CYBERCRIME The Challenge in Asia

Edited by Roderic Broadhurst and Peter Grabosky

f - I ^ f 4 ( R f± HONG KON G UNIVERSIT Y PRES S University Pres s 14/F Hing Wai Centr e 7 Tin Wan Praya Road Aberdeen Hong Kong

© Hong Kong University Press 2005

ISBN 96 2 209 735 9 (Hardback ) ISBN 96 2 209 724 3 (Paperback )

All rights reserved. No portion o f this publication may be reproduced or transmitted i n any form o r by any means, electronic or mechanical, including photocopy, recording, o r any information storag e or retrieval system, without prior permission in writing from th e publisher.

British Library Cataloguing-in-Publication Dat a

Secure On-line Orderin g http://www.hkupress.org

Printed and bound by Lammar Offse t Printin g Ltd., Hong Kong, China.

Hong Kon g University Pres s i s honoured tha t X u Bing, whose ar t explores the complex themes of language across cultures, has written the Press' s name i n his Squar e Word Calligraphy . Thi s signal s ou r commitment to cross-cultural thinking and the distinctive nature of our English-language books published in China. n "At first glance, Square Word Calligraphy appears to be nothing more unusual than Chinese characters, butin fact it is a new way of rendering English words in the format o f a square so they resemble Chines e characters. Chinese viewers expect to be able to read Square Word Calligraphy but cannot. Western viewers, however are surprised to find they can read it. Delight erupts when meaning i s unexpectedl y revealed." ? — Britta Erickson, The Art ofXu Bing Contents

Lists of Tables and Figures vii i

Foreword x i Justice K Bokhary, Hong Kong Court of Final Appeal

Acknowledgements xii i

Contributors x v

Abbreviations xxii i

1 - Computer-Relate d Crime in Asia: Emergent Issue s 1 Roderic Broadhurst and Peter Grabosky

2. Th e Global Cyber-Crime Problem: The Socio-Economic Impact 2 9 Peter Grabosky

3. Cyberspac e Governance and Internet Regulation in China 5 7 Kam C Wong and Georgiana Wong

4. Cyber-Crim e and E-Business in China: A Risk Perception 7 9 Perspective Ivan S K Chui ui Content s

5. Governanc e in the Digital Age: Policing the Internet in 8 9 Hong Kong Laurie Yiu Chung Lau

6. Thir d Party 'Responsibilisation' Through Telecoms Policing 10 9 Keiji Uchimura

7. Cyber-Security : Countr y Report on Singapore 12 5 Clement Leong and Chan Keen Wai

8. Cyber-Crim e in the 21st Century: Windows on Australian La w 14 1 Simon Bronitt and Miriam Gani

9. Cyber-Crime : Current Status and Countermeasures in Japan 16 9 Masao Tatsuzaki

10. Cyber-Crim e in India: The Legal Approach 18 3 Pavan Duggal

11. Compute r Crimes : What Everyone Should Know About Them 19 7 K H Pun, Venus L S Cheung, Lucas C K Hui, K P Chow, W W Tsang, H W Chan, C F Chong

12. Cyber-Crim e Legislation in the Asia-Pacific Regio n 20 7 Gregor Urbas

13. La w Enforcement i n Cyberspace: The Hong Kong Approach 24 3 Michael Jackson

14. Internationa l Cooperatio n in Combating Cyber-Crim e in Asia: 26 9 Existing Mechanisms and New Approaches Jeffrey G Bullwinkel

15. Th e Council o f Europe Convention on Cyber-Crime : 30 3 A Response to the Challenge o f the New Age Peter Csonka

16. Huma n Security and Cyber-Security : Operationalising 32 7 a Policy Framework Julie Shannon and Nick Thomas Contents ui i

17. Th e Future of Cyber-Crime in Asia 34 7 Peter Grabosky and Roderic Broadhurst

Notes 36 1

References 40 3

Index 419 Contributors

Roderic Broadhurst is an Associate Professor, Department o f Sociology, and Senior Fellow, Centre fo r Criminology , the University o f Hong Kong. He is the current Chair of the Hong Kong Society of Criminology, Associate Fellow of the Australian Institute of Criminology and associate editor of the Australian and Ne w Zealan d Journal o f Criminolog y Hi s researc h interest s includ e violence, repeat offending , professiona l delinquency , organise d crim e an d crime in developing countries. Recent work includes editor o f Bridging the GAP: A Global Alliance Perspective on Transnational Organised Crime, Hong Kong Polic e (2003) , an d contribution s t o th e journals Forensic Science International and Criminal Behaviour and Mental Health. He was co-convenor and proceedings edito r o f the First and Second Asia Cyber-Crime Summit s held i n April 2001 and Novembe r 200 3 a t the Universit y o f Hong Kong . ([email protected]. hk)

Peter Grabosk y i s a Professor i n th e Researc h Schoo l o f Socia l Sciences , Australian Nationa l University , and a Fellow o f the Academy o f the Socia l Sciences in Australia. His general interests are in harnessing non-govemmental resources i n furtheranc e o f public policy . His publications includ e Cyber Criminals on Trial (with Russell Smith and Grego r Urbas, 2004); Electronic Theft (with Russell Smith and Gillian Dempsey 2001); and Crime in the Digital Age (with Russell Smith, 1998) . He was previously Deputy Director o f the Australian Institute of Criminology. Other appointments include Russell Sage Fellow i n La w and Socia l Scienc e a t Yal e Law School (1976-78) , Visiting xui Contributor s

Professor, Institut e o f Comparative La w in Japan, Chuo University (1993) , Visiting Expert , th e Unite d Nation s Asi a an d Fa r Eas t Institut e fo r th e Prevention o f Crim e an d th e Treatment o f Offender s (1995) , and Visitin g Professor, Chines e People' s Publi c Securit y Universit y (1996) . H e wa s Rapporteur fo r the Workshop on Crimes Related to the Computer Networ k at the Tenth United Nations Congres s on the Prevention o f Crime and th e Treatment of Offenders, Vienna, 2000. He is past president of the Australian and New Zealand Societ y o f Criminology , and in 2000 was elected Deput y Secretary-General o f th e Internationa l Societ y o f Criminology . (Peter. Grabosky@anu. edu. au)

Simon Bronitt is a Reader in Law and Director of the National Europe Centre at the Australian National University in Canberra. His scholarly interests lie in th e fiel d o f criminal la w and procedure, evidence , criminal justice an d criminology. Hi s research take s a broad interdisciplinar y an d comparativ e perspective, which i s reflected i n hi s recent book , Bronit t an d McSherry , Principles of Criminal Law (Law Book Co, Sydney, 2001). He is a State Editor of the Criminal Law fournal an d an Associate o f the Australian Institut e o f Criminology.

Jeffrey G Bullwinkel graduated from Duke University with a Bachelor of Arts degree (cu m laude) an d received his law degree from Ne w York University (cum laude) . H e is a member o f the Ne w Yor k State Bar . He is presentl y Microsoft Corporation's Director of Corporate Affairs for the Far East Region, including Greater China, Japan, and Korea. Based in Hong Kong, he oversees a broad range of the company's activities in the region relating to the protection of intellectual property rights, as well as initiatives focused on building a safer and trustworth y computin g environment . H e also participates activel y i n industry association s devote d t o increasin g internationa l protectio n o f trademarks an d copyrigh t works , including th e International Intellectua l Property Association, th e Internationa l Anti-Counterfeitin g Coalition , th e Quality Brands Protection Committee and the Business Software Alliance. In addition, he is an active member of the American Chamber of Commerce in Hong Kong. He has served as chairman of the Chamber's Intellectual Property Committee since January 2002 and was elected to the Board of Governors in December 2002. Prior to joining Microsoft, he was a federal prosecutor with the Office o f International Affairs, Criminal Division, United States of America Department of Justice and, was responsible for matters relating to international criminal la w enforcement , includin g negotiatin g bilatera l treatie s an d multilateral convention s o n internationa l cooperatio n i n criminal matters , Contributors xui i and providin g advic e o n international la w t o th e Offic e o f th e Attorne y General.

Chan Kee n Wa i wa s formerl y th e Directo r o f Infocomm Securit y a t th e Infocomm Developmen t Authority (IDA ) of Singapore. Clement Leong is a senior consultan t a t IDA . The ID A develops, promotes and regulate s info - communications in Singapore, with the aim of establishing Singapore as one of th e world' s premie r infocom m capitals . T o nurture a n internationall y competitive infocom m industry , th e ID A offer s a comprehensive rang e o f programmes an d scheme s fo r both loca l and international companies . Fo r more information, visi t www.ida.gov.sg.

Ivan S K Chiu obtained his B A (Hons) fro m Hon g Kong Baptist University and his M A and MPhil in Social Science from th e Hong Kong University of Science and Technology. His main research interests are risk, reliability, safety and security in respect to science and information technology policy, cultural and the social psychology of online education. His publications (in Chinese) include, The Difficult y o f Taking the Initiative in Online Teaching in Hong Kong' (2002 ) an d 'Th e Differenc e o f Ris k Perception amon g th e Educate d Youth in Hong Kong and China: The Issue of Using Computers' (2002). He is als o a manuscrip t reviewe r fo r th e Journal of Risk Analysis. ([email protected]).

CISC (Centr e fo r Informatio n Securit y and Cryptography , Departmen t o f Computer Scienc e & Informatio n Systems , Facult y o f Engineering , th e ) represents a coordinated effort to promote academic research and industrial collaboration with a mission of becoming a centre of excellence, in the University o f Hong Kong and in the Asia-Pacific region . Research interest s o f CIS C includ e compute r securit y technology , cryptographic systems , networ k an d Interne t security , Publi c Ke y Infrastructure (PKI ) systems, and most recently, the study o f e-crime. K H Pun, Venus L S Cheung, Lucas C K Hui, K P Chow, W W Tsang, H W Chan, and C F Chong are colleagues o f CISC.

Peter Csonk a i s currently a Senior Counse l a t the International Monetar y Fund's Lega l Department , whic h h e joined i n Decembe r 2002 . Bor n i n Hungary and educated in France, he is a lawyer by training (LLM). In 1986- 91 he was an Assistant Professo r i n criminal law at the Faculty o f La w of Miskolc (Hungary) and conducted research at the University of Pau (France). He also practiced law as a Junior Prosecutor during this period. He then joined XUiii Contributor s

the Council of Europe (Strasbourg, France), where he worked until December 2002 as Deputy Head o f the Economic Crimina l Law Division (Directorat e General o f Lega l Affairs). H e was i n charg e o f lega l drafting , polic y an d assessment-related issue s in th e are a o f economic crimina l law , including cyber-crime and money laundering.

Pavan Dugga l i s a n Advocat e o f th e Suprem e Cour t o f India . H e i s th e Founding President o f Cyberlaw Asia, and has undertaken pioneering work in the field o f convergence law . He is also President o f Cyberlaw Asia, Asia's first organisatio n committe d t o th e passing o f dynamic cyber-law s in th e Asian continen t an d Presiden t o f Cyberlaws.Net , whic h i s th e Internet' s unique onlin e consultanc y dedicate d exclusivel y t o cybe r laws . H e i s a member o f the Nominating Committee , Membership Advisor y Committe e and a member of the Membership Implementation Task Force of the Internet Corporation for Assigned Names and Numbers. He is a member of the WIPO Arbitration and Mediation Centre Panel of Neutrals and member o f AFACT Legal Working Group of UN / CEFACT and a consultant with International Trade Centre, UNCTAD / WTO, Geneva. As a practicing advocate he has been a counsel in many path-breaking cyber law cases. He was the counsel for the complainant i n the cas e that led to India's first cyber-crim e conviction an d he represente d th e plaintiff-compan y i n India' s an d Asia' s firs t 'Cybe r Defamation' case . He was also counsel in the first India n cas e for damage s under India's Information Technolog y Act, 2000. He is the author of Cyberlaw — The Indian Perspective.

Miriam Gan i is a Lecturer in the Faculty o f Law at the Australian Nationa l University. Sh e teaches crimina l la w and lega l method an d he r principa l research areas are cyber-crime, stalking, terrorism and statutory interpretation. She is currently participating, with several faculty colleagues, in a major project funded b y th e Australian Researc h Council . The project involves , in part , examining Australia's legislative response to terrorism.

Michael Jackson is a Lecturer in the Faculty of Law, the University o f Hong Kong, where his teaching includes criminal law and cyber-crime. He writes mainly in the field o f criminal law and is the author o f Criminal Law in Hong Kong and a contributing author to Archbold Hong Kong. He was a member of the Criminal Law and Procedure Committee of the Law Society of Hong Kong from 1996-2003 , and has practised criminal litigation both in New Zealand and in Hong Kong. ([email protected] ) Contributors xi x

Laurie Lau is a PhD candidate at the Cyberlaw Research Unit, Department of Law, University o f Leeds. He was a Resident Graduate Scholar (2002-03) a t the David C Lam Institute for East-West Studies, Hong Kong Baptist University. At present, he is a part-time lecturer in criminal justice studies at the University of Hong Kong. His research interests are: computer-related crimes, computer fraud, compute r forensi c evidenc e an d cyber-policin g issues . He has als o presented conference papers in Europe and Asia. Currently he is a member of th e executiv e committe e o f th e Hon g Kon g Societ y o f Criminology . ([email protected])

Julie Shannon is a doctoral student and an Assistant Lecturer in International Relations in the School o f Political Science at the University o f New South Wales. She holds an MA in International Relations from the University of New South Wales and a BA in Philosophy from the University of Sydney, and her interests include regional institutions and human security in East Asia. She has als o provided researc h an d programme managemen t assistanc e fo r th e Asia-Australia Institute's regional programmes and has recently been involved in programme preparation fo r the Research Institute for Asia and the Pacifi c training o f East Timor's Environmental Protection Unit .

Masao Tatsuzak i i s Assistant Director , Foreig n Affair s Division , Securit y Bureau, National Police Agency, Japan. Previously he was Assistant Director, Security System Planning Office, Community Safety Bureau, National Police Agency (2001-03). He holds a Bachelor of Law from the University of Tokyo (1993) and LLM from Cornell Law School (1998). He is an Attorney at Law (New York), and has passed the Japan Ba r examination.

Nicholas Thomas is a researcher at the Centre of Asian Studies, the University of Hong Kong. His main focus is the China-ASEAN project, which provides briefing reports on events in Southeast Asian countries to the Central Policy Unit o f the Hong Kon g SA R Government, an d organise s roundtable s an d meetings between Southeast Asian and Chinese scholars and policymakers. Prior to assuming this position, he worked as a Research Fellow at the Asia- Australia Institute, University o f New South Wales. This involved academic research on East Asia as well as the design and management o f 'Track Two' meetings between Australian and East Asian policy-makers. He has published articles, chapters and books on East Asian regionalism, human security, and Hong Kong politics. His most recen t book i s Re-Orienting Australia-China Relations: 1972 To The Present, Ashgate Publishing (UK) , 2004. XX Contributor s

Keiji Uchimura is a Professor in the Applied Technology Department, National Police Academy (Japan). He was previously Staff Officer o f the First Criminal Investigation Division at Keishicho (Metropolita n Police Department) fro m 1997-98, and was Assistant Director in the Investigative Planning Division, Criminal Bureau, Keisatsuch o (Nationa l Polic e Agency) fro m 1998-2001 . From 2001-03 he completed an MSc in Criminology and Criminal Justice at Cardiff Universit y in the UK while on secondment fro m Keisatsucho .

Gregor Urbas, PhD, is an academic lawyer based in Canberra, Australia. He was a researcher in the Sophisticated Crim e and Regulation Program o f the Australian Institute of Criminology and in the intellectual property legislation section o f IP Australia, and is currently a Lecturer in the Law Faculty of the Australian Nationa l Universit y teachin g i n crimina l law , evidenc e an d intellectual propert y H e i s als o a part-time Researc h Office r fo r th e La w Council of Australia and has published on cyber-crime, intellectual property piracy, DNA evidence and criminal justice policy.

Georgiana Wong is a senior executive of an international computer firm with 20 years o f experience in information technology . Her extensive knowledge in I T business application s an d th e rapi d growt h o f Internet usag e ha s prompted her to pursue research studies in the area o f computer crime and cyberspace governance. Georgian a holds a Master o f Social Science in Law and Public Affairs and a Bachelor of Arts in English Literature from the Chinese University o f Hon g Kon g a s wel l a s a Master o f Scienc e i n Computin g (University o f Ulster) and Master o f Business Administration (Universit y of Macau). She is an independent researcher and has co-authored with Dr Kam Wong several papers on cyberspace studies in the PRC and Hong Kong.

Kam C Wong is currently an Associate Professor o f Law and Criminal Justice, University of Wisconsin (Oshkosh) and received his JD from Indiana and PhD (SUNY - Albany) . He teaches police and homeland security related subjects. Previously, he was Director o f the Chinese Law Program (1997-2002) in the Chinese University of Hong Kong. Professor Wong is currently involved with two research projects: The Impact of USA PATRIOT ACT, on Society and Police Reform in Modern China. His publications have appeared in many international criminal justice and law journals, including the British Journal of Criminology, Georgetown Journal of Law and Public Policy, Columbia Journal of Asian Law, Australian Journal of Law and Society, International Journal of the Sociology of Law and others. Professor Wong is an editor o f Police Practice and Research: An International Journal, and an Advisory Board Member of the International Contributors xx i

Journal of Comparative Criminology. He was the former vice-chair of the Hong Kong Society o f Criminolog y an d i s an associat e fello w o f the Cente r fo r Criminology, the University o f Hong Kong. He was President (2002-03 ) o f the Asian Association of Police Studies and serves on the Advisory Board for the Yale in China Lega l Program. Computer-Related Crime in Asia: Emergent Issues

Roderic Broadhurst and Pete r Grabosk y

The rapid development of computer connectivity and the role of the Internet in the emergence of new e-commerce markets have increasingly attracted the attention of national governments and international agencies. Hyperbole aside, the astonishing reach o f these tools has changed the way a large part o f the world communicates and does business. It may be to o early to evaluate claims that thi s mediu m usher s i n a n irresistibl e phas e o f a global 'informatio n revolution' and, with it, a 'new economy'. However, we can be certain tha t with th e erosion o f traditional barriers t o communication, ou r concept s o f time and place have irrevocably change d an d the process o f 'globalisation ' has accelerated. The convergence of computing and communications and the exponential growth o f digita l technolog y hav e brought enormou s benefit s t o moder n society. Along with these new benefits, however, come greater risks. As never before, an d a t negligibl e cos t t o themselves , lon e offender s ca n inflic t catastrophic loss or damage on individuals, companies, and governments from the other side of the world. With these developments has come the awareness that 'information security' is no longer a matter for the technical and computer specialist, but for millions of people who now engage these new media every day for business, communications and leisure. The continued prosperity of industrial nations, and the economic development of the world's less affluent societies, seems likely to depend increasingly on electronic commerce. To the extent that public confidence in e-commerce is jeopardised by criminal activity, so too will economic well-being be threatened. 2 Roderi c Broadhurs t an d Pete r Grabosk y

The new opportunities create d in 'cyberspace' have also enhanced th e capacity fo r crimina l enterprises t o operate more efficiently an d effectivel y both domestically and across borders. In Asia and other parts of the world an evolving role for both individual offenders and criminal networks has emerged to exploi t crimina l opportunitie s i n th e e-commerc e / ne w econom y environment. Th e extremely rapid development o f digital technologies and e-commerce i n Asia, coupled with the expansion o f the Internet an d othe r forms o f connectivity , ha s occurre d a t such a pace tha t la w enforcemen t agencies in many jurisdictions have been unable to respond effectively . Th e traditional notion o f information securit y with an emphasis on system and data protectio n n o longe r capture s th e scop e o f the risks and threat s no w unleashed by digital and wireless connectivity. In the chapters to follow th e contributors addres s th e wide range o f problems an d issue s now face d i n policing and regulating cyberspace and cyber-crime in Asia. The role of public and privat e la w enforcemen t i s crucia l i n curtailin g crimina l activit y an d ensuring the digital 'highways' are not lawless or hazardous but safe fo r al l who wish to travel them. The term 'cyber-crime' is of course a misnomer, fo r what is described and discussed in the following page s includes computer - related crime : illegal behaviours with a n obviou s terrestria l dimension . A s digital technolog y become s mor e pervasiv e an d interconnected , ordinar y crime scenes are bound t o contain some form o f digital evidence.

I Criminalit y and Computer Crime

With governments, industries, markets and consumers increasingly dependent on compute r connectivity , the y ar e prone t o an array o f threats. The mos t notable hav e been th e widely publicised compute r 'viruses' , which hav e increased in both virulence and velocity since 2000. The beginning o f 2004 saw the development o f increasingly complex malicious code in the form of the 'MyDoom' or 'Norvag' worm. It apparently combined the effects of a worm, spreading rapidly across the Internet, with that of a distributed denial of service attack, where computing power is directed at a target system with a view to shutting i t down . I n othe r words , infecte d computer s wer e remotel y 'commandeered' and directed against the target computer. The implications of such activity fo r infrastructure protectio n ar e ominous (Sempl e 2004). Many o f these risks appear t o mimic traditional crimina l exploitation , albeit ofte n execute d wit h unprecedente d ease , speed an d impac t acros s jurisdictions. Law enforcement has truly entered the digital age. Th e tasks of identifying cyber-criminal s an d bringin g the m t o justice pos e formidabl e Computer-Related Crim e i n Asia: Emergent Issue s 3 challenges to law enforcement agencies across the globe, and require a degree and timeliness o f cooperation that has been until only recently regarded a s difficult, i f not impossible, to achieve. As rational choice theories of criminal behaviour have gained increasing credence and the significance o f pathological theories (defects o f individual personality an d socialisation ) ha s declined , th e perception ha s arise n o f organised crim e a s essentially operating lik e any profit-seeking enterprise . Until the American scholar, E H Sutherland, coine d th e term 'white-collar ' crime in 1939 , the connection between business, politics and crime groups was a neglected part o f criminological theory . He drew on the fundamenta l idea that criminal behaviour is learned through 'differential association'; that is, primary relationships that justify an d support illegal conduct. That criminal behaviour itsel f need not depend on social deviance is a fact that makes distinguishing good or bad behaviour from good or bad people one of the natural conundrums of policing. It also ensures that risk profiling, despite actuarial sophistication, is much more difficult than is often assumed. Thus while underlying motives are important a t the individual level, at the macro level diverse criminal motives are in reality governed by opportunities — opportunities that are perceived to present low risk and high profit to the criminal or deviant enterprise. The 'situational crime prevention' model is the criminological perspective most applicable to understanding crime and the control of opportunity-driven criminal group s o r enterprises. Drawin g o n th e work o f 'situational crim e prevention' criminologist s suc h a s Marcus Felson (1998 ) an d Ro n Clark e (1992; Newman & Clark e 2003) , Grabosky argue s tha t computer-relate d crime, like crime in general, may be explained by the conjunction o f three factors: motivation, opportunity , an d the absence o f capable guardianship . Motives will vary depending on the nature of the crime in question, but include greed, lust, revenge, challenge and adventure.1 Offenders tend to be generalists rather than specialists in choice of crime. Although offender profiling requires a flexible approach, there is increasing evidence o f greater offender interes t in financial rewards . The convergence of these three factors in time and place — the motivated offender, a suitable target, and the absence of capable guardians — accounts for the amount o f crime experienced. Crim e prevention strategies based on this ide a focu s o n strengthenin g th e rol e o f guardian s (fo r example , neighbourhood watch , polic e telephon e hotlines , CCTV ) an d reducin g opportunity by target-hardening high-risk property (installing more effectiv e anti-theft devices ) and educating the public about the proper use o f digital technology. A fourth factor, crucial to the success of a criminal act, is the extent 4 Roderi c Broadhurs t an d Pete r Grabosk y

to which the motivated offender ha s access to the resources (both social and technical) tha t allo w th e ac t t o tak e place . I t i s throug h a network o f relationships tha t th e various resource s necessar y t o complete a crimina l transaction ar e mustered; couple d with th e opportunitie s provide d b y th e absence o f capabl e guardians , thi s i s what give s crimina l group s thei r sustenance.

• Computer-Relate d Crim e in Asia

Criminal opportunities ar e expanding globally with the rapid proliferatio n and penetration of digital technology2 A number of jurisdictions have reported substantial increases in computer-related crime following the passage of laws designed to control computer-related offences. Valeri (2001) suggests that the mixed trends in computer-related crim e within the European Union reflec t the partial success of longstanding regional efforts to address computer crime; this is also to an extent reflected by those jurisdictions in Asia with a longer 'history' o f a formal lega l response. The relativ e novelt y o f computer crim e has meant tha t mos t policin g agencies have only recently developed specific measures for recording them. The advent o f computer-related crimina l law s and associate d prosecution s and the establishment o f computer emergency response teams (CERTs ) and dedicated technology crime units within policing agencies, coupled with the development o f crime-victi m awarenes s an d consume r advocacy , hav e prompted jurisdictions a t th e forefron t o f th e digita l revolutio n t o begi n recording th e incidenc e o f illegalit y i n cyberspace . However , i n man y jurisdictions cyber-crimes, if reported, may not be differentiated fro m othe r commercial crime , frau d report s o r crimina l damag e statistic s o r othe r categories. Thus the extent of computer-related crimes, even when reported, remains unclear. Police statistics about reported crime often tell us more about the activities and priorities of police than they do about the extent of crime. This is because in many traditional crimes, victims do not report them to the authorities. This is undoubtedly also the case with computer crime. Replicated random surveys of crime victims in many jurisdictions over the past 30 years have shown there are various reasons why victims of crime do not report to police. These include, for example: the belief that police cannot (or will not) do anything; the offence was trivial or the victim felt the matter was bette r dealt with privately; reporting the case was too troublesome; or fear of reprisal or further troubl e if they did report the incident (see for example Newman 1999; Alvazzi del Frate 1998). Computer-Related Crim e i n Asia: Emergent Issue s 5

Nevertheless, despite these limitations it is instructive to explore the available data from several Asian jurisdictions where some official records of reported computer crime are available. We take as an example the work and capabilities of the Hong Kong Police, who have recognised th e increased interdependence o f global markets and have responded to the general risks to Hong Kong's commerce and financia l services. The Hon g Kon g Polic e Commercia l Crim e Bureau' s Technolog y Crime Divisio n (TCD ) wa s establishe d i n 200 1 and it s predecessor , th e Computer Crim e Section , wa s establishe d i n 1993 . Headed b y a senio r superintendent with a team o f 66 officers, TC D deals with computer crim e investigations, computer forensi c examinations , and support t o force-wid e investigation units both a t scenes o f crime and during their investigations. The TCD is divided into three sections: Operations, Forensic Investigations and Intelligence, and has a mission that broadly reflects the scope of public policing now required : • Maintainin g a professional investigatio n capabilit y • Broadenin g the investigation capabilit y within the Force • Developin g accredited computer forensic s • Proposin g changes in laws and policies • Preventio n and educatio n • Intelligenc e management, and liaison with industries and professional s • Liaiso n with oversea s law enforcement agencie s and international la w enforcement cooperatio n

In 2000, TCD conducted compute r forensi c examination s in 91 crime cases and in 2001 the number o f examinations increased by 15 9 cases. The amount of computer data examined grew from 1100 gigabytes in 2000 to 4800 gigabytes in 2002 and in the first eight months of 2002, 128 cases and 3400 gigabytes of data were examined. In the same year a state-of-the-art Compute r Forensics Laboratory was established, enabling each of its computer forensic s examiners t o handle, at any one time, three to four case s involving 'stand - alone' computers, or 600 gigabytes of data on any networked computer. (See Table 1.1. ) Cases reported under 'other' are mostly personal identification (ID ) and password theft usually involving the fraudulent obtaining of access to Internet, phone and other services. While six cases of e-banking fraud were reported in 2002, all involved the 'misuse of passwords' and obtaining services without payment. Customer passwords, and not the bank system, were the actual target of offenders. Notably , Internet obscenity cases that totalled 32 cases in 199 9 have since rapidly declined with only one case reported in 2001. 6 Roderi c Broadhurs t an d Pete r Grabosk y

Table 1.1 Computer-relate d crimes reported in Hong Kong Reported cases 1995 1996 1997 1998 1999 2000 2007 2002 2003 Hacking / cracking3 4 4 7 13 238 275 114 164 403 Criminal damage 2 4 3 3 4 15 27 16 16 Online deception 0 0 2 1 18 29 65 64 103 E-theft and other 8 13 8 17 57 49 29 30 66 All 14 21 20 34 317 368 235 274 588 Note: a . Unauthorised access or access to a computer with criminal or dishonest intent .

The general decline in cases reported in 2001 was thought to be due to the successful prosecution of hacking, obscenity and copyright breach offence s and consumer and business security awareness. Another possibility fo r th e rapid increas e i n reporte d compute r crim e i n 200 0 an d 200 1 wa s th e widespread upgradin g o f computer network s and personal computers a s a result o f the 'millennium bug' fear and the consequent wider application o f intrusion-tracking softwar e an d othe r securit y measures . Anothe r les s dramatic source o f the drop in reported case s was the general reduction i n the us e o f dial-u p Interne t connection s an d subsequen t fewe r case s o f password and ID theft to gain free access. Although simple hacking cases have decreased, ther e are now increases in comple x hacking, thef t an d crimina l damage offences .

• Othe r Asian Countries

Japan

In hi s chapte r Masa o Tatsuzak i o f th e Nationa l Polic e Agenc y o f Japan describes th e curren t statu s o f cyber-crime i n Japan, th e la w enforcemen t response, an d th e imperative o f international cooperation . Cyber-crim e i s increasing in Japan, as elsewhere. Child pornography and Internet fraud ar e prominent, an d frau d involvin g Interne t auction s ha s rise n sharply ; government systems have been the target of attack, and viruses are common. To respond to these threats, the National Police Agency (NPA) established a Cyber Force: a mobile technical assistance unit that assists prefecture police in the course of their investigations. In 2000, 560 cases were reported, of which 87% wer e 'access ' offence s an d 50 % involved obscen e materials . Keij i Uchimura's chapter outlines th e Japanese approach t o the interception an d surveillance o f Internet and other communications s o necessary t o combat the activities o f Boryokudan an d millennium sect s such a s the Aum Shinr i Computer-Related Crim e i n Asia: Emergent Issue s 7

Kyo. He stresses the tensions between public police and th e limitations o f the Tachiainin' system (telecom enterprise technical staff) that mandates due process supervision o f such interceptions.

Singapore

The chapter by Chan Keen Wai and Clemen t Leong from Singapore' s Info - communications Developmen t Authorit y o f Singapor e (IDA ) outline s th e Republic's effort s i n both developin g a n informatio n societ y and fosterin g information security . The emphasis in Singapor e is that computer securit y and crime prevention is everybody's responsibility In 2000 a special computer response group was created and merged with the Commercial Affairs Bureau of th e Financ e Department . I n th e firs t (financial ) yea r o f operation, 7 5 computer investigation cases were reported. In the same year 191 computer- related offences were recorded and, of these, 82% involved intrusion offences ; most (64% ) involved global roaming services.

Korea

The Korean Information and Security Agency (KISA) is the most active agency responsible for cyber-crime control in Korea and is a reflection o f the nation's rapid acceptanc e o f information technology . KIS A has helped develope d a comprehensive package o f legislation and programmes designed to ensure a secure e-commerc e environmen t hostile to cyber-criminals. Kore a was one of the first countries to criminalise spamming and advocates a vigorous public education programm e centre d o n a 'Prevention Day ' o n th e 15t h o f ever y month. Of the 2000 incidents reported by KISA in 2001,33% comprised 'spam' mail; 11 % were virus o r 'cracking ' offences , 9.1 % obscenity offences , an d 43.5% were personal information an d privacy intrusions. Korea's pioneering responses t o th e ubiquitou s menac e o f 'spam ' includ e effort s t o bot h criminalize this conduct and to stress the critical role of consumer awareness. However, 'spammers' from outside Korea's borders still operate with relative impunity. KIS A estimated that on average 41 'spam' mails were received per person per da y in Korea in July 200 3 and unless spamming was addresse d this was likely to flood emai l systems t o extinction. KIS A notes that man y 'relay servers' were sourced fro m school s and tha t improving informatio n security in that sector along with requiring ISPs to register bulk mailers may stem the flood o f unsolicited commercial email. According to a KISA survey 8 Roderi c Broadhurs t and Pete r Grabosk y

56% of 'spam' involved sexually explicit material, 19% other illegal products, 14% was fraud style emails, and 11% other forms o f advertising (Broadhurs t 2004).

China

The Information Security Supervision Bureau of the Ministry of Public Security of P R China estimate s that in 200 2 there were approximately 48.8 millio n Internet users, nearly 30 million computers and 15 0 000 websites in China. Just fewer than 5000 computer crimes were reported in 2001, up from about 2900 in 2000 and around 400 in 1999. By mid-2002 the bureau had reported just over 3000 cases. It estimated that by year's end it would handle 350 cases of system intrusion and over 800 cases of damage to computer systems.3 Th e number o f cases identified b y the bureau was thus seen to be growing at an overwhelming rate, although many cases went unreported or unnoticed. Most offenders were younger people (aged 18-30) with most attacks mounted from Net or cyber-cafes with offenders hiding their identities by connecting through a http or Sock proxy, by fake IP addresses or by employing cryptography or steganography Consequently , stronge r measure s hav e been take n i n th e registration an d monitorin g o f cyber-cafes , wit h man y bein g close d o r reorganised. At present, the bureau labours without specific laws and with no explicit definition of computer evidence or procedures to retrieve evidence. Although current regulation s (Regulatio n o f Securit y an d Protectio n o f Compute r Information System s o f the People' s Republic o f China 1994 ; Management Regulation o f Security and Protectio n o f Computer Informatio n Network s Connected with the Internet 1997 ; and the Criminal law of PR China 1997 ) relating to cyber-crime are complex, they lack the detail to enable successfu l enforcement, whil e emergency response and cas e reporting measures hav e yet to be fully developed. Being implemented ar e basic policies that seek to place prevention as the priority, along with the protection of crucial computer systems while strengthening educatio n an d propaganda abou t informatio n and computer security. More needs to be done to develop the local information security industry and to improve the level of cooperation with foreign police in the pursuit o f cross-border cases. Computer-Related Crim e i n Asia: Emergent Issue s 9

Thailand

Although no specific computer crime statistics are available for Thailand, the Royal Thai Police have set up an Internet Hotline.4 I n its first eight months, 3640 incidents were reported. Over half related to pornographic websites (39% Thai and 23% foreig n languages) and a further 15.5 % relate d to pornographic products or prostitution. About 10 % related t o intellectual property pirac y or other illegal products, 3.5% to gambling sites and 7.5% to national security. Several new law s ar e being worked o n (Electroni c Transaction, Signature s and Fund Transfe r Laws, Computer Crime , Data Protectio n an d Nationa l Information Infrastructure Laws) by the newly restructured (November 2002) Ministry of Science and Technology. The Electronics Transaction Act B.E. 2544 , which provides electronic transactions and signatures, came into effect in April 2002, and the computer-crime law now in draft follows the framework o f the Council of Europe's Cyber-crime Convention. ThaiCERT was established in April 2001 and at present the Royal Thai Police, the Special Investigation s department o f the Ministry o f Justice and the National Electronic Compute r Technology Centre are responsible for dealing with ail aspects of cyber-crime in Thailand. 5

Indonesia

Indonesia, one of the largest countries in the region, has an Internet service that is estimated to serve about 7.5 million users via 170 ISPs. Internet banking began i n 1998-99 , an d th e mos t prevalen t cyber-crim e i s th e misus e o f payment cards . Websit e defacin g o f th e majo r bank s an d governmen t departments have been reported, as well as cases of cyber-squatting and typo- pirating. At present there is no legal framework, althoug h draft cyber-crime , electronic and personal data protection laws are being drawn up. A significant lack of relevant human resources among law enforcement and IT professionals is acknowledged. 6

Philippines

Since th e infamou s Troja n typ e ' I love you' virus wa s launched fro m th e Philippines in May 2000, the passage of the Electronic Commerce Act in June 2000 penalised hacking or cracking and piracy offences. Since the passage of the new law, there have been ten cases of hacking as well as cases involving 10 Roderi c Broadhurs t and Pete r Grabosk y

cyberspace defamation, pornography, gambling, and the sale of firearms and drugs. Th e Nationa l Burea u o f Investigatio n (Anti-Frau d an d Compute r Crimes Division ) alon g with th e Intellectual Propert y Office , th e Nationa l Telecommunication Commission and the Department of Trade and Industry, has overal l responsibilit y fo r addressin g computer-relate d crime . A comprehensive cybe r la w i s under stud y wit h proposal s t o criminalis e intentional unauthorise d access , compute r sabotage , domai n squatting , spamming, and the illegal distribution of copyright products. The Philippines National Police have limited capacity and generally lack technical capability, trained investigator s an d develope d domesti c an d regiona l cooperatio n mechanisms.7 Weak banking laws make the Philippines an ideal 'staging' post of money laundering via wire or electronic transfer . The position o f Uzebekistan, Kazakhstan and Mongolia is considerably less develope d tha n th e countrie s reporte d above , although al l ar e in th e process o f developing both law s and infrastructure t o enable e-commerce . Vietnam, Laos, Cambodia, Myanmar and North Korea have yet to enter th e digital age, although th e North Korea n government ma y be developing a n information warfar e capability .

• Transnationa l Policing and Cyber-Crime

Cyber-crime is often transnationa l crime, and efforts t o address it therefor e need to adopt a transnational approach. The focus here is on the development of international and multilateral efforts aimed at addressing increasing threats posed by various computer-related crime s and the associated investigative , evidentiary, legal and procedural problems. A simple but effectiv e respons e is the need for expedited (e-mail) requests for mutual legal assistance (MLA); a numbe r o f nation s ar e movin g toward s compulsor y disclosur e o f cryptographic key s subject t o judicial oversight (Grenville-Cros s 2003). The transnationa l natur e o f cyber-crim e reflect s th e proces s o f globalisation, whic h ha s intensifie d ove r th e pas t tw o decades . B y globalisation, w e mea n th e genera l shif t o f economi c force s toward s multinational an d interdependen t market s couple d wit h a decline in th e capabilities o f individual states to assert independent jurisdiction over such markets. Th e pac e o f thi s process , characterise d b y th e expansio n an d transnational flo w o f capita l couple d wit h 'real-time ' communications , undermines th e power o f states t o contro l (o r protect) bot h market s an d populations fro m externa l forces . Th e revolutio n i n informatio n an d communication technolog y (1CT) , particularly digita l technology , ha s Computer-Related Crim e i n Asia: Emergent Issue s 1 1 accelerated the impact of transnational capital flows and production such that traditional concepts of time, distance and place have fundamentally changed . The emergence of e-commerce, as well as the social dimension of the Internet and associated 'cyber-crimes' , is a striking example o f the challenges to the independent capability of nation-states to regulate social and economic order within thei r territories . A s significant ha s bee n th e shif t i n th e for m o f economic management, because by the 1990s most of the largest economies in the world were transnational corporations and not nation-states. Braithwaite (2000) argue s tha t th e influenc e o f transnationa l corporation s an d th e numerous hybri d private-public internationa l regulator s (fo r exampl e th e Basle Commission on Banking Supervision) serve to reduce the dominance of the regulatory role o f states. Radical versions of globalisation go further an d suggest that the nation- state syste m o f internationa l relation s n o longe r provide s a n effectiv e methodology for regulating either domestic or transnational activity, especially international trade. In either version of globalisation, so-called'sub-state' actors, such as large commercial institutions, play a crucial role in the emergence of what Sheptycki (2000) terms a transnational-state-system. In this system, new configurations o f actors and power emerge and transnational organisation s (both licit and illicit) will flourish du e to the diminishing sway of the state (Lizee 2000: 165). The roles o f multinational agencies such as Interpol and the United Nation s hav e never been mor e essential . Ye t within Asi a (an d globally) th e results fal l fa r short o f creating a seamless web o f bilateral or multilateral agreement s an d enforcemen t tha t woul d ensur e a hostil e environment fo r cyber-criminals. The compatibility of criminal activity with these global changes is illustrated by the expansion and convergence o f the profitable busines s o f smugglin g o f humans, narcotic s o r othe r illici t commodities with the development of communication infrastructure and trade. Given the context just described, what may eventuate in the absence of the rul e o f la w in transnationa l environment s i s 'governanc e withou t governments' (Rosena u 1992) . Whil e ther e no w exis t internationa l conventions an d treatie s expressl y designe d t o inhibi t seriou s crimina l networks or offenders operating across borders, the reach of these instruments is limited by the speed and scale of domestic ratification an d consequentia l enabling laws. Nevertheless, the y provide a moral climat e hostile t o som e forms o f transnational crim e and see k t o harmonise law s and evidentiar y processes that enable cross-border investigations to take place as well as other cooperative undertakings. The UN Convention Against Transnational Organised Crime (the TOC Convention) was introduced in December 2000 in Palermo, Italy8 Th e TOC 12 Roderi c Broadhurs t an d Pete r Grabosk y

Convention significantly extend s the reach o f the 198 8 Vienna Conventio n Against Illici t Traffi c i n Narcotic s and Psychotropi c Substances . The TO C Convention establishe s severa l offenc e categories : participatio n i n a n organised criminal group, money laundering, corruption and obstruction of justice as well as protocols in respect to trafficking i n women and children , illicit manufacturing an d trafficking i n firearms, and smuggling of migrants. Serious crime is defined broadly (conduct attracting punishment o f four o r more years' imprisonment). The basis of the framework is one that yields such flexibility in the definitions o f both organised and transnational crime that it may serve a s a generic legislativ e mode l acros s divers e commo n la w an d continental systems. In addition, the TOC Convention expressly refers (Art . 29 (2) ) t o method s fo r combatin g th e misus e o f computer s an d telecommunications networks . Provision s fo r trainin g an d materials , especially assistance fo r developing countries, place obligations on capabl e states. As well as the innovations provided by the TOC convention, the Council of Europe's Convention on Cyber-crime, discussed in Peter Csonka's chapter, was completed in November 2001. It specifies a variety of computer-related offences.9 Th e convention is designed t o deal with the special problems o f cyber-crime and the inevitable transnational character of many of the offence s involved. Upo n ratification , th e conventio n will provide la w enforcemen t agencies with the basis for investigating and preserving vital evidence in the cross-border dimension so characteristic of those forms of crime that exploit new information and communication technology. In dealing with ICT crime, law enforcement is at a disadvantage because of the remarkable speed in which cyber-crimes unfold agains t the typically 'low-speed cooperation' offered b y traditional form s o f mutual lega l assistance . Althoug h request s fo r la w enforcement assistance are now routinely undertaken on an officer-to-office r basis via encrypted e-mail, this novelty should be available to judicial officer s in th e future . I t i s now conceivabl e tha t 'letter s rogatory ' an d associate d instruments ma y in th e near futur e arriv e by secure encrypte d e-mail , a s already do many o f the communications between law firms. These developments are mirrored by the increasing transnational activities of corporate and private security. Indeed, given the role of (self-) regulatory 10 approaches by corporations, especially multinational enterprises, the role for transnational private policing is already significant and widespread (Johnston 2000). For example , private security is the major provide r in th e paymen t card industry , intellectual propert y investigation s an d airlin e security . Th e sheer volum e o f potential globa l cyber-crim e activit y compel s polic e partnerships wit h banks, telecommunicatio n provider s an d corporations . Computer-Related Crim e i n Asia: Emergent Issue s 1 3

Partnerships also raise real issues o f shared intelligence in environments o f trust. Thus the mobilisation of so-called 'private police' and non-government organisations in partnership with public police are essential if cyber-crime is to be contained. Crim e exploits th e 'gaps' in th e sovereign stat e system o f international relation s and , unless i t is recognised tha t in communitie s o f 'shared fate', coordinated form s o f regulatory endeavour (free , fo r example , from unduly strict o r pedantic definitions o f 'dual criminality') may be th e only means to curtail cyber-crime and its inevitable cross-border dimension. To fail to recognise that we share a 'common fate' , that problems belong to others and not ourselve s alone, undermines th e very basis o f mutual lega l assistance — reciprocity.

I Regiona l Coordination and Cooperation

As noted by Jeff Bullwinkel in his chapter, although cyber-crime has drawn increasing attention at both national and international levels in Europe and North America, 11 rathe r les s is known abou t th e nature an d extent o f the problem in the Asian region. Gregor Urbas provides a comprehensive overview of the current status o f Asian jurisdictions in the development o f domestic laws t o addres s computer-relate d crim e and th e protection o f intellectua l property. Bullwinkel provides a detailed review of the international effort t o manage the impacts o f cyber-crime. Regional effort s hav e begun, notabl y throug h ASEA N and th e APE C forum. Such developments have yet to evolve into fully institutionalised form s of cross-border lega l cooperation o r significantly influenc e th e response of states within th e region. 12 However , th e 'Interpol Asi a and Sout h Pacifi c Working Part y on IT ' is active, and nine countries within th e Asia-Pacifi c region participat e i n th e Cybe r Crim e Technolog y Informatio n Networ k System forme d b y the Nationa l Polic e Agency o f Japan.13 Ther e are now significant regional forums for police and other law enforcement official s and there is routine exchange of consular police liaison officers . In recent papers, both Keiichi Aiziwa (2001) and Yasuhiro Tanabe (2004) of the United Nations Asia and Far East Institute for Crime and the Treatment of Offender s (UNAFEI) , have argued that existing ML A Treaties including extradition are inadequate. Key problem s relate to dual criminality, reciprocity, and th e non-politica l natur e o f th e predicate offenc e i n orde r fo r forma l cooperation t o take place — states must mutually agree that the conduct is outlawed. The Council of Europe approach is innovative because it requires requested state s t o assis t regardles s o f dua l criminality . Th e treat y place s 14 Roderi c Broadhurs t and Pete r Grabosk y

emphasis o n preservin g evidenc e an d reducin g procedura l dela y whil e promoting the role of 24/7 agents (24-hour, 7 days a week contact or liaison). Michael Jackso n outline s th e approac h an d scop e o f Hon g Kong' s arrangements for facilitating mutual legal assistance, extradition and evidence collection (se e also Luk 2001; Blanchflower 2003). 14 The various measures now operating within the European Union, notably the Counci l o f Europe Convention , th e establishment o f EUROPOL and a European Judicial Network, provide examples of greater law harmonisation and fewer opportunities fo r transnational criminals to exploit jurisdictional and legal loopholes between nations.15 Europea n initiatives in international crime provide sound example s o f the way forward i n regional cooperation , but may not serve as a model for the development of countermeasures in the vastly differen t socio-cultura l an d economi c circumstance s foun d i n Asi a (Khoo 2003). Nonetheless, it is abundantly clea r that cyber-crime, and not just th e traditiona l concern s abou t narcotic s an d piracy , i s a matter o f significant concern . Thus 'international law enforcement' has shifted fro m a peripheral t o a central rol e within otherwis e domesticall y focuse d la w enforcement agencies . In addition, th e lines between th e policing functio n and nationa l securit y appea r les s distinct, an d considerabl e overla p no w routinely occurs between the agencies countering threats such as cyber-crime, low-intensity warfare an d terrorism. Thus, importance i s attached t o intra- agency cooperation within jurisdictions and the need to improve and maintain these to enhance ML A at the regional and international levels. While ASEAN16 has provided a limited pan-Asian approach, it does form a basis for developing a wider regional forum for considering matters of MLA. Its approach, eve n given th e developin g natur e o f the region , mirror s th e methodology o f th e Europea n Union . Th e shee r cultura l an d economi c diversity of Asia makes the process of multilateralism fraught with difficult y (Khoo 2003). Yet understanding the different capacitie s and perspectives of how each state could contribute was an essential first step. The endorsement in October 2000 17 o f the action plan o f the ASEAN and Chin a Cooperativ e Operations in Response to Dangerous Drugs (ACCORD) in partnership with the United Nation s Drug Contro l Program (UNDCP ) illustrat e within ou r own region the quickening of MLA responses to transnational crime such as cyber-crime. ASEA N has conducted fou r ministerial meetings on problem s of transnational crime (Manila 1997, Yangon 1999, Singapore 2001, Bangkok 2003). These meetings oversee the work of the Annual Senior Officials Meeting on Transnationa l Crim e an d conside r th e deliberation s o f ASEANAPO L meetings of the ASEAN National Chiefs of Police and their cooperative effort s to combat transnational crime. Computer-Related Crim e i n Asia: Emergent Issue s 1 5

Julie Shannon and Nick Thomas provide an overview of the role of'human security' models in dealing with complex threats posed by cyber-crime. They suggest that over-reliance on the state, especially the public police, to address cyber-security issues would expose both markets and society to frequent low level, but costly , risks . Consequentl y th e rol e o f public-privat e polic e partnerships in the market-place and th e emergence o f civil society on th e Internet, combined with public awareness, may be the only viable means to contain cyber-crime among ordinary users.

I Interne t Security and the Public

Internet connectivity is now estimated to reach over 50% of the populations of th e mos t develope d nation s i n th e Asia n regio n an d a n increasingl y significant numbe r o f people i n th e les s develope d nation s hav e on-lin e access.18 China , for example, in 2003 had nearly 50 million Internet users, and about 30 million computers regularly connect to the Internet. Interne t penetration was reported to reach 19% o f households in cities such as Beijing, Shanghai, Guangzhou an d Shenzhen. Chines e households were connecte d for a n average o f 9.6 day s a month an d web surfin g accounte d fo r 61% o f activities online, followed by e-mail (19%) and Internet messaging (10%). 19 This was low compared t o the 45-48% connected to the Internet estimate d for citie s like Hong Kong and Singapore and the high rates o f participation reported fo r Japan, Taiwan, and Korea. However by the end o f 2002, in the People's Republic of China (PR China) about 57 million or 5-6% of households had access to the Web (about 33 million computers online) and by the year 2006 i t i s expected tha t 20 0 million (15 % o f the population) o r 25 % of households will be connected (Neilsons / Netrating 2002).20 I n short, China will become one of the largest populations o f computer and Internet users21 when compared t o the most developed countrie s such as the United State s (166 million with Internet access), United Kingdom (29 million), Japan (51 million) an d German y (3 2 million). The striking challeng e that thi s rapi d uptake in connectivity poses for e-governance is addressed later in the chapter by Wong and Wong. In China, the growth of M-commerce and WAP (wireles s applications) access to the Internet is also likely to grow faster and pose similar risks to commerce.22 Mobil e phone users are now estimated to number 19 8 million and may reach th e astonishing figur e o f 500 million mobil e / lan d phones by 2006. Among the Asian tiger economies / 'little dragons' (Hong Kong, Singapore, Taiwan and Korea) and Japan, Internet acces s has already reached between 16 Roderi c Broadhurs t an d Pete r Grabosk y

40 and 60% or more of households. Many of those households and business have also adopted broadband access. Both the speed and utility of connectivity have been enhanced by developments in data compression, while telephone line connectivity may present less of a barrier t o data transmission. This is especially the case with the large data files needed to transmit digital images (movies, books and music). In contras t t o such astonishin g development s are the Asian Central Republics and ASEAN's least developed economies: in Laos, Cambodia, Mynamar and Vietnam, Internet access is less than 1-2 % o f the population. The gap between the digital 'haves' and 'have nots' could not be greater. E-commerce customers and businesses are most concerned about threats to the integrity o f financial transactions as well as violations of privacy. Ivan Chiu's research on the attitudes o f Chinese users and thei r concern s abou t privacy and risk provide an example of the universality of this issue. Risk of card fraud, the ability to track purchases and delivery, and legitimacy of online merchants were more important than convenience, lack of sales support and the personal touch (Liske r 2001; Valeri 2001). The UK National Consume r Council reported that many consumers cited concerns about releasing credit card details as the major reaso n fo r considering e-commerce risky . Internet shopping was regarded as the most unsafe of all methods (survey undertaken in August 2000, cited by Valeri 2001). Based on research reported by a payment card enterprise, Lisker (2001) showed that fraud involving Internet services has tended to cluster around 'adult' or pornographic content sites, 23 onlin e services, and direc t marketing activities . He also notes a significant tren d towards the use of online payment methods and it was forecast that 52% of all payment car d transactions would be conducted remotely by 2005.24 The exponential growth o f computer usage and Internet connectivity is expected t o continu e unabated , but i t i s als o eviden t tha t thi s increase d connectivity wil l be highly structure d an d unevenl y distributed . Th e ga p between wealth y an d poor , th e compute r literat e an d illiterate , will als o significantly widen, both within and across nations.25 Access constitutes an important indicator o f both national and individual potential for growth. It attracts attempts, enlightened or otherwise, at governance of this new arena for markets and social relations. The fundamental issu e o f how to regulate and police this new arena, 'cyberspace', is the basic focus o f the chapters that follow. The contributors cover the international or multilateral implications of cross-national cooperatio n throug h t o the role o f the private and publi c sectors in information technolog y security, and the forensic issues involved in the investigation o f computer-related crime . Computer-Related Crim e i n Asia: Emergent Issue s 1 7

I Respondin g to Computer-Related Crime

The expansio n o f computer connectivit y an d th e associate d risk s t o dat a privacy, new modes o f criminal opportunity , an d othe r nuisances presen t special difficulties t o law enforcement agencies. Moreover, the increasing take- up and connectivity (via TV) of digital technology means that cyber-crime is becoming a cor e busines s rathe r tha n a specialise d functio n o f la w enforcement. Most significantly, attacks are instantaneous and often remote, disregarding national sovereignty . However, digital technology also affords new opportunities for individual citizens to communicate efficientl y wit h police. An example is the Internet Fraud Complain t Center , which operates in the United State s and receive s online information from members of the public relating to questionable online activity. Personnel at the centre evaluate these communications and refer them to the appropriate agency or jurisdiction. At the international level, Interpol has stressed financial and high-technology crime — two of Interpol's top five priorities (alon g with drugs , terrorism, peopl e smugglin g an d organise d crime). The threa t o f cyber-crim e an d th e capacit y t o respond t o i t will var y dramatically across nations. Nearly half o f Interpol's member countries lack the infrastructure fo r online communication (Noble 2003). The UK response to this challenge was to establish a National High-Tech Crime Unit and along with the G8 network (with its 17 members) for 24/7 or round-the-clock liaison in cyber-crime matters. There remains, however, a need for enhanced mutual legal assistance, for speedier processes for extradition, for consistent evidential standards, and for improved liaison between police and industry The scope of criminal activities, and associated law enforcement and their social consequences, are expanded upon in the next chapter by Peter Grabosky A typology of computer-related crime comprises the following: conventional crimes in which computer s ar e instrumental t o th e offence , suc h a s chil d pornography and intellectual property theft; attacks on computer networks; and conventional criminal cases in which evidence exists in digital form . The kind s o f criminalit y encompas s th e followin g (b y n o mean s exhaustive) list : • Interferenc e wit h lawfu l us e o f a computer : cyber-vandalis m an d terrorism; denia l o f service ; insertion o f viruses, worms an d othe r malicious cod e • Disseminatio n of offensive materials: pornography / child pornography; online gaming /betting; racist content; treasonous or sacreligious content • Threatenin g communications: extortion; cyber-stalkin g 18 Roderi c Broadhurs t and Peter Grabosky

• Forger y / counterfeiting: ID theft; IP offences; software, CD, DVD piracy; copyright breaches et c • Fraud : payment card fraud an d e-funds transfe r fraud ; thef t o f Internet and telephon e services; auction house and catalogu e fraud ; consume r fraud an d direct sales (e.g . virtual 'snake oils'); on-line securities frau d • Other : Illega l interception o f communications; commercial / corporat e espionage; communications i n furtheranc e o f crimina l conspiracies ; electronic money launderin g

The offences ar e diverse, but many are traditional crimes executed with new technology. Thus the appropriate response is guided by new technological disciplines. Lucas Hui and colleagues in their chapter present an example of cooperation between police and universities when they discuss a new forensic tool developed jointly by the Hong Kong Police and the Center for Information Security an d Cryptograph y a t th e University o f Hong Kong . The Digita l Evidence Search Kit, or DESK, enables investigators to search for patterns in both Chinese and English, as well as to identify codifie d or deleted files. The technology permits inspectio n o f the suspect's machine fro m a connecte d computer, while locking the suspect's machine to preserve file integrity. They stress the vulnerability o f computers, especially via e-mail services, and note that syste m securit y i s closel y relate d t o th e capabilitie s o f syste m administrators and auditors. 26 Forensic computing and evidence preservation protocols are essential to effective investigatio n an d prosecution , especiall y give n th e trans-borde r nature of evidence collection (Chan 2001; Pollit t 2003).27 I n most cases it is unlikely that a computer expert will be available at the crime scene and the risks o f contaminatin g th e evidenc e ar e high. Consequently , a s with othe r types of crime, the emphasis is on following the traditional chain-of-evidenc e rules and ensuring that command and control assigns the relevant expertis e promptly to the task at hand. Frequently this will require drawing on expertise in the private sector or academia.

i Crimina l networks and IT Crime

Striking illustrations o f the practicality o f social network theorie s (Castell s 1996) in understanding the impact of global communications on criminality are the behaviour o f computer viruses. The way in which computer viruses (for example the 'I Love You' bu g and the 'Code Red' worm ) may spread, within days, to virtually ever y computer networ k an d termina l around th e world Computer-Related Crim e i n Asia: Emergent Issue s 1 9 shows how connections facilitate behaviour. Little imagination is required to extend the ideas behind these dramatic phenomena to the actual and potential networks o f social relations tha t enable illicit commodities t o move acros s borders an d t o be distribute d t o consumers. Organise d crim e 'i s a social phenomenon, a network o f relationships base d o n reciprocal benefits tha t extends to the heart of society and of institutional and economic life'. Nor is it simpl y a problem o f th e crimina l la w but on e o f 'civi l law , economi c regulation, industrial management, and fiscal policy' (Jamieson 2001: 386). There is growing evidence to show that digital technologies have greatly enhanced th e effectivenes s o f forger y an d counterfeiting , especiall y o f I D documents, payment cards and bank and securities instruments. IP and other copyright infringement s hav e now become lucrativ e target s fo r organise d criminals, whil e smugglin g (humans , endangere d species , narcotics , precursors, disc stampers, and arms) and traditional customs avoidance are assisted b y the applicatio n o f encrypted communication s an d th e use o f sophisticated forge d documentation . Apart fro m th e us e o f digita l technolog y t o improv e forgerie s an d instruments o f deception, organise d crim e groups appea r t o hav e used I T to assis t i n onlin e gamin g (an d gamin g scams) , pornographi c site s an d advance fe e an d othe r deceptio n offer s vi a e-mai l o r websites. Th e majo r area o f risk i s forge d paymen t card s an d relate d I D thef t t o obtai n good s including via online transactions. The Hong Kong Police Organised Crim e and Triad Bureau report fe w cases of systematic triad involvement in online fraud; traditiona l activitie s o f protection, deb t collectio n an d vic e are stil l dominant. Nevertheless , China' s 'openin g up ' polic y an d it s rapi d development as a market economy have allowed foreign criminal groups to establish relationships with local groups and to invest directly or indirectly in licit or illicit business. This infiltration o f foreign syndicate s has helped to enhanc e th e siz e and reac h tha t seriou s crimina l group s hav e in man y cities and towns across China. Local criminals have shifted activities , once typically base d o n 'blac k markets ' an d commodit y theft , int o lucrativ e intellectual propert y offences , trafficking , vic e an d gaming . Th e mos t insidious aspects have been the criminal investment in factories (bot h licit and illicit ) includin g state-owne d enterprise s throug h th e corruptio n o f officials. Chines e police, once reluctant t o develop arrangements with their counterparts, now activel y seek the cooperation an d assistance o f overseas colleagues and support arrangement s fo r share d intelligenc e an d capacity - building (Zhen g 2003). Although there is little novelty in the criminality involved, its scale and scope make contemporary cyber-crime of a different kind from crimes of the 20 Roderi c Broadhurs t an d Pete r Grabosk y

past. I n future , organise d crim e may be expecte d t o recruit I T specialists, intimidate corporat e insider s t o obtai n acces s t o I T systems , an d us e anonymisers an d encryptio n i n furtheranc e o f cyber-crime. Suc h a global problem demand s a globa l solution . I n addition , th e natur e o f telecommunications ha s changed : ther e ar e n o mor e monopolies , geographically confined. Now a single communication can pass through many providers in different countrie s with different lega l systems. Remote attacks are now possible. Whether the y are the work o f a 14-year-old , a terrorist, a foreign intelligence service or an organised criminal may not be immediately apparent; all must be investigated. Digital footprints are fragile or ephemeral, so swift action is often required. This becomes very difficult when an attack transits multiple jurisdictions with different regime s fo r preservin g evidence . Traditiona l method s o f la w enforcement ar e therefore n o longer adequate. A slow formal proces s risk s losing evidence , and multiple countries ma y be implicated. Followin g an d preserving a chain o f evidence is a great challenge. Even 'local' crimes may have an international dimension , an d assistanc e ma y be required fro m al l countries throug h which a n attack has been routed. Example s include th e case of Mafiaboy whose distributed denial of service attacks in February 2000 was a watershed event: the seriousness o f the threat and the vulnerability of e-commerce became apparent. The investigation of Mafiaboy was a textbook example o f clos e cooperatio n betwee n th e FB I and th e Roya l Canadia n Mounted Police; only rapid and close collaboration between the two police services could have achieved such a result. Among the challenges faced by investigators is the enormous increase in storage capacit y i n today' s computers , an d th e challeng e t o effectiv e an d efficient searche s tha t thi s entails . Almos t ever y cas e will soo n requir e computer forensics , an d evidenc e wil l be located i n multiple places . Th e challenge faced by investigators will be one of information management (Pollitt 2003).

• Th e Role of Public and Priuate Security

Digital technologie s hav e greatl y facilitate d th e commissio n o f suc h traditional offences a s intellectual property theft , piracy , counterfeiting an d forgery.28 Generi c problems o f forgery an d counterfeiting wer e the focus o f Interpol's efforts illustrate d by a recently established Universal Classificatio n System fo r Counterfei t Paymen t Card s secur e website. Thi s secur e sit e provides up-to-date information on trends and techniques with respect to the Computer-Related Crim e i n Asia: Emergent Issue s 2 1 forgery o f payment card s and fraud . Apar t from illustratin g how Interpol' s unique clearin g house function 29 ca n be adapted t o meet new problems it shows that, with fiscal and technical support from the payment card industry, the law enforcement communit y ca n be better traine d an d equipped. Thi s cooperation strengthens police capacity to respond t o the theft o f payment cards and othe r computer-relate d crime s tha t reduc e th e integrity o f th e market and limit the social benefits o f Internet communications. It takes little imagination but considerable endeavour 30 t o see that a rapid application o f this model to many global and transnational crimes would help fulfil repeate d recommendations fo r more practical support for cross-national cooperatio n in law enforcement . As well as serving as an example of how international agencies can assist with essentia l tasks , such a s secure shared intelligence , thi s exampl e als o clarifies the role of private non-state actors in the prevention of crime. Private investigation has grown significantly in recent years, and there is now much closer cooperation between the private IT security sector and law enforcement. Cooperation is paramount but there is still a degree of mutual suspicion and uncertainty about what form this cooperation should take. These matters are discussed with emphasi s o n th e way individuals and private industry ca n contribute t o thei r ow n security , since commercia l an d compute r crim e i s generally an area o f weak policing. The active cooperation of the private sector is essential in assisting police investigations. Give n corporat e victims ' reluctance t o report cyber-crim e attacks, Len Hynds (2003) , Director o f the U K National Hig h Tec h Crim e Unit, has proposed a new initiative: confidentiality contracts between police and victim . Suc h contract s ca n serv e t o harness intelligenc e tha t woul d otherwise b e lost because o f non-reporting. H e also observe d tha t polic e should begin to appreciate the mindset o f corporate executives and that the police may have a role in collecting and sharing business intelligence. The FBI has also stressed that critical infrastructure protection is a current priority in the United States. This is particularly challenging, given that most elements o f critica l infrastructur e suc h a s powe r generation , telecommunications, transport , an d institutions o f the financial syste m are owned b y th e privat e sector . Th e nee d fo r cooperatio n betwee n la w enforcement an d th e private sector i s obvious. T o help bridge the public- private gap, the FB I has introduced it s Infraguard Progra m with ove r 4000 members (Ide n 2003). Reinforcing the essential need for industry self-help, Li (2001) cited recent survey dat a fro m th e Unite d State s tha t show s 70 % o f organisation s experienced unauthorise d us e o f thei r computer s but, o f these, only 44% 22 Roderi c Broadhurs t an d Pete r Grabosk y

reported the intrusion to the police. Among the most frequently cited reasons for not reporting intrusions was the fear of negative publicity and / or giving a competitor an advantage. He also stressed the neglected observation that a significant threa t arises within the victim organisation fro m employee s and other insiders and this risk may be higher than the more widely publicised attacks by outsiders. Effective control of cyber-crime, however, requires more than cooperation among institution s o f publi c an d privat e security . Th e rol e o f th e communications and IT industries in designing products that are resistant to crime and that facilitate detectio n and investigation cannot be understated. No less an entit y than Microsof t ha s now committed itsel f t o reducing th e vulnerability o f its products (Charne y 2003).

• Copyrigh t and the Internet

The problem s o f protecting variou s form s o f intellectual propert y (IP) , specifically music , motio n pictures , game s an d compute r software , ar e heightened in the Internet environment . Significantly , a s digitised version s of these products become available, Internet access is rapidly becoming th e preferred means for obtaining them. Consequently, the illegal or unauthorised access to relevant Internet sites is perceived as both a motive and source of increased ris k t o I P holders. Give n tha t I P piracy ha s traditionall y bee n widespread within the Asian region, it had been thought that only an unlikely radical change in community attitudes could impact on the volume of 'illegal' sales. While community sentiment, at least in Hong Kong, has shifted awa y from pirated products, this was assisted by a multi-level enforcement approach that incorporated vigorous and sustained investigation and prosecution with the ful l cooperatio n o f the relevant industries. Th e inclusion o f copyrigh t offences a s part of Hong Kong's Organised Crime Ordinance provided better legal prescription and aided customs agents in cooperation with private sector counterparts t o substantially improve IP protection Tsan g (2001). In Hong Kong and other jurisdictions, however, non-actionable cases were typically linked to overseas or cross-border events. Although IP piracy is ofte n touted as a problem restricted to wealthy multinational corporations and not a significant local or Asian issue, it is apparent that IP piracy can also be fatal to indigenous IP holders, as Malaysian, Thai, Mandarin and artists have lamented. Typically in Hong Kong and other jurisdictions, government willingness t o address legal loopholes, including extradition, an d provid e police with resource s i s still a critical facto r sinc e th e deterren t valu e o f Computer-Related Crim e i n Asia: Emergent Issue s 2 3 punishment and the associated publicity is a crucial part o f any multi-level approach.31 Poon (2003) observed how digital technologies facilitate IP and copyright infringements. H e noted tha t ther e were many websites i n Hong Kon g fo r downloading pirate d content . I n respons e t o thi s challenge , Hong Kon g Customs ha s a forensi c specia l interes t group , a computer analysi s an d response team, an anti-Internet piracy team, and a computer forensics support team with its own lab. The three most pressing problems they face are limits of territorial jurisdiction, impediments to the acceptance of digital evidence, and the fact that many offenders commi t their offences fro m overseas. Poon concluded tha t t o meet thes e challenge s will require activ e dialogue wit h industry, improve d forensi c skills , an d bette r technica l mean s fo r th e collection, preservation an d presentation o f digital evidence. Copyright, however , i s primarily a private righ t an d th e I P holder o r industry has the responsibility t o be active and vigilant in the protection o f such rights. 32 A s many commentators note , piracy is sustained b y public demand an d th e nee d fo r educatio n an d raisin g respec t fo r I P ar e als o important factors . Give n th e relativel y lo w investment require d t o set u p activities suc h a s optical dis k piracy , even rigi d inspectio n an d raid s ma y merely forc e the m undergroun d an d / o r displac e activitie s t o weake r jurisdictions. More resources may not be enough because of public demand encouraged b y lo w prices. Effort s b y governments 33 an d consumer s t o encourage better pricing o f legitimate products an d fun d publi c educatio n are seen as positive measures. China has suffered heavil y from piracy despite a strong policy to crush illegal operators. Although 11 5 underground optical disk manufacturers ha d been close d before 2001 , the problem continue d a s offenders ha d activel y countered governmen t scheme s tha t encourage d reportin g o f illega l operations. The ready supply o f unemployed worker s provided I P 'pirates' with an ample sales force and distributive network, and modifications t o the criminal law were necessary to criminalise this conduct.34 H e also noted that considerable quantitie s o f pirated goo d were imported fro m neighbourin g countries. Th e pressur e o n I P pirate s i n Hon g Kon g ha d le d t o th e displacement o f factory-style operation s to China and, unless the financier s are targeted, the underground industry is destined to continue.35 Malaysia n police, who hav e also been concerne d with targetin g the financia l source s of pirac y production, 36 hav e observe d a similar displacemen t effect . Nevertheless, i t i s apparent tha t targetin g optica l dis k 'stampers 1 and th e introduction o f mandatory laser recorded codes would be the most helpfu l strategically. 24 Roderi c Broadhurs t an d Pete r Grabosk y

Industry is responding with impressive resort to additional remedies, as a recent successful civi l action in PR China on behalf o f the motion picture industry illustrates . Th e Motio n Pictur e Associatio n (MPA ) achieve d resolution of two civil actions in relation to DVD piracy in the Beijing Second Intermediate People's Court, and six cases in the People's Courts of Shanghai, in 2003 . The terms o f the settlements included: ceasin g further replicatio n and destroying all copies; making formal apologies; the payment of penalties averaging US$10 000 per case; and an agreement to pay increased penalties if unauthorised replicatio n recurs. 37

• Th e Role of Law and Comity Between States

Many nation s an d regiona l bodie s suc h a s th e Counci l o f Europ e hav e addressed thes e issues and law s exist tha t criminalis e unauthorised acces s and unlawfu l us e o f computers, but suc h law s ar e neither universa l no r uniform.38 I n India, the recently passed Information Technology Act 2000 is instructive, an d provide s a variation o n th e approac h adopte d b y th e Europeans. The Act aims to facilitate e-commerce governance, and specifically recognises electronic evidence and signatures. The Act creates two levels of cyber-crime: infringement s an d offences . Infringement s (eigh t type s ar e specified) focus on improper use of computers and impose no fines or criminal punishment, althoug h compensatio n ca n be ordered vi a non-judicial civi l compensation mechanisms. Offences, however, include hacking, destruction of data, unauthorised access , misrepresentation / fraud, an d the publication of offensive material and are dealt with through normal criminal proceedings. The law creates special prosecutors and courts to deal with special offence s and requires police, prosecutors and judges to be technologically literate. 39 Law enforcement agencies are now compelled to respond to cyber-crime through technological adaptation (retooling) and legal innovation. Consensus is the best strategy, fo r th e suppression o f computer-related crim e entails a mixture o f law enforcement, technologica l and market-based solutions. We argue, however, that a strict enforcement agenda is usually not feasible because of the limited capacity of the state. It is also feared that over-regulation could stifle commercial and technological development. Those sceptical of a heavily interventionist approach also argue that the marketplace may at times be able to provide more efficient solutions to the problems of computer-related crime than the state. Even if they were increased, police resources could never be enough. Without political will, public support (especiall y awareness o f the potential threat) an d the cooperation o f industry in the context o f a global Computer-Related Crim e i n Asia: Emergent Issue s 2 5 response, policin g i s unlikely t o bring timel y relief . Give n pressure s o n government to reduce public expenditure, the challenge is to enhance policing capacity, especially between nations. As one practitioner observed :

The most important nee d in the battle agains t cyber-crim e is to develo p close cooperatio n an d persona l relationship s amon g la w enforcemen t agencies and technical experts around the world ... A custom-made liaison mechanism is needed ... a mechanism by which countries can investigate offences an d obtai n evidenc e quickl y and efficiently , o r a t least not los e important evidenc e in cross-border law-enforcement. 40

An underlying concer n amon g man y observer s i s the effec t o f 'crim e displacement', that is, as some jurisdictions effectively enforce laws, criminal activities will shift to jurisdictions of low capability — the vulnerable 'weakest link'. Comity thus can only be assured if wealthy states and affected industries are prepared to extend aid to those states or agencies less capable. If a single theme emerge s a s dominant, the n th e rol e o f mutual lega l assistanc e i n developing universal or global measures to suppress computer-related crime is perhaps the most evident . The capacities of the state are nevertheless limited, and constructive ways of mobilising private industry to help are necessary. The nature of the public- private interface must be flexible and responsive to the changing environment. Effective cooperatio n ultimatel y relie s o n share d objective s an d th e benevolence o f all parties. A frequently cite d need is for the education an d training o f law enforcement personnel , includin g prosecutors an d judges. Considerable deficits characterise the technical and computing capacities of police and others, and it is often difficul t t o retain trained agents. A critical factor i s the need t o cultivat e multidisciplinar y approache s tha t requir e a broader educational preparation than previously necessary. Education, tha t all-purpose solutio n fo r technica l an d socia l ills , however, ha d no t bee n developed o r effectivel y targete d i n respec t t o 'high-tech' crime , and long - term shortages in the relevant skills might have been foreseen . Suppor t fo r specialised education within law enforcement agencies , and more generally in the public higher education system, is urgently required. This is one ready avenue by which the private and state sector might effectively contribut e to long-term solution s t o th e numerous problem s arisin g fro m th e crimina l exploitation o f Internet and information technology . 26 Roderi c Broadhurs t an d Pete r Grabosk y

i Conclusio n

With properl y funde d internationa l la w enforcement agencies , establishe d mechanisms fo r commo n threa t assessment s an d joint intelligence , mor e comprehensive forms of mutual legal assistance might be effectively activated. Many commentators express concern about the failure to address the 'weakest links' i n th e supposedly seamles s security chai n necessar y t o prevent an d reduce seriou s crimina l groups . Shor t an d long-ter m policin g assistance , sensitively deployed via regional security coordination, ca n give enormous help t o vulnerable developin g countries, countrie s i n transitio n an d thos e traumatised by conflict.41 T o help train, specialise and equip the law enforcers of these at-risk states will benefit them, their communities and all of us. The remarkable effects on morale that are produced by sound leadership, adequate equipment, best practices and practical training should not be underestimated. Some la w enforcemen t agencie s in th e Asia n region ar e critically short o f specialised personne l i n th e forensi c sciences , ICT , law , accounting an d investigations, crime prevention and intelligence analysis. In addition, basic training is often rudimentary and leadership (command and control) training limited or military in nature. Endless lists of shortages in materiel are evident, from th e mos t basi c item s suc h a s radios an d vehicles , mortuarie s an d armouries to the more advanced such as comparison microscopes or advanced electronics and decryption . A number o f policy an d programm e initiative s ar e suggested , fro m increasing regional-level coordination and cross-jurisdictional exchanges in personnel, intelligence and training to the creation o f joint tas k force s an d other operational collaborations. Many of these are already taking place and need to be expanded as rapidly as possible while continuing to evolve common methods amon g stronge r an d wide r la w enforcemen t networks . Th e technically advanced , highly capabl e policing agencies must provide mor e direct and strategically relevant assistance to hard-pressed neighbours; they must be triggered not by particular cases but by the mutual benefits o f long- term collaboration. They must focus this 'police aid' on the priorities o f the evolving regiona l an d internationa l securit y entitie s an d b y systematicall y undertaking the essential preparatory work in the field . Despite the muscular image of police, much of modern policing revolves around the intelligent management of information. Police are now 'knowledge' rather than 'craft' workers and this is increasingly so as the full impact of the 'information age ' is realised. High-orde r researc h an d analytica l skill s an d communication skills are increasingly needed along with traditional skills and discipline. Shortage s i n specialitie s suc h a s forensic computing , la w an d Computer-Related Crim e i n Asia: Emergen t Issue s 2 7 accounting, a s well as statistical evaluations and communications, ar e now widely encountered. Training and retaining agents will be a major challenge, and reliance on in-house or short-term training will no longer serve the need for professionalism and continuous learning. There are an estimated 5 million police officers in Asia; around 5% of these are graduates but many are barely literate. If we are to address the myriad problems faced by modern policin g and invest in prevention and intelligence, then due recognition must be given to investment in knowledge and the research that feeds it. In conclusion , controllin g crim e involvin g digita l technolog y an d computer networks will require a variety of new networks: networks between police and other agencies within government, networks between police and private institutions, and networks of police across national borders. Over the past fiv e years , considerable progres s ha s been mad e within an d betwee n nations to develop the capacity o f police to respond to cyber-crime. But the pace of technological change will continue unabated, and the adaptability of cyber-criminals wil l continue t o pose challenges fo r la w enforcement. Th e extent o f transnationa l la w enforcemen t cooperatio n achieve d thu s far , laudable thoug h it may be, can only be regarded a s a beginning. Rotes

Chapter 1

1. Victo r Lo (Hong Kong Police) noted at the First Asia Cybercrime Summit (April 2001) that about 75% o f cases in Hong Kong involved hacking and that this was about showin g of f an d testin g I T security rather tha n th e pursuit o f crimina l enterprise. He and other discussants felt this would change as the opportunities presented by computer-related crim e attracted innovative criminals. 2. Fo r example, Hong Kong has an estimated 3. 2 million residents on-line and is served by 56 ISPs. European Union computer-related crime trends also show that reported attacks on computer systems grew from approximately 140 0 incidents in 199 7 to just under 2500 cases in 1999 . Similar increases have been observed for counterfeiting offences but computer fraud declined from 3000 cases in 1998 to 2250 cases in 1999, while computer assisted telephone service theft decline d from ove r 7000 in 199 7 to 4200 cases in 199 9 — a trend also noted fo r recen t Hong Kong data on computer crime s (Valer i 2001). 3. Figure s cited from a 'Country Report' provided fo r th e UN ESCAP Asia Pacifi c Conference o n Cybercrim e and Information Security , Seoul, 11-13, Novembe r 2002. 4. Se e www.police.go.th/crimewebpost/report/sum.ph p an d summary country report by Surangkana Kaewjumnog, National Science Technology Development Agency, Asia Pacific Conference on Cybercrime and Information Security , Seoul, 11-13, November 2002 . In 200 1 there were about 3. 5 millio n users and ove r 1 0 500 websites in Thailand an d th e number o f users was expected t o double by th e close of 2002. 5. Th e new computer crime law is anticipated to take effect in late 2004 (persona l 362 Note s to Pages 9-1 4

communication Ms. Surangkana Wayuparb, National Electronics and Computer Technology Centre, Ministry of Science and Technology) but as noted by Police Colonel Naras Savestanan (personal communication) the extent to which general police, as distinct from the small specialist unit already established, were equipped to handle computer-related crim e remained a very significant challenge . 6. Comment s by A M Natsir Amal, Ministry of Communication an d Information , Republic of Indonesia, Asia Pacific Conference o n Cybercrime and Informatio n Security, Seoul, 11-13 November 2002. 7. Comment s b y Arm i Jane R Borje, Commissioner , Philippines , Nationa l Telecommunications Commission at the Asia Pacific Conference on Cybercrime and Information Security , Seoul, 11-13, November 2002. 8. Th e TOC Conventio n cam e into forc e in September , 200 3 (14 1 States and 1 6 parties have signed): se e www.undcp.org/crime_cicp_signatures_ convention . html. The protocols in respect to trafficking i n humans, smuggling in migrants and th e illici t manufacture an d traffickin g i n firearm s hav e thus fa r attracte d respectively 105 , 101 and 31 state signatories. 9. A s of July 2004 the Cybercrime Convention come into force after the minimum 5 ratifications (thre e of whom are by Council of Europe member states). As at 27 July 2002,37 states have signed the Convention (including non-Council member states: Canada , South Afric a an d Japan). The 'First Additional Protoco l t o th e Convention on Cybercrime on the criminalisation of acts of a racist or xenophobic nature committed through computer systems' has been signed by 22 states and awaits the necessary ratification: see http://conventions.coe.int/treaty/EN/projets / cybercrime27.htm; visited 9 August 2004. 10. Th e term 'regulatory' means in this context a contractual basis for rules of conduct and performance in contrast to 'mental intent' criminal laws and the associated higher thresholds o f proof and reliance on custodial sanctions. 11. Se e for example the US Department o f Justice (2000), 'Executive Order 1 3 133 Working Grou p o n Unlawfu l Conduc t o n th e Internet' — www.usdoj.gov:80 / criminal/cybercrime/append.htm; Europea n Council' s treat y o n cyber-crim e (Csonka thi s volum e an d Csonk a 1996 ) an d th e Unite d Nation s Secretary - General's 'Conclusions of the study on effective measures to prevent and control high-technology and computer-related crime' . For related analysis o f the work of the European Union and the OECD see Valeri (2001). 12. UNAFEI , however , ha s activate d trainin g an d relate d programmes . Furthe r attention i s likely and a number o f states (fo r example , Singapore) an d NGO s (for example , th e Asian Developmen t Ban k and th e Asian Crim e Preventio n Foundation) have promoted forums to raise awareness and improve cross-border cooperation on this issue. 13. Hon g Kong is Vice-Chair of the UN group and participates in the NPA network: personal communication, M r Victor Lo, Hong Kong Police 14. Th e Hon g Kon g Department o f Justice establishe d a dedicated mutua l lega l assistance uni t i n 1998 . Five MLA T are in forc e an d a further te n ar e unde r Notes to Pages 14-15 36 3

consideration, althoug h assistanc e t o non-treaty jurisdictions ca n be offere d subject to appropriate reciprocity. Hong Kong has 1 2 extradition agreements of which nin e ar e in forc e an d ca n cove r computer offences . A s noted by man y commentators, forma l channel s ar e usually to o slo w t o b e effectiv e an d th e authentication o f evidence collected in other jurisdictions remains a problem. 15. Fo r a cooler assessment of the European Union's efforts against organised crime: see Den Boer (2001). Despite the 199 7 Action Plan to Combat Organised Crime (OJ 97/C 251/1) adopted by the Ministers for Justice and Home Affairs durin g the Dutc h Presidency , difference s betwee n th e policin g institution s remai n considerable. However , increase d transparenc y an d knowledg e abou t on e another's system s and recognitio n o f th e problem ha s le d t o re-organisation , improved resources and greater centralisation designed to improve cooperatio n amongst member states. 16. ASEA N comprise s th e followin g te n nations: Brunei Darussalam , Cambodia , Indonesia, Laos , Malaysia, Philippines , Singapore , Thailand , Myanma r an d Vietnam: its meetings, coupled with the overlap among the 21 nations of the APEC forum, may yet hold out prospects for the development of a suitable mechanism for law enforcement coordinatio n in the Asia Pacific region despite the primary focus o n trade . In addition, Interpo l regiona l meetings ar e held annuall y Th e most recent , th e 17t h Asia n Regiona l Conference , wa s held i n Colomb o i n February 2002 and focused o n terrorism . 17. Th e ACCORD followed th e formalisation o f the ad hoc meeting o f the Specia l Senior Officials Meeting on Transnational Crime in Yangon (October 2000). Note also the increasing institutionalisation o f cross-border cooperation on migration via the ASEAN Plan o f Action on Immigration Matters. 18. China' s larges t portal Sina.co m claim s t o be th e world's fift h larges t holder o f e-mail accounts, with th e 2 5 million-odd accounts , out o f and estimate d 57 0 million worldwide, ranking it the largest server o f non-English e-mailers . 19. Chin a no w ha s about 5 0 million Interne t users , ten backbone network s an d 3 600 ISPs / ICPs. Although estimates of the numbers of Internet subscribers are difficult t o verify, estimates placed the number around 33 million at the end of 2002 (MF C Internet Update 2002 : www.mfcinsight.com, December) . China' s Internet population growth has been hampered by insufficient bandwidt h an d relatively expensive by-the-minute charge s but thi s is expected t o diminish a s wireless applications and compression technologies become available. 20. PR C user s ar e currentl y reporte d t o spen d a n averag e 1 1 hours onlin e a week: 40% on 'cultural activities': news, sports, movies and TV , IT, finance an d literature and 60% on email and shopping. Nearly a third (32%) of users purchased goods / service s onlin e (source : PR C Ministry o f Information Industr y Vice - Minister Zhan g Chunjiang : Chin a Networ k Civilizatio n Projec t Organizin g Committee). 21. Accordin g to a CNNIC survey in 2001, 31.9% of the then 26.5 million net users purchased goods online in the previous year. Most Internet users are aged 20-30 364 Note s to Page s 15-2 3

years, and their payment ability is limited. Moreover, most surveyed Internet users were unsure if B2C would develop in the next two years. The CNN1 report also noted that about two thirds of China's users, about 8 million people, are willing to try online shopping. 22. Th e PR C ha s launche d a secure onlin e financia l service s / e-commerc e infrastructure ru n by the China Financial Certification Authority (CFCA). The CFCA issued more than 100 000 digital certificates in 2002 to corporate banking customers and Chinese stock traders. 23. Beijing' s municipa l Educatio n Commissio n discovere d through its survey tha t 20% o f the city's secondary students primarily search out porn when surfing . 24. Philipp e Bertrand (Vis a Fraud Control, Asia-Pacific) reporte d that 400 cases of credit card fraud were noted in 2000 by Visa but difficulties o f prosecution meant that only a fraction o f cases went to court (cite d in Broadhurst 2001). 25. Chines e Interne t use r profile s ar e simila r t o thos e foun d elsewher e i n tha t professional, younge r an d urba n population s ar e predominant. Man y (30% ) users hav e post-college leve l education, an d hal f (49% ) wor k i n white-colla r jobs. The y typicall y us e th e Ne t t o sen d an d receiv e e-mail , chat , an d see k information abou t health, community and education, and when shopping they normally bu y theatr e tickets , trave l tickets , DVD s and VCDs . The Chines e Academy o f Social Science's Social Development Research Center reported tha t China's Internet users average 27 years in age, 65% began surfing in 1999 , 61% are male, 43% are students, 16 % are managers, and 11 % are science, education, culture o r health workers. 26. Hu i recommends developing hacking tools as a means to learn about them and staging 'laboratory' cyber attacks to help train investigators. Simple technique s such as creating document registries based on 'flags' (via # hash functions) hel p monitor intrusions and hacking. 27. Th e importance of the preservation of evidence and its connection with the need for harmonised procedure s an d law s is also necessary; se e the guide fro m th e USA National Institute o f Justice designed to assist law enforcement an d others who are responsible for protecting an electronic crime scene. 'Electronic Crime Scene Investigation: A Guide fo r Firs t Responders ' (NC J 187736 ) a t http:// www.ncjrs.org/txtfilesl/nij/187736.txt. 28. Broadhurs t (2001 ) reported Robert Yule's (IFPI) observation that there were an estimated 1. 9 billio n pirate d unit s i n circulatio n (DV D / CD , Internet an d cassettes) worldwide. The introduction o f recordable CDs /DVDs also facilitated the downloading o f an estimate d 2 5 million music file s fro m th e Internet. H e also noted growing evidence that organised crime had moved into the production and distribution o f pirated CDs . 29. Othe r examples include interpol's directory on art theft . 30. I t took ten years to develop the Interpol credit card fraud classificatio n scheme . 31. Fo r the past three years, a specialised IP court in Thailand heard 3000 cases in which 98% of the accused pleaded guilty due to the emphasis placed on plea- Notes to Page s 23-26 36 5

bargaining by the court in securing convictions. The Thai approach was to avoid tough penalties because higher penalties could encourage corruption o f police (Mr Weerawit Weeraworawit Intellectual Property Department, Thailand cite d in Broadhurst 2001 ) 32. Copyrigh t holders, usually through industry bodies now directly invest in crime prevention and prosecutions. For example, Michael Ellis of the Motion Picture Association reported that they have helped in the past few years investigate and assist in some 4000 prosecutions o f copyright violations in the Asian region. 33. Notabl y th e Tha i an d Malaysi a government s hav e activel y encourage d I P industries especiall y in music products t o reduce price s and co-operat e mor e actively in promoting awareness of the costs of piracy on state and private revenue. 34. Interne t pirac y i s not apparentl y clearl y covered b y PR C laws fo r distribute d pirated works — although the view was expressed that a judicial interpretation has been issued fo r civi l law breaches on the Internet. 35. Th e introduction o f cyber-codes or unique identifiers fo r optical discs had been helpful i n tracking factory source s but they also have been copied . 36. Th e Royal Malaysia Police (Mr Mohd Nawawi Ismail) noted that the Copyright Act 1987 was ineffective and the recently passed Optical Dish Act 2000 has yet to be fully assesse d as operations had only been initiated fro m Marc h 2001. 37. Persona l communication Mr Mark Day and see: The Motion Picture Association Announces Expeditious Resolution of Two Landmark Civi l Action Proceedings Concerning DVD Piracy in China (Encino, CA / Hong Kong) and, Motion Picture Association Announces the Successful Resolution of Six Civil Action Proceedings Concerning DV D Piracy in Shanghai (Encino , C A / Hong Kong). 38. Approximatel y 3 0 nations hav e passed specifi c law s criminalisin g computer - related crime . However, a large number hav e such law s in developmen t o r in process. Details of the relevant laws applicable for jurisdictions in the Asian region are reported by Urbas in this volume. 39. Summar y drawn from remarks made by Mr R Sri Kumar, IPS, Inspector General of Police. India at the Asia Cybercrime Summit, April 2001, Hong Kong. 40. Comment s of Victor Lo: Roundtable: Regional Law Enforcement Co-operation , Asia Cybercrime Summit, April 2001, Hong Kong. 41. Ther e is an important role for professional associations and business corporations to play in fostering business ethics and contributing financial and other resources to public police, notably m th e fiel d o f training. Man y examples o f effectiv e partnerships between public police and private security occur; however, the form of assistanc e i s ofte n limite d b y commercia l self-interest . Th e payment car d industry's crucial contribution t o Interpol's Universal Classificatio n Syste m fo r Counterfeit Paymen t Card s and thei r routine suppor t in operational , trainin g and computer support fo r public agencies is a good example. Index

Access, see illegal access Asia/Pacific Group on Money Laundering access codes, 254 (APG), 292 Act o n Internationa l Judicia l Mutua l Asia-Pacific region, 31, 337 Assistance i n Crimina l Matter s cyber-crime legislation in, 216-2 7 (Republic o f Korea), 392n4 Asia-South Pacifi c Workin g Part y o n Act o n Mutua l Assistanc e i n Crimina l Information Technolog y Crime, 292 Matters (Thailand), 392n4 asset confiscation, handbook on, 393nl8 Adult Site Against Child Pornography, 99 Association of South East Asian Nations, Aiziwa, Keiichi, 1 3 see ASEAN Allan v UK (2003), 382n78 asymmetric warfare, 330- 1 ancillary liability, 227, 265, 270-1, 31 2 Aum Shinri Kyo (cult), 6, 110- 1 'Anna Kournikova' virus, 37 Australia, 335 Annual Senio r Official s Meetin g o n cyber-crime legislation, 146-5 4 Transnational Crime , 1 4 offence provision s in, 216-8, 231 ASEAN, 13, 14, 287-9, 340 ASEAN an d Chin a Cooperativ e Basic La w [o f th e Hon g Kon g Specia l Operations in Response to Dangerous Administrative Region ] (PRC) , 247, Drugs (ACCORD) , 1 4 253 Asia Cyber Crim e Summits, xi, 357 biometric security devices, 49, 355 Asia Pacifi c Compute r Emergenc y Birth and Deaths Registration Ordinance Response Team s (APCERT ) Forum , (Cap. 174) , 260 131 Boden case, Vitek, 335, 336 Asia-Pacific Economi c Cooperatio n bookmaking, online, see gambling, online Forum (APEC), 13, 177, 277, 293-5, Bowden (2000), 262 302 Broadhurst, Roderic, xv 420 Inde x

Bronitt, Simon, xvi, 354 users, 31, 80, 363nl8, 364n24 Budapest Convention, see Convention on offence provisions , 218-9, 232 Cyber-crime penalties, 341 'buffer attack' , 19 9 piracy, 23 Bullwinkel, Jeffrey G , xvi-xvii, 13 , 348, virus damage to, 342 349, 351 websites, 80 Burma, se e Myanmar Chinese characters, encoding, 385n2-3 Business-Government Tas k Forc e o n Chinese Communist Part y (CCP ) Critical Infrastructure (Australia) , 335 Internet access a threat to, 64-5, 76- Business Registratio n Ordinanc e (Cap . 7 310), 246 Chinese, see Hong Kong Chinese Business Software Alliance, 229 Chiu, Ivan S K, xvii, 16 , 351 Chong, C F, xvii Cambodia, 10 , 16, 347 Chow, K P, xvii case studies, 350 circumvention, o f technologica l in cyber-security, 330-44 protection measures, 240 censorship, 76, 339 Civil Procedure La w (PRC), 392n4 Central Burea u o f Investigation (India) , Clarke, Ron, 3 227 'Code Red worm, 1 8 Centre fo r Informatio n Securit y an d Cohen, Stanley, 11 8 Cryptography (CISC) , xvii comity, between states, 25 Centre fo r Internationa l Crim e Commission on Narcotic Drugs (CND) , Prevention (CICP ) (UN) , 383-4 394n20 certification authorities , 12 8 Commonwealth, Stat e an d Territorie s Chan, H W, xvii Agreement o n Terroris m an d Chan Keen Wai, xvii, 7 Transnational Crim e (2002 ) Chernobyl virus, 342, 344 (Australia), 16 5 Cheung, Venus L S, xvii Communication Assistanc e fo r La w child pornography, 6, 33, 49, 317-8, 340 Enforcement Act 1994 (USA), 375nl5 laws relating to, 221, 227, 244, 260-2 compensation (se e also restitution), 194, China Interne t Networ k Informatio n 195-6, 226, 228 Centre (CNNIC) , survey, 83 competency, i n information technology , China, People's Republic of, 19,102,330 , 134 333 'computer', lack of statutory definition of , cyber-attacks by, 334 246 cyber-crime in, 8, 61-4 Computer Crim e Act (Japan), 388n42 governance o f cyberspace, 57, 64-78 Computer Crime s Act 199 7 (Malaysia) , information technology, development, 223, 388n4 5 58,64 Computer Crime s Ordinance (No.2 3 o r Internet 1993), 97, 244, 245, 246, 251, 256, control of , 77 , 218-9, 340 258 development, 58-6 1 computer data , stored government concerns, 59-6 1 access to, 282 Index 42 1

preservation of , 278 , 321 Constitution (Australia) , 145 , 388n59, seizure of , 322- 3 387n29 computer data, trafficking in , 25 4 Control of Obscene and Indecent Articles computer emergenc y respons e team s Ordinance (Cap . 390), 97 (CERTs), 4, 131, 245 Convention Agains t Transnationa l Computer Forensi c Examinatio n Organised Crime (TOC Convention ) Working Group, 245 (UN), 11-2, 214, 234-6, 345 computer forensics , 5 , 23, 26, 10 1 Convention on Cyber-crime (Council of computer management, 73- 4 Europe), 12,14,53,96,157,162,215, Computer Misus e (Amendment ) Ac t 265, 349 2003 (Singapore), 12 9 Additional Protocol, 262 Computer Misus e Ac t (CMA ) aims, 278, 304, 311 (Singapore), 38, 129, 225 child pornography, 26 0 Computer Misus e Ac t 199 0 (UK) , 244, Council o f Europe guidelines , basi s 257 for, 31 1 computer network s guidance model, 241, 213, 246, 326 police, 27 offences t o be criminalized, 270- 1 protection of , 210 , 304-5 origin of , 30 3 'wiretapping', 244 provisions, 228, 278, 319-24 Computer Processin g Persona l ratification, 177 , 214, 362n8 Information Protection Law (Taiwan), signatories, 115 , 176 , 192 , 278-9 , 228 301-2 Computer Progra m Protectio n Ac t structure, 312 (Republic o f Korea), 239 Convention o n Electroni c Contractin g computer programs, 212, 213, 315 (UNCITRAL), 12 9 computer-related crime , see cyber-crime copyright, 227, 263-5, Computer-related Crime : Analysi s o f infringement, 19 , 23, 231, 235, 236, Legal Policy (OECD), 213-4 237, 270, 318 computer security, see cyber-security piracy, 230, 232, 233, 350 Computer Securit y Institute (USA) , 44 Copyright Ac t 196 8 (Australia) , 239 , computer software , 23 9 240 piracy, 229 , 230 (tabl e 12.13) , 233, Copyright Act (India), 233 239 Copyright Act 198 7 (Malaysia), 365n36 computer system s Copyright (Amendment ) Ac t 199 7 access to , fo r dishones t purpose , (Malaysia), 240 223 Copyright Ordinanc e (Cap . 528) , 97, damage to, 223 263-4 interference, 31 5 Copyright (Suspension of Amendments) integrity of , 149 , 154, 163 Ordinance 2001 (Cap. 568), 389n64, search of , 32 2 391n35 computer-warfare, 33 0 costs, 42-4, 46-7, 116 , 121-2 computers, misuse, 143-4, 252 charging compliance, 120- 1 connectivity, 1 , 2, 16, 347 virus damage, 43, 208, 342, 343 422 Inde x

Council o f Europe (se e also Convention Criminal Cod e Bil l 200 2 (ACT ) on Cyber-crime) , 13, 53, 211-8 (Australia), 377n5 guidelines o n computer crime , 306- Criminal Code (Cwlth) (Australia), 156, 7, 310-1 159, 164 , 388n52 counterfeiting, se e forger y an d Criminal Code (Tas) (Australia), 379n33 counterfeiting Criminal Cod e 198 3 (NT ) (Australia) , Cox v Riley (1986), 379n28 379n31 crackers an d crackin g (se e also hackers Criminal Cod e Ac t 1995(Cwlth ) and hacking), 198, 208, 224, 371nl0 (Australia), 166-7, 387n28, 388n52 penalties, 228 Criminal Cod e Amendment Ac t (No.3 ) perceptions of , 8 4 2001 (NT) (Australia) , 377n7 credit cards, 16, 40, 192 , 364n30 criminal groups, 1 9 crime control, theories, 118- 9 Criminal Investigation Department (CID) crime displacement, 23, 25 (Singapore), 13 2 crime prevention, strategies, 3 Criminal Investigatio n (Extraterritoria l Crimes Ac t 190 0 (ACT ) (Australia) , Offences) Ac t 198 7 (Cwlth ) 379n33, 380n49 (Australia), 388n53 Crimes Ac t 191 4 (Cwlth ) (Australia) , Criminal Jurisdiction Ordinanc e (Cap . 146-8, 160 , 216, 388n46 461), 25 2 Crimes Ac t 190 0 (NSW ) (Australia) , Criminal Law (PRC), 61, 66-7, 68 379n33, 380n4 9 Criminal Procedur e Cod e (Japan) , 111, Crimes Ac t 195 8 (Vic ) (Australia) , 112 377n6, 380n51, 380-ln6 2 Criminal Procedur e Ordinanc e (Cap . Crimes Legislation Amendment Act 1989 221), 265 (Cwlth) (Australia) , 387n27 criminalisation Crimes Legislation Amendment Act 2000 of computer crime , 10 , 144-5 (NSW) (Australia) , 380-ln62 of offences, 296 , 298, 299, 306 Crimes Ordinanc e (Cap . 200), 97, 220, overcriminalisation, 14 9 247, 249, 252, 254-5, 257, 258, 265, criminality, forms of , 17- 8 391n32 criminals, computer prosecutions under s.161, 245, 250- rationalisations of , 3 0 1, 255-6 motives, 29-30 Crimes (Overseas ) Ac t 196 4 (Cwlth ) cryptographic keys, disclosure, 1 0 (Australia), 388n53 cryptography (se e also decryption , Crimes (Property Damage and Computer encryption), 355 Offences) Ac t 200 3 (Cwlth ) Csonka, Peter, xvii-iii, 12 , 349 (Australia), 387n30 cults, 6, 11 0 Crimes (Property Damage and Computer customer migration, 12 2 Offences) Bil l 2003 (Vic) (Australia), Customs Act 190 1 (Cwlth) ( Australia), 377n6 388n52 criminal behaviour, theories, 3 Customs and Excise Department (Hon g Criminal Cod e Ac t 200 2 (ACT ) Kong), 103 , 245 (Australia), 377n5, 380-ln62 Cyber Angels, 99 Index 42 3 cyber-attacks (se e also Moonlight Maze, damages, see compensation Solar Sunrise), 38, 328, 329, 334 data, alteration of , 22 1 cyber-cafes, se e Internet cafe s data interference, 314- 5 cyber-crime, 2 , 4-10, 78 , 93(table 5.1) , 'data mining', 45 132, 349 data protection, 130 , 389n4 bogus news report as, 243 data retention, costs of , 11 6 control of , 46-7, 48-55 data storage, 32-3 criminality and, 2- 4 decryption, 12 9 defined, 42 , 57, 142, 197-8 Delta Information and Communications, forms of , 31-41, 80-1, 170, 209-10 335 losses from, 8 1 'denial of service' attacks, 20,37,43,147, nature of , 10 , 270 305, opportunities for , 30-1, 48-9 digital control systems, vulnerability of , policy on combating, 348 336 prevention, 202- 3 digital divide, 16 , 347, 350 public understanding of , 9 2 Digital Evidence Search Kit (DESK), 18, research on, 63, 93, 133, 350, 351 205, 206, 355 responses to, 17-8,47,92,158-9,353 digital signatures, 188 , 203, 220 socio-economic impact of , 29-5 5 digital technology, 1 typology, 1 7 criminal activity facilitated by, 17,19, Cyber-crime Ac t 200 1 (Cwlth ) 34 (Australia), 141, 144, 145, 149, 160, organised crim e and, 19-2 0 161, 163 , 216, 381n71, 388n5 2 digital video disks, see optical disks Cyber Crim e Technolog y Informatio n DiGregory, Kevin, 307 Network System, 1 3 disaster recovery, 13 1 'cyber-dissident', 370n5 8 displacement, o f cyber-crime, 23, 25 'cyber-ethics', 7 5 domain names, registration, 58, 69 cyber-harassment, 19 2 dot.com stocks, 90 cyber-security, 1-2 , 143 , 336, 345 drug control, 14 , 282, 394n20 case studies, 330-44 Duggai, Pavan, xvii, 349 people as threat to, 73 products and services, 137- 9 e-business, se e e-commerce in Singapore, 126-4 0 e-commerce, 1,16, 127-8 , 220, 224, 351 cyberspace, 50, 341, 346 in China, 77, 80, 86-7, 88 governance of , 64-78, 355 confidence in, promotion of, 130,13 5 threats from, 341-2, 344, 345-6 defined, 7 9 cyber-stalking, 35, 144, 192 in Hong Kong, 90, 96 cyber-terrorism, 172 , 173, 175-6, 19 2 revenue, 31 guidelines on countering, 290 risks to, 81-2, 87 Cyber vigilantes, 99 education (se e also public awareness) , 127, 203, 280, 297, 299, 301 Daewoo Securities, 335 about'high-tech' crime, 25, 72-3,245, damage, criminal, 254- 6 266 424 Inde x

e-government, 58-9 Extradition Act 1988 (Cwlth) (Australia), electronic eavesdropping, 45 388n53, 392n 4 Electronic Commerce Act (Philippines), Extradition Act (India), 392n4 9, 228, 236, 388n41, 388n4 4 Extradition Ac t (Malaysia), 392n4 Electronic Commerc e Steerin g Grou p Extradition Ac t (New Zealand), 392n4 (ECSG) (APEC) , 294, 302 Extradition Ac t (Republi c o f Korea) , electronic fund s transfer , 40- 1 392n4 'electronic heroin', 369n4 2 Extradition Ac t (Thailand), 392n4 electronic impersonation, 4 1 Extradition La w (PRC), 392n4 electronic records, 128,129, 258, 259-60 extradition regimes, 280 defined, 25 9 extradition treaties , 274, 275 electronic signatures, 12 8 Electronic Transaction s Ac t (B E 2544 ) false accounting, 258 (Thailand), 9 Falun Gong movement, 38, 60, 61, 76 Electronic Transactions Act (Singapore), Federal Bureau of Investigation (FBI), 20, 127-8 21,337 Electronic Transactions (CA) Regulations Felson, Marcus, 3 (Singapore), 12 8 filtering Electronic Transactions Ordinance (Cap. Internet content, 339, 340 558), 97, 246, 259-60 software, 35 4 e-mail, 46, 76, 114,34 0 technology, 356 emergency systems, 131, 133 Financial Action Task Force (FATF), 290, encryption, 85, 130, 204(fig 11.3) , 228, 292, 345 266, 351 forensic computing , 1 8 technology, 33, 41, 290 expertise required, 356, 357 EPA v Caltex (1993), 362n79 forfeiture, o f equipment, 22 8 espionage, computer, 21 2 forgery an d counterfeiting , 19 , 20, 34, European Convention on Human Rights, 226-7, 257 320 computer-related, 211-2, 316-7 European Polic e Offic e (Europol) , 14 , Forgery and Counterfeiting Act (UK), 257 289 fraud, 22 6 European Telecommunications Standards computer-related, 211, 257-8, 316-7 Institute (ETSI) , 115 Internet, 6, 16, 102, 104 European Union (EU), 4,14, 95, 96, 289 investment, 3 9 evidence, electronic, 312 online trading, 335-6 collection and exchange of , 30 9 sales, 39 preservation, 18, 20,272,309-10,319 freedom o f expression, 340 vulnerability of , 30 7 Evidence Act (India), 220 Gambling Ordinance (Cap. 148), 97, 263 Evidence Act (Singapore), 129-3 0 gambling, online, 263 Evidence Ordinance (Cap . 8), 246 Gani, Miriam, xvii, 354 extortion, 3 6 Garland, David, 118 , 119 extradition, 52, 285-6, 297, 298, 300 Ghosh test, 250 Index 42 5 globalisation, 10 , 11 governance, 94-5 threats from, 32 9 electronic, 95-8 Golden Projects, in China, 5 8 Internet, 105- 6 government agencies, coordination, 332 legislative framework , 96-8 , 244 , governments, interface with citizens, 339 246-65 Grabosky, Peter, xv-xvi, 1 7 offence provision , 220, 233 Group of Eight (G8), 53,192, 214, 281- response to cyber-crime, 92, 246 2, 303, 325 Hong Kong Chinese, ethos of, 91-2, 99- G 8 Senio r Expert s Grou p o n 100 Transnational Organise d Crime , se e Hong Kon g Compute r Emergenc y Lyon Group Response Team Coordination Centre, Guidelines for the Security of Information 103,105 Systems and Networks (OECD) , 214 Hong Kong Police, 18 , 103, 245 Guzman, Onel de, 350 Computer Forensics Laboratory, 5 Computer Securit y Unit, 22 7 hackers an d hacking , 146 , 221, 338, Organised Crim e an d Tria d Bureau , 361nl 19 attacks, 32, 38, 40, 81, 331, 334, 335 partnership with university, 355 behaviour, 8 0 Technology Crimes Division, 5, 101 defined, 198 , 371nl0 Hong Kong Telecoms Users Group, 99 guidelines on countering, 29 0 Hui, Lucas, xvii, 18 offence, 186,190 , 191, 208, 248, 314 human rights, 32 0 penalties, 224, 228 human securit y perceptions of , 8 4 concept, 328 techniques, 19 9 model, 347 tools, 364n25 relevance to cyberspace, 329 hash values, 205 Hung Hak Sing (1995), 250 Heaney v Ireland (2000), 382n79 Hynds, Len, 21 HKSAR v Chan Chi Kong (1997), 255 HKSAR v Choy yau Pun (2002), 390nl9, 'I Love You' virus, 9, 18 , 305, 306, 344, 390n21 350 HKSAR v Ko Kam Fai (2001), 255-6 impact of , 37, 43-4, 207-8, 342-3 HKSAR v Tam Hei Lun (2000), 251, 255 identification, o f cyber-criminals, 308 HKSAR v Long Ka Kin (1996), 250 identity, HKSAR v Tsun Shi Lun (1999), 250-1 concealment and detection of , 4 1 homeland security , 13 3 data, 11 7 Hong Kong, 90-1, 243 illegal acces s (se e als o cracker s an d displacement o f intellectual property cracking, hackers and hacking), 148, pirates, 23 212, 221, 249, 251, 313-4 as economic city , 89-90 offence provisions , 247-52 computer-related crime , 6(tabl e Immigration Departmen t (Hon g Kong), 1.1), 93(tabl e 5.1) , 200(table s 103 11.1-2), 201(table 11.3 ) incident response teams, 13 1 426 Inde x

Independent Commissio n Agains t Intellectual Propert y Cour t (Thailand) , Corruption (ICAC) , 103 , 245 238 India, 24, 227 Intellectual Propert y Crim e Actio n Internet use, 183- 5 Group, 293 legislation, 186—9 6 Intellectual Propert y (Miscellaneou s offence provisions , 220-1, 233- 4 Amendments) Ordinance , 389n64 , Indian Penal Code, 220 391n35 offences under , 186- 9 Intellectual Propert y Right s Workin g Indonesia, 9 Group (IPEG ) (APEC) , 294 Info-communications Developmen t intercepted material, 253 Authority (IDA ) (Singapore) , 7, 126, interception 128, 130 , 136, 338 of electronic communications, 44-5, information an d communication s 252 technology, 1 0 illegal, 212, 314, companies, Singapore, 137- 9 inspection substituted for , 11 1 control o f cyber-crim e through , 22 , real-time, o f content data, 323 74 interception of telecommunications, 39- convergence, 1 , 30, 323 40, 111-3, 11 5 impact, 26 9 Interception o f Telecommunication s public awareness, 133- 4 Ordinance (Cap . 532) , 247 , 252-3 , information security , 1- 2 389n7 information sharing , 273 Inter-Departmental Workin g Grou p o n 'information system' , defined, 246- 7 Computer-Related Crim e (Hon g information systems , 32-3 Kong), 54, 245, 246, 247, 248, 258, Information Technolog y Ac t 200 0 266, 267, 268 (India), 24,186, 189-96 passim, 220, international cooperation , 52-3 , 176 , 227, 388n43 324-6, 35 1 Information Technolog y Standard s challenges to, 271-2 Committee (Singapore) , 134- 5 existing mechanisms for , 272-9 5 information warfare , 38 legal aspect s o f cyber-crime , 213 - infrastructure, se e national infrastructur e 5 Inland Revenu e Ordinanc e (Cap . 112) , need for , 26 9 246 trust as factor in, 333 Inoue, Masahito, 12 0 International Chamber s o f Commerc e 'inspection', substituted for interception, (ICC), 44 111 International Consume r Protectio n an d intellectual propert y Enforcement Network , 349 infringement, 31 8 International Covenan t o n Civi l an d international agreements, 240 Political Rights (ICCPR), 320 offence provisions , 231-9 International Crimina l Polic e overlap with computer crime , 228-9 Organisation, see Interpol piracy, 22-3 International Federation of Phonographic protection of , 22-4 , 69-71 Industries, 229 Index international instruments, limited reach investigators of, 1 1 need fo r specialist, 19 4 International Intellectua l Propert y retention of , 5 3 Alliance (IIPA) , 230 investment fraud , 3 9 International Telecommunications Union IT, see information an d communicatio n (ITU), 11 5 technology International Telecommunications Union IT Basic Law (Japan), 172 , 177 for Asia and the Pacific, 34 0 'International Use r Requirements' , fo r Jackson, Michael, xvii, 1 4 telecoms policing, 11 5 JANET-CERT, 10 3 Internet, 16 , 79, 327, 338 Japan, 111-3 , 116-22 , 227, 353 adverse impacts by , 369n42 cyber-crime, 6-7,171(table9.1), 172- control of content and access, 65,67- 6 8, 77, 218-9, 339, 340, 354 offence provisions , 221 , 222(tabl e content rating system, 341 12.5), 234 corrupting influence of , 75- 6 Japanese Interception Law , 112, 375n32 development, 58-6 1 Jiang Ping, 63 governance, 95-6, 105- 6 Jiang Zemin, 58 hotline, 9 journalism, market driven, 91 inappropriate use, penalties, 341 jurisdiction, 14 5 policing, 98-104, 10 6 conflict over , 271 security, 60-1, 68-9 as issue in control of cyber-crime, 51- as term, use of , 386n 8 2, 154- 8 use of , 31, 183-5 reforms, 157- 8 users, 8 , 9, 15 , 59, 80, 98-100, 170 , Justice, Department of (Hong Kong), 245 363nl8 profiles, 364n2 4 Kaspersen, Professor Henri k W K , 307 vulnerability, 330 Kazakhstan, 1 0 Internet banking, 37, 13 0 keyword filtering, 34 0 Internet cafes , 8, 47, 72 Khan v UK (2000), 382n76 Internet fraud , 6 , 16 , 102, 104 Klass v Germany (1978), 382n76 Internet Fraud Complaint Center (USA), Korean Information and Security Agency 17 (KISA), 7 Internet Police (PRC), 71 Korea, Republic of, 227,335-6,337,341, Internet Service Provider Association, 100 393n6 Internet Servic e Provider s (ISPs) , 47, cyber-crime, 7- 8 100-1, 130 , 266 offence provisions , 221 , 222(tabl e retention o f transaction data, 357 12.6), 235 Internet Watch Foundation, 10 1 virus damage to, 342 Interpol, 17 , 20-1, 292-3, 349, 365n41 Kuan Hsin-Chi, 99 investigations, 132 , 278, 326 inadequate procedures, 309 Laos, 10 , 16, 35, 347 studies of , 350- 1 Lau, Laurie, xix, 354, 355 428 Inde x

Lau Sai Kai, 91, 99 reform, 213, 280 Lau, Stephen, 97 Singapore, 127-30, 225 Laurence Godfrey v Demon Internet Ltd, Thailand, 9, 226 101 Leong, Clement, 7 law enforcement, 2 , 14, 287-8 Leung, Elsie, 246 at disadvantage, 1 2 Li Lanqing, 7 2 cyber-crime as core business of , 1 7 Li Man Wai v Secretary for Justice (2003), extraterritorial, 5 1 251, 390nl 8 traditional methods, inadequacy of, 20 Li, Richard, 90 law enforcement agencies (see also private Lin Hai, 370n58 police and policing), 71-2,104,193- Linux, products, 82 4,245 Linux User Group, 99 capacity, 24-5,26,53-4,272,307,308 Lipohar v The Queen (1999), 155,380n52, collaboration with universities, 355 380n54 computer crime units, 5, 101, 227 log inspections, 204 cooperation between, 285, 296, 298, log records, 266, 308 300 losses, 43, 81, 230, 230(table 12.13 ) cooperation wit h privat e sector , 21, Love Bug, see 'I Love You' virus 245, 266, 365n41 Luo Yongzhong, 341 information sharing , 273 Lyon Group, 279-81, 288, 289, 393nl8 networks, 27 powers, 160- 3 MacLeod v Attorney-General (NSW ) strengthening, 26- 7 (1891), 380n44 transnational policing, 10- 3 Mafiaboy case , 20 Law fo r Internationa l Assistanc e i n Malaysia Investigation (Japan) , 392n4 displacement o f intellectual propert y Law fo r Judicial Assistanc e t o Foreig n pirates, 23 Courts (Japan) , 392n4 offence provisions , 223, 227, 235 Law of the People's Republic of China on Manning, Peter, 11 9 the Preservation o f State Secrets, 68 Manual on the Prevention and Control of laws, see legislation, regulation s Computer-Related Crime (UN), 214 legislation, 8, 9, 24- 50-1 , 211, 228-9, manuals, computer crime , 292, 394n21 241 market forces , 49, 356 Asia-Pacific, 216-2 7 Measures t o Comba t Seriou s an d Australia, 146-5 4 Organised Crim e Ac t (Cwlth ) domestic, 274-5, 304 (Australia), 16 3 gaps in, 244, 295, media, in Hong Kong, 90-1 harmonisation, 14 , 53, 141, 344 'Melissa' virus, 43 Hong Kong, 96-8, 244, 246-65 Microsoft Corporation , 22 , 40, 82, 354 inadequacy o f existing, 146 , 208-9, action agains t softwar e piracy , 239 , 210-1, 30 6 355 India, 186-96 , 220-1, 233- 4 misuse, of devices, 315-6 Japan, 174-5 , 178-8 1 Mitnick, Kevin, 41 Index 42 9 mobile phones, 113 , 117 National Burea u o f Investigatio n Model Criminal Code (Australia), 14 2 (Philippines), 1 0 Model Crimina l Cod e Officer s National Crim e Squad (UK), 10 4 Committee (MCCOC ) (Australia) , National Crimina l Intelligenc e Servic e 141, 154 , 157, 159 (NCIS) (UK) , 10 4 Model Data Protection Code (Singapore), National Electroni c Compute r 130-1 Technology Centre (Thailand), 9 Model La w o n Electroni c Commerc e National Emergency System (Singapore), (UNCITRAL), 128 , 189 133 Monetary Authority of Singapore (MAS), National High Tech Crime Unit (UK), 17, 130 21, 10 4 money laundering, 10 , 36-7, 228, 290-2 National Inciden t Respons e Tea m Mongolia, 10 , 347 (Japan), 17 3 Moonlight Maze, cyber-attack, 331, 332, National Infocomm Competenc y Centr e 333 (NICC) (Singapore) , 13 4 Motion Pictur e Associatio n o f Americ a national infrastructur e (MPA), 24, 15 9 privatisation, 35 4 motives, computer criminals, 29-30, 48 protection, 332, 334, 335 multilateralism, 27 7 security threats to, 13 3 multilateral relationships, 351 National Infrastructure Protection Center music piracy, 229 (FBI), 331, 332, 334 mutual lega l assistance (MLA) , 13 , 14, National Interne t Advisor y Committe e 228, 272, 285, 312 (Singapore), 13 0 bilateral National Police Agency (NPA) (Japan), 6, agreements, 275, 280 13, 170 , 227 treaties, 276-7 National Polic e Agenc y (Republi c o f elements of , 297 , 298, 300 Korea), 227 importance, 25, 274 National Trus t Counci l (NTC ) lack o f systematic evaluation, 358 (Singapore), 13 5 new regimes required, 308- 9 National Trust Mark Programme, 135,136 obstacles to, 306 networks, see computer network s traditional mechanisms, 27 2 New Dimensions of Human Security (UN), Mutual Assistance i n Crimina l Matter s 328 Act 1987 (Cwlth) (Australia), 388n53, New Zealand 392n4 offence provisions , 223 , 224(tabl e Mutual Assistanc e in Crimina l Matter s 12.8), 236 Act (1992) (Ne w Zealand), 392n4 Nguyen V u Binh, 341 Mutual Assistanc e i n Crimina l Matter s North Korea, 10 , 347 Act (Singapore), 392n4 Mutual Assistanc e in Crimina l Matter s obscene publications, 187 , 220 Ordinance, 392n4 offences, 154 , 323-4 Myanmar, 10 , 16, 341, 347 adaption of traditional, to cyber-crime, 145-6 430 Inde x

categories, 312, 313-8 Palermo Conventio n Agains t circumvention of technical protection Transnational Organised Crime (UN), measures, 240 see Convention Against Transnational criminalisation of , 270-1 , 296 , 298, Organised Crim e 299 passwords, 5, 254 failure t o criminalise, 306 Pavic vR;Rv Swaffield (1998), 328n78 lack of , 20 8 payment cards (se e also credit cards), 9, 'minimum list ' of , 211- 3 19 provisions fo r fraud, 29 3 Asia-Pacific, 216-2 7 classification schem e fo r Australia, 150(tabl e 8.1) , 151 - counterfeit, 20-1, 365n41 3(table 8.2 ) Peking University, survey, 82-3 India, 186- 9 Penal Code (Law No. 45 of 1907) (Japan), Singapore, 132(tabl e 7.1 ) 221, 383n7-384nl 2 offenders, 63- 4 penalties, 12 9 profiling, 3 People's Republi c o f China , se e China , offensive materials , 34-5 People's Republic of Office o f Dru g Contro l an d Crim e personal data, 117 , 44, 45 Prevention (UN) , 282 Personal Data (Privacy) Ordinance (Cap. online auctions, 39, 116 468), 97 online merchants, 13 6 Philippines National Police, 10 online trading, 86-7, 363n20 Philippines, Republic o f the, 9-10, 228, online share trading, 335-6, 337-8 343, 393n6, 393n9 Operation Bucaneer, piracy investigation, laws, inadequate, 208-9, 350 350 offence provisions , 224, 236 Optical Dis k Ac t 200 0 (Malaysia) , piracy, 33-4, 43 365n36 computer software , 229 , 230(tabl e Optical Disk Bill 2000 (Malaysia), 240 12.13), 233 optical disks, 264-5, 365n35 copyright, 230, 232, 233, 350 piracy, 23, 24, 34, 239-40 intellectual property, 22-3 Organisation fo r Economic Cooperatio n music, 229 and Developmen t (OECD) , 53 , optical disk, 239-4 0 290 points o f contact, 192 , 278, 280 organised crime , 19 , 110 , 215 , 227 - international network, 324- 5 8 Police Cooperation Working Group (EU), Organised Crim e Ordinance, 2 2 114-5 Osama bin Laden, 32 Police Force Ordinance (Cap. 232), 10 3 Oxford v Moss (1978), 379n25 police and policing, see law enforcement agencies, private police and policing, Pacific Centur y CyberWork s (PCCW) , telecoms policing 90 policy development , o n cyber-crime , paedophilia (se e also child pornography), 348 104 evidence basis for, 350- 4 Index 43 1 pornography (se e als o chil d public sector pornography), 10 0 involvement with private sector, 272, Post Offic e Ordinanc e (Cap . 98), 252 297, 299, 301, 335, 356-9 Poulsen, Kevin, 40 role in policy development, 266- 7 Prevention o f Chil d Pornograph y Pun, K H, xvii Ordinance (Cap. 579), 261-2, 389n6 Prevention o f Copyrigh t Pirac y Quarantine an d Preventio n o f Diseas e Ordinance (Cap . 544), 239-40, 263, Ordinance (Cap . 141) , 389n3 264-5 Qu'ran, as basis for content filtering, 340 privacy, 16 , 248, 314, 337 threats to, 44-5 R v Gold, R v Schifreen (1988), 257 standards, 13 5 R v Looseley (2002), 381n69 Privacy Commissioner for Personal Data, R v Swaffield; Pavic v R (1998), 328n78 97 R v Turner (1984), 146 , 329n28 private police and policing, 12 , 13, 101- racist acts, 214, 397n7 2 racist material, 262, 317 transnational, role for, 1 2 Racketeer-Influenced an d Corrup t private sector, 336 Organisations Statute (USA) , 228 cooperation wit h la w enforcemen t regional cooperation, 13- 6 agencies, 21, 245, 266, 365n41 framework for , 295-30 1 difficulty i n enlisting support of , 35 3 regional forum, 297 , 299, 300-1 involvement with public sector, 272, Regulation o f Investigatory Power s Ac t 297, 299, 301, 335, 356-9 (UK), 45, 247, 375nl5 monitoring cyberspace, 49 regulations role i n crim e prevention , 159 , 306, domain name registration, 6 9 355 information system security, 68-9, 74 resources, 354 Internet, 8, 67-8 private security services, 10 4 research privatisation, national infrastructure, 354 computer crime, 63,93,133,350,351 procedural powers, 319-24 cyber-security, 13 7 prevention o f abuse of , 32 0 'responsibilisation' strategy , 118-2 0 production orders, 321-2 restitution, to victims, 228 productivity, losses in, 43, 45-6 risk management, 48, 130 profiling, 3, 364n24 risk profiling, 3 prosecutions risks, coordination of , inter-jurisdictional , to e-business, 81-2, 87 280 security, perceptions of , 82-3, 85, 88 cyber-crime, 250-1, 255-6, 265, 352 Royal Canadian Mounted Police, 20 public awareness, 134-4, 17 4 Rule of Law, threat to, 16 0 Public Key infrastructure (PKI) , 127,128, Russia, 330, 333 135 Public Ke y Infrastructur e Foru m sabotage, computer, 212, 315 (Singapore), 13 6 sales fraud, 3 9 432 Inde x

sanctions, 209, 265, 270-1, 312 sovereignty, 306, 326, 345 SARS crisis, 243 issue in cross-border assistance, 273- Saudi Arabia, 339, 340 4 scanning, o f computers, 338 South Korea, see Korea, Republic of search and seizure, 228 'spam' and 'spamming', 7-8, 46, 218 search engines, 340 'spoofing', 4 1 search warrants, 61, 162, 164 stalking, see cyber-stalking Second-hand Dealin g Law (Japan), H 6 standardisation security, see cyber-security policing processes, 12 3 Security Legislatio n Amendmen t technology, 12 3 (Terrorism) Ac t (Cwlth ) (Australia) , standards 164 IT security, 74, 13 5 self-regulation, 96 , 100 , 337 privacy, 13 5 Senior Officials Meeting on Transnational Public Key Infrastructure, 13 5 Crime (SOMTC) , 288 statistics sentencing, 353 computer use, 31 September 11 , 2001, 133,165, 269, 305, reported crime, 4, 6, 7, 9 331, 334, cyber-crime, 6(tabl e 1.1) , 62-3 , terrorist attack s o n USA , 141 , 175, 200(tables 11.1-2) , 201(tabl e 176, 290 11.3), 171,35 2 'serious crime', defined, 12 , 284, 285 statutory damages, see compensation serious offences, interception o f content Stewart (1988), 379n25, 379n36 data in, 323-4 Sub-Committee on Customs Procedure s Shannon, Julie, xix, 354, 355 (SCCP) (APEC) , 294 SheptyckiJWE, 1 1 Summary Offence s Ac t 196 6 (Vic ) Singapore, 7, 102, , 125, 338, 339 (Australia), 218 cyber-security Supervision Burea u fo r Publi c companies, 137- 9 Information Securit y (PRC) , 8 , 62 , infrastructure, 126-4 0 71 e-commerce, 127-8 , 130 , 135 surveillance, 49-50, 320 offence provisions , 225, 237 surveys, 82-3, 104 Singapore Compute r Emergenc y Sussman, M A, 305 Response Team, 13 1 Sutherland, E H, 3 Singapore Informatio n Technolog y Federation (SITF) , 136- 7 Tachiainin system, 7 , 111-2, 'situational crime prevention', 3, 12 0 Taiwan, 228, 330 'smart cards', 37 offence provisions , 236, 237 Smith, Jayson (2002) , 262 Tanabe, Yasuhiro, 1 3 smuggling, 1 9 Tatsuzaki, Masao, xix, 6 Sobig.F worm, 37 tax evasion, 36-7 software, se e computer softwar e technology, standardisation, 12 3 Solar Sunrise , cyber-attack , 331-2 , Telecommunication (Interception ) Ac t 333 1979 (Cwlth) (Australia) , 382n80 Index 43 3

Telecommunication Interceptio n fo r topography, reproduction of , 21 2 Criminal Investigatio n La w (Japan) , Trade-Related Aspec t o f Intellectua l 110, 112, 113 Property Right s (TRIPs ) Agreement , telecommunications (see also interception 240 of telecommunications , telecom s trade marks, infringement, 231,232,233, policing) 236, 237 anonymising of , 11 4 Trade Marks Act (Australia), 239 defined, 24 8 traffic data , 272, 308 theft o f services, 36 preservation and disclosure, 321 Telecommunications an d Infrastructur e real-time collection, 278, 319, 323 Working Group (APEC) , 295, 302 retention of , 17 6 Telecommunications Ordinanc e (Cap . training, 27, 286, 292, 296, 298, 306 106), 97, 245, 247, 248-9, 251, 252, transnational crime , centr e fo r 257 combating, 288 'telecommunications services' , defined , transnational policing, 10- 3 378n22 transnational-state-system, 1 1 Telecoms Actio n Tas k Forc e (Japan) , Trojan horse virus, 9, 334, 338 123 trust, 336 telecoms policing as issue in international cooperation , case studies, 116-12 2 333 costs, recovery, 121- 2 Tsang, W W , xvii defined, 10 9 Tung Chee Hwa, 243 needs, policy, 122- 3 '24/7 network', se e points o f contact processes, standardisation, 12 3 technology needed for , 11 4 Uchimura, Keiji , xx, 6, 353 user requirements for , 11 5 unauthorised access , see illegal access terminatory theory , 15 5 Unauthorised Compute r Acces s La w territoriality, 154 , 155 (Japan), 170 , 17 1 (table 9.2), 174-5 , terrorism (see also cyber-terrorism), 141, 177,178-81 164-5, 29 0 unauthorised use, 212, 213 text pattern searching, 205 United Kingdom, 100-1, 103 , 105-6 Thailand, 9, 32, 340, 364n31 media coverage of cyber-crime, 90 offence provisions , 226, 238 policing Internet, 10 4 theft, telecommunication s services , 32 research, 93-4 Theft (Amendment ) Ordinanc e (No . 45 United Nations (UN), 53, 214, 282-6 of 1999), 258 manual o n computer-relate d crime , Theft Ordinance (Cap. 210), 97,256,258, 394n21 390n22 resolution o n informatio n an d Thomas, Nicholas, xix, 354, 355 telecommunications security, 333- Thompson v The Queen (1989), 380n44 4 TOC Convention , se e Conventio n United Nations Asia and Far East Against Transnationa l Organise d Institute fo r th e Prevention o f Crime Crime and th e Treatmen t o f Offender s 434 Inde x

(UNAFEI), 13, 53, 283, 286, 349, viruses, computer (se e also 'I Love You' 362nll virus), 2, 9, 18 , 305, 344, United Nation s Commissio n o n attacks, lac k o f protection against , International Trad e La w 343 (UNCITRAL), 12 8 bounty on creators, 355 United Nation s Dru g Contro l Progra m detection, 49 (UNDCP), 14 , 394n20 guidelines on countering, 29 0 United States of America (USA), 75, 228, impact of , 37, 43-4, 207-8, 342-3 330, 334, 342 attacks on, 175 , 176 Wang Youcai, 76 Internet governance, 95 Ward, 15 5 treaties, 393n6, 393n9 Weber, Max, 11 8 United State s Trad e Representativ e websites, 8, 80, 327, 337 (USTR), 230, 231 'white-collar' crime, 3, 197 University o f Hong Kong, 357 Williams v Keelty (2001), 381-2n74 Centre for Criminology , xi, 93 'wire tapping', computer networks, 244 Centre for Security and Cryptography, Wonderland Club , 33 18,355 « Wong, Georgina, xx Urbas, Gregor, xx, 1 3 Wong, Kam C, xx-xxi utility models, intellectual property laws, World Informatio n Technolog y an d 239 Services Alliance (WITSA), 11 6 Uzbekistan, 1 0 World Wide Web 'sweeps' of , 34 9 vandalism, electronic, 37-40 as term, use of , 386n 8 victims, o f cyber-crime, 104-5, 10 6 worms, computer, 2 , 18, 37 restitution, 22 8 Vienna Convention Against Illicit Traffi c xenophobic acts, 214, 397n7 in Narcotic s an d Psychotropi c xenophobic material, 262 Substances, 1 2 Vienna Declaration on Crime and Justice, Yang Zhenquan, 7 3 214 yearbook, proposal for , 358 Vietnam, 10 , 16, 341 Yong Pung How, Chief Justice, 16 0