional procedures on the majority of the IT crimes.
Hence, officers of judicial police, investigation authorities and judges specialized in IT crimes
should be trained on the technical methods used in committing the crime and on the methods
to uncover them, as well as the proof and evidence to verify them. They should also be trained
on how to inspect, preserve and technically examine the evidence. Judges should also undergo
training on dealing with such type of crimes to enable them to adjudicate them.
The main difficulty hindering the search and detective authorities in the field of IT crimes is that
the perpetrators of such crimes often do not leave behind traces that show that they have com-
mitted these crimes since the information is saved in the form of a number or a secret code
that is totally ciphered and is difficult to access or know. Therefore, it is difficult to establish
proof against those criminals. This is why it is very significant to train investigators from the
judicial police, public prosecution judges and court judges. Moreover, special units have to be
63
created, the main task of which is monitor and track down the network by navigating through
it. Such prior monitoring might breed significant results in terms of stopping the crime before
taking place, and this is via prevention.
Questions are raised regarding the possibility of implementing the provisions relating to the
crime of theft in case of theft of programs and information:
Jurisprudence in this regard went in two directions. The first one sees that it is possible to
implement provisions on theft on the crime of theft of information and programs saved in a
computer, while the second believes that this does not constitute a theft crime. We will tackle
each of these two directions.
First direction:
Assault on programs and information saved in a computer constitutes a crime of theft. If some-
one entered a computer and accessed the programs or information in it or copied these pro-
grams and information, this act is regarded as a crime of theft because it is a breach of the
property right. This direction is founded on the fact that programs and information have physical
entity that can be seen on a screen. This entity is translated into ideas. Programs and informa-
tion can be obtained by copying them on a CD. In addition, saying that they cannot be obtained
deprives them from the necessary legal protection. The theft of programs and information
can be compared to the theft of electricity or phone lines. This is why the French judiciary con-
demned the theft of information in the LOQABAX case, where an employee at a company pho-
tocopied confidential documents against the desire of their owner.
Second direction:
This direction distinguishes among several cases in the theft of programs and information:
First case
It is the case of stealing a CD of information or programs. In this case, the act is a crime of theft
that is subject to the provisions of the Penal Code.
Second case
The theft of program from a CD or a system of automatic processing of data by copying it is an
act categorized as a crime of imitation of the item. Such an act is subject to the copy right pro-
tection law. With respect to the access or copying of information, it is not considered as theft
but a crime of disclosure of secrets and this is in the case where the information is confidential
and should not be accessed by the public.
However, if the information is not confidential, we will distinguish between two hypotheses:
First hypothesis
If this information is free, i.e. open to the public, or can be copied free of charge, there is no
crime in case of copying it or accessing it.
Second hypothesis
64
If this information is available before the public in return for a sum of money, assault on such
information without the consent of the person who has the right to earn this sum is in fact a
theft of benefit. There is no punishment in this case, unless there is a special text that punishes
for the theft of benefit. Moreover, theft in the traditional sense is the embezzlement of money.
As for the theft of information, it is merely a copying of information that remains in the posses-
sion of its legal owner. A thief in the crime of information theft would be sharing the access to
this information with its owner.
Information is not money. It cannot be measured. Thus, we should not mix up between the infor-
mation and its value to say that information is money.
In the same context, we can talk as well about the crime of illegal exploitation of the computer
which is called the theft of computer time. This crime occurs when a person uses or exploits the
computer without the authorization of the person in charge. For instance, an employee would
use the computer of the company where he works in order to finish his personal interests.
Hence, this person would have benefited without paying anything in return for that use. There is
question about interpreting this act. Is it regarded as theft or swindling or breach of trust?
Some consider it as theft, while others see it as a special crime if the computer user pretended
a wrong attribute or if he uses fraudulent means. This act might be seen as a crime of infidelity
since the computer is supposed to have been handed to the user by virtue of trusteeship con-
tract. In this case, the user is considered as an infidel because he used the apparatus without
the knowledge of his owner. In this regard, the court of misdemeanors of Lille in France had a
case, where people used a computer belonging to a company by establishing their new infor-
mation bank after accessing the company’s email. The company was in charge of the costs of
setting up that email. The crime was discovered when the official in this company noticed that
there are 927 emails in the company’s inbox and which are not related to the company. The
perpetrators were identified, and they were referred to the court of misdemeanors of Lille for
being accused of theft. However, the court pronounced them innocent due to many reasons,
among which are:
- The French law does not punish the crime of theft of benefit. Moreover, the program the
confidentiality of which has been breaches cannot be said that it is protected as per the
copyright law because it does not contain any innovative element.
- The defendants did not commit the element of embezzlement that forms the theft crime.
The two defendants did not prohibit the company users from using the computer.
In conclusion, the French law does not punish for the crime of computer theft crime.
The US judiciary dealt with a case, where an employee in the municipality of Indiana used the
municipality’s computer for his own benefit. He used to program information for others. The
employee was referred to court as he was accused of theft. The Court of First Instance and the
Court of Appeals convicted him, as they compared this crime to the crime of theft of telephone
services.
However, the Supreme Court of Indiana acquitted him because the defendant did not steal the
65
money of others, where the municipality of Indiana used to rent the computer in return of a sum
upon an agreement that does not take into account the number of hours of real operation. In
this case, the employee did not commit embezzlement which is taking the money of others and
transferring it to one’s property.
In European legislations, this issue is already decided. We find in the British, Finnish and Danish
legislations, texts that punish the crime of theft of benefit. The use of computer crime unright-
fully is part of this type of theft.
At the end of this research, I would like to remind that it is not enough to promulgate legislations
or a law to punish the perpetrators of IT crimes because these people have become so smart to
an extent where they can escape punishment. In addition, the traditional means of verifying evi-
dence in the framework of the Code of Penal Procedure is not sufficient in this regard because
the issue is complicated and due to the speedy progress in the IT field. This is why we believe
that the solution is prevention. Prevention can be seen in protection, and what is meant is insur-
ing apparatuses and networks, knowing weak points and imposing time and place constraints,
such as imposing specific timing to access programs and cancelling the password later on,
not permitting entry from unlicensed place, and giving a chance of a three times password trial
and then canceling access to the program. Sometimes, the method of identifying the user of
the program or documenting the use such as a password or the use of sound, finger or optical
prints, is used.
In more sensitive cases, such as banks, there might be required more than a password or a
code to document and transfer funds from one bank to another or from one account to an-
other. There are lots of communication means and correspondence that needs protection and
ciphering such as a radio and communication lines between the sender and the recipient in any
network and computerized accounts.
In any case, it is expected that the battle between information experts and pirates would last.
At the same time, the researches and different studies on ensuring total and comprehensive
protection of information will increase in order to block the way in front of those criminals. It is
not that easy because progress in protection and security is accompanied by progress in the
aspect related to the crime.
66
Session 3
Building the Capacity of Human Resources in the

Investigation, Prosecution and Trial of Cybercrime
Human Resources Capacity Building in Investigations, Prosecution and Trials
on Cybercrimes
Mr. Khaled Saleh al-Mawri
Introduction
Allow me at the outset to extend my thanks and gratitude to those in charge of organizing this
seminar, wishing that it will be crowned with success and that it will achieve the aspired goals
regarding cyber crimes. The idea of organizing such a seminar and the attendance of the partic-
ipants is a clear indicator of the significance of the topics laid for discussion. These topics reflect
the huge interest in enhancing the capacities of the public prosecution members in order to
boost the performance in combating and facing the new crimes in their communities. It is clear
from the previous interventions in this seminar that technological progress in our age in all life’s
aspects, and the multi-faceted use of the computer especially in light of the prevalence of the
internet as the quickest means to reach any piece of information, have led to the emergence of
new and huge criminal activities that are complicated and of special character. Cyber crimes
are either crimes of assault on funds or the forgery of instruments or counterfeit of currencies,
or even assault on people, such as terrorist crimes where defendants use the computer to set
up plans and plots for places and people to be targeted by explosives. Or they tend to get pro-
grammes from the internet regarding the preparation of bombs. They can also communicate
via the internet with websites suspected to logistically support terrorism so that they provide
them with information or receive orders and schemes from them to conduct criminal acts.
- In Yemen, we are part of this world. Many cyber crimes have emerged, and in this inter-
vention, I will tackle two cases in this regard which have been dealt with by the Yemeni
judiciary as follows:
First case
Theft of $3,040,637 from the account of Canadian Nixon Petroleum Company- Yemen
First: Description of Crime:
Crime tackled in the first case:
The defendants in this crime stole movable funds belonging to the Canadian Nixon Petro-
leum- Yemen. The first defendant working in the company used his colleague’s computer
and opened the transfer system using the password of his colleague and the complement-
ing password of the foreign employee. He withdrew the sum of USD 3,040,637 from the
plaintiff’s account in Bank of America and transferred them in installments to several banks
in Malaysia to the account of the second and third defendants. These funds were then
transferred to banks in Yemen to the account of the fourth defendant. They took the money
secretly without raising suspicions from an inaccessible place using a password in order to
acquire the money without the consent of its owner. To complete the crime, the defendants
changed their real names, using counterfeited identification papers.
69
Whether the national Penal Code includes a clear legal text to deal with this crime:
The Yemeni legislator incriminated this act with articles 294, 298 and 300 of Chapter 12 of
the second book of law No.12 of 1994 on Crimes and Sanctions “Money Crimes”, consider-
ing them as theft of movable money in which the elements of the crime were materially and
morally available. The causal relation between the act and the result has been established.
Penal articles 213, 218 and 219 of the same law on the forgery of official instruments are
also applied on this crime.
- It goes without saying that the Yemeni legislator in the General Penal Code does not
define the means used in the crime as a condition for incrimination. Whether the crime
was perpetrated with a primitive method or a modern one, the act remains incriminated
as long as it is stipulated in texts of the incriminating articles. However, he mentions that
explicitly in the special law on the crimes committed via electronic means in Article 41
of Law No.40 of 2006. The article provided for punishing anyone who commits an act
that constitutes a crime as per the provisions of the laws in force by using electronic
means.
- This crime also had an international character, as some acts composing the materialis-
tic element of the crime took place outside the borders of Yemen, namely in Malaysia. In
any case, it has been necessary that some stakeholders from that country and others
from the foreign country contributing to the victim company’s capital interfere. This is
why a team of judicial police and some officials in the company moved to Malaysia after
drafting messages via diplomatic channels to facilitate their mission. Their task was
difficult due to the lack of cooperation from the Malaysian side under the excuse of no
agreements between both countries. Yet, they managed to reach important information
about the real estate that the defendants bought there with part of the stolen money
and some of the activities that they initiated after transferring the stolen money.
Second: Description of the course of investigation, prosecution and trial:

- After the victim company discovered that there is a sum of money that has been trans-
ferred from its credit at the Bank of America to the account of an anonymous person
in Malaysia without any accounting operation and in an illegal manner, it advised judicial
seizure officers who began advising banks on the necessity to notify the police about any
transfer operations of huge sums in US Dollars or in other currencies from inside or
abroad. The first thread was that the Anti-Terrorism and Organized Crime Department
received a notification from a local bank that a person opened a new account and that
the account received a transfer of USD 700,000 from Malaysia. Inquiry stated and in-
formation was gathered about that person until he was arrested. The threads of the in-
cident were uncovered, and the remaining defendants were arrested. They confessed. A
large part of the stolen sums was recovered during the stage of collecting information.
- The public prosecution initiated investigation in that crime which also included forgery of
official documents, as the defendants obtained counterfeited identification documents
using pseudo names. These documents were used in transferring the stolen sums to
70
Malaysia under two fake names of the second and third defendants. A fake name of
the fourth defendant was used to transfer the money from Malaysia. The public pros-
ecution dealt with the investigation after it was completed. After the accusations were
confirmed on the defendants in those incidents with the legally authorized evidence, it
referred them to trial before the competent court.
- After the first instance court proceeded with the trial procedures, it indicted the defen-
dants and forced them to return the sums, object of the crime. This verdict was also
supported by a second instance court.
- It is noted that the forensics heavily and primarily relied on the computer expert report
who examined the company’s computers for transfers, and he submitted a report saved
in the hard disk. What was proved in the report was highly relevant to the personality of
the defendant and the incidents of the crime. The first defendant, who works in the victim
company took use of his colleague’s heedlessness that has part of the password use
to open the transfer system and obtained in some way the other part of the password
which the other employee (foreigner) has. Then he transferred the sum as aforemen-
tioned. This was proved since a large part of the stolen sum was seized with the fourth
defendant. The remaining sum was restored and handed over to the victim company
according to the steps shown in the case file1.
Second Case
Forgery of paper currency and official instruments using computer and its accessories
First: Description of crime in the second case:
- Forgery of paper currencies circulated legally in the country, where the defendants
used the computer, the scanner and the printer linked to it to print out and counterfeit
2,100,000 Yemeni Riyals of the rate of 500 Riyal notes, as well as 250,000 Saudi Ri-
yals the value of 100 Riyal and currencies of the value of 50 dollars.
- That crime is sanctioned by Law No.12 of 1994 on crimes and sanctions, namely in
Article 204 in Chapter 8 on forgery crimes in Section 1 “Forgery of money, stamps and
official seals”. The same sanction is applied on a person who did not take part in the
counterfeit of the currency but knowing its reality, he brought it in the country or listed it
for circulation or obtained it in order to use it.
- It has been previously mentioned that the legislator in the General Penal Code did not
disclose the means through which the crimes were committed. He left it up to the judi-
ciary to undertake this task in terms of logical deduction of the evidence, facts and the
circumstances surrounding the crime and its elements, taking into account the new
legislation relevant to the modern technological methods2.
- Whether the crime is of an international character or not, it can be said that a bit of that
character marks it as the two main defendants in the crime are from another country.
Added to that is that the currencies that they have counterfeited were not restricted to
the national currency, but they also faked two currencies, one of them is an Arab country
while the other is a foreign one.
71
Description of the course of investigation, prosecution and trial:
- After a counterfeited local currency appeared in some cities, the seizure officers initi-
ated their investigations and tracked down its circulators until its dealers were uncov-
ered. Later on, the public prosecution ordered the arrest of the defendants and issued
a search warrant of their homes. The counterfeiters were arrested and their houses
searched. The devices used in forgery and some counterfeited currencies were seized.
The prosecution started its investigations into that crime which also included the forgery
of official documents.
- The public prosecution assigned an expert to examine the computer and its accessories
used in the forgery crime and which are listed in the seizure minutes. The report of the
forensics expert defined the type of the computer and its accessories. Through opening
the computer programs, the following was found:
• A prototype of a Saudi currency of the value of 100 Riyal from both sides of the
note in the AutoCAD program (ACD)
• Saudi currency of the value of 50 Riyal from both sides, two national currencies
of 500 Riyal notes from both sides, and the 100 and 200 Riyal notes in the Print
Publications program.
• US currency of the value of 50 dollars from both sides in the ACD program.
• Serial numbers were found in order to number the currencies in the Word pro-
gram.
- After the accusations were confirmed on the defendants in those incidents, the prosecu-
tion referred them to trial before the competent court.
- After the first instance court proceeded with the trial procedures, it indicted the defen-
dants and imposed the sanction stipulated in the law. It confiscated the seized items,
such as machines, apparatuses and the programs relevant to the printing and the forg-
ery of the currency to the treasury of the Central Bank; the counterfeited currency was
destroyed.
- The findings of the verdict considered the computer, the programs that it contains and
its accessories as tools used in the crime. It deemed the forensic expert’s report as
proof that complements the remaining evidence in the indictment verdict. The verdict
was strongly supported by a second instance court.
- Since the computer was also used in this case, and it was proved that this computer
belongs to the defendants, and the court considered the official report of the forensics
computer expert as proof on which it relied on in the indictment verdict3- as the com-
puter saves data and all types of transactions that take place in it in special files- this
enables the entrusted expert to examine the programs and the conducted transactions,
even if they are locked with a password. A report was then submitted to the investigation
authority or the court to consider it as evidence in this crime.
- Before I conclude this intervention, I would like to note that regarding the legislative
aspect which was tackled in the previous intervention, it has to be mentioned that the
72
Yemeni legislation, just like other legislations in most Arab and foreign countries, has not
promulgated yet a punitive legislation relevant to what is called cyber crimes. However,
the provisions of Law No.40 of 2006 on the systems of payment and financial and elec-
tronic banking transactions fulfilled the requirements of the procedures of investigation
and trial of cyber crimes. Nevertheless, the Yemeni legislator was successful in terms of
what he included in the procedural code regarding evidence in the penal lawsuit, namely
in Article 323/d of Law No.13 of 1994 on penal procedures: “Among the evidence in
the penal lawsuit is the following:
- Documents including official reports related to the defendant or the facts of the crime
or other proof. With the prosecution and the court’s enforcement of that text in the
above-mentioned cases, we notice that it has fulfilled the requirements of evidence even
in light of the requirements relevant to cybercrimes. This totally conforms to Article 10
of Law No.40 of 2006, which was previously mentioned as stipulating: “The electronic
register, the electronic contract, the data message, electronic information and the elec-
tronic signature have the same legal effects just as written documents, instruments and
signatures in terms of being binding to their parties or their use as evidence”. This is
on the procedural level. However, on the substantive aspect, Article 41 of the same law
stated: “Any person committing an act that constitutes a crime as per the provisions of
the laws enforced via the use of electronic means shall be punished.”
- We believe that those legal texts prepared the adequate environment for e-commerce
and the suitable atmosphere for digital action in the field of evidence on the civil and
penal level, as outputs of means of communication and IT devices are regarded as evi-
dence that was not known before, but they are the result of technological progress. The
interest of justice necessitates that they be taken as proof to support and confirm the
penal lawsuit if the crime is related to any of them.
73
Practical Applications on Human Resources Capacity Building in Investigations,
Prosecution and Trials on Cyber crime
Mr. Nassib Elia and Mr. Jamal Abdullah
First Case – American Express vs. /Y/

Topic: Credit Cards (Counterfeit and use of counterfeited item)
Legal texts: Articles 471, 471/454, 464 and 655 of the Lebanese Penal Code
International character: Not available
Court: Penal Court of Baabda (Lebanon)
Date of issuance of verdict: 8/12/2004
Facts:
It turned out that on 14/10/2004, and while the defendant /Y/ was entering the airport
coming from Australia, 17 counterfeited bank cards were seized with him, 10 of which were
American Express and the remaining were Master Cards. The defendant stated that he got the
cards from Switzerland from a Chinese national, Steve, provided that he uses them in Lebanon
in return for a commission.
The American Express filed charges against the defendant and requested- in addition to his
indictment- that he should pay indemnity.
The defendant denied the charges pressed against him and pleaded innocence or else mercy,
after his attorney presented his pleading in the session of 2/12/2004.
Justification:
1- With respect to the offence of Article 471 of the Penal Code:
Whereas the credit cards seized with the defendant, and after presenting them before
the management of Visa Card and Master Card upon the request of the Financial Public
Prosecution in Lebanon, were perceived counterfeited;
Whereas the counterfeit of such card, with the required high technique to manufacture
them with the magnetic and programmed strips, reaching the extent of professionalism,
is something that is beyond the capabilities of an ordinary citizen such as the defendant,
who did not appear to enjoy any special capacities in this regard, and hence is unlikely
to have counterfeited the cards seized with him, knowing that he admitted that their
source is illegal as proved in the preliminary investigations;
Whereas in the light of the defendant’s denial of counterfeiting the credit cards, and
since there is no sufficient evidence in the file to indict him in this regard, which neces-
74
sitates that he be acquitted due to the benefit of doubt in such case since the complaint
was not backed by any other evidence that leads to certainty, and since this court- as a
court of merits- cannot convict unless relying on absolute evidence, which is not available
in this case;
2- With respect to offence of Article 471/454 of the Penal Code:

Whereas it is proved that the defendant brought the counterfeited credit cards to Leba-
non with the intention of using them, and these cards were seized with him before leav-
ing the airport while attempting to enter the Lebanese territories;
Whereas for the accomplishment of the misdemeanor stipulated for in Article 471/454
of the Penal Code, the materialistic element of such an offense should exist, i.e. “the act
of using the counterfeited item”, i.e. the use of the item in an affirmative manner that is
not restricted only to “possession”;
Whereas this use did not take place in the way mentioned above as the credit cards
were seized while the defendant was attempting to enter Lebanon and before he could
use these cards;
Since there is no special provision that punishes the attempt in article 471/454 of
the Penal Code, reference should be made to the general principle in Article 202 of the
same law. The article stipulated that attempt in an offence or incomplete misdemeanor
shall not be punished, except in the cases explicitly stipulated for in the law, the fact which
requires the annulment of the pursuits inflicted upon the defendant in this regard.
Conclusion:
Annulment of the pursuits against the defendant…with respect to the offence of Article 471/454
of the Penal Code and his acquaintance of the offence of article 471 of the same law as it was
not established.
75
Second case - /S/ vs /M/
Topic: Defame and Libel via email
Legal texts: Article 209/582 of the Lebanese Penal Code
International character: Not available
Court: Penal Court of Baabda (Lebanon)
Date of issuance of verdict: 3/11/2004
Facts:
It turned out that the plaintiff /S/, in his personal capacity and as the authorized signatory on
behalf of company --- SAL, filed a complaint against an anonymous, stating that this company
and its staff, as well as his wife Wafaa are being subject to a campaign of defame and libel via
INCONET email company, which distributes internet services in Lebanon. The echoes of this
campaign went beyond the Lebanese territories, where the plaintiff received many calls and
telegrams asking about this issue, which embarrassed him as this issue leads to the loss of
credibility that he has long enjoyed, whether in person or through the company. As a result, he
contacted INCONET, where its officials denied the matter and promised him that such harm
will not be repeated at all. When he asked them about the doer, he only got lingering and avoid-
ance.
It turned out as well that the email message, object of the complaint, is drafted in English and is
entitled as follows: Please take a minute and read this Fraude Alerte.
In addition, the sender is not accurately defined, as in the “From” entry, the sender was: Fraude
Alerte [alertelb@inco.com.lb]. It included statements that caused harm to the company run by
the plaintiff and his wife, as they were accused of embezzling the money of managers of institu-
tions by fraud or using means of fraud and lies and stealing the sums paid as down payments
and disappearing later on. They were also accused of entrapping people and hiding behind gaps
in the law...
As a result of the complaint, the expert engineer, Sh. Z. was designated by the appeal public
prosecution in Mount Lebanon. According to his report, the subscriber who distributed the
message hid his identity deliberately but did not occur to him that he can be reached via the
phone line he is using and through which he can log on to the internet. The phone line number is
..., and it belongs to the house of the defendant /M/ who owns a company for information ser-
vices, under the name of ..., and which offers worldwide email broadcasting services. It turned
out that the sending operations covered a space of 1.44 MB on a Floppy Disk DSHD, i.e. around
200 typed pages of A4 size. The first message was sent on 19/3/2001. As for the timing
often used to send the messages is 3.00 am. 6,000 sending operations were registered, and
3,619 messages directly reached those addressed.
It turned out that the defendant denied the accusations and said that he leased out the appara-
76
tuses to people to undertake their communication and he charged them according to the time
these operations take. He said that it might be that one of the customers did that and that many
customers come to his company at a late hour. He added that there is no relation between him
and the plaintiff.
Justification:
Whereas it is established that the email message, object of the complaint, included harmful
phrases to the company run by the plaintiff and his wife by accusing them of embezzling the
money of managers of institutions by fraud or using means of fraud and lies and stealing the
sums paid as down payments and disappearing later on. They were also accused of entrapping
people and hiding behind gaps in the law...;
Whereas these phrases include the attribution of a certain incident to the company and the
wife of the plaintiff, and if they were true, the person to whom these phrases were attributed
should be punished. They are embodied as libel which is provided for in Article 582 of the Penal
Code;
Whereas this offence is based on two elements: the first is moral, the aim of which is to cause
harm. It is very obvious and there is no doubt about it in this current lawsuit. As for the second, it
is materialistic, i.e. the publicity as stipulated in Article 209 of the Penal Code, as libel is a “crime
of expression”;
Whereas the email message distributed via the internet- in this respect like an ordinary letter- to
a huge number of people that is around 3,619 people, and which included the abovementioned
phrases, was distributed without selection, and thus an unknown number of people learned the
content of the message, rendering the condition of publicity fulfilled in this case as long as it
meets the conditions of paragraph 3 of Article 209 of the Penal Code in terms of the “writing...
or distribution to one person or more;”
Whereas based on the aforementioned, the actions, object of the complaint, constitute the of-
fense mentioned in Article 582 of the Penal Code, contrary to what the defendant said in this
regard, and it is necessary to investigate the contribution of this latter and his role in establish-
ing this offence;
And whereas the question of conviction or innocence in this case necessitates differentiation
between two matters:
- The first is that the huge action of emailing lasted for long time (around 5 hours and 50
min) and took place at dawn. Moreover, a large database of email addresses, owned by
few people, was used, which is an indicator that the sender of the messages is experi-
enced in this regard according to the expert’s report.
- The second is that there is no enmity, or even relation, between the plaintiff and the
77
defendant, which renders the motive to undertake the offense non-existing in the defen-
dant’s case. The cards used are of Connecting point or Refill type, and anyone can buy
them and use them from any peripheral station. Moreover, the defendant’s shop is open
night and day and the sending of messages took place in batches and at different time
intervals. In addition, the shop is open for public, so anyone can send the messages and
different people can do that at different times without raising suspicions of those work-
ing in the shop. Hence, it is uncertain that the defendant is the doer.
Whereas in light of what has been proven above and in light of the defendant’s denial of the
accusations attributed to him; and since there is no absolute and sufficient evidence in the
file to indict the defendant, which necessitates his innocence as he merits the benefit of
doubt in such a case;
And whereas in light of what was proved above, there is no need anymore to discuss the
other reasons and additional demands, either because they are of no use or because they
have been answered- even if tacitly- in what has been discussed;
Result:
The defendant was proved innocent of the offence of article 582 of the Penal Code due to the
insufficiency of evidence.
78
Cybercrime: The Challenge for Law Enforcement
Mr. Tyner Russell
Introduction
Computers and the internet provide another tool for the criminal and an abundance of targets
within global reach. Cyber crime concerns the use of the internet either as the means of com-
mitting a criminal offence or as a tool, hi tech crime concerns the use of computers and other
communications devices. For the purpose of this presentation where the term hi tech crime is
used it includes cyber crime.
It is a global problem which, though it requires global solutions must be tackled at a local level.
We must also remember that hi tech crime is real crime with real victims.
All police forces must incorporate hi tech crime into their planning .At the moment cyber crimi-
nals stand to make large rewards for low risks. There is a lack of legislation and that that there
is sometimes fails to keep abreast of modern technology.
There is a lack of expertise amongst the police and in place a lack of will to tackle hi tech and inter-
net related crime; as a result the hi-tech criminal stands little chance of being apprehended.
The Internet affords protection, anonymity and ease of communication.
Criminals can exchange information easily e.g. chat-rooms and disseminate tools such as hack-
ing tools or information on hacking or credit card fraud etc
Cases can be difficult to present in court due to the technical nature of the evidence and/ or
the volume of material, judge’s and courts may lack an understanding of hi tech crime and
Sentences for hi tech crime tend to be low.
There is a lack of international cooperation; safe havens from which criminals can operate from
with impunity exist throughout the world.
Nowadays you do not need to be a computer programmer or possessed of a particularly high
level of technical ability to commit computer crime; most school leavers are now computer liter-
ate, therefore this type of crime will increase
Organized Crime Groups are adept at searching out new markets to exploit and are already
heavily involved in white collar crime .The level of sophistication that Organized Crime groups will
employ cannot be underestimated we have seen such groups buying in such expertise where
required .
Specific problems
Jurisdiction
Who polices cyberspace? Police forces tend to operate within their own local jurisdiction but
unless someone takes on the challenge the criminal can act with impunity. These investigations
take time and resources.
79
The international nature of cyber crime requires the ability of police and prosecutors to co ordi-
nate cases across differing jurisdictions. This can be very time consuming and difficult, particu-
larly in the absence of any formal instrument concerning legal co operation.
Because perpetrators may be based anywhere in the world you need to rely upon assistance
from foreign states, but how do you make them care about your problem? And, even once you
find them can you extradite them or can you persuade the foreign state to prosecute?
Where offenders can be prosecuted in more than one jurisdiction does the legal process pro-
vide a mechanism to determine which jurisdiction should deal with the case?
The nature of the internet can also create difficult problems in terms of the jurisdiction of na-
tional courts.
Expertise
The investigation of computer crime requires specialist skills both in tracing and identifying the
perpetrator and in examining digital storage devices.
Investigators need to understand how to trace the activities of those on the Internet and how to
obtain data from Internet Service Providers and Communication Service Providers .They need
to know how to obtain this material quickly due to the volatile nature of much of this material,
they may also need to understand that there may be restrictions on ISP and CSP in the provi-
sion of such data which may be subject to data privacy laws access only being granted once the
appropriate legal threshold for its release can be demonstrated.
Investigators also need to understand how to secure evidence so that its integrity is preserved
and resist evidential challenge at court. Any interference with digital data causes it to change.
In order to demonstrate to the court that the data has not been changed by the investigators
Police in the UK observe the following principles when seizing digital material:-
o Nothing should be done in the course of obtaining the material that alters the data in
any way.
o Only in exceptional circumstances should investigators access original data ; where they
do the examination must be carried out by a competent person and a full explanation
given to the court
o An audit trail must be kept of the examination so that the work can be replicated if needs
be.
The usual process in the UK is for the forensic examiner to utilise an imaging tool such as En-
case to take a complete copy of the data and to verify the image by way of the ‘hash’ value.
Legal Instruments
As technology moves on can the law keep up? Can you fit computer related offences into exist-
ing legislation? This can require some creative thinking on the part of the prosecutor.
Crime Prevention
Policing is concerned with preventing crime as much as it is with apprehending perpetrators.
Much can be done to educate the public and industry. Opportunities also exist to disrupt crimi-
80
nal activity and make it more difficult for them to carry out their activity; Cyberspace needs to
be policed and requires an innovative approach in order to be effective whilst remaining within
the law.
The Challenge for Prosecutors

Whilst it is not necessary for the prosecutor to be technically proficient they do require some
understanding of the technology, they need to understand where the evidence is located and to
identify the appropriate charges. They will also need to understand how to obtain evidence from
other countries.
Prosecutors will also need to consider the sufficiency of the evidence, much of which may be cir-
cumstantial particularly where the suspect has utilized one of the freely available programmes
designed to eliminate evidence.
Because computers are capable of storing vast quantities of data, the prosecutor will need to
understand how to deal with this, firstly in terms of extracting the evidential material but also in
relation to material that may be exculpatory or otherwise of assistance to the defendant.
In the UK there is an obligation to ensure that a defendant has a fair trial, this includes making
available to him any material which may assist his defense or which casts doubt on the case for
the prosecution. The court will oversee the way in which the prosecutor has discharged these
obligations .However the prosecutor and the court must also ensure that cases come to court
in a reasonable time and that the court focus is on those parts of the evidence that is in dispute.
The quantities of data that computers are capable of storing can create a tension between
these two aims. Further, problems also arise where material is not in the hands of the prosecu-
tor but with a third party, and frequently that third party is located overseas.
Case Presentation
These cases can be complex and need to be presented to the court in a way that the court can
understand. The prosecutor may have to educate the court as to the way in which the technol-
ogy works.
The prosecutor will have to be selective in the material he presents to the court and choose the
witnesses he calls with care.
It is important that the court is presented with a case that reflects the defendant’s criminality
and allows an appropriate sentence to be imposed
The prosecutor needs to select the expert witnesses he plans to call with care to make sure
they are capable of presenting to the court in a way which the court will understand. They will
also need to work closely with the defence expert, if any, to ensure that as much of the technical
evidence can be agreed as possible and to prepare a glossary of terms that are acceptable to
both.
81
Case Study-Operation Ore
Background
In 1999 the US Postal Inspectorate took raided the premises of a company in Texas called
Landslide Incorporated. Landslide operated a web hosting and credit card verification service
for a large number of websites which predominantly offered material of a pornographic nature.
By the far the most profitable part of the business was that which offered websites containing
indecent photographs of children. The owners of Landslide made significant profits from this
business.
Following the conviction of the owners in 2001, the police in the United Kingdom were given a
copy of the Landslide customer database. From this some 2,300 suspects were identified in
the UK who were believed to have paid to access websites offering child abuse images.
The UK police then embarked on an enormous operation, the sheer numbers of suspects was
almost overwhelming. Priority had to be given to those suspects believed to pose a risk to
children. Search warrants had to be obtained for each and their computers examined. Where
these computers were found to contain illegal material a schedule had to be prepared for the
prosecutor listing and describing each image.
In order to prove the way in which a persons name came to be on the database it was neces-
sary to send a letter of request to the USA and for UK officers to travel in order to copy the
network of computers used by Landslide return them to the UK and reassemble them here ,
that took many months.
We also faced a number of legal challenges, including challenges to the jurisdiction of the court
in the UK to deal with some of these cases.
Outcomes
1. An awareness of the level of interest in pedophile material. We were staggered by the
level of interest shown in this material, particularly as the database related to 1999
when internet usage in UK was at a far lower percentage than it is today.
2. This operation made us realize that our police lacked the resources and capacity to deal
with hi tech crime. As a result the government made more resources available and most
forces were able to establish hi tech crime units staffed by dedicated trained officers. In
due course a specialist national unit, The Child Exploitation and On Line Protection Centre
was created. Similarly we realized that we had to train prosecutors and we developed a
hi tech crime training course and have so far trained over 200 prosecutors throughout
the country who are able to deal with a whole range of cases involving hi tech crime.
3. The courts also had to respond. Due to cases that came before the courts as part of this
operation we established case law in relation to issues of jurisdiction and a structured
approach to sentencing as well as other important guidance.
82
Session 4
Prevention Measures and International Cooperation to

Combat Cybercrime
L’importance de la collaboration internationale et l’expérience belge
dans l’échange d’informations policières et de coopération judiciaire
Mr. Jean-François Henrotte91
I. Introduction
Comme beaucoup d’inventions humaines, Internet et ses possibilités de transmission massive
et ultra rapide de données d’un lieu à un autre ou de diffusion de ces données dans le monde
entier peut être utilisé tant à des fins légitimes que criminelles.
Le virus « I love you », par exemple, a fait près de 7 milliards de dollars de dégâts en se propag-
eant dans le monde entier via les courriels.
1. Face à ce phénomène, les forces de police et les autorités judiciaires se retrouvent trop
souvent impuissantes à maîtriser cette criminalité d’un genre nouveau, en raison de dif-
férents facteurs :
a. Tout d’abord, les frontières physiques des Etats nationaux ne constituent pas un obstacle
à ce qu’il est convenu d’appeler les autoroutes de l’information. Cet obstacle existe pour-
tant pour les services qui sont chargés de lutter contre la criminalité, dont les compé-
tences s’arrêtent aux frontières du pays.
Dans le cas de systèmes informatiques liés entre eux, se présente souvent le cas de
figure dans lequel l’enquête doit être étendue à d’autres systèmes, situés dans d’autres
pays que ceux où la recherche a physiquement lieu, entravant ainsi les mesures d’enquête
qui ont été entreprises.
Parfois même, le caractère international des réseaux engendre des situations dans
lesquelles des fichiers sont consultés avant même que les services judiciaires n’aient le
temps de réaliser que ces fichiers sont stockés à l’étranger.
Les procédures classiques permettant de poser des actes d’instruction dans le cadre
d’une instruction pénale en territoire étranger, telle une commission rogatoire interna-
tionale, laissent aux intéressés (ou même automatiquement à leurs systèmes informa-
tiques) suffisamment de temps pour faire disparaître quasi instantanément les données
via les canaux de télécommunication.
91 Avec la collaboration de Me Fanny COTON, sans qui la rédaction de cette contribution, dans le délai aussi bref qui nous
a été donné, n’aurait pas été possible. Notre gratitude va également au doyen Yves POULLET pour sa lecture et ses
judicieuses observations.
85
De ce fait, les procureurs belges ont longtemps renoncé à poursuivre dans le cas d’enquêtes
contenant des éléments d’extranéité compte tenu des délais inconciliables avec la célérité
requise par la cybercriminalité.
Une première difficulté existe donc au niveau de la compétence territoriale des autorités
de police et du pouvoir judiciaire.
b. Il y a plus grave : sur certains points, la procédure pénale existante pourrait ne pas être adap-
tée aux besoins d’une lutte effective contre la criminalité dans la société d’information.
La caractéristique marquante des éléments de preuve dans les affaires de cybercriminal-

ité est la vitesse à laquelle elles voyagent, ainsi que leur fragilité, qui fait en sorte qu’elles
peuvent être détruites, altérées, sauvegardées, copiées, déplacées en un instant.
La technologie est en évolution constante. Le P2P, les botnet et l’avènement de l’IPV6

semblent rendre encore plus difficile de tracer les données illicites. Le concours des
fournisseurs d’accès pour la rétention et donc la communication des données d’accès à
peine acquis92, pourrait déjà ne plus être d’un grand secours …
Une base juridique adéquate fait parfois défaut lorsque les autorités judiciaires souhaitent
procéder à la saisie des données elles-mêmes, indépendamment de leur support.
Une deuxième difficulté est celle de la disponibilité de mesures adaptées à la lutte contre
ce type particulier de criminalité qu’est la cybercriminalité.
2. Ces constats font apparaître de manière évidente la nécessité d’intensifier la coopération

internationale dans le domaine de la lutte contre la cybercriminalité.
3. La présence des participants à la conférence permettant de penser qu’ils partagent avec

leur Etat d’origine, au moins sur le principe, ce point de vue, je ne m’y attarderai pas
d’avantage. Je vais plutôt envisager ce qui peut être entrepris pour mettre sur pied, inten-
sifier et optimaliser cette coopération.
La première partie de mon exposé évoquera la nécessité d’une harmonisation des dispositions
pénales formelles et des techniques. La deuxième partie, les différentes solutions convention-
nelles qui sont à la disposition des Etats ou qui peuvent servir de source d’inspiration. Seront en-
suite mentionnés quelques exemples réussis de coopération internationale en matière de lutte
92 Cf. à cet égard la directive 2006/24/CE du Parlement européen et du Conseil du 15 mars 2006 sur la conservation de
données générées ou traitées dans le cadre de la fourniture de services de communications électroniques accessibles
au public ou de réseaux publics de communications qui oblige les fournisseurs d’accès à stocker les données de trafic et
de localisation pendant une durée supérieure à 6 mois (en Belgique, cette durée est de 12 mois au minimum).
86
contre la cybercriminalité. Je terminerai en attirant l’attention sur les dérives possibles d’une
coopération internationale intensifiée et sur l’importance du respect des droits fondamentaux
des individus.
II. Nécessité d’une harmonisation

2.1. Harmonisation juridique
4. Au niveau international, les questions de procédure pénale liées aux technologies de
l’information et de la communication ont seulement été soumises à une réflexion appro-
fondie depuis les années 90. Il n’est dès lors pas étonnant que bon nombre d’Etats ne
disposent pas encore d’une réglementation globale dans ce domaine.
5. Une harmonisation des règles matérielles est fondamentale et urgente afin d’éviter que
ne se développent des « paradis numériques ».
Onel de Guzman, auteur présumé du virus « I Love You », a été relâché et les poursuites enga-
gées par l’Etat philippin contre ce dernier ont été abandonnées car le droit philippin de l’époque
n’incriminait pas ces faits ....
6. Cette même harmonisation forme également la base indispensable pour fonder une coo-
pération internationale efficace.
En effet, si des lois procédurales et matérielles similaires existent, la coopération se déroule

automatiquement plus aisément, même s’il est évidemment souhaitable de prendre d’autres
mesures pour faciliter la façon dont cette coopération se réalise.
La condition de la double incrimination sert de fondement juridique à un refus d’entraide, lorsque

les faits à l’origine de la demande de l’Etat requérant ne sont pas réprimés par le droit pénal de
l’Etat requis93. Il est donc important d’harmoniser les incriminations si l’on veut éviter ceci.
7. D’un point de vue pratique, cette harmonisation pourrait être réalisée par l’adhésion aux
conventions existantes :
a. Il s’agit d’abord de la Convention de Budapest contre la cybercriminalité94.

Cette convention du Conseil de l’Europe, premier instrument de droit international con-
ventionnel contraignant spécifiquement élaboré pour lutter contre la criminalité informa-
tique, est ouverte à la signature aux Etats non-membres, ainsi les Etats-Unis ont été parmi
les premiers à ratifier cette convention. Une réforme visant à combattre la criminalité
93 Article 2 (b) de la convention du 20 avril 1959 et de la convention du 23 novembre 2001 – cf. infra les réf.
94 Signée le 23 novembre 2001, disponible en arabe sur le site : http://www.coe.int/t/dg1/legalcooperation/economi -
crime/cybercrime/Documents/Convention%20and%20protocol/ETS%20185%20Arab%20_Jan%2008_en.pdf.
87
informatique, fondées sur les lignes directrices de la Convention, est d’ailleurs en cours en
Egypte, l’un des pays pilotes du Programme sur le « Renforcement de l’Etat de droit dans
les pays arabes – Projet de modernisation des ministères publics ».

Le but premier de cette convention est d’intensifier la coopération entre les parties à la
convention et dans cette optique, elle vise à la fois à :
 harmoniser les éléments des infractions ayant trait au droit pénal matériel na-
tional en matière de cybercriminalité, que ce soit les infractions contre la confi-
dentialité, l’intégrité et la disponibilité des données et systèmes informatiques, la
falsification et la fraude informatique, les infractions se rapportant à la pornogra-
phie enfantine ou les infractions liées aux atteintes à la propriété intellectuelle et
aux droits connexes.
 fournir au droit pénal procédural national les pouvoirs nécessaires à l’instruction

et à la poursuite d’infractions de ce type ainsi que d’autres infractions commises
au moyen d’un système informatique ou dans le cadre desquelles des preuves
existent sous forme électronique,
 mettre en place un régime rapide et efficace de coopération internationale qui

sera envisagé ci-après.

Cette convention est complétée par un protocole additionnel relatif à l’incrimination d’actes
de nature raciste et xénophobe, commis par le biais de systèmes informatiques95.
A l’issue de la conférence régionale des pays arabes sur la cybercriminalité qui s’est
tenue au Caire, les 26 et 27 novembre 2007, une déclaration a été adoptée96. Elle re-
commande, comme la conférence régionale qui s’est tenue à Casablanca les 19 et 20
juin 2007 et durant laquelle la présente contribution a été exposée97, aux pays arabes de
se servir de la Convention sur la Cybercriminalité comme de modèle pouvant les aider à
élaborer la législation nationale dans le domaine de la cybercriminalité.
b. L’accord ADPIC98 fait obligation aux Etats membres de prévoir des sanctions pénales à
l’encontre des actes délibérés de contrefaçon de marques ou de piratage commis à une
95 Signé à Strasbourg le 28 janvier 2003, disponible en arabe sur le site : http://www.coe.int/t/dg1/legalcooperation/

economiccrime/cybercrime/Documents/Convention%20and%20protocol/ETS%20189%20Arab%20_Jan%2008_
en.pdf
96 La recommandation est disponible en arabe sur le site : http://www.coe.int/t/dg1/legalcooperation/economiccrime/
cybercrime/cy%20activity%20Cairo/CairoDeclarationAgainstCC2007_Arabic.pdf
97 La recommandation est disponible en arabe sur le site : http://www.arab-niaba.org/publications/crime/casablanca/
recommendations-a.pdf
98 Article 61, Accord sur les aspects des droits de propriété intellectuelle qui touche au commerce TRIPS/ADPIC, fait à
Marrakech le 15 avril 1994.
88
échelle commerciale. Internet est évidemment un terrain de prédilection de ce type de
comportements99.
c. Au niveau de l’Union européenne, la transposition de l’accord a été entamée par la direc-

tive du 29 avril 2004, relative aux mesures et procédures visant à assurer le respect des
droits de propriété intellectuelle, qui a obligé les États membres à prévoir les procédures
nécessaires pour assurer le respect des droits de propriété intellectuelle et appliquer des
mesures appropriées contre les auteurs de contrefaçon et de piratage100. Ces mesures
et procédures doivent être suffisamment dissuasives pour éviter la création d’obstacles
au commerce légitime et offrir des sauvegardes contre leur usage abusif.
Pour permettre aux mécanismes de coopération, basés en général sur le principe de

double incrimination, de fonctionner de manière satisfaisante, il est indispensable que les
différents Etats aient une législation pénale comparable.
L’Union européenne a ainsi estimé que ses Membres doivent avoir une approche com-
mune minimale de la contrefaçon et de la piraterie101. Il n’existe en effet à ce jour aucune
norme pénale commune pouvant servir de base à la lutte contre les atteintes à la pro-
priété intellectuelle au sein de l’Union.
La Commission a donc proposé l’adoption d’une directive du Parlement européen et du

Conseil relative aux mesures pénales visant à assurer le respect des droits de propriété
intellectuelle102, afin d’y intégrer une harmonisation du niveau minimum des sanctions
pénales à l’encontre des atteintes à la propriété intellectuelle103.
On citera également une décision-cadre du Conseil 2005/222/JAI du 24 février 2005

relative aux attaques contre les systèmes d’information104 harmonise les infractions, fixe
les pénalités, affirme la responsabilité pénale des personnes morales.
99 Une conférence régionale de POGAR sur la criminalité en matière de propriété intellectuelle se tiendra au royaume du
Barhain du 13 au 14 avril 2008 sur cette matière, http://arab-niaba.org.
100 Directive 2004/48/CE du Parlement européen et du Conseil, du 29 avril 2004, relative aux mesures et procédures
visant à assurer le respect des droits de propriété intellectuelle, disponible sur le site : http://eur-lex.europa.eu/smart-
api/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=fr&type_doc=Directive&an_doc=2004&nu_doc=48.
101 Document de travail de la Commission - Annexe à la Proposition de décision Cadre du Conseil visant le renforcement du
cadre pénal pour la répression des atteintes à la propriété intellectuelle - Évaluation d>impact approfondie {COM(2005)
276 final}, disponible sur le site http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52005SC0848:FR:NO
T.
102 Proposition de directive du Parlement européen et du Conseil du 12 juillet 2005, relative aux mesures pénales visant à
assurer le respect des droits de propriété intellectuelle (2005/0127), disponible sur le site : http://europa.eu.int/eur-
lex/lex/LexUriServ/site/fr/com/2005/com2005_0276fr01.pdf.
103 Proposition modifiée de Directive du Parlement européen et du Conseil relative aux mesures pénales visant à assurer
le respect des droits de propriété intellectuelle (COM/2006/0168 - COD 2005/0127), disponible sur le site : http://
eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52006PC0168:FR:NOT.
104 Décision-cadre 2005/222/JAI du Conseil, du 24 février 2005, relative aux attaques visant les systèmes d’information,
J.O.C.E., 16 mars 2005, L69.
89
Enfin, la décision-cadre du Conseil du 22 décembre 2003 relative à la lutte contre
l’exploitation sexuelle des enfants et la pédopornographie105 tente d’harmoniser les in-
criminations en la matière.
2.2. Harmonisation technique

8. L’article 25.3 de la convention de Budapest impose, à raison, que les demandes d’entraide
ou les communications s’y rapportant « passent par des moyens offrant des conditions
suffisantes de sécurité et d’authentification (y compris le cryptage si nécessaire) » 106.
Cela n’est malheureusement pas si simple. Contrairement à la signature électronique,

l’expéditeur du message est dépendant de son correspondant et de sa possession d’une
clé de chiffrement. Par ailleurs, quel algorithme choisir ? La police belge utilise « PGP »
mais d’autres utilisent des algorithmes différents …
III. Droit international conventionnel en matière de coopération

9. La coopération entre les services de répression de différents États peut se dérouler aussi
bien par le recours aux dispositifs et structures d’entraide judiciaire tels qu’Interpol, que
par la fourniture directe aux autorités d’un autre État des informations pouvant leur être
utiles. C’est notamment le cas de la Belgique qui a signé mais pas encore ratifié la conven-
tion de Budapest (pour des raisons techniques et d’instabilité de la politique intérieure).
En règle générale, la coopération internationale entre les services de police suppose le

consentement préalable des autorités des États intéressés. Suivant les relations entre
les États, la nature des informations en question ou d’autres facteurs, elle peut aussi
requérir la conclusion d’un accord international précisant les services participants et les
procédures à appliquer.
10. Interpol107, qui œuvre dans le domaine de la coopération policière, a été la première or-
ganisation internationale à organiser une structure d’assistance mutuelle.
Interpol regroupe actuellement environ 186 Etats, dont les pays pilotes du Programme
que sont l’Egypte, la Jordanie, le Liban, le Maroc et le Yémen.
11. Interpol a mis sur pied une structure de coopération particulière : le « National Central
Reference Point System » (NCRP). Dans chaque Etat membre d’Interpol qui en fait partie
(111 à l’heure actuelle), un bureau central national est le point de contact pour les admin-
105 Décision-cadre 2004/68/JAI du Conseil du 22 décembre 2003 relative à la lutte contre l>exploitation sexuelle des e -
fants et la pédopornographie, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004F0068:FR:NOT
106 http://conventions.coe.int/Treaty/fr/Treaties/Html/185.htm.
107 http://www.interpol.int; http://www.interpol.int/Public/TechnologyCrime/default.asp
90
istrations étrangères aux prises avec des enquêtes menées hors territoire.
La coopération au sein de ce réseau est fondée sur les mêmes principes qui s’appliquent
en général à la coopération dans le cadre d’Interpol. Cela signifie que les mesures impli-
quant le recours à des moyens de coercition (dans le but, par exemple, de préserver des
preuves) ne sont normalement pas traitées par ce canal.
12. Une difficulté semble résider dans le fait que les Etats-Unis utilisent peu Interpol, lui pré-
férant les rapports bilatéraux …
Ce réseau présente, en outre, la difficulté complémentaire de ne pas être spécialisé et

d’être parfois décevant : le point de contact belge nous ayant par exemple indiqué avoir
une fois contacté le point de contact italien et être tombé sur quelqu’un qui ne parlait
qu’italien ….
13. Le G8 s’est le premier penché sur la problématique de la coopération internationale

dans la lutte contre la cybercriminalité.
A l’occasion d’une réunion qui s’est tenue à Washington DC les 9 et 10 décembre 1997108,
les ministres de la justice et des affaires intérieures du G8 ont adopté les principes fon-
dateurs d’un réseau de points de contact nationaux. À ces principes a été ajouté un plan
d’action pour la mise en place d’un réseau et un compte-rendu des engagements pris par
chaque État adhérant au réseau.
Le réseau a été mis en place, sur base du modèle Interpol, pendant la période allant de
1998 à 2000 et les efforts se poursuivent pour accroître le nombre de pays participants
(le réseau comporte actuellement plus de 50 membres).
14. Ce réseau de points de contact se distinguait du NCRP d’Interpol par le fait que cette
structure est capable de répondre 24h/24 et 7j/7 aux demandes d’aide qui lui sont
adressées. Il s’agit donc d’une structure remarquable par sa rapidité de réponse.

Il est toutefois tout à fait réalisable de rendre opérationnels vingt-quatre heures sur vingt-
quatre les points de contact qui font partie du réseau d’Interpol. Par une recommandation
du 25 juin 2001, le Conseil de l’Union européenne a d’ailleurs incité les pays qui n’étaient
pas membres du G8 à adhérer à ce réseau109.
108 http://www.coe.int/t/dg1/legalcooperation/economiccrime/cybercrime/Documents/Points%20of%20
Contact/24%208%20Communique_en.pdf
109 Recommandation du Conseil du 25 juin 2001, concernant les points de contact assurant un service vingt-quatre heures
sur vingt-quatre pour lutter contre la criminalité liée à la haute technologie (2001/C187/02), J.O.C.E., 03.07.2001.
91
Un autre avantage non négligeable est le fait que ces points de contact sont spécialisés
en matière d’enquêtes informatiques et capable d’initier les procédures nécessaires pour
préserver et obtenir une preuve informatique.
L’idée fondamentale qui sous-tend la création du réseau du G8 est qu’il y a lieu de traiter
rapidement et de manière hautement qualifiée les différents types de criminalité liée à la
haute technologie. L’accent est mis sur la préservation des preuves dans des milieux où
les informations peuvent se perdre ou être détruites rapidement.
Le réseau d’information du G8 est ouvert aux adhésions des pays non-membres.
En faire partie présente l’avantage d’être tenu informé des ordres du jour et décisions
d’un club d’happy few.
15. La Convention des Nations Unies contre la criminalité transnationale organisée110, signée
à Palerme en 2000, a pour but premier de promouvoir la coopération entre les Etats.
Elle trouve donc notamment à s’appliquer dans le cadre de la lutte contre la cybercrimi-
nalité.
Elle prévoit des modalités de coopération internationale, en matière d’entraide judiciaire

ainsi qu’en matière de confiscation, et invite les Etats à conclure d’autres accords afin de
renforcer cette coopération.
16. La résolution de l’Assemblée générale des Nations Unies relative à la lutte contre
l’exploitation des technologies de l’information à des fins criminelles111 exhorte les Etats
membres à coordonner l’action de leurs services de répression, à échanger des infor-
mations concernant les problèmes qu’ils rencontrent dans la lutte contre l’exploitation
des technologies de l’information à des fins criminelles. Elle poursuit en constatant que
les régimes d’entraide judiciaire devraient permettre d’ouvrir rapidement une enquête
sur les affaires d’exploitation des technologies de l’information à des fins criminelles et
de rassembler et échanger rapidement les éléments de preuve relatifs à ces affaires.
L’Assemblée générale a réaffirmé l’importance de ces principes dans une résolution
adoptée l’année suivante112.
110 Disponible sur le site : htttp://www.uncjin.org/Documents/Conventions/dcatoc/final_documents_2/convention_

french.pdf.
111 Résolution 55/63 de l’Assemblée générale des nations Unies, adoptée le 4 décembre 2000, disponible sur le site :
http://www.cybersecuritycooperation.org/moredocuments/International%20Agreements/55-63%20French.pdf.
112 Résolution 56/121 de l’Assemblée générale des Nations Unies relative à la lutte contre l’exploitation des technologies
de l’information à des fins criminelles, adoptée le 19 décembre 2001, disponible sur le site http://www.unodc.org/pdf/
crime/a_res_56/121f.pdf.
92
17. L’Agenda de Tunis113, pris lors du Sommet mondial sur la société de l’information, sous
l’égide des Nations-Unies, a souligné « combien il est important de poursuivre les auteurs
de cyberdélits, y compris ceux commis dans un pays mais dont les conséquences sont
ressenties dans un autre pays. Nous insistons en outre sur la nécessité de disposer
d’instruments et de mécanismes efficaces, aux niveaux national et international, pour pro-
mouvoir la coopération internationale notamment entre les services de police et de justice
dans le domaine de la cybercriminalité. Nous exhortons les Etats à élaborer, en collabora-
tion avec les autres parties prenantes, la législation nécessaire permettant d’enquêter
sur la cybercriminalité et de poursuivre en justice les auteurs de cyberdélits, en tenant
compte des cadres existants » 114.
18. La Convention de Budapest contre la cybercriminalité, comme nous venons de le voir,

contient des dispositions spécifiques pour développer la coopération internationale.
Elle prévoit les modalités de l’extradition, de l’entraide, qui doit être la plus large possible, et
va jusqu’à l’information spontanée.
19. Le mécanisme d’entraide en matière de mesures provisoires qu’elle contient va per-

mettre de résoudre en grande partie des difficultés que nous dénoncions. En effet, une
Partie peut demander à une autre Partie d’ordonner ou d’imposer d’une autre façon la
conservation rapide de données stockées au moyen d’un système informatique se trou-
vant sur le territoire de cette autre Partie, et au sujet desquelles la Partie requérante a
l’intention de soumettre une demande d’entraide en vue de la perquisition ou de l’accès
par un moyen similaire, de la saisie ou de l’obtention par un moyen similaire, ou de la div-
ulgation desdites données.
Cette disposition est évidemment capitale, car elle rend plus acceptable le long délai de
mise en place nécessaire aux commissions rogatoires.
20. L’accès transfrontière à des données stockées est par ailleurs facilité puisqu’une Partie
peut, sans l’autorisation d’une autre Partie :
a. accéder à des données informatiques stockées accessibles au public (source ou-
verte), quelle que soit la localisation géographique de ces données; ou
b. accéder à, ou recevoir au moyen d’un système informatique situé sur son territoire,
des données informatiques stockées situées dans un autre État, si la Partie obtient
le consentement légal et volontaire de la personne légalement autorisée à lui di-
vulguer ces données au moyen de ce système informatique.
113 Agenda de Tunis, adopté le 15 novembre 2005, disponible sur le site : http://portal.unesco.org/ci/fr/
files/20687/11327544873tunis_agenda_fr.pdf/tunis_agenda_fr.pdf.
114 Agenda de Tunis, adopté le 15 novembre 2005, point 40, disponible sur le site : http://portal.unesco.org/ci/fr/
93
21. La loi belge du 28 novembre 2000 sur la criminalité informatique115 a franchi un pas de
plus en permettant, dans des hypothèses limitées, de réaliser des perquisitions informa-
tiques s’étendant à l’étranger, moyennant seule information a posteriori des autorités
étrangères (Art. 88 ter CIC).
Cette loi ne vise aucunement à octroyer unilatéralement la compétence aux instances ju-
diciaires afin qu’elles se procurent un accès illimité aux données enregistrées à l’étranger.
Même si le droit public international ne donne, à l’heure actuelle, aucune interprétation
précise quant à l’importance que peut avoir le concept de souveraineté dans le « cyber-
espace », les principes de droit public international sont conservés dans leur intégralité.
Aucune compétence visant à violer intentionnellement la souveraineté d’un autre État n’a
été créée.
Cette loi s’applique aux recherches effectuées dans un système informatique au cours
desquelles les enquêteurs aboutissent à des données stockées à l’étranger. Il est possible
que les enquêteurs ignorent l’origine étrangère de ces données ou encore qu’ils ne par-
viennent pas à en localiser l’origine avec exactitude. La loi belge décide que l’importance
de la vérité dans des cas de grande criminalité justifie que de telles recherches soient
menées à l’étranger exceptionnellement.
Lorsque les données concernées se trouvent hors de Belgique, celles-ci ne peuvent être
que copiées et non bloquées, la seule finalité de cette compétence extraordinaire étant
d’empêcher la disparition d’éléments de preuve.
Lorsque l’origine des données peut raisonnablement être déterminée, l’Etat étranger con-
cerné doit alors être informé par le ministère de la Justice, afin de lui permettre de vérifier
si une infraction a été commise ou non.
Le but de cette loi belge est donc de permettre l’utilisation en justice de données recueil-
lies à l’étranger par hasard ou involontairement. En effet, le bien-fondé de l’action pénale
menée par les autorités ne peut en principe pas être mis en doute et il n’y a donc aucune
raison d’exclure a priori les données recueillies de la sorte comme éléments de preuve.
Cette loi exige toutefois que plusieurs conditions soient réunies pour permettre cette
extension :
 elle doit être nécessaire,
 elle ne peut être mise en œuvre que dans le cadre d’une affaire déjà en phase
d’instruction,
 la mise en place d’autres mesures plus habituelles serait disproportionnée,
 ou il existe un risque que, sans cette extension, des éléments de preuve soient
perdus,
115 M.B., 3 février 2001, http://www.moniteur.be.
94
 elle ne peut pas dépasser les niveaux d’accès préalablement définis.
Une controverse existe quant à l’admissibilité de ce type de législation nationale116.
Selon un premier point de vue, le droit international n’interdit pas ce type d’opération,
car les données sont techniquement accessibles et disponibles à partir de l’État effectu-
ant la recherche, sans l’aide ni l’intervention de l’État où la recherche a lieu. Du fait que
les données présentes n’importe où sur un réseau peuvent être considérées comme
ubiquitaires, le fait d’y accéder à partir de l’État où elles ne se trouvent pas effectivement
serait une question de droit purement interne et non de droit international. De ce point
de vue, il ne serait nécessaire de faire intervenir l’État visé par la recherche à aucun mo-
ment. La question de savoir dans quelle mesure des données sont ou non ubiquitaires
(par exemple, quand des personnes effectuant des recherches doivent user de différents
moyens pour télécharger les données d’un État à un autre) n’est pas encore clairement
résolue dans le droit international.
Dans l’autre thèse, selon laquelle toute ingérence dans un réseau informatique situé sur
le territoire d’un autre État constitue une violation de la souveraineté territoriale de cet
État, deux positions méritent d’être examinées.
L’une veut que les États ne devraient pas être autorisés à rechercher ou à copier des
données ni à s’ingérer de toute autre manière dans des systèmes informatiques situés
dans un autre État unilatéralement, tout comme il ne serait pas permis qu’ils le fassent
en étant physiquement et unilatéralement présents dans cet État. Pour obtenir des élé-
ments de preuve auprès d’un autre État, on devrait suivre les procédures d’entraide judi-
ciaire en place. Cette position est certes conforme aux principes traditionnels, mais elle
ne tient peut-être pas compte des difficultés pratiques que posent les enquêtes sur les
délits informatiques. Sans doute, les mécanismes de coopération et d’entraide judiciaire
et policière renforcés mis en place par le Conseil de l’Europe et par l’Union européenne
permettent toutefois d’espérer une meilleure efficacité des recherches, plus appropriée
aux risques nouveaux créés par un cyberespace sans frontières.

Pour la seconde, plus pragmatique, le droit international ne fournit actuellement aucune
réponse claire aux questions de violation de la législation nationale ou de la souveraineté
nationale. Ses partisans estiment que le droit international en la matière pourrait être
développé en décidant d’un commun accord au niveau international d’autoriser ces ac-
tivités en définissant clairement dans quelles conditions les autoriser. Cette solution
116 Dixième Congrès des Nations Unies pour la prévention du crime et le traitement des délinquants Vienne, 10-17 av -
il 2000, Document de base pour l’Atelier consacré au thème “Délits liés à l’utilisation du réseau informatique”, A/
CONF.187/10, disponible sur le site http://www.uncjin.org/Documents/congr10/10f.pdf. Le Conseil d’Etat belge
avait par ailleurs exprimé de sérieux doutes sur la légalité de cette perquisition transfrontière jugée contraire au principe
de la souveraineté nationale.
95
prévoirait en particulier l’envoi d’une notification à l’État faisant l’objet de la recherche.
Il est, en tout Etat de cause, indubitable que les recherches effectuées de la sorte en
dehors des frontières doivent rester exceptionnelles. Si le temps et les connaissances le
permettent, et à défaut de solutions alternatives adéquates sur le plan juridique à l’heure
actuelle, il convient de suivre la procédure classique des commissions rogatoires interna-
tionales.
22. Aux termes de l’article 35 de la Convention de Budapest, chaque Partie désigne un point
de contact joignable 24h/24 et 7j/7, afin d’assurer la fourniture d’une assistance im-
médiate pour des investigations concernant les infractions pénales liées à des systèmes
et données informatiques ou pour recueillir les preuves sous forme électronique d’une
infraction pénale.
Chaque Partie fera en sorte de disposer d’un personnel formé et équipé en vue de faciliter
le fonctionnement du réseau.
Le futur point de contact belge insiste sur le fait qu’il ne suffit pas d’avoir une police for-
mée, il faut encore que les magistrats le soient. Aussi, la Federal Computer Crime Unit
participe-t-elle à la formation technique initiale et continuée des magistrats belges.
Cet article 35 est basé sur l’expérience du sous-groupe du G8 sur le crime de pointe qui
a établi un réseau de tels points de contact, comme mentionné ci-dessus.
A fin d’éviter une prolifération des réseaux, il a été convenu que les points de contact du G8
et ceux établis sous la convention sur la cybercriminalité soient fusionnés dans un annu-
aire simple des points de contact qui seront maintenus par le sous-groupe du G8 sur le
crime de pointe et le Conseil de l’Europe.
Cet annuaire est limité à l’utilisation des buts de police.
23. D’autres instruments du Conseil de l’Europe, relevants en matière de coopération inter-

nationale en matière pénale en général, sont également ouverts aux signatures des Etats
non-membres : la convention européenne d’entraide judiciaire en matière pénale117 et ses
deux protocoles additionnels118, ainsi que la convention européenne d’extradition119.
117 Signée à Strasbourg le 20 avril 1959, disponible sur le site http://conventions.coe.int/Treaty/fr/Treaties/Html/030.

htm
118 Protocole additionnel à la convention européenne d’entraide judiciaire en matière pénale, signé à Strasbourg le 17 mars
1978, disponible sur le site : http://conventions.coe.int/treaty/fr/Treaties/Html/099.htm, et deuxième protocole ad-
ditionnel à la convention européenne judiciaire d’entraide en matière pénale, signé à Strasbourg le 8 novembre 2001,
disponible sur le site : http://conventions.coe.int/Treaty/FR/Treaties/Html/182.htm
119 Signée à Paris le 13 décembre 1957, disponible sur le site : http://conventions.coe.int/Treaty/fr/Treaties/Html/024.htm
96
24. Pour le cadre de l’Union européenne, de nombreuses avancées ont été réalisées. Elles
peuvent servir de source d’inspiration à d’autres initiatives internationales :
Une décision du Conseil incite les Etats membres à intensifier et optimiser la coo-
pération policière internationale en vue de la lutte contre la pédopornographie sur
internet120.
Conseil relative aux attaques visant les systèmes d’information 121, déjà citée, étend
les compétences des juridictions de chaque Etat membre, en particulier même lor-
sque l’infraction est commise à partir d’un site situé en dehors du territoire ou vise
un système localisé sur le territoire national. Enfin, la décision précise les devoirs
de coopération des autorités policières et judiciaires en la matière et prévoit égale-
ment la création de points de contact accessibles 24h/24 et 7j/7 en vue de lutter
contre les attaques visant les systèmes d’information.
Une convention relative à l’entraide judiciaire en matière pénale entre les Etats
membres de l’Union européenne a également été prise122.
Une proposition de décision-cadre123 vise également à renverser les règles actuelles

en matière de transmission de données, en introduisant le principe de « disponibili-
té ». Selon ce principe, un Etat membre devra accéder à une demande d’information
formulée par un autre Etat, à moins que l’on ne se trouve dans le cadre de l’une des
exceptions.
Les ministres européens de la Justice se sont mis d’accord le 13 juin 2007 à Lux-
embourg124 pour mettre en commun le contenu de leurs casiers judiciaires afin de
permettre un meilleur échange d’informations sur les condamnations prononcées
envers d’éventuels suspects.
Cette décision-cadre oblige tous les pays européens à communiquer le plus rapide-
ment possible à l’Etat membre concerné les condamnations qui auront été pronon-
cées envers un de ses nationaux.
120 Décision du Conseil du 29 mai 2000 relative à la lutte contre la pédopornographie sur l’Internet (2000/375/JAI),
J.O.C.E., 9 juin 2000, L138/1.
121 Décision-cadre 2005/222/JAI du Conseil, du 24 février 2005, relative aux attaques visant les systèmes d’information,
J.O.U.E., 16 mars 2005, L69.
122 Convention relative à l’entraide judiciaire en matière pénale entre les Etats membres de l’Union européenne, J.O.U.E., 12
juillet 2000, C 197.
123 Proposition de décision-cadre du Conseil du 12 octobre 2005 relative à l’échange d’informations en vertu du principe de
disponibilité, consultable sur le site http://eur-lex.europa.eu.
124 Proposition de décision-cadre du Conseil du 22 décembre 2005 relative à l’organisation et au contenu des échanges
d’informations extraites du casier judiciaire entre les Etats membres, http://eur-lex.europa.eu. Elle vise à remplacer la
décision 2005/876/JAI du Conseil du 21 novembre 2005 relative à l’échange d’informations extraites du casier judici-
aire, qui n’apportait qu’une réponse partielle aux dysfonctionnements en matière d’échange d’information.
97
IV. Exemples de coopération internationale :
25. De nombreux exemples couronnés de succès peuvent être mentionnés. Citons ainsi la
lutte contre la pédopornographie sur internet. Plusieurs opérations de polices coordon-
nées dans différents pays ont eu lieu ces dernières années, aboutissant à des arresta-
tions :
a. En avril 2005, l’opération Falcon, menée conjointement par le FBI, la police fédérale
américaine, Interpol et la police française, a permis de démanteler un réseau actif
dans plusieurs pays européens.
b. L’opération Icebreaker, menée par Europol le 14 juin 2005, a abouti à une vague
de perquisitions dans treize pays européens (Autriche, Belgique, France, Allemagne,
Hongrie, Islande, Italie, Pays-Bas, Pologne, Portugal, Slovaquie, Suède, Grande-
Bretagne), avec des arrestations en France, Belgique, Hongrie, Islande et Suède.
c. L’opération Odysseus, réalisée le 26 février 2004 à l’initiative d’Europol, a engendré

des actions policières dans 10 pays (Australie, Belgique, Canada, Allemagne, Pays-
Bas, Norvège, Pérou, Espagne, Suède, Royaume-Uni).
V. Droits fondamentaux
26. Tous ces efforts pour renforcer la coopération internationale en matière de lutte contre
la criminalité ne doivent pas engendrer de dérives sécuritaires, mettant en péril des ac-
quis aussi précieux que la liberté d’expression et le droit au respect de la vie privée. Selon
la belle formule de Benjamin FRANKLIN, « ceux qui abandonnent une liberté essentielle
pour obtenir une sécurité temporaire minime ne méritent ni liberté ni sécurité »125.
En d’autres termes, il doit être tenu compte du principe de proportionnalité, par rapport à
la nature et aux circonstances de l’infraction. Des standards communs ou des garanties
minimums doivent également être prévues.
27. Cette préoccupation est rappelée dans de nombreux instruments internationaux :
a. L’Agenda de Tunis126, pris lors du Sommet mondial sur la société de l’information,

sous l’égide des Nations Unies, rappelle l’importance du respect des libertés fonda-
mentales : « les mesures prises pour garantir la stabilité et la sécurité de l’Internet
et pour lutter contre la cybercriminalité et le spam doivent respecter la vie privée et
la liberté d’expression, conformément aux dispositions qui figurent dans les parties
pertinentes de la Déclaration universelle des droits de l’homme et de la Déclaration
125 Benjamin FRANKLIN, Historical Review of Pennsylvania, 1759.

126 Agenda de Tunis, adopté le 15 novembre 2005, disponible sur le site : http://portal.unesco.org/ci/fr/
98
de principes de Genève »127.
b. La Convention de Budapest, dans son préambule et son article 15, rappelle qu’il
faut garder à l’esprit la nécessité de garantir un équilibre adéquat entre les intérêts
de l’action répressive et le respect des droits de l’homme fondamentaux garantis,
entre autres, par le pacte international de 1966 relatif aux droits civils et politiques
des Nations-Unies.
c. Un bon exemple de compromis entre l’efficacité de l’action policière et le respect

des droits fondamentaux peut être trouvé dans le Système d’information Schengen
(SIS).
Le SIS, réseau informatique composé d’une section centrale à Strasbourg et de

sections nationales dans chacun des Etats Schengen, est une vaste banque de don-
nées dans laquelle sont intégrées les coordonnées des personnes dont l’extradition
est demandée ou auxquelles l’accès à un territoire est interdit ou qui sont déclarées
disparues ou qui sont recherchées, à quelque titre que ce soit, dans le cadre d’une
procédure judiciaire, ces informations étant fournies par les autorités policières
et judiciaires de chaque pays. Le SIS ne peut être interrogé que lors de contrôles
frontaliers, de police et de douanes, délivrance de visa ou de titres de séjour128.
Lors de la mise en place de ce système, les dérives possibles n’ont pas échappé au législa-
teur européen, qui a intégré à la Convention instaurant le SIS l’obligation pour les Etats qui
y adhéraient de garantir dans leur droit national la protection des données à caractère
personnel129. Un seuil minimal de protection a été imposé, celui de la Convention du Con-
seil de l’Europe du 28 janvier 1981 pour la protection des personnes à l’égard du traite-
ment automatisé des données à caractère personnel.
Mieux, une autorité de contrôle commune a été chargée du contrôle de la fonction de

support technique du Système d’information Schengen. Le contrôle est exercé conformé-
ment aux dispositions de la présente Convention, de la Convention du Conseil de l’Europe
du 28 janvier 1981 pour la protection des personnes à l’égard du traitement automatisé
des données à caractère personnel en tenant compte de la Recommandation R(87) 15
du 17 septembre 1987 du Comité des Ministres du Conseil de l’Europe visant à régle-
menter l’utilisation des données à caractère personnel dans le secteur de la po1ice et
127 Agenda de Tunis, point 42.

128 Suite à l’élargissement de l’UE à 10 nouveaux Etats membres en 2004, un nouveau système d’informations Schengen
(SIS II) est actuellement en cours de développement. Il est question que ce système de 2e génération comprenne des
données biométriques (photographies et empreintes digitales) et permette la mise en relation de signalements.
129 Articles 12, 115, 117, 126 Convention d’application de l’Accord de Schengen du 14 juin 1985, conclue le 19 juin 1990,
entre les gouvernements des États de l’Union économique Benelux, de la République fédérale d’Allemagne et de la Répub-
lique française relatif à la suppression graduelle des contrôles aux frontières communes.
99
conformément au droit national de la Partie Contractante responsable de la fonction de
support technique. L’autorité de contrôle commune est également compétente pour anal-
yser les difficultés d’application ou d’interprétation pouvant survenir lors de l’exploitation
du Système d’Information Schengen, pour étudier les difficultés pouvant se poser lors de
l’exercice du contrôle indépendant effectué par les autorités de contrôle nationales des
Parties Contractantes ou à l’occasion de l’exercice du droit d’accès au système, ainsi que
pour élaborer des propositions harmonisées en vue de trouver des solutions communes
aux problèmes existants.
28. Cela étant, le respect des droits fondamentaux de la personne ne doit pas seulement
être envisagé dans le chef des personnes poursuivies. En effet, par exemple, le droit à la
dignité de la victime de pédopornographie s’oppose à ce que des images où elle figure
soient inutilement visionnées, fût-ce par les autorités policières. Différentes initiatives ont
donc été prises dans ce domaine :
a. Le Child Exploitation Tracking System (CETS), système informatique mis au point par
Microsoft et la police canadienne, facilite la lutte contre la pédopornographie en per-
mettant de recouper les informations détenues par les services de police, qui sont
souvent noyées dans la masse. Le CETS est une base de données sécurisée, capable
de fonctionner avec divers systèmes d’exploitation et utilisant des normes ouvertes.
Ce système, désormais également utilisé par l’Italie, permet par exemple de vérifier
si une image a déjà été signalée comme ayant un contenu pédopornographique, sur
simple base de ses caractéristiques (nombre de pixels etc.) sans qu’il ne soit néces-
saire de la visionner, ce qui respecte la victime et rend plus efficace la recherche par
son automatisation.
b. Interpol a crée une Banque d’images d’Interpol sur les abus pédosexuels (BIIAP) aux
fonctionnalités similaires accessible à toutes les forces de l’ordre sur laquelle fig-
urent les enfants ayant été identifiés sur des sites pédopornographique. Cette base
de données fournit à la personne qui la consulte les informations quant à l’Etat dont
relève cet enfant et les coordonnées des services de police compétents, tout en
respectant son anonymat. Par ailleurs, une indication précieuse de l’âge de l’enfant
pourrait ainsi être trouvée afin d’établir un des éléments essentiels de l’infraction.
L’effectivité des poursuites et le respect de la dignité de l’enfant sont ainsi concil-
iés.
VI. Conclusions
29. On le voit, la coopération internationale s’impose, encore plus qu’auparavant, afin de lut-
ter contre la cybercriminalité et ses particularités.
Celle-ci passera par un travail préalable d’harmonisation des législations mais aussi des
technologies.
100
La technique des réseaux de points de contacts, disponibles à tout moment et spécialisés,
semble être une des voies les plus empruntées actuellement. Si on y ajoute le mécanisme
des mesures provisoires, on aboutit à une coopération internationale efficace, répondant
aux nouveaux défis que lance la cybercriminalité, sans déroger à la souveraineté territori-
ale des Etats.
L’accès transfrontière aux données est aussi une nécessité qui fera encore l’objet de dé-
bats juridiques passionnés et passionnants.
30. Nous devons néanmoins être prudents : certes la cybercriminalité doit être combattue
mais pas à n’importe quel prix, pas, en tout cas, au prix de nos libertés fondamentales :
tous les actes internationaux le rappellent.
101
The Importance of International Cooperation in Preventing Cybercrime
Mr. Tyner Russell
Introduction
By its very nature cyber crime is international. It is essential that countries assist each other in
the provision of evidence and that investigator and prosecutors are aware of the mechanisms
that exist to obtain such information. My aim is to demonstrate the importance of mutual legal
assistance in the investigation and prosecution of cyber crime and to highlight some of the prac-
tical steps that may help to ensure the request is effective.
Terminology
Mutual Legal Assistance (MLA)
Strictly speaking this term relates solely to formal methods of obtaining assistance from other
jurisdictions, however I also use the term to describe enquires between police officers outside
of or independent of a formal request.
Letter or Request or Commission Rogatoire (LOR)

The formal request transmitted between states usually pursuant to a bi or multi lateral interna-
tional convention or treaty but at least so far as the UK is concerned can be submitted where
no formal instrument exists.
Underpinning principles
MLA is predicated on mutual respect and understanding and on a willingness to commit re-
sources where there exists no or only a tenuous link to the jurisdiction.
Case study
OPERATION CATTERICK
Concerned the extortion of on line gambling companies between May and October 2004
A number of criminal groups were responsible, with individuals moving between groups.
The criminals would send a demand for money to a company threatening to execute a Distrib-
uted Denial of Service (DDOS) attack on their website if they failed to pay. A DDOS attack is
where many thousands or hundreds of thousands of computers from all over the world visit a
website at the same time, the effect of so many persons seeking to access the site causes the
site to crash.
The gang executed DDOS attacks in order to prove to the companies that they had the capabil-
ity.
The DDOS were executed using a BOTNET. This is a network of computers which have been
infected with a virus that allows the BOTNET controller to activate them and have them visit a
website at the same time. The owners of these infected, or Zombie computers are unaware of
102
the fact that their computer has been compromised.
57 companies were attacked worldwide 10 UK based companies who lost in excess of £30m
In addition to the effect on the websites themselves the amount of data being directed along a
section of the internet backbone came close to causing it to collapse
The investigation:
Note this is a very brief overview of what was and is a complex and long running investigation
Initially the investigations were initiated by UK and US law enforcement -
Police to Police enquires lead to Latvia and this was followed by an LOR
The Latvian police launched a covert surveillance operation, as a result 10 people arrested who
were suspected of being involved in money laundering, these couldn’t be extradited and a local
investigation with a view to prosecution was initiated –, that investigation is ongoing
A compromised computer was located and a copy of the malicious code taken from it .That led
to an Internet Relay Chat (IRC) channel, officers monitored those chat rooms and found that
botnet controller would enter the channel to launch his attack. Individuals in those channels
were identified.
Example .eXe
A person with the nickname eXe was using an IRC channel ##[eXe]## .He was seen to offer a
new version of attack software in one of the channels and this offer was accepted , from that
his IP address was found .He was also found on ICQ channels discussing hacking .
The IP address was in a range allocated to Balakovo in Russia.
In the channels eXe said he was 21 years old, male, named Ivan, he was Russian, a student of
French and engineering and that he had received payment for DDOS attacks.
It was also discovered that he used other nicknames;
~x3m1st
NASA
X890
x
Key
An e mail account with the name ~x3m1st@security-system.cc had registered a domain name
- security –system.cc using the details
Fizitheskoe lico
Makasakov Ivan
Balakovo
103
The malicious code also revealed a server located in the US which had been rented using a sto-
len credit card was used to host IRC chat rooms and to launch DDOS attacks.
The FBI in the USA seized the server .An IP address was recovered which had connected to the
server on a number of occasions. The IP range resolved to Balakovo Russia.
An examination of one of the infected machines revealed that it connected to ##[eXe]## and
logged real users in the channel. We knew they were real users because they were seen to is-
sue specific commands. One of these who logged on as
NASA!~x3m1st@as-dia058.balakovo.sans.ru (also known as eXe) was seen to launch an at-
tack, he issued the command “Logon” then “auto” then “!port commands”
The bots replied “port flood ip” at which they began to attack an online gaming company.
Letter of request to Russia.

LOR sent to Russian which initially met with little response. The aim of the request was to have
the Russians commence an investigation with a view to prosecution, it being quickly realised
that extradition would not be available.
Following a visit to UK by V Putin our foreign minister had a quiet word with him following which
Moscow police initiated an investigation of their own which became effectively a joint investiga-
tion ; if the suspects were Russian nationals they could not be extradited to UK so would have
to be prosecuted in Russia
Use of supplementary LORs

The Russian investigation was focused primarily on the perpetrators of the DDOS attacks .The
Russian Police and UK police worked closely together with a UK officer spending a considerable
amount of time in Russia
In June 2004 a number of arrests were made and computers seized.

In December 05 the trial commenced of 3 men in Moscow .A UK officer was a key witness The
trial process took 10 months and each was convicted of extortion and deploying a computer
virus and sentenced to 8 years which was recently upheld on appeal
Conclusion
We regard this operation as a partial success- The DDOS attacks against UK companies have
stopped – the UK is now regarded as a hard target and cyber criminals like any other criminal
looks for a soft target – what we have achieved is displacement – they are still engaged in this
activity in other parts of the world and have varied their tactics – i.e. hacking into the computers of
business encrypting their data and then making a demand for payment before de encrypting it.
104
MLA and Cybercrime: Keys to success.
• There is a clear need to secure commitment from all countries. We have found that you
achieve the best results when informal , police to police contact is made and followed up
with a formal request where and if required.
• The LOR’S need to be as detailed as possible identifying the precise enquires to be un-
dertaken and the format in which the evidence is required.
• Only make a formal request if you have to – it saves yours and everyone else’s time.
• If you make a formal request and no longer require the information let the county know
• Keep requests to a minimum and specify as precisely as you are able to what it is that
you want
• Establishing one to one contact reaps rewards events such as conferences or via Inter-
pol or Europol or pick up the phone (may need interpreter of course) but generally police
officers and lawyers speak the same technical language
• Consider carefully whether a police officer really needs to travel in connection with a
request. There are resource implications for the requesting state that may need to
provide a chaperone or interpreter but in a technical investigation the officer in the case
will be best placed to know what evidence is needed and can assist where suspects are
interviewed.
Security of Information
How do you ensure the confidentiality of your requests?

It will frequently be the case that to make a formal request for assistance you will have to include
in the letter sensitive information, which, if it fell into the wrong hands, could compromise the
investigation/prosecution or endanger someone’s life.
The prosecutor will need to be alive to the fact that not only the contents of a letter of request
but also the mere fact that an investigation is under way could be enough to alert a suspect.
When issuing a letter or request that will of necessity involve the inclusion of sensitive informa-
tion the prosecutor should advise the agent that the system for obtaining mutual legal assis-
tance is inherently insecure and, depending on the foreign state being requested, there is a risk
of unwanted disclosure.
Practical steps to protect sensitive information

• It may be possible for the police to obtain the evidence by way of mutual assistance, with-
out having to disclose the sensitive information.
• It may be that the letter can be drafted without having to disclose a piece of sensitive
information.
• Alternatively it may be possible to submit a vague (sometimes referred to as an ‘open’
105
letter) and to supply in addition another document (‘closed’ letter) or perhaps an oral
briefing.
• Some European jurisdictions for example have to disclose documents that are on their
open file but are able to withhold those on the closed file.
• The appropriate methodology should be discussed with the requested state in advance.
Practises differ and it is not possible to provide comprehensive guidance here.
• Does the treaty or convention help?
• In some cases it is possible to make a conditional request for assistance that is one that
is only being made if the requesting state is able to execute the request without disclos-
ing some or all of the information in the letter.
• Where there are concerns about sensitive information being disclosed, it is good prac-
tice to explain in the letter of request what they are and why you do not want the informa-
tion passed on to anyone not involved in the execution of the request.

Emergency situations need for speed
Does the LOR have to be transmitted via a central authority or can it be send direct to either a
court or prosecutor?
Again Informal methods first – locate your prosecutor or judge and let him know in advance
that it is coming .If no time can the local police use own investigative powers to seize or secure
evidence pending a formal request?
It’s all about finding ways and means
Other considerations
Should the defendant or suspect be notified of the enquires you are making or allowed to be
present when they are being made? Should they be alerted to sources of evidence that may be
transitory and which they may wish to explore in order to prepare their defense.
In the UK we have a well established system concerning the disclosure of material that though
not used by the prosecution should be disclosed to a defendant in order to ensure he has a fair
trial. Each case is different and procedures obviously differ between countries I raise it simply
as another matter that may need to be considered.
Prosecutor’s discretion to issue a letter of request

Prosecutors and investigators need to evaluate the benefit of a request for MLA to the case or
investigation. Formal international enquiries are expensive, for both the requested and request-
ing states
Factors to consider:
• The value to the case of the enquires
• Whether a prosecution can be justified in terms of the cost of a formal international
106
enquiry;
• The consequences of issuing a letter of request, e.g. whether it is worth risking the secu-
rity of a police operation by broadcasting sensitive information;
• Whether, realistically, there is time to obtain the evidence;
• Whether, realistically, there exists the prospect that the evidence can be obtained;
• Whether there would be a realistic prospect of conviction were the evidence to be ob-
tained;
• Whether it would be in the public interest to prosecute or continue with the prosecu-
tion;
• The likely admissibility of the requested evidence.
• Also don’t forget Open Source material there is a lot of material available on the Internet
that doesn’t need an LOR
107
Prevention measures and international cooperation to combat Cybercrime:
1- Introduction
One of the most serious challenges in fighting cybercrime is the international dimension. Com-
puter systems may be accessed in one country, computer data manipulated in another and the
consequences felt in a third country. Moreover, the evidence of the cybercrime may be stored
on a computer in a different country from where the criminal executed the act. A cybercriminal
can hide his identity and route materials over networks in different countries from different
continents before reaching the intended recipients.
The ability to move electronically from one network to another and access database on different
continents have the result that different sovereignties, jurisdictions, laws and rules are involved,
challenging the existing rules of international crime law and making an investigation very dif-
ficult.
Cybercrime is a transnational crime and effective fight against this phenomenon requires in-
creased, rapid and well-functioning international cooperation in criminal matters. Since inter-
national cooperation depends on countries’ legal systems, lack of legislation, for example, not
clearly defining computer offences in national law or not creating the mechanisms for investi-
gating computer crimes, inapplicability of seizure powers to intangibles, insufficient provisions
regarding extradition and mutual legal assistance will prevent that country to adequately re-
spond to an international cooperation request.
These are arguments for the necessity of having a common understanding of which conducts
in relation to computer systems and networks should be criminalized and which procedural law
provisions should be adopted by countries. Based on such provisions an efficient framework for
cooperation against cybercrime can be established at international level.
2- The Council of Europe Convention on Cybercrime (ETS 185)130

The Convention on Cybercrime of Council of Europe (ETS 185) provides such an instrument. It
has been developed by the Council of Europe in cooperation with Canada, Japan, South Africa
and the United States of America and it was opened for signature in Budapest in 23.11.2001
and entered into force on 1.07.2004.
One of the aims of the Convention on cybercrime is to set up a fast and effective regime of
international co-operation. Therefore the Convention contains provisions that are meant to es-
tablish such a framework for a rapid and reliable international cooperation and require parties
130 Comments and explanations provided in accordance with the text of the Explanatory Report
108
to provide each other with various forms of assistance
Chapter III of the Convention contains the provisions regarding traditional and computer crime-
related mutual assistance and also extradition rules. It has been considered two situations:
where between parties there is not other legal basis (treaty, reciprocal legislation, etc.) and
Convention applies and where such a basis exists in which case the existing arrangements also
apply to assistance under this Convention.
2.1. Section 1 – General principles

According to the general principles relating to international cooperation and extradition set out
in Section 1 of Chapter III, Parties should provide extensive cooperation to each other and elimi-
nate the obstacles for a rapid flow of information and evidence.
Co-operation will cover all criminal offences related to computer systems and data as well as
the collection of evidence in electronic form of a criminal offence, which means that either
where the crime is committed by use of a computer system, or an ordinary crime, which was
not committed by use of a computer system but involves electronic evidence, the terms of Chap-
ter III are applicable.
Co-operation will be provided in accordance with the provisions of Chapter III and applying the
relevant international agreements on international co-operation in criminal matters, arrange-
ments agreed on the basis of uniform or reciprocal legislation, and domestic laws.
Article 24 provides the obligation for extradition between Parties for criminal offenses establish
under Articles 2 -11 of the Convention provided that they are punishable under the laws of both
Parties concerned by deprivation of liberty for a maximum period of at least one year, or by a
more severe penalty if there is not another arrangement agreed on the basis of uniform recip-
rocal legislation or an extradition treaty in force.
The offences provided by the Convention are to be deemed extraditable in any extradition treaty
between or among Parties and they will be included in future treaties.
Under this article a Party that requires an extradition treaty with the requesting Party may use
the Convention itself as a basis for surrendering the person requested. It is also provided the
principle “aut dedere aut judicare” (extradite or prosecute).
According to Article 25 of the Convention - General principles relating to mutual assistance –

co-operation will be provided „to the widest extent possible.” Thus mutual assistance is in prin-
ciple to be extensive, and impediments strictly limited. Parties can make urgent requests for co-
operation through expedited means of communications, rather than through traditional, much
slower transmission of written, sealed documents through diplomatic channels or mail delivery
systems and the requested Party has the obligation to use same expedited means to respond.
109
Article 26 – spontaneous information – provides the possibility for a Party, which possesses
valuable information to assist another Party in a criminal investigation or proceeding, and which
the Party conducting the investigation or proceeding is not aware that exists to forward that
information. In such cases, no request for mutual assistance will be forthcoming.
Under Article 27 - Procedures pertaining to mutual assistance requests in the absence of ap-
plicable international agreements - Parties are obliged to apply certain mutual assistance pro-
cedures and conditions where there is no mutual assistance treaty or arrangement.
The Article reinforces the general principle that mutual assistance should be carried out through
application of relevant treaties and similar arrangements for mutual assistance.
The Convention establishes a separate general regime of mutual assistance that would be ap-
plied in lieu of other applicable instruments and arrangements, agreeing instead that it would
be more practical to rely on existing MLAT regimes and avoiding confusion that may result from
the establishment of competing regimes.
It is provided a number of rules for mutual assistance in the absence of an MLAT or arrange-
ment on the basis of uniform or reciprocal legislation, including designating central authorities,
imposing of conditions, grounds for and procedures in cases of postponement or refusal, confi-
dentiality of requests, and direct communications.
Assistance may be refused on the grounds provided for in Article 25, paragraph 4.
Under Article 27 the requested Party can postpone a request, rather than refuse, assistance
where immediate action on the request would be prejudicial to investigations or proceedings in
the requested Party or instead of refuse or postpone a request to provide assistance subject
to conditions.
Central authorities designated shall communicate directly with one another. However, in case
of urgency, requests for mutual legal assistance may be sent directly by judges and prosecu-
tors of the requesting Party to the judges and prosecutors of the requested Party. The judge or
prosecutor following this procedure must also address a copy of the request made to his own
central authority with a view to its transmission to the central authority of the requested Party
Article 28 - Confidentiality and limitation on use - enable the requested Party to ensure that its
use is limited to the scope for which assistance is granted, or to ensure that it is not dissemi-
nated beyond law enforcement officials of the requesting Party.
2.2. Section 2 – Specific provisions

Section 2 of Chapter III provides specific measures for taking effective and concerted inter-
national action in cases involving computer-related offences and evidence in electronic form,
110
including provisions, which are meant to facilitate the investigation of computer crimes with the
help of new forms of mutual assistance.
Article 29 - Expedited preservation of stored computer data - provides for a mechanism at the
international level equivalent to that provided in Article 16 at the domestic level. A Party may
request for the expeditious preservation of data stored in the territory of the requested Party by
means of a computer system, in order that the data not be altered, removed or deleted during
the period of time required to execute a request for mutual assistance to obtain the data.
The situations when the requested Party may refuse a request for preservation are limited and
each Party has to ensure that data preserved will be held for at least 60 days.
If the requested Party realizes that the custodian of the data is likely to take action that will
threaten the confidentiality or prejudice the requesting Party’s investigation, it must notified
promptly the requesting Party.
This procedure has the advantage of being both rapid and protective of the privacy of the per-
son whom the data concerns.
Article 30 - Expedited disclosure of preserved traffic data. At the request of a Party in which
a crime was committed, a requested Party will preserve traffic data regarding a transmission
that has traveled through its computers, in order to trace the transmission to its source and
identify the perpetrator of the crime, or locate critical evidence.
It was considered that the requested Party may discover that the traffic data found in its terri-
tory reveals that the transmission had been routed from a service provider in a third State, or
from a provider in the requesting State itself. In such cases, the requested Party must expedi-
tiously provide to the requesting Party a sufficient amount of the traffic data to enable identifica-
tion of the service provider in the other State.
The requested Party may only refuse to disclose the traffic data, for the same reasons as a
request for preservation of stored computer data.
According to Article 31 – Mutual assistance regarding accessing of stored computer data -
each Party must have the ability, for the benefit of another Party, to search or similarly access,
seize or similarly secure, and disclose data stored by means of a computer system located
within its territory.
Such a request must be responded to on an expedited basis where:
• there are grounds to believe that relevant data is particularly vulnerable to loss or modi-
fication, or otherwise,
• where such treaties, arrangements or laws so provide.
Article 32 – Trans-border access to stored computer data with consent or where publicly avail-
able - provides two situations when a Party is permitted to unilaterally access computer data
stored in another Party without seeking mutual assistance:
111
• where the data being accessed is publicly available,
• where the Party has accessed or received data located outside of its territory through
a computer system in its territory, and it has obtained the lawful and voluntary consent
of the person who has lawful authority to disclose the data to the Party through that
system.
Mutual assistance regarding the real-time collection of traffic data (Article 33)
In many cases, investigators cannot ensure that they are able to trace a communication to its
source by following the trail through records of prior transmissions, as key traffic data may have
been automatically deleted by a service provider in the chain of transmission before it could be
preserved.
It is therefore critical for investigators in each Party to have the ability to obtain traffic data in
real time regarding communications passing through a computer system in other Parties.
Under Article 33 each Party is under the obligation to collect traffic data in real time for another
Party and such co-operation will be provided according to applicable treaties, arrangements
and laws.
Because real time collection of traffic data is at times the only way of identifying the perpetrator
of a crime, and because of the lesser intrusiveness of the measure, Parties are encourage to
permit as broad assistance as possible, i.e., even in the absence of dual criminality.
Mutual assistance regarding the interception of content data (Article 34)
Considering the high degree of intrusiveness of interception, the obligation to provide mutual
assistance for interception of content data is restricted. The assistance will be provided to the
extent permitted by the Parties’ applicable treaties and laws.
As the provision of co-operation for interception of content is an emerging area of mutual as-
sistance practice, it was decided to defer to existing mutual assistance regimes and domestic
laws regarding the scope and limitation on the obligation to assist.
Under Article 35 of the Convention each Party has the obligation to designate a point of contact
available 24 hours per day, 7 days per week in order to ensure immediate assistance in investi-
gations and proceedings within the scope of Chapter III of the Convention.
It is very important that principles and obligations established by the Chapter III of the Conven-
tion, which enable the competent authorities to respond rapid and effectively to mutual assis-
tance requests, to be implemented.
3. International Cooperation Provisions under Convention on Cybercrime and Their Imple-

mentation in Romania
Romania signed the Convention on Cybercrime on 23.11.2001 and ratified the Convention on
12 May 2004 (Law 64/2004).
In order to harmonize the national legislation with the provisions of the Convention it was ad-
112
opted Title III of the Law 161/2003, which regulates the prevention and combating of cyber-
crime, by specific measures to prevent, discover and sanction the offences committed through
computer systems ensuring adequate protection of human rights and liberties131.
Chapter V of the Romanian Law on cybercrime deals with International Cooperation in Articles
60 – 66.
It is also applicable, Law no. 302/2004, which is an extensive law on international judicial co-
operation in criminal matters.
Article 23 of the Convention – General principles relating to international co operation

Regarding general principles, under articles 60- 61 of the Law on cybercrime, the Romanian
competent authorities cooperate directly, under the conditions of the law and by observing the
obligations resulting from the international legal instruments of which Romania is party, with the
institutions with similar attributions in other states, as well as with the international organisa-
tions specialised in the area.
On the territory of Romania common investigations can be performed on the basis of bilateral
or multilateral agreements concluded with the competent authorities.

Article 24 of the Convention – Extradition
According to Article 60 of Romania Law no 161/2003, the competent authorities cooperate
directly with the institutions with similar attributions in other states, as well as with the interna-
tional organisations specialised and the cooperation can have as scope among others extradi-
tion matters.
Law No. 302/2004 on international judicial co-operation in criminal matters regulates coop-
eration procedures including on extradition and surrender based on European Arrest Warrant
and also covers the provision of the Convention.
Article 26 of the Convention – Spontaneous information

Article 66 provides that the competent Romanian authorities can send, ex-officio, to the compe-
tent foreign authorities the information and data necessary for the competent foreign authori-
ties to discover the offences committed by means of a computer system or to solve the cases
regarding these crimes.
A similar provision is also provided in Article 166 of the Law no 302/2004 on international
judicial co-operation in criminal matters.
131 Title III containing the relevant provisions for preventing, discovering and sanctioning the offences committed through the
computer systems are incorporated in the Law 161/2003 on certain measures to ensure transparency in the exercise
of public dignity, public office and in the business environment, to prevent and sanction corruption (published in the Official
Gazette no 279 from 21 April 2003)
113
Article 28 – Confidentiality and limitation on use
According to Article 12 of Law on international judicial co-operation in criminal matters Roma-
nia is obliged to make sure, to the extent possible, upon request from the Requesting State, of
the confidentiality of requests sent to it and of any documents attached to such requests.
In the event that it would be impossible to ensure confidentiality, Romania shall notify the foreign
State, which shall decide.
Article 29 – Expedited preservation of stored computer data

According to Article 63 of the Romanian Law within the international cooperation, the compe-
tent foreign authorities can require from the Service for combating cybercrime the expeditious
preservation of the computer data or traffic data existing in a computer system on the territory
of Romania.
If, in executing the request for the expeditious preservation a service provider in another state
is found to be in possession of the data regarding the traffic data, Cyber-Crime Fighting Service
will immediately inform the requesting foreign authority about this, communicating also all the
necessary information for the identification of the that service provider.
Article 32 – Trans-border access to stored computer data - was transposed in Article 65 of

the Romanian Law.
Article 35 – 24/7 Network

The provisions of Article 62 establish the Service for combating cybercrime within the Prosecu-
tor’s Office of the High Court of Cassation and Justice.
Currently, the Service for combating cybercrime is operating within the Directorate for Investi-
gating of Organized Crime and Terrorism Offences.
The competences of the Service for combating cybercrime meet the requirements set out in
the Convention on Cybercrime on international cooperation being also the contact point avail-
able 24/7.
4. Prevention measures
Some prevention measures have been taken in Romania in order to fight against cybercrime,
such as:
• increased public awareness and education about the danger of the computer crimes;
• hotlines allowing citizens who discover online illegal activities to report the conduct to
relevant authorities (in Romania: www.efrauda.ro);
• cooperation between all institutions (at national and international level) and law enforce-
ment agencies in fighting against cybercrime;
• encourage the private sector (including Internet Service Providers) and civil society (in-
cluding teachers, non-governmental organizations, the media) to report any information
they might obtain concerning cybercrime to the appropriate law enforcement or social
service authority;
114
• Internet service providers can also contribute by facilitating the referral of relevant infor-
mation to law enforcement authorities;
• training for criminal justice professionals (law enforcement, prosecutors and the judges)
is a necessary as a part of a comprehensive program designed to fight these crimes.
The National Institute of Magistracy from Romania or other programs have provided
special training for judges, prosecutors and police officers but still more should be done
in this area.
Council of Europe has provided great support including training for judges, prosecutors
and police officers in many countries including in Romania.
5. Conclusions
The effective fight against cybercrime requires increased, rapid and well-functioning interna-
tional cooperation in criminal matters.
It is necessary for each country to provide domestic legislation that criminalizes the illegal use
of computer systems.
The domestic efforts must be complemented by a new level of international cooperation since
global networks facilitate the commission of trans-border offenses.
Effective combating of crimes committed by means of a computer system and effective collec-
tion of evidence in electronic form require a very rapid response.
Therefore countries are encouraged to make a better use of the Council of Europe Convention
on Cybercrime including the international co-operation provisions.
The Convention is open for accession to any country that is prepared to bring its legislation in
line with this treaty. Countries are thus encouraged to seek accession.
115
Summary and Recommendations
I. Summary
A regional conference on Cybercrime was held in Casablanca on 19-20 June 2007 within the
context of implementing the Programme on Strengthening the Rule of Law in the Arab States
– Project on the Modernization of Public Prosecution Offices. The conference was organized in
cooperation between the Ministry of Justice in the Kingdom of Morocco and the United Nations
Development Programme – Programme on Governance in the Arab Region (UNDP-POGAR).
The conference was attended by an estimated seventy participants including public prosecu-
tors from the five pilot countries of the Project (Egypt, Jordan, Lebanon, Morocco and Yemen)
as well as from Bahrain and Qatar. It was also attended by members of the Judicial Police in
Morocco and the Police of Dubai in the United Arab Emirates. International experts from the
Council of Europe and from some donor countries (the United Kingdom and Belgium) also par-
ticipated.
The conference was inaugurated by the welcoming speech of HE Mr. Mohamed Ldidi, Secretary
General of the Ministry of Justice in Morocco, on behalf of HE the Minister of Justice. The Chief
Technical Advisor of the Project on the Modernization of Public Prosecution Offices in the Arab
States, Dr. Wassim Harb also delivered a speech.
During the conference, twenty five presentations were made on different topics that were set
out in the agenda, including: (i) defining and explaining the different types of cybercrime; (ii) the
issue of how national legislation should be introduced in different countries in the Arab region
in relation to these crimes; and (iii) stressing the need to develop a national legal framework
covering all types of cybercrime. The participants underlined the need to build the capacity of
the human resources in investigating these crimes, prosecuting and trying their perpetrators.
They also stressed the importance of preventive measures and international cooperation in
combating cybercrime.
All the sessions of the conference were distinguished by fruitful dialogue and constructive con-
tribution from all the participants in an attempt to a) add richness to the topic of the confer-
ence and its goals; b) expose the means of strengthening the knowledge of the prosecutors in
regards to cybercrime; and c) reveal the current legislative and judicial situation on the national
and international levels.
The conference was a success according to all the established indicators; specifically based on
the following considerations:
- The theoretical and practical importance of the pillars and topics that were discussed
in it;
- The scientific and professional prominence of the international experts and lecturers
who added value to the conference through their participation;
- The profound depth and analysis characterizing all open-floor discussions that followed
119
the interventions; and
- The proper planning and organization of all the steps of the conference.
At the closing session, the participants thanked the organizers of the conference for the high
quality of the activities and results. They also expressed their appreciation to the Council of
Europe who contributed in organizing this conference by assisting the Project’s Management
Team in preparing the conference’s program and by providing the Project with three experts
to give presentations and benefit the participants with their wide experience in the cybercrime
field.
During this session, the participants also agreed on a series of recommendations based on the
previous ones issued within the context of the Project; specifically the final recommendations
of the launching conference (Cairo, 17-18 May, 2005) and the second regional conference on
Transnational Organized Crime (Rabat, 24-25 February, 2006).
The conference was closed in the presence of HE Mr. Mohamed Abdenabaoui, Director of the
Criminal Affairs & Amnesty Department in the Ministry of Justice, by reading out a summary of
the conference proceedings and recommendations.
II. Recommendations
The Participants to the conference on cybercrime that took place in collaboration between
the Ministry of Justice in the Kingdom of Morocco and the United Nations Development Pro-
gramme – Programme on Governance in the Arab Region (UNDP-POGAR), on the 19th and 20th
of June, in Casablanca,
Acknowledging the importance of modernizing the Public Prosecution Offices in the Arab States
as a means to strengthen the concepts of criminal justice, respect human rights, and ensure
proper dealing with crime, specifically cybercrime in view of the threat it poses on security, sta-
bility and development,
Following the development and modernization plan that was prepared by the Project and which
aims, among its many objectives, at strengthening the rule of law, respecting human rights and
supporting the role of the CSOs.
Recognizing the importance of enhancing the judicial Arab and international cooperation in re-
gards to the prevention of crime and the development and modernization of the criminal justice
systems,
1. Hailed the great role played by the Criminal Affairs & Amnesty Department in the King-
dom of Morocco for making the conference a success and expressed their thanks for
120
hosting the conference.
2. Stressed the importance of holding the conference on Cybercrime when viewing the
wide spread of these crimes across the Arab world. Hence, it becomes crucial to dis-
seminate knowledge among public prosecutors about the nature and features of this
crime, educate them about its dangers, and improve their knowledge in this field.
3. Stressed the importance of communicating the knowledge acquired by the participants
during the conference to their colleagues in their public prosecution offices. This could
be done through the organization of a session to inform them about the topics that were
discussed and provide them with the materials that were distributed during the confer-
ence.
4. Stressed the importance of reinforcing the capacities of the Human Resources in the
Arab Public Prosecution Offices, specifically in regards to cybercrime, the means to
combat it, and its investigative techniques (data collection and evidence assessment).
In this context, focus was also placed on the activities that were adopted as part of the
Programme on the Modernization of Public Prosecution Offices in the Arab Region in
respect of cybercrime, particularly, holding training courses on the techniques of inves-
tigation into these crimes.
5. Laid focus on the issue of law reform in the Arab countries, and the role of cooperation
in initiating laws, on the national and regional levels, that conform to the international
standards of criminalization and prevention.
6. Shed light on the importance of laying down standards of regional and international
cooperation in regards to protecting technology and combating crimes that are com-
mitted through the use of computers or the Internet. The participants also urged the
establishment of a legal framework of cooperation between the Arab and foreign public
prosecution offices or the assisting apparatuses in order to curb the growth and devel-
opment of these crimes.
7. Stressed on the importance of «specialization» for a better performance of the role of

public prosecutors to implement the criminal policy in the field of combating modern
criminal phenomena including cybercrime.
8. Laid focus on the prolificacy of training the law enforcement officials in the field of cyber-
crime.
9. Stressed the importance of extending collaborative research in the field of cybercrime.
10. Stressed the importance of adopting preventive measures and international coopera-
121
tion in the fight against cybercrime.
11. Recognized the significance of broadening the means of cooperation between the public
prosecution and the international cooperation in the fight against cybercrime.
12. Urged the publication of the documents of the conference as a means of disseminating
knowledge and improving awareness among the members of the public prosecution of-
fice.
Finally, the participants reiterated their thanks to the Criminal Affairs & Amnesty Department of
the Ministry of Justice in the Kingdom of Morocco represented by its Director and his assistants
for their generous hospitality, warm reception, and exerted efforts to make the conference a
success. They also thanked the participating donors, organizations and experts, namely from
the Council of Europe, who enriched the conference with their interventions, comments and re-
marks. Special tribute was paid to the United Nations Development Programme – Programme
on Governance in Arab Region (UNDP-POGAR) which organizes and runs this Project.
122

Cybercrime

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Cybercrime

Diunggah oleh

Hak Cipta:

Format Tersedia

Programme on “Strengthening the Rule of Law in the Arab States –

Project on the Modernization of Public Prosecution Offices”

Regional Conference Booklet on:

19-20 June, 2007

Legislative Confrontation of Cybercrimes in light of International and National Leg-

International Standards related to Cybercrime. Ms. Christina Schulman 53

Cybercrime in Moroccan Legislation. Mr. Abdel Razzak Sindali 59

Human Resources Capacity Building in Investigations, Prosecution and Trials on

Human Resources Capacity Building in Investigations, Prosecution and Trials on

CyberCrime: The Challenge for Law Enforcemen. Mr. Tyner Russell 79

L’importance de la Collaboration Internationale et L’expérience Belgedans L’échange

The Importance of International Cooperation in Preventing Cybercrime. Mr. Tyner

Prevention Measures and International Cooperation to Combat Cybercrime. Ms.

Under international efforts, a number of conventions on computer-related crimes were signed,

Opening Session - Welcoming Statements

First session: Part 1

Introduction to Cybercrime: Identification and Specification

Chairman of the session:

Rapporteur of the session:

Introduction to Cybercrime: Identification and Specification

Rapporteur of the session:

Relevant Legislation on Cybercrime

Chairman of the session:

Rapporteur of the session:

Chairman of the session:

Rapporteur of the session:

Prevention measures and international cooperation to combat Cybercrime

Rapporteur of the session:

Closing session: Recommendations

Introduction to Cybercrime: Identification and Specification

Mr. Ehab Maher El Sonbaty

1. Regulate or not regulate, is this the question?

1.1 Different approaches

1.2 The correct approach

1.3 The current situation

2. Challenges posed by cyber crimes to criminal laws

2.1. Challenges to the substantive rules

2.1.2 Different types of cyber crimes

2.1.2 (a) Computer-related crimes

Theft and Fraud

27 18 U.S.C. section 1030(e)(1)

2.1.2 (b) Content-related crimes

Offences against Morality

2.1.2 (c) Computer sabotage crimes

Unauthorised access to computer systems

Unauthorized access with the intention to commit another crime

39 Hacking means gaining unauthorized access to a computer system, programs or data.

2.2. Challenges to procedural rules and law enforcement

2.2.1. Challenges to procedural rules

2.2.2 Challenges to law enforcement

3. International cooperation and harmonization

3.1. Important background

3.1(b) The Discussions Guide

3.1(c) The regional preparatory meetings

52 See the United Nation tenth Conference Report, A/CONF.187/15.

3.2 The solution should be international

3.2 (a) Model laws and guidelines

3.2 (b) Successful examples

63 See in general www.oecd.org (last visited 10/06/2004)

Mr. Khaled Muhieddine Ahmad

As for the legally sinful acts, they can be summarized as follows:

Relationship between child pornography and human trafficking:

Legislative protection at the national level: