Consumers, businesses and governments are embracing e-commerce, social networking and the other powerful tools made available by online technologies.
This has seen a seedy underbelly of crime which has highlighted the importance of investigational and subsequent prosecutorial aspects of cyber crime and associated electronic evidence.
There is a technology-enabled element in most criminal matters investigated by law enforcement agencies worldwide. Measuring the impact of cybercrime and putting an accurate dollar value to it is also difficult.
Cyberspace is one of the great legal frontiers of our time. From 2000 to 2008, the internet expanded 336 percent on a global level.
The rapid development of the Internet, with global computer-based commerce and communications that cut across traditional territorial and state boundaries, continue to create a new realm of criminal activities among the cyberspace social, economic and political groupings. The emergence of new varieties of criminal activity has posed unique challenges for investigators, legal officers, the judiciary and the legal system when prosecuting cyber crime.
The perpetrators of cyber crimes are difficult to identify as they often use aliases and stolen or false identities when operating online. They hide their identity by means of anonymous services, by encrypting communications, and/or by committing crimes in geographical locations far from where they reside. The result is that it is difficult to identify, investigate, arrest and prosecute such people.
To be successful, prosecutors must provide a court with evidence, which proves that a suspect was at the keyboard at the time of the offence. And factors such as the volatility of IT evidence found in server and connection logs and similar network-related information further impede this process.
Any surge in cybercrime must be considered in the context of the continuously expanding use of digital technologies. With increased complexity, storage devices, such as hard drives grow exponentially in size while, at the same time, computer resources become quicker.
Additionally, network attacks have become more voluminous and sophisticated while law enforcement investigative mechanisms are often slow and cumbersome, with not all jurisdictions having competent law enforcement capacity and capability or legislative frameworks for addressing these matters. The need for computer forensic expertise is acute in cases where evidence to a wide range of criminal activity may be held on computers, other electronic devices or computer networks.
This gived rise to the task of electronic discovery (also called e-discovery) that is the process by which electronic data is sought, located, secured and searched often with the intent of using it as evidence in a civil or criminal legal case.
It can be carried out offline on a particular computer or on a network. Electronic evidence is volatile and in some circumstances a court may order e-discovery to obtain evidence. For example, electronically searched digital data may reveal far more evidence than the printed documents from computers, due to the existence of meta-data. Such retrieval may also reveal deleted files and the history of Internet surfing activity.
The presentation of electronic evidence in court as electronic data is not directly observable by the finder of fact and this puts it into the category of latent evidence. It should be presented through expert witnesses who can explain the tools and techniques they used to reveal its existence, the content and its meaning.
Additional challenges to the presentation of electronic evidence include issues surrounding its admissibility and the weighting it is given by the court. For example, electronic evidence is classed as hearsay in that it is presented by an expert who asserts facts or conclusions derived from what the computer recorded.
In order for hearsay evidence to be admitted, it may have to come in under the normal business records exemption to the hearsay evidence prohibition or by way of admission of documents produced by computers. Such admission rules are of course, dependant on each jurisdictions requirement.
Computer crimes should be investigated and prosecuted using the same methodologies adopted for any other type of traditional investigation.
However, there are processes which are used to discover electronic evidence relating to digitally stored data. These include the location of stored data, often through the use of the physical execution of search warrants and the application of covert means such as real-time data interception.
A range of factors, particularly the international dimension of cyber crime, can make such processes extremely difficult to undertake, resulting in many cases not being brought before a court.
Punishing cyber criminals requires a legal structure that will support detection and successful prosecution of offenders.
Yet the laws defining computer offences, and the legal tools needed to investigate criminals on the Internet, often lag behind technological and social changes, creating legal challenges to law enforcement agencies.
Nigel Phair is the author of Cybercrime: The Challenge for the Legal Profession available at Amazon.com