Cybercrime

Jurisdiction and Crime

It is a general principle of criminal law that only offences committed within a state are subject to that state’s criminal law. Certain crimes in relation to computer data can apply to actions outside the State which have an effect within the state or vice versa. In this cases, the crimes may be prosecuted in Ireland under ordinary principles.

In recent years, the Oireachtas has legislated to allow prosecution within the State, for certain acts committed outside the state.  This legislation reverses the general principle in those cases that that criminal law extends only to acts undertaken in the State.

Particular issues have arisen with child pornography, which is the subject of international conventions and domestic legislation.  Child trafficking and pornography offences have extensive extrajudicial aspect. In broad terms, child pornography crimes are subject to prosecution in jurisdictions with which there is any of a number of connections, irrespective of the place of commission of the crime.


General Offences

Many of the more general offences under criminal law can be committed over the internet or through electronic means.  Many general crimes of dishonesty are applicable to cybercrime. Theft and fraud crimes may be committed through the channels of information technology.  Blackmail or extortion may be committed online. Fraudulent activities over the Internet may constitute the offence of obtaining gain or causing loss by deception.

The offence of theft is constituted if a person dishonestly appropriates property without the consent of the owner and with the intention of depriving the owner of it.  Property includes intangible property.  Confidential information on a computer or IT system may constitute property for this purpose.


Theft and Fraud by Operating a Computer

The Criminal Justice (Theft and Fraud Offences) Act provides that a person who dishonestly, whether within or outside the State operates or causes to be operated a computer within the State with the intention of making a gain for himself or another is guilty of an offence.  The offence may be prosecuted on indictment with imprisonment on conviction on indictment of up to 10 years and/ or a fine

The “operation” of a computer implies input or control. This crime is very broad in scope.   It must be shown the person acted dishonestly without a bona fide claim of right.  He must have intended to make a gain for himself or loss for another.  This implies a monetary, financial or proprietary gain by the accused or loss to the victim.

A person who dishonesty either inside or outside the State operates a computer within the State with the intention to make a gain or causing a loss to another is guilty of an offence.

The crime covers computer-based fraud with the intention of dishonesty procuring a funds transfer.

A person acts dishonestly if he does so without a claim of right in good faith.  There must be the specific intention of making a gain or causing another a loss in relation to money or other property. The offence may be prosecuted on indictment with maximum imprisonment of 10 years on convection


Electronic Signature Offences I

The e-commerce legislation contemplates electronic signatures and signature devices.  It is an offence for a person to knowingly access copy or otherwise obtain, possess or recreate a signature creation device of another person without his authorisation for the purpose of creating or allowing or causing another person to create an unauthorised electronic signature using the signature creation device.

The Electronic Commerce Act creates a range of criminal offences in relation to the misuse of electronic signatures, signature verification devices and devices used to generate signature verification data.

It is an offence knowingly, to create, publish alter or otherwise use a certificate or electronic signature for fraudulent or other unlawful purposes. It is an offence knowingly, to access, alter, disclose or use the signature creation device, of a certification service provider (which is used to issue certificates), without or in breach of the authority of the provider for the purpose of creating, allowing or causing another to create an unauthorised electronic signature with that device.


Electronic Signature Offences II

It is an offence, knowingly to access, copy or otherwise obtain possession of or re-create a signature creation device of another, without consent, for the purpose of creating, allowing or causing another person to create, an unauthorised electronic signature. It is an offence knowingly or intentionally, to disclose, alter or use a signature creation device, without consent or in excess of the terms of consent.

It is an offence to publish a certificate or knowingly make it available to anyone likely to rely on it or on an electronic signature which is verifiable with reference to codes, passwords, etc. which are used for the purpose of verifying the signature, listed in the certificate, if the person knows that the provider set out in the certificate has not issued it, the subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended.

The above offences are subject on summary conviction to a fine up to €1,905 or 12 months imprisonment. They are subject on conviction on indictment to a fine up to €634,869 or five years imprisonment or both.


Cyber Crime Convention I

The Cyber Crime Convention promulgated by the Council of Europe requires states to criminalise certain activities in the electronic sphere.  It seeks to harmonise extradition and assistance provisions and procedures. The EU has adopted equivalent procedures.  The Convention has been ratified by the United States and by most major European states.

Parties to the Convention must ensure that intentional access to a computer system without a right to do so is an offence.  Illegal interception of data is to be an offence.  States may require that the offence be committed with a dishonest intention.

Offences in relation to copyright infringement must be provided. Computer related forgery is to be an offence.  Child pornography must be criminalised.

It must be an offence intentionally, to seriously hinder without right, the functioning of a computer system by importing, translating, damaging, deleting, deteriorating, altering or suppressing computer data.

It is required that an offence is deemed to be committed by the production, sale, procurement, use, importation, distribution or otherwise making available devices, including computer programs, access codes or similar data, for the purpose of committing any of the above offences.


Cyber Crime Convention II

The Convention requires states to ensure that they provide the necessary powers and procedures for the purpose of criminal investigation of offences.  The powers and procedures must be applied to criminal offences established under the Convention and other criminal offences committed by means of computer systems.  The powers must allow for the collection of evidence in electronic form of a criminal offence.

Provision must be made for the preservation and disclosure of stored computer data. There must be provision for orders for the production, search and seizure of stored computer data.  There must be provision for the real time collection of traffic data and the interception of content data. The fundamental rights of citizens must be protected in the use of these powers.

State parties to the Convention must cooperate with each other to the widest extent possible for the purpose of investigations or proceedings, concerning criminal offences relating to computer systems or data and in the collection of evidence in electronic form of criminal offences. The parties must afford one another mutual assistance for this purpose There must be ongoing cooperation and assistance between states.  States should share information with each other spontaneously.

Convention offences must be extraditable between states to the Convention for the purpose of investigations and proceedings relating to criminal offences concerning computer systems and data and for the collection of evidence in electronic form of criminal offence.

Many of the above provisions are already provided in Irish law.  The existing offences may need to be modified and expanded in order to comply with the Convention’s requirement.


Exploitation of a Child

It is an offence to organise or knowingly facilitate the sexual exploitation of a child. A person who by means of information and communication technology communicates with another person (including a child) for the purpose of facilitating the sexual exploitation of a child by that person or any other person is guilty of an offence and liable on conviction on indictment to imprisonment for a term not exceeding 14  years.

The offence is also committed by any parent or guardian who allows the child to be used for the production of child pornography. It is an offence to use children in the production of child pornography.  Child pornography does not necessarily involve any assault of the child.

It is an offence to produce, print, publish, distribute or otherwise commit offences in relation to anything which implies that a child may be available for sexual exploitation.


Sending Sexually Explicit Material to Child

A person who by means of information and communication technology sends sexually explicit material to a child shall be guilty of an offence and shall be liable on summary conviction, to a class A fine or to imprisonment for a term not exceeding 12 months or both, or on conviction on indictment, to imprisonment for a term not exceeding 5 years.

“Sexually explicit material” means any indecent or obscene images or words. A child is a person under the age of 17 years.


Child Pornography

Child pornography is any visual representation

  • that shows, or in the case of a document relates to, a person who is or is depicted as being a child and who is engaged in or is depicted as being engaged in real or simulated sexually explicit activity,
  • that shows, or in the case of a document relates to, a person who is or is depicted as being a child and who is or is depicted as witnessing any such activity by any person or persons, or
  • that shows, for a sexual purpose, the genital or anal region of a child or of a person depicted as being a child,.

A visual representation may be in a broad range of technology.  The definition covers photographs and other visual representations.  The definition also includes audio depictions of children engaged in explicit sexual activity.  A visual representation includes a photographic film, video, representation document and any tape disk or other things on which the visual representation are sent or recorded.

It also includes an audio representation of a person who is represented as being a child, who is engaged or represented as being engaged in explicit sexual activity.  The definition makes it clear that it does not matter what medium the representation, description, or information has been produced, transmitted, and conveyed in. It includes any representation or information produced by or from computer graphics or other electronic or mechanical means.

Unlike most other criminal offences, Irish citizens may be prosecuted in Ireland for child pornography offences involving acts done outside the State.


Producting of Child Pornnography

A person who

  • controls or directs the activities of a child for the purposes of the prostitution of the child or the use of the child for the production of child pornography,
  • organises the prostitution of children or the production of child pornography by controlling or directing the activities of more than one child for those purposes,
  • compels, coerces or recruits a child to engage or participate in child prostitution or the production of child pornography,
  • knowingly gains from the prostitution of a child or the production of child pornography, or
  • incites or causes a child to become involved in child prostitution or production of child pornography,

is e guilty of an offence.

A person guilty of any of these  offences is liable on conviction on indictment to a fine or to imprisonment for a term not exceeding 14 years or both..


Distribution of Child Pornography

It is an offence knowingly to produce, distribute, publish, import, export or sell, child pornography.  It is offence knowingly to publish or distribute an advertisement which is likely to be considered to be understood as conveying that the person publishes, imports, exports, sells or shows child pornography.

It is an offence knowingly to possesses any child pornography for the purpose of distributing, transmitting, disseminating, publishing, exporting, selling or showing it. A person who commits the offences is liable  on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months or both, or  on conviction on indictment, to a fine or imprisonment for a term not exceeding 14 years or both.

A person who aids, abets, procures, conspires with or incites others to do any such an act is also guilty of an offence.


Possession of Child Pornography

Any person who knowingly acquires or possesses child pornography, or (b) knowingly obtains access to child pornography by means of information and communication technology,

Is guilty of an offence and is liable on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months or both, or on conviction on indictment, to a fine or imprisonment for a term not exceeding 5 years or both.

Any person who attempts to commit any of the above offences is guilty of an offence subject to the same fines and imprisonment.

There are a number of narrow defences. There is a defence to the possession of pornography by persons having it for bona fide research.  This is a very narrow exception. There are defences for persons in possession of material for the purpose of prevention, investigation, and prosecution of offences.  Similarly, persons exercising functions in relation to censorship legislation are excepted.

The Gardai may apply for a warrant to search for child pornography.  They may enter any place and search persons and seize anything found there.  It is an offence to obstruct a member of the Garda Síochána when acting in accordance with a warrant.

Anything seized pursuant to a search shall be forfeited upon conviction.  It may be ordered to be destroyed or forfeited by the court.


References and Sources

Legislation

Electronic Commerce Act 2000

Electronic Commerce Act, 2000 (Commencement) Order 2000, S.I. No. 293 of 2000

European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004,

European Communities (Distance Marketing of Consumer Financial Services) (Amendment)

Regulations 2005, S.I. No. 63 of 2005

European Communities (Protection of Consumers in Respect of Contracts Made by Means of

Distance Communication) (Amendment) Regulations 2005, S.I. No. 71 of 2005

European Communities (Protection of Consumers in Respect of Contracts made by Means of

Distance Communication) (Amendment) Regulations 2010, S.I. No. 370 of 2010

Electronic Commerce (Certification Service Providers Supervision Scheme) Regulations 2010, S.I. No. 233 of 2010

European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, S.I. No. 336 of 2011

European Union (Consumer Information, Cancellation and Other Rights) Regulations 2013, S.I. No. 484 of 2013

European Union (Consumer Information, Cancellation and Other Rights) (Amendment)

Regulations 2014, S.I. No. 250 of 2014

European Union (Consumer Information, Cancellation and Other Rights) (Amendment)

Regulations 2016, S.I. No. 336 of 2016

EU Legislation

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’)

Regulation (EU) No 524/2013 of the European Parliament and of the Council of 21 May 2013 on online dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Regulation on consumer ODR)

Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR)

Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European

Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004

Irish Books

EU Data Protection Law Kelleher & Murray           2018

Information & Technology Communications Law Kennedy & Murphy         2017

Social Networking           Lambert               2014

Law Society PPG Hyland Technology & Intellectual Property Law                 2008

Information Technology Law in Ireland   2 Kelleher & Murray       2007

Data Protection Law in Ireland: Sources & Issues 2 Lambert 2016

Privacy & Data Protection Law in Ireland                Kelleher               2015

Data Protection: A Practical Guide to Irish & EU Law         Carey    2010

Practical Guide to Data Protection Law in Ireland A&L Goodbody 2003

Contract Law in an Electronic Age Haigh 2001

Contract law McDermott 2nd ed 2017

EU and UK Texts

Cover of Getting the Deal Through: e-Commerce 2018 Robert Bond 2017

EU Regulation of e-Commerce: A Commentary Edited by: Arno R. Lodder, Andrew D. Murray 2017

Butterworths E-Commerce and IT Law Handbook 6th ed Jeremy Phillips 2012

Internet & E-commerce Law, Business and Policy Internet & E-commerce Law, Business and Policy 2nd ed Brian Fitzgerald, Anne Fitzgerald, Gaye Middleton, Yee Fen Lim, Timothy B Beale 2011

E-Commerce and Convergence: A Guide to the Law of Digital Media E-Commerce and Convergence: 4th ed Edited by: Mike Butler 2011

Blackstone’s Statutes on IT and e-commerce Blackstone’s Statutes on IT and e-commerce 4th ed Edited by: Steve Hedley, Tanya Aplin 2008

E-Commerce Law E-Commerce Law Paul Todd 2005

A Practical Guide to E-Commerce and Internet Law 2nd ed Osborne Clarke 2005