CYBER & INFORMATION TECHNOLOGY LAW

With the increase in emergence of digital technology to our daily life’s the concern of protections
starts pumping up especially with the illegal breaches used through cyber and information
technology. In this paper, we will cover as much as possible all aspects regarding cyber and
information technology in terms of law, treaties and agreements. We will try to blend the
agreements with real life. Analysing wither in some parts the agreement isn’t effective or not
What’s interesting is that we will have some assumptions and we will live long enough to see
wither in the future our analysis and prediction where in its correct place or not. The protection of
our digital information and systems – is a priority for alignment by both private industry and
governments globally. Our companies work to secure the technology systems that citizens use to
improve their lives and the digital infrastructure our economy depends upon for unprecedented
opportunities and prosperity. It’s extremely important to separately the term cyber technology
and information technology. Information technology is the process of implementing measures
designed to safeguard information using any form of technology and the key difference here, is
that the date your trying to protect could be either on paper or electronic devices. While cyber
security s often explained as the precautions taken to guard against crime that involves the
Internet. We can imagine that the term cyber security derivative from information technology, or
in other words cyber security is a type of information security.

Introduction

Nowadays, Internet and Computer based commerce and communications cut the borders and
therefore is defined as a global issue in which the need of rules governing the behavior of users is
a concern.
Accordingly, ‘cyber space’ with its specific technical characteristic features, does pose new
challenges for international law to stablish a suitable legal framework of cyber laws across
countries.

Human rights and the internet

The most important human rights regard to the internet are freedom of expression, data
protection privacy, customer rights, freedom of association, right to education and multilingualism
and capacity building in the context of the right to development.
Association for Progressive Communications
There are different organizations and associations work on the human rights and the internet. One
of the most famous associations which was stablished to work on internet rights is APC or
Association for progressive communications. This association is an international network of
organizations founded in 1990 to provide communication infrastructure as internet based-
applications.
It should be noted that ACP began to collaborate with united-nations since 1992.
The association stablished a charter named internet rights charter in 2001 by APC members and
partner organizations at “Internet Rights” workshops held in Europe, Asia, Latin America and
Africa with 7 central themes;
Theme 1 indicates the affordable, fast and easy access to the internet for all Moreover, the
internet should be used as the infrastructure for education, health services, local business and
public participation. Also it indicates the equal access for men and women.

 Theme 2 is freedom of expression and association. In more details, the right to freedom of
thought, conscience and religion, opinion and expression without interference. Also the
right to freedom from censorship and the right to freedom of peaceful assembly are on the
main core.
 Theme 3 indicates that everyone has the right to access the knowledge and free
information. All scientific information and social research that is produced by public funds
should be freely available to all.
 Theme 4 right to participate in the cultural life of the community and has the right to share
the information and knowledge, to create the content tools and applications on the
internet.
 Theme is the right to data protection and personal information for all individual. Also
internet users should have the right to access the tools to use encryption to ensure secure
and private communication. It
 Theme 6 the multilateral and democratic Internet governance in which no single
government have a pre-eminent role.

Theme 7: is the right for all internet users to be protected by international human rights,
declarations, law and policy practice. In addition public education should inform people of their
rights when they are using the internet.

Trans-Pacific Partnership and Digital Trade

The TPP concerns a wide range of issues and has been negotiated over several years by twelve
nations U.S. (withdrawal), Japan, Australia, Peru, Malaysia, Vietnam, New Zealand, Chile,
Singapore, Canada, Mexico, and Brunei Darussalam.
In TTP agreement there is one chapter (14) which covers cyberspace.
According to this chapter the parties agreed to eliminate customs duties on cross-border
electronic transmissions, including content, between persons of the various TPP countries. This
commitment largely follows the moratorium on e-commerce customs duties agreed among WTO
members in 1998.
It also includes a general recognition by the Parties of the benefits of consumers in which each
party accepted to adopt and maintain consumer protection laws to protect online consumers from
fraud and deceptive commercial activities. In addition they set a framework in order to cooperate
on cybersecurity matters.
Beyond these provisions, the e-commerce chapter addresses several other issues, including
methods of electronic authentication and the validity of e-signatures; maintenance of laws on
online privacy, consumer protection, and spam.

Major Regulations within the EU

There are three major regulations within the EU in cyberspace; ENISA, NIS Directive and the EU
GDPR.
ENISA, the European Union Agency for Network and Information Security, is a governing agency
that was originally set up by European Parliament in 2004 .its main purpose is to raise network
and information security.
The Directive on Security of Network and Information Systems (NIS Directive) was held by the
European Parliament in 2016 and all member states of the European parliament are forced to put
the directive's regulations into their own national laws since 2018.
The aim of the NIS Directive is to create an overall high level of cyber security in the EU.
EU GDPR is the EU General Data Protection Regulation that was ratified in 2016 and it will be into
force in 2018. This is a regulation by which the European Parliament, the Council of the European
Union and the European Commission intend to set a standard to unify data protection for all
individuals within the European Union.
Code of EU Online Rights
The Commission published the Code of EU Online Rights In December 2012 which describes two
kinds of rights related to the digital environment; first are the rights to access to electronic
communications networks and services in which privacy, personal data and security are protected.
The second type of rights indicated in the code are consumer protections which force the service
provider or seller to provide information prior of a contract online with clear and complete
contractual information and also give the right of Withdrawal from a contract to the costumer.
Moreover, it contains protection against unfair practices, fair contract terms & conditions, on-time
Delivery of goods and services without defects.
Digital Agenda for Europe 2020 and Digital Single Market
The Digital Agenda was presented by the European Commission as one of the seven pillars of the
Europe 2020 Strategy. The Digital Agenda proposes to better exploit the potential of Information
and Communication Technologies in order to increase innovation, economic growth and progress.
The Digital Single Market is part of the Digital Agenda for Europe 2020 program of the EU.
DSM was introduced by Commission in November 2014 by following the original purpose of the
European Union which was to encourage trade between Member States by removing barriers and
encouraging free movement of goods, services and people.
DSM strategy covers the wide range of areas including cross border e-commerce, preventing
unjustified geo-blocking, copyright and communications legal frameworks.
The main strategies of DSM are to make the better access for consumers and business to online
goods
, to create a united EU’s digital world as a marketplace to buy and sell and to maximize the growth
of the European Digital Economy.
Anyway…
As mentioned above, many different multilateral treaties and developing rules of customary
international law are take place concerning ‘cyber space’. But these traditional ways of creating
norms may not meet all the needs in this area because of rapid development of Internet and
Computer technology globally.
Moreover, given the technological environment in which ‘cyber space’ activities occur, tracing any
such activities will be often, if not always, very difficult or even impossible.
Therefore, there is still the need to develop appropriate legal standards in ‘Cyber space’, human
rights, E-commerce and data protection.
 UNCITRAL (Electronic Commerce)
United Nations created the core legal body in 1966 which is called UNCITRAL (United Nations
Commission on International Trade Law) by the General Assembly and this body serves in the field
of commercial law. The objectives of UNCITRAL are to harmonize, modernize and unify
commercial law in international arena with universal membership in international business law.
Commerce helps trade to maintain higher living standards and new opportunities worldwide and
UNCTRL include some rules on commercial transactions in order to make faster growth. It includes
modern formulated conventions, model laws; fair legal recommendations; examples from case
law with additional updated information; legislative reform projects that technical assistance is
included; and additionally, regional and national seminars on commercial law. This commission
has more active role in elimination some issues appeared in the trade flow which national law
created while governing international trade.
There are own texts of this system which is accepted a global benchmarks for several fields as
electronic contracting, transactions and signatures. These are some of the thirty five legal topics
related to paperless trade facilitation. Paperless trade and SW (electronic single window) were the
main concepts which help trade facilitation in the field IT (Information and Communication
technology). Data protection cybercrime, data archiving, etc. are other examples for the legal
topics. E-transactions and contracting laws are important because these laws have general
principles which serve for the usage of electronic communication, also high level of uniformity. In
order to have these laws and to enable the usage of electronic means states should adopt them
firstly at national level, should have common legislative ground which will lead to mutual
recognition.
As it was mentioned e-transaction law has general principles for the use of electronic means. First
one is principle of non-discrimination. “A communication shall not be denied validity on the sole
ground that it is in electronic form.”- As John D. Gregory said. It is called also as “media neutral”
meaning there should not be discrimination toward electronic communication and be respected
as the other medium law. Implementation of it is easier in the private sector and need in-house
training and other instructions in order to create business culture after establishment of the law
via submitting electronic information and single window infrastructure. The second principle of e-
transaction law is principle of functional equivalence which was described by author as “Purposes
and functions of paper-based requirements may be satisfied with electronic communications,
provided certain criteria are met.” There are some barriers for electronic transactions, there
should be accessibility for future reference in order to make meet requirement of “written form”.
Thirdly, the principle of technology neutrality says “Legislation shall not impose the use of or
otherwise favor any specific technology”, meaning there should not be favoritism of any other
technology over another by legislation. There may be more detailed information on technology
requirements and data encryption while implementation of the law and there is a need data
analysis and data submission for data with better quality which will lead to future developments.
These principles are important because even though first time they were established for
commercial transactions, however, now twenty five legal systems implemented in Asia and the
Pacific.
The relationship between UNCITRAL and e-commerce stared in 1980s because of the need of the
new law and it leaded to UNCITRAL Legal Guide on Electronic Funds Transfers which was
established in 1987. And in order to achieve uniformity there are other UNCITRAL texts on
electronic commerce as EDI (Electronic Data Interchange-established for the purpose of electronic
payments), UNCITRAL Model Law on Electronic Commerce, UNCITRAL Model Law on Electronic
Signatures and United Nations Convention on the Use of Electronic Communications in
International Contracts. The Purpose of the MLEC- the Model Law on Electronic Commerce is to
create environment for the paperless communication and enhance the efficiency in international
arena. There was a need to remove legal obstacles appeared because of statutory provisions and
also to increase legal predictability for electronic commerce, consequently, via internationally
rules national legislators now can work in the area with facilitation in commerce and conduct
using electronic means. As the first legal text the MLEC use the fundamental principles that was
mentioned above (non-discrimination, technological neutrality and functional equivalence. Beside
them model law’s functions is to format contracts via electronic mean, attribute data messages,
acknowledge receipt of data messages with time and place. The Model Law deals with electronic
commerce, but it is also related to carriage of goods via “the United Nations Convention on
Contracts for the International Carriage of Goods Wholly or Partly by Sea”. Overall, there are sixty
nine states with 145 jurisdictions in the Model Law. As Model laws are soft laws that do not have
binding force and cannot for all requirements in treaties UNCITRAL organized convention.
However, before to come to that convention, it is better to details of the model laws.
The first one with seventy jurisdictions is UNCITRAL Model Law on Electronic Commerce which
was established in 1996. With the objectives as the possibility of commercial use communications
MLEC is baes the fundamental principle equivalence which is about ideas as “writing”, “original”
and “signature”. Another Model Law text is on Electronic signature which was established in 2001
with the purpose facilitates the use of electronic signatures and avoids difference between
electronic and handwritten signature and thirty jurisdictions. It has other fundamental principles
called technical- neutral which is against preference of any specific technology. There may be
uncertainty with usage of electronic signatures, so Model Law suggest PKI meaning public key
infrastructure which is about environment with technology-neutral approach and recognizing both
digital and electronic signatures.
Updating the provisions of MLEC and MLES , removing legal uncertainty and to make paperless
trade possibly UNCITRAL established United Nations Convention on the Use of Electronic
Communication in 2005, but it began its functions from 1 March 2013 with 7 state parties and 18
signatories. It was needed because ot prevent medium and technology discrimination, it validates
the legal status of electronic transactions, and because it has access for cross-border recognition
and electronic means usage. In other words, this convention help states to make international
trade among each other with the help of electronic communication and without any concerns of
not concluded contracts and without discrimination from traditional paper-based equivalents.
Additionally, it gives opportunity to the countries which do not have provision on electronic
commerce to adopt it. States have right to adopt the provision of the convention at domestic
level, in order not to governed by domestic law and enhance the uniformity and economy in
commercial transactions without financial implication and mandatory reporting.

Cybercrime

Moving on, this part of the report, discuses a topic that is expected to be the number one
public enemy to our world. It is expected in 2030 by the Interpol that it will be a crime that would
be considered more dangerous than drug abuse or sexual trafficking. They even see this form of
crime as a new tool terrorists would rather use. Costed our world only in 2016, 450 billion dollars.
It is not the war on drugs, not the war on terrorism nor costs dedicated to raise awareness
between nations, it is rather the blooming cybercrime.

It is very vital to first define what is cybercrime. Basically, there is a lot of definitions that
can be attributed to cybercrime. However, the one definition given by the United Nations Office
on Drugs and Crime was that it is an activity done using computers and internet. You in all cases
need to find two key words to be able to classify this or to commit cybercrime, you need to have
be online and you need to have an electronic device, until today without both these terms you
cannot have a cybercrime.
Types

1.HACKING: This is a type of crime wherein a person’s computer is broken into so that his
personal or sensitive information can be accessed.
2.DENIAL OF SERVICE ATTACKS: s a cyber-attack where the perpetrator seeks to make a
machine or network resource unavailable to its intended users by temporarily or
indefinitely disrupting services of a host connected to the Internet.
3. VIRUS DISSMINITION: Malicious software that attaches itself to other software. (virus,
worms,
4.COMPUTER VANDALISM: A type of virus that destroys all your data on a computer
5. CYBER TERRORISM: This is a type of crime wherein some terrorists use the computer to
plan a terrorist attack
6. SOFTWARE PIRACY: is the unauthorized copying, reproduction, use, or manufacture
of software product
7. PORNOGRAPHY: This is also a type of cybercrime wherein criminals solicit minors via
chat rooms for child pornography
8. INSULT & CYBER STALKING: This is a kind of online harassment wherein the victim is
subjected to a barrage of online messages and emails

History

To be able to go further with cybercrime it is very vital to check its history to be able to
tackle the problem that we have. The first recorded cybercrime took place in 1820, Which is 197
years ago. The first spam email took place in 1976 when it was sent out over the ARPANT, and the
first ever virus was installed on an Apple computer in 1982 when a high school student, Rich
skrenta, developed the EIK Cloner.

It’s vital to know that there 5 regional agreements. You will find that usually countries with
similar domestic laws having these agreements. For example, in the middle east it is punishable by
law to insult religion (Judaism, Christianity or Islam) to be sentenced to prison form 15 years to life
sentence. So, therefore it’s a bit clear why it’s very easy to notice an agreement between these
countries. It’s much easier to have agreements with countries having similar domestic laws. In
Europe, one of the main things the formers of EU focused on, is to have a unique legal system, and
if a countries domestic law differs from European union law, then what the court should follow is
the European union law, since it always prevails (considered superior.)
The one main international treaty (Vienna convention 2011)

It is extremely important to point out that without adequate criminalization international

law, law enforcement agencies will not be able to carry out investigations and identify those who
put security at risk. This where the one main treaty takes place. In 2011 Vienna one main treaty
was carried with a total of 69 countries participated. 11 from Africa 13 Americas, 19 Asia, 24
Europe, and 2 Oceania.

Going a step backward the General Assembly resolution 65/230 requested the Commission
on Crime Prevention and Criminal Justice to establish an open-ended intergovernmental expert
group, to conduct a comprehensive study of the problem of cybercrime and responses to it by
Member States, the international community and the private sector, including the exchange of
information on national legislation, best practices, technical assistance and international
cooperation. The first session of the expert group was held in Vienna from 17 to 21 January 2011.
These main topics were further divided into 12 sub-topics.3 Within this Study, these topics are
covered in eight Chapters:
(1) Connectivity and cybercrime;
(2) The global picture;
(3) Legislation and frameworks;
(4) Criminalization;
(5) Law enforcement and investigations;
(6) Electronic evidence and criminal justice;
(7) International cooperation; and
(8) Prevention

Key findings
The key findings of this treaty were:
-the impact of fragmentation at international level and diversity of national cybercrime
laws on international cooperation
-a reliance on traditional means of formal international cooperation in criminal matters
involving cybercrime and electronic evidence for all crimes
-the role of evidence ‘location’
-harmonization of national legal frameworks
-law enforcement and criminal justice capacity
-cybercrime prevention activities

Improvements
Options to strengthen existing and to propose new national and international legal or other
responses to cybercrime include:
-Development of international model provisions
-Development of a multilateral instrument on international cooperation regarding
electronic evidence in criminal matters
- Development of a comprehensive multilateral instrument on cybercrime
-Delivery of enhanced technical assistance for the prevention and combating of cybercrime
in developing countries (Not sufficient forensic tools)

Since that international treaty not one further treaty has been formed. The Vienna treaty might
have been not that effective. To cybercrime victims, this treaty theoretically was a big step. Yet, in
2017 we can say that it wasn’t really applied. One cannot claim that it’s an effective agreement
that is composed of effective bodies like (WTO, TRIPS or Safeguard.)

Cybercrime (types hacking, cyber terrorism and service attacks)

But why is there no unique legal entity that fights cybercrime such as WTO or Dispute
Settlement Body, especially types such as hacking cyber terrorism and service attacks if we can see
its devastating effects. That if cybercrime is a huge problem to worldwide national security? This
part is a bit debatable

1) Sovereignty

The idea of sovereignty is why some countries does not explicitly want to have an entity
equivalent to the Interpol for cybercrimes. This is not only for cybercrimes, but rather for even
normal crimes (such as human rights and violations.) In the past decades, we have seen a lot of
examples where countries tend to have this sense of sovereignty on its own territory and its own
actions. For example, Russia would never come to the public and give the chance for someone to
ask for its violations in Ukraine, Bosnia or even Syria. Even though we all knows that thousands of
innocent lives have been lost. Yet, unfortunately a lot of countries not only Russia including my
government (Egyptian government) in several occasions refuse to be in a position where an entity
can judge or sue it. In the following paragraph, I will try to elaborate more giving some extra
examples:

I couldn’t find a better example of explaining this. The murder of Giulio Regeni, that took place in
Egypt 25th of January 2016 unfortunately. He is an Italian student that accomplished his phd in
Girton College, Cambridge. He was in Egypt on some exchange program. He disappeared on the
25th of jan 2016. Which for you who don’t know it is the same date where our original revolution
took place. On that day every year, the police try to capture suspected people who might show
any sign of revolutionary activities in a trial to control the country. Last time Guilio regeni was seen
is the metro station stopped by two police men who asked him to go with them for some
questioning. However, the Egyptian government claims that they have set him release and it is
since then he has disappeared. When Italy asked to carry out investigation carried by the Egyptian
government, the Egyptian government welcomed such proposal. However, it was never effective
as the Italian authorities have complained that the Egyptian government isn’t really sharing any
evidence. The point that am trying to make is that in a lot of cases a lot of countries tend to have
this form of sovereignty that no one should investigate on my territory crimes, which in my
opinion shameful, but I am sure that everyone can relate a lot of international cases where you
will find slightly similar circumstances

2)Hidden agenda

China
It is very well known that the government supports a specific police force only in cyber hacks.
Making China one for of the main hotspots for hackers. We know that China would sometimes
want to use her hackers in a potential attack on anyone (as a form of retaliation or as a form of
assault.) Do you think if any cyber-attack was supported by the Chinese government, it would
have been pleased if there was an international entity that handles cyberattack? Or things are
great they way they are currently?

Russia
Around February 2017 in security council. They were trying to discuss how can they solve the war
in Syria. Russia was pro continue its military attacks on ISIS controlled areas, the side effect is that
there are innocent civilians that die due to the air strikes. Qatar at that time had another opinion
and here where it gets more interesting. Qatar ambassador and the Russian one had a word fight,
ended with the Russian ambassador threatening the Qatari one that Russia is willing
To erase Qatar from the map if they think they can ever threaten Russia with sanctions. After 8
month, the Qatari national TV online website was hacked. Releasing statements attacking the
American president, Some middle eastern countries. Qatari officials removed those statements
and apologized. However, one week later 5 middle eastern countries have decided to boycott
Qatar. Which is going viral these days on the internet. United States (Trump in specific) even
though being one of Qatar’s biggest ally have blamed Qatar also. What’s interesting is that United
States experts, have said that they have detected that the location where the national Qatari
online website was hacked from Russian territory, and they concluded that this might have been
supported by the Russian government to harm Qatar’s relations with its allies. Do you think if the
cyber-attack was supported by the Russian government, it would have been pleased if there was
an international entity that handles cyberattack? Or things are great they way they are currently?

United States
The United States for example back in 2010 had several disagreements with the Iranian nuclear
program. Especially in February 2010 tension levels have reached its peaks. The United States
asked Iran to stop its nuclear program, Iran continued ignoring the United States request, the
result was that the United States have launched a virus cyber-attack called Stuxnet slowing the
Iranian Nuclear power plant program by 10 percent and destroyed completely one fifth of Iran's
nuclear centrifuges. Not only that, but it also launched another form of virus attacks in some
Iranian power plants, and to Iran this was like a crisis. The virus had a severe effect on the power
plant. It is vital to clarify that international experts could not have hard evidence to blame the
United States government. Yet, they all agreed that the location of the cyber attackers where in
United States territory. At that time, USA just denied those allegations and didn’t take further
actions. Let’s assume that these cyber-attacks where not supported by the United states
government, why didn’t they then track those cyber attackers and take them to court? I think an
attack that huge could be easily trackable, or did the government want to have a one eye blind on
these actions? Let’s assume that it was backed by the united states government. Do you think USA
would have been pleased if there was an international entity that handles cyberattack? Or things
are great they way they are currently?

In conclusion, in the upcoming years it is inevitable to have an international entity that fights
cybercrimes in the whole world with the emergence of the digital technology especially in types
such as pornography, software piracy. However, it would take a lot of time and effort to have it as
effective as the WTO. It would require a lot of countries to change their perception on
cybercrimes. Taking a step backward our governments should understand that we are all equal
human beings with equal human rights who want to live in peace and fairness. It requires our
governments especially the ones that have relatively high importance compared to others to take
the initiative and start removing the idea of sovereignty, hidden agenda from its plans, and to
rather reach to the security council in resolving their problems, rather than solving it by
themselves, and if they see the united nations as an inefficient entity, then I think they should
start working on making it more efficient for everyone. They must take the initiative because until
this happens we as civilians will keep paying the price.
References

https://us.norton.com/cybercrime-definition

https://www.theregister.co.uk/2017/06/06/russia_cyber_militia_analysis/

http://edition.cnn.com/2017/06/06/politics/russian-hackers-planted-fake-news-qatar-
crisis/index.html

https://www.unodc.org/documents/treaties/organized_crime/EGM_cybercrime_2011/Presentati
ons/Russia_1_Cybercrime_EGMJan2011.pdf

C. Satapathy. "Legal Framework for E-Commerce." Economic and Political Weekly 33, no. 29/30
(1998): 1906-907. http://0-www.jstor.org.library.ada.edu.az/stable/4407004
.
Hamid, Bushra. "Institutional Approach to E-commerce: An Integrated Framework for Pakistan."
The Pakistan Development Review 41, no. 2 (2002): 179-92. http://0-
www.jstor.org.library.ada.edu.az/stable/41260460.

Gregory, John D. "The Proposed UNCITRAL Convention on Electronic Contracts." The Business
Lawyer 59, no. 1 (2003): 313-43. http://0-www.jstor.org.library.ada.edu.az/stable/40688198.

John D. Gregory,” Regional Workshop on e-Commerce Legislation Harmonization in the Caribbean”

, Sept 29 – Oct 2, 2015, unctad.org.
http://unctad.org/meetings/en/SessionalDocuments/The%20United%20Nations%20Electronic%20
Communications%20Convention%20UNCITRAL.pdf (retrieved June 5, 2017)

Luca Castellani, “UNCITRAL legal instruments for e-commerce and paperless trade”, Unescap.org,
http://www.unescap.org/sites/default/files/2_UNCITRAL%20texts%20for%20e-
commerce%20and%20paperless%20trade_Luca_1.pdf ( retrieved June 7, 2017)