On the internet, as the fast developing, virtual and digital mirror of reality, and a diverse, multi stakeholder spectrum, it becomes hard catching up with the constantly evolving digital and technological trends. But, all of the actors on the web, still have their rights and freedoms taken from the real world, transplanted to be utilized digitally, in this newly proclaimed common good, known as cyberspace. The difference here is, that the human element and the technological means were necessary to create the network, making it an artificial common good. In a nutshell, the NIST glossary defines cyberspace as: “The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form.”
This mixture of various characteristics and elements is best depicted by the concept of “cyber triad”, serving well as an umbrella guidance for relevant regulation and applicable principles in the cyber field. The cyber triad relates to three pillars – people as the first, processes as the second and data and information as the third pillar. The first pillar presumes the confidentiality of an individual’s private and personal information, the second pillar relates to the integrity of the processes and data and the third pillar presumes the availability of information and data. These pillars all together are implied and encompassed by the term “cybersecurity”. If we connect the dots, we can easily conclude that cybersecurity presumes that all these elements have to be protected in a synchronized manner, providing for the non discriminatory access to all authorized users to a common good consisting of not only secure technology, but also presumably consistent, reliable and accurate information. This also implies a multidisciplinary approach through providing a sustainable balance between transparency and open access to legitimate users whilst maintaining the privacy, security and integrity, or in other words, the cohesion, consistency, certainty and overall quality of processes, systems and information. Moreover, these principles guide us towards certain legal frameworks that provide the protection of elements of the cyber triad, such as the framework of International Human Rights Law (for example, providing for protection of privacy, and the freedoms of expression and assembly, as well as non discrimination) the Budapest Convention and its two additional Protocols, as well as other relevant frameworks, such as the ITU Constitution along with the ITU Radio Regulations and of course, the Intellectual Property protection laws (for example, WIPO Copyright Treaty and the WIPO Performances and Phonogram Treaty). On the regional level, cybersecurity rules are incorporated in the EU Cybersecurity Framework (including the NIS1 and NIS2 Directive, the EU Cybersecurity Act, and the initiative for the EU Cyber Resilience Act), as well as regulation covering General Data Protection Regulation and E-commerce. Similarly, good cybersecurity practices can be achieved when implementing ISO/IEC 27000 family of standards (concerning managing secure data) or following the NIST framework, depending on the geolocation.
But, nowadays, in a truly digitized world, the visible unharmonized and imbalanced protection allows for the constant emergence of new cyber threats. The electronic threats that pertain to cyberspace can be subsumed under the ever growing plethora of cybersecurity issues produced by various cyber attacks of hackers, who penetrate systems without proper authorisation, and affect the availability, confidentiality or integrity of data or systems, with malicious intent. However, when the cyber threat is realized with the use of, within or against the electronic and virtual spectrum, it falls under the umbrella of cybercrimes. Although there is no universally accepted definition of cybercrime, the following definition includes elements common to existing cybercrime definitions: “Cybercrime is an act that violates the law, which is perpetrated using information and communication technology (ICT) to either target networks, systems, data, websites and/or technology or facilitate a crime.” Therefore, cybercrimes can be divided into two categories, cyber-dependent crimes, committed using computers, computer networks or other ICT and cyber-enabled crimes, which are actually traditional crimes facilitated by the Internet and digital technologies. The key distinction here is the role of ICT in the offense – whether it is the target of the offense, in which case it negatively affects the confidentiality, integrity and/or availability of computer data or systems, or a part of the modus operandi of the offender. Some examples of cybercrimes are offenses against computer data and systems (e.g. “hacking”), computer-related forgery and fraud (e.g. “phishing”), content related offenses (e.g. disseminating child pornography), and copyright offenses (e.g. dissemination of pirated content). But, the unique characteristics of cybercrimes, such as their borderless nature, scalability (ease of massive replication), low costs of perpetration, the anonymity and pseudonymity of the perpetrators, criminal cooperation, and especially their faced-paced development due to frequent innovation, leads to asymmetry between the time, easiness and success of their perpetration and their timely and efficient localization and identification by law enforcement.
The FBI Internet Crime Complaint Centre’s 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime, as an increase of more than 300,000 complaints compared to 2019, and reported losses exceeding $4.2 billion. Just in 2021, there have been reports that more than 3,500 people have been arrested in over 14,000 cybercrime complaints. As per INTERPOL’s Global Crime Trend report, the financial and cybercrimes are the world’s leading crime threats, projected to increase most in the future.
Although there are numerous cases and early examples of cybercrimes, such as the “Morris Worm” and “Melissa Virus”, with the fast development and global digitalization, there has been a recent rise in cybercrime, such as the frequent and recurring Russian cyber attacks on Ukraine.
With the characteristics of cybercrimes in mind, in conjunction with their fast development, and knowing the multidisciplinary nature of the cyber realm, the question is, wouldn’t cyber justice be best delivered through specialized courts? Some states, such as Great Britain, Turkey, and even Sudan, either have them or are planning, discussing or going towards the foundation of such expert cyber courts. In the U.S, good examples are California’s Complex Civil Litigation court or Maryland’s Business & Technology Case Management Program, which works with circuit courts to provide resources necessary to prevent complex technology-related cases from tying up the court system. In the EU, the EU Agency for Criminal Justice Cooperation hosts the European Judicial Cybercrime Network at its premises in The Hague, and continues to support judicial cooperation. However, since the technology develops daily, as do the new types of cyber attacks emerge, specialized police units and special cybercrime departments with frequent and continuous education of the appropriate experts, might be a more efficient approach for the time being. On the other hand, some are of the opinion that the reassessment of the principles of jurisdiction would be beneficial in this regard. For example, there are arguments that the exercise of subjective territorial jurisdiction is the most effective long-term response, apparently due to the inefficiencies and, at times, injustice of the exercise of transnational and extraterritorial jurisdiction as regular or routine.
Therefore, although cyber (in)justice might as well already exist as a concept transplanted from real time, vivid, reality, implying a multidisciplinary approach due to a mixture of legal elements that need to be properly adapted and mutually balanced, the major issue over their effective, efficient and appropriate implementation and exercise in the cyber realm, still remains.