but rather supplements/enhances the available framework by addressing the particular needs of detecting computer crime. Article 23 formulates the general principles and expects mutual assistance to the greatest extent possible for the purpose of investigation or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence. Since speed is an essential component for successful investigation, in urgent cases, the COE Convention does away with rigid formalities for requesting mutual assistance and enables parties to request assistance using e-mails and other forms of instantaneous communication. Also, request for expeditious preservation of stored data is allowed under Art 29 and expeditious disclosure of preserved data under Art 30. Refusal for preservation of data is allowed in limited circumstances: where the condition of dual criminality120 is not fulfilled; where the request concerns a political offence or an offence related to a political offence; and in the interests of sovereignty, security or public order. Request for mutual assistance relates not only to the access of stored data, but also to real-time collection of traffic data. Another ground-breaking provision is Art 35, which requires each party to designate a 24/7 point of contact for providing immediate assistance.

Where states are not parties to mutual assistance agreements, Arts 27 and 28 make provisions for procedures, such as establishing central authorities to aid cooperation and regulating confidentiality of requests and information.

It is clear that the problems in investigation posed by anonymity and encryption can be addressed if the framework suggested by the Council of Europe is adopted. Inevitably, the costs of keeping logs and other subscriber information will fall on the service provider, which might increase the overall costs. If the consequence of this is a safer net environment, then it may, according to some, be a price worth paying.121

Conclusion: a bright future for e-commerce?

It seems that international organisations, governments and governmental organisations have been driven by the need to ensure there are sufficient safeguards in place that would reduce the economic risks posed by legal uncertainties and that the vulnerabilities of the system are reduced to a tolerable level. Although the work of the UNCITRAL, in relation to legal effectiveness of electronic communications, may have brought about some harmonisation, it is uncertain whether the legislative steps in the form of creating specific computer related offences have created a desirable level of safety in the electronic environment. Despite well publicised losses to the industry due to vulnerability of the electronic medium, paucity of prosecutions comes as a surprise and is a strong indicator that the creation of computer specific offences is inadequate. It might be best for businesses to protect themselves against the peculiar susceptibilities of the medium through adequate security management and security devices. For instance, a survey of information security breaches conducted by PriceWaterhouse Coopers and the Department of Trade and Industry (DTI)122 in 2002 indicated that investment in information security in the UK was low, despite security incidents that cost the UK billions of pounds in 2001. The report recommended that businesses create

120The convention also addresses extradition in Art 24, and parties are required to extradite individuals for offences criminalised under Arts 2–11 of the Convention, provided the offence is punishable under the laws of both countries by a maximum of one year imprisonment or a more severe penalty. This meets the minimum threshold set by the Council of Europe Convention on Extradition 1957.

121For an interesting economic analysis, see Hamdani, ‘Who’s liable for cyberwrongs?’ (2002) 87 Cornell LR 901.

122‘Information Security Breaches Survey 2002’. See also ‘BERR Information Security Breaches Survey 2008’ available at www

.security-survey.gov.uk.

a security aware culture and put in place appropriate steps in security management, such as use of adequate technical security devices, qualified personnel, penetration testing of its web sites and security audits. Although these suggestions are of a practical nature, it must be emphasised that a legal framework promoting the use of the electronic medium of itself is insufficient to reduce the vulnerabilities of the medium or protect the electronic environment from external threats. Policy makers, governments and international organisations have done their best to provide a legal framework for electronic commerce – its full utilisation and success are now in the hands of businesses.

Further reading

Carr [ed], Computer Crime, 2009, Ashgate.

DTI, Licensing of Trusted Third Parties for the Provision of Encryption Services: Public Consultation Paper on Detailed Proposals for Legislation, March 1997, DTI.

Fafinski, Computer Misuse: Response, Regulation and the Law, 2009, Willan. Goldsmith & Wu, Who Controls the Internet? 2006, OUP.

McEwan ‘The Computer Misuse Act 1990: lessons from the past and predictions for its future’ (2008) Criminal Law Review 955.

OECD, ‘Gateways to global market: consumers and electronic commerce’, 1997, available at www.oecd.org.

Perritt Jr, Law and the Information Superhighway, 1996, John Wiley. Thomas and Loader (eds), Cybercrime, 2000, Routledge.

Walden, Computer Crimes and Digital Investigation, 2007, OUP. Wall (ed), Crime and the Internet, 2001, Routledge.

Weiss, ‘Security requirements and evidentiary issues in the interchange of electronic documents’ (1993) 12 John Marshall Journal of Computer and Information Law 425.

Williams and Carr, ‘Crime, risk and computers’ (2002) Electronic Communications LR 23.

Part III

Transportation of Cargo

This page intentionally left bank