Challenges of Prosecuting Cybercrimes | Cybersecurity Law
In the analog world, a crime will result in investigations, arrests and punishment. The world of cyber crime is more complicated. There are too many cybersecurity incidents and too little law enforcement resources available to keep up with the crime. To add more complexity to the issue, there are jurisdictional boundaries that prevent criminals from being prosecuted.
Jurisdiction & Extradition
The only effective authority in the United States to bring cyber criminals to justice is the FBI and Homeland Security Investigation (HSI) unit. Unfortunately the FBI and HSI often have challenges with getting known cyber criminals extradited to the USA for prosecution. This comes despite assistance from Interpol and other agencies.
The United States has extradition treaties with over 100 countries. Getting criminals from these countries is possible but not a guarantee. Governments can choose not to extradite on a case-by-case basis. For example, the United Kingdom chose not to extradite Lauri Love to the US due to his mental health issues in 2018. On the other hand, there are numerous successful extraditions like a Russian extradited from the Czech Republic last year.
Over 76 countries do not have an extradition treaty with the US. This means that even if a criminal is known, the likelihood of them bring brought to justice is low. For example, citizens of China and Russia are not extradited to the US. As a result, US authorities monitor their activities and attempt to learn when they travel. If the suspects venture to other countries, US authorities will make their move. This was the situation when a Chinese national visited Belgium and was sent to the US.
Globally, the manpower and skills to investigate is lacking. As a result, law enforcement agencies tend to focus their time and efforts on the bigger cases they know will result in successful prosecution. Cyber crime that has real effects to people is prioritized. These include cyber bullying, child sex crimes, single incidents that cause financial burden to a large number of people, and crimes that look to threaten the security of the country. Smaller crimes are not usually on the radar of law enforcement.
The reality of the situation today is that most small, mid and even large-size businesses don’t have a great opportunity to see legal justice. Often times, companies and individuals do not even report cyber incidents to authorities. The best bet is for them is to build up their cybersecurity programs. Often, companies should also consider investing in insurance programs to help support the business financially if they are victims of cybercrime.