In the prosecution of cybercrime one of the most problematic issues is jurisdiction. Cybercrime presents difficulties in prosecution because it’s borderless. Cyberspace has made it possible for criminals to commit crimes anywhere in the world with ease of movement across geographic borders unmatched by law enforcement. Many of these criminals are not committing crimes in their country of origin which presents a challenge for law enforcement to apprehend them from a country, state, or nation where they have no jurisdiction.
Four examples of criminals who have committed cybercrimes in the U.S from other countries are Aleksandr Andreevich Panin, Hamza Bendellad, Julian Paul Assange Hawkins, and Gary McKinnon. Aleksandr Andreevich Panin and Hamza Bendellad were two hackers operating out of Russia and Algeria who created a malicious software called SPYEYE, which was designed to automate the theft of confidential, personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. After a lengthy investigation the Federal Bureau of Investigation (FBI) confiscated the server located in Atlanta that had been used to distribute SPYEYE. The location of the Server used in the crime determined where court was held. Panin was apprehended at an Airport in Atlanta while Bendellad was arrested in Thailand and extradited to the United States. Unfortunately for law enforcement cooperation from host nations where the U.S has no jurisdiction are not always as easy as it was in the SPYEYE case.
Another instance where jurisdiction in the prosecution of cybercrimes becomes difficult is when a criminal from another nation commits a cybercrime in the US and then requests asylum to prevent extradition as it was in the cases of Julian Paul Assange Hawkins and Gary McKinnon. Julian Assange was an author, publisher and activist who was the creator of the website Wikileaks and was charged for publishing documents and videos that violated the Espionage Act of 1917 which carries a maximum sentence of 170 years in prison. During the time the U.S sought his extraditions to go on trial for his crimes he was also charged with sexual assault by Sweden who issued an international warrant for his arrest. After finding out about the charges Sweden brought against him Assange would turn himself in to U.K authorities. After failed attempts to fight the extradition to Sweden he sought Asylum in the Ecuadorian Embassy in London. A United Nations panel determined that Assange had been arbitrarily detained and recommended his release and compensation for deprivation of liberty. This ruling would be rejected by both the U.K and Sweden who would arrest him if he left the Embassy. After his Asylum was revoked by Ecuador he was arrested by the U.K authorities and tried for violating the Bail Act of 1976 and breaching the conditions of his bail prior to his Asylum. Julian Assange would only serve half of his sentence for breaching his bail agreement and is currently still in litigation surrounding how a conviction would affect his poor health.
In a similar case Gary McKinnon who was a systems administrator in London hacked into ninety-seven U.S Military and NASA Computers in 2001 damaging networks and viewing classified material. If convicted, he would have been sentenced to serve up to 70 years in Prison. Gary McKinnon was indicted by a federal grand jury in the Eastern District of Virginia but remained in the U.K during extradition hearings. Much like the Julian Assange case Gary McKinnon would prevent his extradition by multiple appeals until finally on 16 October 2012, the then-Home Secretary Theresa May announced to the House of Commons that the extradition would be blocked, saying that “Mr. McKinnon is accused of serious crimes. But there is also no doubt that he is seriously ill. He has Asperger’s syndrome, and suffers from depressive illness. Mr. McKinnon’s extradition would give rise to such a high risk of him ending his life that a decision to extradite would be incompatible with Mr. McKinnon’s human rights”.
Many other issues affect jurisdiction that are not restricted to physical locations such as what court has the Jurisdiction and authority to render judgements of cybercrimes or whether the crime committed is a civil or federal, or regulatory offense. Interagency conflict also arise as to who gets to apprehend and file charges against offenders. For example, when hacker Andrew Alan Escher Auernheimer was being served a warrant for identity fraud and conspiracy by the FBI and local law enforcement, cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals were found in his possession, and so he was also charged for drug possession. While he was out on bail, he protested the legality of his arrest and the drug charges were dropped. Though he would be convicted and sent to prison, during his appeal it was found that since Auernheimer was located in Arkansas at the time of the crime, and the servers that he and his co-conspirator accessed were physically located in Dallas, Texas and Atlanta Georgia, the prosecution had no justification for bringing the case against Auernheimer in New Jersey thereby the Third Circuit federal appeals court issued an opinion vacating Auernheimer’s conviction, on the basis that the New Jersey venue was improper.
The examples given are but a few of the many examples of why jurisdiction is a critical and alarming issue in cybersecurity. The laws created for cybercrimes are not keeping up with technological advances or criminals’ abilities to circumvent the laws by finding legal loopholes in a broken system. Though Interpol helps to facilitate cross border investigations and apprehension of persons of interest, it must abide by the laws and decisions of the host state or nation. Perhaps increasing the intervention of the International Court of Justice or the Council of Europe’s Cybercrime Convention in matters concerning International crime would reduce cross border cybercrimes. Creating national and global laws that address who gets priority of prosecution in crimes committed in multiple jurisdictions that span different states or countries is paramount. Finally, in addition to reviewing and improving cybercrime laws, an increased effort needs to be made to promote education in cyber law to improve the efficiency of the justice system in the area of cybercrime for future lawmakers and citizens.