A recent study has found that Russia and many other CIS countries, as well as some nations in Eastern Europe, lack effective laws for fighting computer crime. That makes them fertile ground for various kinds of Internet- or computer-based fraud and, at the same time, undermines their participation in the growing international Internet economy. RFE/RL's Nikola Krastev reports.
Prague, 15 December 2000 (RFE/RL) -- In a new survey, "Cyber Crime and Punishment," a Washington-based consulting firm says self-protection, while essential, is not sufficient to make the Internet a secure place to conduct business.
Among other findings in the survey, by McConnell International, is that countries with inadequate laws will become increasingly unable to compete in the Internet-based economy. The report analyzes the state of computer law in 52 countries. Among them are Albania, Bulgaria, the Czech Republic, Estonia, Hungary, Iran, Kazakhstan, Latvia, Moldova, Poland, Romania, and Yugoslavia.
Some big Internet markets are not included in the survey. But Bruce McConnell, the report's principal author and company president, tells RFE/RL that the conclusions are nevertheless accurate.
"The countries are somewhat self-selected. We sent the survey out to our contacts in 120 countries and these are the ones who responded. So the Russians and the Germans and several other important countries did not respond to this particular survey. So it's not a comprehensive survey by any means, it's more of an anecdotal impression on what's going on. But it is a broad range of countries, so we think it presents an accurate impression."
According to the report, there is only one country, the Philippines, with fully updated laws on the 10 most-common computer crimes, and eight others -- including Estonia -- which qualify as "substantially" updated on cyber legislation. The Philippines case is due to special circumstances. The country's parliament this year swiftly approved a number of cyber crimes laws after the creator of the highly damaging "Love Bug" computer virus, a Philippines student, could not be prosecuted under Manila's existing laws.
"The reason for this is that existing laws may not cover the crimes that are committed in cyber space, either crimes committed by computers or crimes against computers. So, as the Philippines found out, even though they have laws against destruction of property and breaking in and entering and all the normal crimes, [the laws] did not cover the particular activities [of] the "Love Bug" virus perpetrator. And so, we're just warning that may be the case in other countries as well."
Only the Czech Republic and Poland among former Soviet bloc nations fit into the group of countries with "partially" updated computer legislation. Albania, Bulgaria, Hungary, Kazakhstan, Latvia, Moldova, Romania, and Yugoslavia -- as well as Iran -- are described as having no updated legislation in the area.
Although Russia and Ukraine were not surveyed by McConnell International, they would belong in the same negative category. Yevgeni Danilov, the marketing manager of Microsoft Corp. in Moscow, tells our correspondent that in Russia there is often no differentiation between copyright violations -- notably software piracy -- and computer crimes.
"It is a common perception today [in Russia] that software piracy and cyber crimes are all the same. In reality, they are totally different [types of] crimes and the problem in Russia is that internet regulation is so far from perfection that it's hard to talk about the normal enforcement of law. [Computer crimes] laws are either ineffective or non-existent."
Veni Markovski, the president of "Internet Society -- Bulgaria," says partisan politics is largely responsible for the failure eight months ago by parliament to pass appropriate computer crimes legislation. Markovski is convinced that had the same draft law been introduced by a member of the ruling Union of Democratic Forces party, rather than by a socialist opposition member, it would have been approved. He also says that there were powerful economic interests blocking the legislation, but hopes that the law will finally be approved next spring.
Even among countries rated with "substantially" or "partially" updated legislation, the report says crimes are not defined in the same way. In some countries, unauthorized access to a computer is a crime only if harmful intent is present. In others, data theft is a crime only if the data relates specifically to an individual's religion or health, or if the intent is to defraud. Many laws are described as biased in favor of the government.
The report says the penalties provided in updated criminal statutes also vary widely. Mauritius, the Philippines and the United States are cited as countries with strong penalties for convictions of computer crime cases.
Iran, Kazakhstan, and Latvia are listed in the report among the countries with no updated laws, but all three are said to show indications that progress is being made.
For the past six years, the survey says, Iran has examined various aspects of computer law, although no law or regulation in regard to abuses has been implemented.
The report says Kazakhstan is now developing a law regarding computer offenses. Also under study is a special state program on the protection of information resources, including technical and software protection.
In Latvia, amendments to the country's criminal code have been drafted envisioning substantial punishment for computer-related criminal acts.
One of the critical issues for effective enforcement of existing or upcoming computer legislation in all countries is the readiness of law-enforcement officials to cooperate internationally. The very nature of computer crime makes it global and the point of origin is often irrelevant.