SCHOOL OF LAW Year 2014/15 Term 1 LAW455 CYBERCRIME AND DIGITAL INVESTIGATIONS Instructor:
Dr Julia Hornle Professor of Internet Law
Tel: Email: Office:
6828 0xxx
[email protected] School of Law, Level x, Room xxxx
COURSE DESCRIPTION The Module will encompass, on a comparative law basis, but using as a starting point, English and Singaporean criminal law, the relevant substantive law applying to cybercrimes, in particular computer misuse, fraud, illegal content (child pornography), cyberstalking, harassment, trolling and revenge porn, spam and criminal copyright infringement. It will critically assess investigative powers and techniques, criminal rules of evidence, criminal jurisdiction and international cooperation based on the Cybercrime Convention and international enforcement co-operation (eg extradition) and the role and liability of internet intermediaries such as Online Service Providers, payment providers and domain name providers and critically balance state powers, the need for preventing and prosecuting cyber criminality and civil liberties.
PRE-REQUISITE/ CO-REQUISITE/ MUTUALLY EXCLUSIVE COURSE(S) Criminal law RECOMMENDED TEXT AND READINGS Jonathan Clough Principles of Cybercrime (Cambridge University Press 2010) Additional readings will be assigned. Students will be expected to read such cases or case summaries as are indicated for each week. Access to Singapore case reports is available at www.lawnet.com.sg. Students are expected to keep abreast of current developments in the Asia-Pacific region by reading leading business dailies/weeklies like the Asian Wall Street Journal, Far Eastern Economic Review, The Economist, Business Times and Business Week.]
1
ASSESSMENT METHOD Class activities (class participation) : 10 % Individual Written Assignment: 20% Group Presentation: 20% Final Exam: 50% COURSE METHODS Students will be expected to have done the main reading before the class, so that they can answer questions, give a viewpoint and reflect on the reading by asking relevant questions (active class participation counts for 10% of the mark). The teaching will be based on lectures and group discussions as well as short student presentations, which students should write up into a 1000 word assignment. The presentation and assignment each count 20% and together form the mark for projects/assignments. Specific reading and instructions will be provided for these presentations/assignments. They can consist of for example, finding newsreports on cybercrime and analyzing this; summarizing a case and commenting on it; summarizing an article and commenting on it; explaining a specific article in the legislation and comparing it to the legislation of another country etc. Students may collaborate and form groups for the assignment, but each presentation and submitted assignment must be the individual’s work and will be marked accordingly. Academic Integrity All acts of academic dishonesty (including, but not limited to, plagiarism, cheating, fabrication, facilitation of acts of academic dishonesty by others, unauthorized possession of exam questions, or tampering with the academic work of other students) are serious offences. All work presented in class must be the student’s own work. Any student caught violating this policy may result in the student receiving zero marks for the component assessment or a fail grade for the course. This policy applies to all works (whether oral or written) submitted for purposes of assessment. Where in doubt, students are encouraged to consult the instructors of the course. Details on the SMU Code of Academic Integrity may be accessed at http://www.smuscd.org/resources.html.
CLASS SCHEDULE Week Topic No. 1 2 3 4 5 6 7
Readings (tba)
What is “Cybercrime”?
Clough Chapter 1 pp. 1-47
Computer Misuse: Computer Integrity: Access
Clough Chapter 3 pp. 48-100
Computer Misuse: Impairing Functioning: Viruses etc Interception of Data, Data Privacy Fraud Criminal Copyright Infringement Spam
Clough Chapters 101-134 Clough Chapter 180 Clough Chapter 220 Clough Chapter 231 Clough Chapter
4 and 5 pp. 6 pp. 1357 pp. 1818 pp. 2219 pp. 232-
2
244 8 9 10
Content Crimes: Child Pornography Content Crimes: Cyberstalking, Cyberharassment Jurisdiction: Which Country is to Prosecute?
11 International Cybercrime Co-operation 12
13
Evidential Matters
EXAM
Clough Chapter 10 pp. 247328 Clough Chapter 12 pp. 365403 Clough Chapter 13 pp. 403416 Susan Brenner “Distributed Security” and “International Co-operation” Articles Ian Walden Law Enforcement Access to Data in the Cloud Kerr Searches and Seizures in the Digital World; Sommer Evidence in Pedophilia Cases (Articles)
Important – Must Read This course is conducted from Week 1 to Week 5 of the term. The class will meet twice a week on: 1. Wednesday at 3.30 – 6.45 pm; and 2. Friday at 12 noon – 3.15 pm. There will be 3 classes conducted on Saturday at 12 noon – 3.15 pm: 1. 30 August 2014 2. 6 September 2014 3. 13 September 2014 To drop this course Class 1 to 2: No penalty Class 3 to 7: “W” grade for withdrawal will be given Class 8 onwards: “F”grade will be given
3
1
LLB Cybercrimes and Digital Investigations Detailed Course Outline 2014/15 Summer 2014 Prof Julia Hӧrnle Main textbook: Jonathan Clough Principles of Cybercrime (Cambridge University Press 2010) Plus Articles as indicated 1.
Session One 20. August
What is Cybercrime? Main Reading for Group Discussion (One Hour) A good introduction: James Lyne, Sophos, TED talk (17 minutes) http://www.youtube.com/watch?v=fSErHToV8IU Clough Chapter 1 pp. 1‐47 Discussion of Examples from the News (One Hour) After you have done the reading do a search for news items/articles which illustrate examples of cybercrime (please do this before the session). Tell the class about the news report and how you think it links in with the specific nature of cybercrime‐ why is the news report interesting? You may work in groups, if you wish. Student Assignment (Presentation & Essay) (One Hour) 1. How can we classify and categorize Cybercrime? Ian Walden, Computer Crimes and Digital Investigations “From Computer Abuse to Cybercrime” Chapter 2 (Oxford University Press 2006) 1‐86 2. What strategies can be adopted to counter the threat of cybercrime, cyberwarfare and cyberterrorism? Susan Brenner, “Cyberthreats and the Limits of Bureaucratic Control” 2013 Article 3. Summarize the results of the 2013 Cybercrime Research in the UK Home Office: Cybercrime: A Review of the Evidence 4. Summarize the following article – do you agree with the author’s approach of defining cybercrime and regulating it? HJ Jiow “Cybercrime in Singapore: An Analysis of Regulation” [2013] 7 (1) International Journal of Cyber Criminology 18‐27
2
2. Session Two 22. August Computer Misuse: Computer Integrity: Access Main Reading for Lecture (1/2 hour) and Group Discussion (One Hour) Clough Chapter 3 pp. 48‐100 N MacEwan “The Computer Misuse Act” [2008] 12 Criminal Law Review 955‐967 Student Assignment (Presentation & Essay) (1 1/2 Hour) 1. Carry out some research on the internet about different types of malware, malware attacks and distribution methods (viruses, Trojans, worms, malicious marketplaces, distributed denial of service attacks, botnets, spyware, exploits) and present the definitions and a layman’s explanation of how they work to the class. 2. Compare and contrast the following two English cases‐ can they be distinguished R v Bow Street Magistrate ex parte Allison [2000] 2 A.C. 216 (House of Lords) AND DPP v Bignell [1998] 1 Cr App R 1 (QB Divisional Court) 3. Explain the concepts of “access”, “interference”, “interception” ,“without right” and “non‐public transmissions of computer data” and “dishonest intent” in Articles 2‐6 of the Cybercrime Convention Kerr, O., “Cybercrime’s scope: interpreting ‘access’ and ‘authorization’ in computer misuse statutes”, (2003) New York University Law Review, 1596‐1668 2. Session Three 27. August Computer Misuse: Impairing Functioning: Viruses etc Main Reading for Lecture (One Hour) Group Discussion (1/2 Hour) Clough Chapters 4 and 5 pp. 101‐134 G Urbas “An Overview of Cybercrime Legislation and Cases in Singapore” ASLI Working Paper Series 2008, see http://law.nus.edu.sg/asli/pdf/WPS001.pdf (sections relevant to computer misuse) Student Assignment (Presentation & Essay) (1 1 /2 Hour) 1. Compare and contrast the Computer Misuse Act of Singapore with the UK Computer Misuse Act and the Cybercrime Convention Arts‐2‐6‐ compare the provisions line by line‐ how do they differ?
3
2. See whether you can find any caselaw from the Singapore Courts (especially recent cases) on computer misuses (access, interference). 3. To what extent may the provisions on misuse of devices interfere with legitimate research on cybersecurity (eg exploits), see Article 6 of the Cybercrime Convention, s.3A of the UK Computer Misuse Act 1990 and s. 8 of the Singapore Computer Misuse and Cybersecurity Act 4. Session Four 29. August Interception of Data, Data Privacy Main Reading for Group Discussion (Two Hours) Clough Chapter 6 pp. 135‐180 Good introduction Mikko Hypponen’s TED talk: www.youtube.com/watch?v=fSErHToV8IU Do a search for news and press articles on the Edward Snowden revelations and the National Security Agency in the US and GCHQ in the UK. Why does the US and the UK have a pivotal role in this? Find the relevant law authorising interception of communications (email, voice, internet) in the UK, US and Singapore (for discussion in the class) Student Assignment (Presentation & Essay) (One Hour) 1. How has the policing of business crime changed and what are the impacts for data privacy? Argue for and against policing based on greater data intelligence and data mining, data profiling. R Barkow “The New Policing of Business Crime” [2013‐2014] 37 Seattle U L Review 435‐474 2. What are the legal limits of surveillance? What should they be? G Husein et al “Modern Safeguards for Modern Surveillance” [2013] 74 Ohio State Law Journal 1071‐1104 3. In the US what protection does the Stored Communications Act provide and how should this law be reformed?
4
O Kerr “The Next Generation Communications Privacy Act” [2013‐14] 162 U Pa L R 373‐419 4. Are emails protected by the Stored Communications Act in the US? Please summarize the article and give us your opinion? Should the privacy of emails be protected and why? M Medina ”The Stored Communications Act: An Old Statute for Modern Times?” [2013‐14] 64 American University Law Review 267‐305 5.
Session Five 30. August
*Handing out Practice Examquestions/Hypotheticals* Online Fraud Main Reading for Group Discussion (Two Hours) Clough Chapter 7 pp. 181‐220 What types of online fraud are common? Do you know anyone who has been a victim? How has the fraud been perpetrated? What sort of online scams and phishing are you aware of? How can you protect yourself and others? Do a search on the internet and write a short note on online fraud‐ we will discuss this in class! Student Assignment (Presentation & Essay) (One Hour) 1. Please go to the library and pick a good textbook on criminal law‐ read the chapter on fraud and take notes of the main elements of fraud and the most important cases‐ report this summary of the law of fraud to the class 2. The Concept of Dishonesty‐ what does it mean in law? Please read the classic English case of Ghosh [1982] QB 1053 (English Court of Appeal)‐ would you say this clearly defines what dishonesty means? 3. Advance fee fraud please read and summarize the following article: Dobovsek “Advance Fee Fraud Messages” [2013] Journal of Money Laundering Control 209‐230‐ why are AFF emails so successful? Are they fraud (in the legal sense?) 4. Please summarize the following article: N MacEwan “A Tricky Situation: Deception in Cyberspace” [2013] 77 Criminal Law Review 417‐432 6.
Session Six 3. September
Criminal Copyright Infringement Main Reading for Lecture (Two Hours) and Group Discussion (One Hour) For this session, please all students should read the 10 pages in the main textbook and the four shortish articles.
5
Clough Chapter 8 pp. 221‐231 1.
Mikko Manner Criminal Prosecution and Online Copyright Infringement C&L 2010
2. Cheng Lim Saw, Susanna Leong Defining Criminal Liability for Primary Acts of Copyright Infringement‐ the Singapore experience Journal of Business Law 2008 3. Michael Carrier, the Pirate Bay, Grokster and Google (2010) 15 Journal of Intellectual Property Rights 7‐18 4.
John Ip New Zealand’s Kim Dotcom (2013) Public Law Parts 1 and 2
*No student presentations this session* 7.
Session Seven 5. September
Spam Main Reading for Group Discussion (1 ½ hour) Clough Chapter 9 pp. 232‐244 FA Mir, MT Banday, “Control of Spam” [2010] 19 (1) Information and Communications Technology Law 27‐59 Do the “fight spam quiz” at http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00212.html Student Assignment (Presentation & Essay) (1 1/2 Hour) 1. Describe and analyse the provisions of the Singapore Spam Control Act‐ do you think it is effective? Why? 2. Damage from spamming? See UK Niebel case: http://www.informationtribunal.gov.uk/DBFiles/Decision/i1106/Niebel,%20Christop her%20EA.2012.0260.pdf AND Outlaw, Sender of unlawful spam messages successfully appeals against ICO's £300,000 fine 3. Outline the Canadian Anti‐Spam Law G Stern, P Beardwood “Canada’s Anti‐spam Law: ten pointers to assist compliance”[April 2014] E‐commerce Law & Policy 10‐11, available from http://www.fasken.com/files/Publication/7fb4829f‐4104‐4ce0‐b5db‐ c7a220f1f85e/Presentation/PublicationAttachment/152c2a88‐6dd5‐48db‐94f6‐ 712c17dff0d2/ECLP%20April%202014%20pg%2010‐11.pdf AND http://laws‐lois.justice.gc.ca/eng/acts/E‐1.6/index.html http://fightspam.gc.ca/eic/site/030.nsf/eng/home
6
8.
Session Eight 6. September
Content Crimes: Child Pornography/Obscene Materials Main Reading for Group Discussion (One Hour) Clough Chapter 10 pp. 247‐328 Student Assignment (Presentation & Essay) (One Hour) 1. Please summarize the following article‐ do you agree with the author’s conclusion? J Sweeny, “Sexting and Freedom of Expression: a Comparative Approach” [2013‐14] 102 Kentucky Law Journal 103‐146 2. Summarise and analyse: G Urbas “An Overview of Cybercrime Legislation and Cases in Singapore” ASLI Working Paper Series 2008 (sections relevant to undesirable publications and child grooming) 3. Summarise & analyse: Julia Hornle “Countering the Danger of Online Pornography‐ Shrewd Regulation of Lewd Content?” (2011) 2 European Journal of Law and Technology http://ejlt.org//article/view/55 Exam Revision Session (One Hour) Going through examquestions/hypotheticals in class 9.
Session Nine 10. September
Content Crimes: Cyberstalking, Cyberharassment, Hate Speech Main Reading for Group Discussion (Two Hours) Clough Chapter 12 pp. 365‐403 AND three very (!) short articles (!) Steve Foster, “You must be joking: protecting free speech"‐ C.L. & J. 2013, 177(5), 75‐76 Sarah Birkbeck, “Can the Use of Social Media Be Regulated?” (2013) 19 (3) Computer & Telecommunications Law Review 83‐83 Jennifer Agate, “Social media: how the net is closing in on cyber bullies” (2013) 24 (8) Entertainment Law Review 263‐268 Chambers v DPP [2012] ACD 114 (QB, 27. July 2012) Student Assignments (Presentation & Essay) (One Hour) 1. Summarize the author’s analysis and tell us whether you agree: I Tourkochoriti, “Should Hate Speech Be Protected?” [2013‐14] 45 (2) Columbia Human Rights Law Review 552‐622 2. Summarise the author’s analysis and tell us whether you agree: A Shimizou, “Domestic Violence in the Digital Age” [2013] 28 Berkeley Journal of Gender Law & Justice 116
7
10.
Session Ten 12. September
Jurisdiction: Which Country is to Prosecute? Main Reading for Lecture (One Hour) and Group Discussion (Two Hours) Clough Chapter 13 pp. 403‐416 Susan Brenner Cybercrime and the Law Chapter 7 “Transnational Investigation of Cybercrime” 171‐188 Student Assignment (Presentation & Essay) (One Hour) 1. Susan Brenner,Bert‐Jaap Koops ‘Approaches to Cybercrime Jurisdiction’ (2004) 4 Journal of High Technology Law 2‐45 see http://www.joemoakley.org/documents/jhtl_publications/brenner.pdf 2. Julia Hӧrnle Cross‐border Online Gambling Law and Policy (Edward Elgar 2008) Chapter 3, 78‐139 3. Rizal Rahman “Legal Jurisdiction over Malware Related Crimes: from Theories of Jurisdiction to Solid Practical Application” (2012) 28 (4) Computer Law & Security Review 403‐415 11.
Session Eleven 13. September
International Cybercrime Co‐operation/International Issues Main Reading (Group Discussion One Hour) Micheal O’Floinn “It Was Not All White Light Before Prism” (2013) 29 Computer Law and Security Review 610‐615 Paul de Hert et al “International Mutual Legal Assistance in Criminal Law Made Redundant: Comment on Belgian Yahoo case” (2011) 27(3) Computer Law and Security Review 291‐297 Ian Walden “Law Enforcement Access to Data in the Cloud” Chapter 11 in C Millard Cloud Computing Law (OUP 2013) 285‐310 Exam Revision Session (Two Hours) Going through Examquestions/Hypotheticals in Class/Feedback 12.
Session Twelve 17. September
International Cybercrime Co‐operation/International Issues
8
Main Reading (Group Discussion Two Hours) Giulio Carcara “The Role of Interpol and Europol in the Fight Against Cybercrime” [2013] 7 Masaryk Journal of Law & Information Technology 19‐33 J Messerschmidt “ Hackback” [2013‐2014] 52 Columbia Journal of Transnational Law 275‐ 324 Zhang Xinbao “Establishing Common International Rules” [2013] 1 China Legal Science 121‐ 139 Revision of Outline and Q&A (One Hour) 13.
Session Thirteen 19. September
EXAM (THREE OUT OF SIX ESSAYQUESTIONS) GOOD LUCK !!!!!!!! Exampractice Questions 1. Explain the mens rea requirements for criminal copyright offences in the UK, US and Singapore‐ compare and contrast the differences. 2. Discuss how cybercrime offences can be categorized and compare and contrast the type of cybercrime offences which exist in different jurisdictions. 3. Is the Cybercrime threat over‐stated for political goals? Discuss 4. How is “unauthorized access” or access “without right” defined in the computer misuse legislation we have examined (Cybercrime Convention, UK and Singapore Computer Misuse Acts) and how can this be interpreted‐ refer to relevant caselaw? 5. The basis for interception and surveillance before the internet has grown into a major communications medium and after that has changed. Mass surveillance is a new phenomenon. Explain how the security agencies’ approach has changed and the legal basis for this approach. 6. Should the sending of spam be a criminal offence and if so, in what circumstances, explain your reasons and outline the law of spam in two jurisdictions. 7. Explain how online fraud has created challenges for the law of fraud by outlining two examples of online fraud and analysing how the law would apply to them, compare and contrast the law of two different jurisdictions (of your choice).