Security, Prevention and Detection of Cyber Crimes.

Tumaini University Iringa University College.

Cyber Crime.

Prepared by

Asherry Magalla (LL.M-ICT LAW-10919)

Supervised by Dr. Puluru

©2013

1
COPYRIGHT

© Tumaini University-Iringa 2013.

This Paperwork is copyright material protected under the Berne Convention; the Tanzania

Copyright and Neighbouring Act of 1999, and other international and national enactments, in

behalf, on intellectual property. It may not be reproduced by any means, in full or in part, except

for short extracts in fair dealing, for research or private study, criticism scholarly review or

disclosure with an acknowledgement, without permission of the Dean, Faculty of Law, on behalf

of both the author and the Tumaini University, Iringa University College.

2
 Security, Prevention and Detection of Cyber Crimes

Introduction.

In our daily life, economic activities, and national security highly depend on stability, safely, and

resilient cyberspace. A network brings communications and transports, power to our homes, run

our economy, and provide government with various services.1

However it is through the same cyber networks which intrude and attack our privacy, economy,

social life in a way which is harmful. Some scholars have interestingly argued that, “in the

Internet nobody knows you are a dog”.2 This raises some legal issues and concerns.3

This paper presents important issues on the Security, Prevention, and Detection of Cyber Crime.

The paper consists of four parts in Romanic Numbers.

In Part I, the attempt here is simply to familiarize the reader with a careful understanding of the

Cyber Crimes. The author will trace back the meaning, history, and types of Cyber Crimes

In Part II, one has to know the concept of Cyber Security; this will include meaning, background,

types if any and important of Cyber Security.

Part III will explain on Cyber Prevention and Detection the same will include meaning and

history, Cyber Prevention and Detection Methodologies and Legal Instruments.

1
United Nations 199, see also social learning theory and moral disengagement analysis of criminal computer
behaviour: an exploratory study by Marcus, K. R. 2001.
2
Christopher Reed, Internet Law; Text and Materials, 2000 at page 119.
3
Adam J. Mambi, ICT LAW BOOK, a Source Book for Information and Communication Technologies and Cyber
Law in Tanzania and East Africa Community, 2010, page 96.

3
And Part IV, Personal Assessment basically in Tanzanian Laws.

4
COPYRIGHT

© Tumaini University-Iringa 2013.

This Paperwork is copyright material protected under the Berne Convention; the Tanzania

Copyright and Neighbouring Act of 1999, and other international and national enactments, in

behalf, on intellectual property. It may not be reproduced by any means, in full or in part, except

for short extracts in fair dealing, for research or private study, criticism scholarly review or

disclosure with an acknowledgement, without permission of the Dean, Faculty of Law, on behalf

of both the author and the Tumaini University, Iringa University College.

5
PART I: CYBER CRIMES.

1.0 Introduction.

“Ever since men began to modify their lives by using technology they have found

themselves in a series of technological traps”.

Roger Revelle4

1.1 Meaning of Cyber Crime.

There has been confusion on the criteria used to determine the definition of the term Cyber

Crimes or computer crimes.5Some argued that, it is any crime that involves the use of computer;

some argued that, it is a crime in the presence of a computer.6

However, some have criticized the categorization of cyber crime. Don Gotternbarn argued that,

there is nothing special on the crimes that happen to involve computers. Is it possible for a crime

being categorized in accordance to a tool, equipment, mechanism or means through which it was

committed? If that's so, how many categories of crime would be there? How about the crime

committed through using a television, automobiles, scalpel, scissors, and other tools, can we

categorize each of them as individual crimes?7 Gotternbarn concludes that crimes involving

computers are not necessarily issues in computer ethics.

4
Vakul Sharma, Information Technology-Law and Practice, 3rd Edition (New Delhi: Universal Law Publishing
Co.Pvt. Ltd., 2011), p.30.
5
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America, p.202.
6
Ibid.
7
Ibid.

6
1.1.1 Criticism of Gotternbarn Concept of Cyber Crime.

In arguing against Gotternbarn, it is true that, we may not categorize other crimes in accordance

to tools, equipment, mechanism or means through which they were committed. However, due to

the nature and features of Cyber Crimes8 which differentiate, the traditional universe and the

cyber universe, led the traditional universe tremble like an earthquake, makes crimes difficult to

control than they were before, this initiates the concept of these crimes being necessary

categorized as Cyber Crimes. Therefore, let Cyber Crimes be Cyber Crimes.

Forester and Morrison argued that, cyber crime is a criminal act in which a computer is used as a

principal tool. In that matter, the theft of computer hardware device, would not qualify as

computer crime.9

Is it true by using a computer as the principal tool to commit a crime will amount to the

computer or cyber crime? For instance in taxable transactions, in the case of data entry, can’t a

person commit fraud by just filling the wrong data into hardcopy version of tax forms which are

the same available in electronic forms?10

Roy Girasa (2002) argued that, cyber crime is a generic term covering the multiplicity of crimes

found in penal codes or in legislation having the use of computers as a centre component. To him

8
Ubiquity, global reach, universal standards, information richness, interactivity, information density,
personalization/customization, and social technology. As a result of these features, it achieves unprecedented reach,
and makes available vast amounts of information, of varying degrees of quality. Internet users cannot be regarded as
a homogenous group.
9
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America, p.203.
10
Ibid.

7
cyber crime is a crime as long as the penal codes and any other legislation clearly stipulate it as

involving not only the use of computers but the use of computers as the centre component.11

At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders,

in a workshop devoted to the issues of crimes related to computer networks, cyber crime was

broken into two categories and defined thus:12

1. Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed by means

of electronic operations that targets the security of computer systems and the data processed

by them.13

2. Cybercrime in a broader sense (computer-related crime): Any illegal behaviour committed

by means of, or in relation to, a computer system or network, including such crimes as

illegal possession and offering or distributing information by means of a computer system

or network.14

Even though this definition is not completely definitive, however it gives us a good starting

point, for determining just what cyber crime means, by incorporating computer crime and

computer related crime.

11
Roy J. Girasa, Cyber law: National and International Perspectives, (2002)

12
Talwant Singh, District & Sessions Judge, Cyber Law & Information Technology, Delhi-India.
13
Tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, Vienna, A/CONF.
187/10, 10-17 April 2000, page no 4.
14
Ibid.

8
Computer crime has two elements, computer and crime. Therefore, it involves a crime in a

relationship with a computer.15

The relationship could involve the direct usage of a computer by the criminal as one of the first

famous computer criminals did.16However the relationship can be also be indirect, the criminal

can not only use a computer to commit his crime but can also use someone to make changes in a

computer system, by manipulating a key computer user.17Thus one being the exploitation of

weaknesses in the technical IT infrastructure18, the other being exploitation of trust in social

fabric of IT users19 within the organization.20

15
Magnin, C.J. The 2001 Council of Europe Convention on Cyber Crime: An Efficient Tool to Fight Crime in
Cyber-space?
16
Ibid.
17
Ibid.
18
As Morris did in United States v. Morris (1991), the accused invade the security system through a worm (Morris
Worm) so as to measure the weakness of MIT which in turn prevented the use of federal interest computers, thereby
causing loss. Morris was found guilty by the United States District Court for the Northern District of New York of
violating 18 U.S.C. 1030(a)(5)(A), sentenced to three years of probation, 400 hours of community service, a fine of
$10,050, and the cost of his supervision.

19
See S v Douvenga case no 111/150/2003, dated 2003/08/19 Northern Transvaal Regional Division 93 Cr App R
25, 02 Dec 2003, the accused used the trust and position entrusted by her company to sent more than 30,000 client
address to her fiance at an opposition company, was sentenced to a fine of R1000.00 or 3 months in prison.

20
9th Global Fraud Survey: Fraud risk in emerging markets. This survey was conducted in 2006 on behalf of Ernst &
Young‘s Fraud Investigation & Dispute Services Practice.

9
1.2 Origin of Cyber Crime.

It is believed the first recorded cyber crime took place in the year 1820.21This can be true with

the fact that, computer did exist since 3500 BC in India, China and Japan.22The modern

computer began with the analytical engine of Charles Babbage.23

Banks and other financial institutions were amongst the first large scale computer users in the
24
private sector, for automate payroll and accounting functions. Therefore, fraud in a computer

scheme emerged. One of the first cases cited as an instance of the computer fraud involved

equity-funding Corporation in the US, fraud was simple.25The frauds succeed because the

auditors and regulators accepted computer printouts as definitive evidence of policies and did not

ask original documentation. When the fraud was discovered, some 64,000 out of 97,000 policies

allegedly issued by the company proved to be false, almost 1 Billion pounds estimated to be the

loss.26

21
See page 3 on the report, Cyber crime…… And punishment? Archaic Laws Threaten Global Information, a report
prepared by McConnell International, 2000.
22
A computer named, ‘Abacus.’
23
See page 3 on the report, Cyber crime…… And punishment? Archaic Laws Threaten Global Information, a report
prepared by McConnell International, 2000.
24
Lloyd, I.J. Information Technology Law at Pg. 201.
25
Ibid.
26
The case has been widely reported. A useful account is to be found in Norman, Chapman and Hall Computer
Insecurity, 1983 at Pg. 199.

10
Therefore as the technological advance, the number of cyber crime cases increased. There is no

reliable and precise statistics of the losses the victims gain as the fact that victims do not detect

many of these crimes27. Therefore, fights against computer crime began.28

Several individuals were engaged in the fight against computer crime from the early

development. The founder and father of the knowledge of computer crimes are by many

observers considered to be Donn B. Parker, USA. He was involved in the research of computer

crime and security from the early 1970ties.29

He served as a Senior Computer Security Consultant at the SRI International (Stanford Research

Institute), and was the main author of the first basic federal manual for law enforcement in the

USA: “Computer Crime – Criminal Justice Resource Manual” (1979). This manual became soon

an encyclopedia also for law enforcement outside US.30

1.3 Typology of Cyber Crime.

In a traditional means, a term crime covers a broad range of offences. It is from this broad range,

the typology or classification of cyber crime became difficult.31A good example of an

international instrument which tried to categorize types of cyber crime is the Council of Europe

27
Standler, R.B. Computer Crime at Pg.1.
28
Stein Schjolberg CJ, the History of Global Harmonization on Cyber Crime Legislation-The Road to Geneva,
December 2008.
29
See http://en.wikipedia.org/wiki/MoU/
30
See an overview of his archives, www.cybercrimelaw.net. His first book on the subject was: “Computer Crime”
(1976).
31
Gordon/Ford, On the Definition and Classification of Cyber Crime, Journal in Computer Virology, Vol.2, No. 1,
2006, page 13-20.

11
Convention on Cyber Crime, European Treaty Series - No. 185, Budapest, and 23.XI. 2001. 32The

Convention on Cyber Crime distinguishes between four different types of offences33:

1. Offences against the confidentiality, integrity and availability of computer data and

systems, such as illegal access, illegal interception, data interference, system interference,

and misuse of devoice;34

2. Computer-related offences, such as computer-related forgery and computer-related Fraud

35
;

3. Content-related offences, such as offences related to child pornography;36 and

4. Copyright-related offences, such as offences related to copyright infringements and

related rights.37

Even though this typology of cyber crime is not wholly consistent, as the fourth category does

not focus on the object of legal protection but on the method, which in turn brings about overlap

32
Sofaer, Toward an International Convention on Cyber in Seymour/Goodman, The Transnational Dimension of
Cyber Crime and Terror, page 225, available at: http://media.hoover.org/document/0817999825_221.pdf
33
The same typology is used by the ITU Global Cyber Security Agenda/High-Level Experts Group, Global Strategic
Report, 2008, at http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/index.html.
34
See Article 2,3,4,5 and 6 of the Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185,
Budapest, and 23.XI. 2001.
35
Ibid, Article 7 and 8.
36
Ibid, Article 9.
37
As provided by Article 10 of the Council of Europe Convention on Cyber Crime, European Treaty Series - No.
185, Budapest, and 23.XI. 2001

12
between categories. Nonetheless, the categories serve as a useful basis for discussing the

phenomena of cyber crime globally.38

38
The ITU Publication, Understanding Cyber Crime: A Guide for Developing Countries, page , 2009, at:
http://www.itu.int/ITU-D/cyb/cybeersecurity/legislation.html.

13
PART II: THE CONCEPT OF CYBER SECURITY IN CYBER CRIMES

2.0 Introduction.

“There are terrible people who, instead of solving a problem, bungle it and make it

more difficult for all who come after. Who ever can’t hit the nail on the head should,

please, not hit it at all.”39

–Friedrich Nietzsche

2.1 What is the Meaning of Cyber Security?

In the old days people used to hide their faces, draw their guns and rob the local bank or stage-

coach. Currently the way crimes are conducted become more technological creative. For

instance, we have gone from in-person robberies to nameless and faceless crimes involving

computers. A crime such as spamming, passing on computer viruses, harassment, cyber stalking,

and others have become common in our modern world.40

While these issues do not carry potential monetary loss, they are just as harmful in the possibility

of losing files, information and access to your computer. This is why Cyber Security is needed.41

Cyber security means protecting information, equipment, devices, computer, computer resources,

communication device and information stored therein from unauthorized access, use, disclosure

disruption, modification or destruction.42

39
Friedrich Nietzsche, Seventy-Five Aphorisms from Five Volumes, The Wanderer and His Shadow, No. 326,
reprinted in Basic Writings of Nietzsche 165–66 (Walter Kaufmann trans., First Modern Library ed. 1968) (1880).
40
http://dealnews.com/pages/articles/guide-computer-crime-prevention
41
Ibid.

14
By this definition, one would argue that, cyber security involves following aspects:

1. Securing computer, computer system and computer networks,

2. Securing devices, products and applications,

3. Securing hardware and software, and,

4. Securing information, data and/ or databases.43

Joseph Kizza defines computer security in terms of three elements;44

1. Confidentiality;45

2. Integrity;46

3. Availability.47

As commonly used, the term “cyber security” refers to three things:48

1. A set of activities and other measures, technical and non-technical, intended to protect

42
Section 2 (1) nb of the India Information Technology Act of 2000.
43
Vakul Sharma, Information Technology-Law and Practice, 3rd Edition (New Delhi: Universal Law Publishing
Co.Pvt. Ltd., 2011), p. 18.

44
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America,p.169.
45
Protecting against unauthorized disclosure of information to the third parties.
46
Protecting against unauthorized modification of data and files.
47
Preventing unauthorized withholding of information from those who need it when they need it.
48
Fischer, Eric A. (2005): Creating a National Framework for Cyber security: An Analysis of Issues and Options,
February 22, CRS Report for Congress, Order Code RL32777.
Wikipedia: http://en.wikipedia.org/wiki/Security [last accessed on 3 Feb 2013].

15
 computers, computer networks, related hardware and device software, and the information

they contain and communicate, including software and data, as well as other elements of

cyberspace, from all threats, including threats to the national security;

2. The degree of protection resulting from the application of these activities and measures;

3. The associated field of professional endeavour, including research and analysis, aimed at

implementing and those activities and improving their quality.

Sometimes when defining computer security, issues involving cyber security overlap with

concerns pertaining cyber crime, and sometimes privacy. However, not all cyber crimes amount

to infringement of cyber security. For instance, soliciting sex with young children, traffic drugs

through internet, download copyrighted music and others, do not infringe cyber security.49

2.2 Where Does Cyber Security Came From?

As against many people believe, that cyber security began in 1990s, viruses and worms have been part of

the background noise of cyberspace since its earliest days. For instance in the 1986 movie War Games, a

young teenager hacks his way into the computer that handles command and control for the US nuclear

arsenal and The famous Cuckoo’s Egg incident in the mid-1980s raised awareness that foreign spies had

found new ways to obtain highly classified information.50

Cyber security gain momentum in the 1990s where by science and technology advanced. Access

devices have multiplied and diversified to include a variety of portable and wireless accesses.51
49
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America,p.170.
50
Stoll, Cliff (1990): The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage (New York:
Pocket Books).
51
Ibid.

16
On November 2, 1988, the computers acted strangely. They started to slow down, because they

were running a malicious code that demanded processor time and that spread itself to other

computers. The purpose of such software was to transmit a copy to the machines and run in parallel

with existing software and repeat all over again.52

The software was traced back to 23 year old Cornell University graduate student Robert Tappan

Morris. When questioned about the motive for his actions, Morris said 'he wanted to count how

many machines were connected to the Internet'. His explanation was verified with his code, but it

turned out to be buggy, nevertheless.53

The numbers are telling:54 According to statistics, there were 21’000 reported virus incidents in

2000. Three years later, the number was more than six times higher.55At 2002, the worldwide

damage done by worms and viruses was estimated at US$45 billion; August 2003 alone saw the

costs of almost the same magnitude. Thus creating a Cyber Security was inevitable.56

52
Jonathan Zittrain, 'The Future of the Internet', Penguin Books, 2008.
53
Ibid.
54
Clarke, Richard and Lee Zeichner (2004): Beyond the Moat: New Strategies for Cyber security, in: Bank Systems
& Technology, January 27. URL: http://www.banktech.com/showArticle.jhtml?articleID=17501355
55
Security Statistics – Virus Statistics. URL: http://www.securitystats.com/virusstats.html
56
Dunn, Myriam (2004): Cyber-Threats and Countermeasures: Towards an Analytical Framework for Explaining
Threat Politics in the Information Age. Conference paper, SGIR Fifth Pan-European IR Conference, The Hague,
10 September. URL
http://www.sgir.org/conference2004/papers/Dunn%20-%20Cyber-Threats%20and%20countermeasures.pdf

17
2.3 Aspects or Types of Cyber Security.

There are several types of computer securities that are completely based on protecting from

different types of viruses, worms and Trojans. In some authors,57 they called them aspects of

cyber security. The common types of computer security are as follows;

2.3.1 Network Security:

This is a common type of computer security which deals with securing the networks, that is from

privately owned computer networks58 to the internet itself against different types of viruses and

also many other forms of threats to keep the working of computer networking smoothly. Having

set the right kind of network security assures the stable working of computer network.59

As the data are available only for authorized users, it is possible for hackers pretend to be one, by

providing the correct user name and password, thus computer network security can be

disrupted.60

2.3.2 Data Security:

Another important form of the computer security is the data security. It is defined as the type of

security that is used to protect the important data present on different drives of the computer

from different types of threats through different types of software/hardware solutions such as

57
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America, p.171-174.
58
such as IANs and WANs
59
http://www.wifinotes.com/security/computer-security-introduction.html
60
Through denial of services, Trojan horse, Viruses and Worms.

18
Antivirus and firewalls.61 That data can either reside in one or more computer storage devices or

be exchanged between two or more computer systems.62It affects mostly, confidentiality,

integrity and availability of information.

2.3.3 System Security.

It mainly concerns about malicious programs that can disrupt and sometimes destroy the

computer systems. These malicious programs can be viruses such as Love Bug, rabbits, Logic

Bomb, Trojan horse and worms such as Morris Worm and, bugs.63If offenders succeed in

preventing computer systems from operating smoothly, this can result in great financial losses

for victims.64

2.4 Why Cyber Security?

Computer security is important because it can provide the opportunity for the users to protect

their important information present on the network and also in the system (right to privacy).65

It also helps in defending the computer system against different types of destructive technologies

and protects the PC from damage (viruses, worms, bugs and bacteria).

61
Ibid.
62
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America, p.171-172.
63
Ibid p. 172-173.
64
Campbell, Gordon, Loeb, Zhou, “The Economic Cost of Publicly Announced Information Security Breaches:
Empirical Evidence from the Stock Market”, Journal of Computer Security, Vol.11, pg 431-448.
65
http://www.wifinotes.com/security/computer-security-introduction.html

19
It also helps in monitoring the network and protects it also from different threats. So, we should

use computer security solution on some level to protect our data from different type of sniffing

stolen problem.

In general, Computer Security is vital for protecting the confidentiality, integrity, and availability

of computer systems, resources, and data. Without confidentiality, trade secrets or personally

identifying information can be lost. Without integrity, we cannot be sure that the data we have is

the same data that was initially sent (i.e., Altered data). Without availability, we may be denied

access to computing resources (i.e., A virus that disables your keyboard and mouse).66

66
http://wiki.answers.com/Q/What_is_the_importance_of_computer_security

20
PART III: THE CONCEPT OF CYBER PREVENTION AND DETECTION.

3.0 Introduction.

“Given the ever changing nature of technology, it is virtually impossible for police in

most parts of the world to keep up with criminals in their constant efforts to exploit

work closely with other elements of the criminal justice system, the public at large,

the private sectors and non-governmental organizations to ensure the most

comprehensive approach to the problem”.67

Marc Goodman, USA68

Self protection is not sufficient enough to make cyberspace a safe place to conduct business. As

cyber crime increasingly breaches national borders, nations perceived as havens run the risk of

having their electronic messages blocked by the network. There has to be something to either

prevent or eradicate cyber crimes.69

3.1 Meaning and History of Cyber Prevention and Detection.

Cyber prevention, it is the act of restricting, suppressing, destructing, destroying, controlling ,

removing, or preventing the occurrence of cyber attacks, in either, computer systems both

hardware and software systems, networks and data, or any other electronic devices capable of

67
Stein Schjolberg and Solange Ghernaouti-Helie, A Global Treaty on Cyber Security and Cyber Crime, second
edition, AaiT Oslo, 2011, p.57.
68
Marc Goodman is the Seniour Advisor to INTERPOLs Steering Committee on Information Technology Crime,
and chair the organizations working group on Next Generation Cyber Threats.
69
McConnell International, Cyber Crime and Punishment? Archaic Laws Threaten Global Information, December
2000, Washington DC, p.1.

21
being a computer (capable of performing logical arithmetic and memory functions) from such

attacks.

Cyber Detection systems, it detects an irregularity and misbehaviour activities of the Netizen. It

can scan a network for people that are on the network but who should not be there or are doing

things that they should not be doing, for example trying a lot of passwords to gain access to the

network.70

To best defend yourself and to defeat your enemies, you must first understand them: who they are,

how they operate, and why.71 We all know that computers, networks, software applications and

the Internet have introduced opportunities to the world that no one thought possible. However, as

is true with any technology, these same opportunities also carry risks.72

3.2 The history of Cyber Prevention and Detection

The history of Cyber Prevention and Detection is not different from Cyber Security as explained

in Part II. This is simply because one among the methodology of cyber prevention and detection is

cyber security. They both exist due to the development of science and technology which at the end

resulted to insecure of cyberspace by the year of 1990s.73

70
Mikko Hypponen: Fighting viruses, defending the net". TED.
71
Mr. XYZ, Awareness and Prevention of Cyber Crime, 2012, at http://www.scribd.com/doc/89505129/Awareness-
and-Prevention-of-Cyber-Crime.
72
Ibid.
73
See page 10 of this Paper.

22
3.3 Cyber Prevention and Detection Methodologies.

The best methodology for fighting against cybercrime is through education, enforcement of laws

and highly developed security services. Technical expertise in online security is necessary, which

can ensure that people of all the ages including children, teenagers, students, parents and the

business community are always safe.74

But there are some precautions you can take to help guard you and your family against cyber

crime.

3.3.1 In terms of Security

That is to provide security counter measures which act as an action, device, procedure,

techniques or other measures that reduces vulnerability of threat to a computer system.75

3.3.1.1 Firewall Technology.

Rolf Oppliger (1997) argued that, firewall is a blockade between the internal privately owned

network such as intranet that is believed to be secured and an external network, such as internet

which is not assumed to be secured. It does not only help to secure system from unauthorized

access but also prevent an authorized communication with the network.76They give alert and

controls all traffic enters and leaves the internal network. Firewalls can provide some protection

from online intrusion.

74
http://www.crimepreventiontips.org/self-defense-methods/cybercrime-part-3.html
75
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America, p.183.
76
Ibid.

23
3.3.1.2 Antivirus Software.

Antivirus software consists of computer programs77 that attempt to identify, detect, thwart and

eliminate computer viruses and other malicious software (malware). This began fifty years ago

with the computer science pioneer and mathematician John Von Neumann.78They scan the

computer affected files, and either recover, repair, stored or delete them if necessary. They alert

whenever there is a possible intrusion of virus and worms, and perform an action as programmed

by the owner of the computer. They are running effectively when updated.79

3.3.1.3 Encryption Tools.

This ensured the confidentiality, integrity of data transmitted through e-mails, for instance Pretty

Good Privacy (PGP). They employ a technique known as data encryption which can also be

viewed as a type of security measures. It converts the information in message composed in an

ordinary text, into cipher text. The party received it, uses a key to transform it back to the

original meaning. In this situation data can be secured.80

3.3.2 In terms of Education.

Raising awareness with the public may reduce the number of crimes in the information age. The

stakeholders such as hardware and software manufacturers, service providers, government and

other non-governmental organizations may perform a task of informing the public on the security,

77
Examples of Antivirus are, Norton, Avast, Avira, Kaspersky, AVG, Commodo, Viper, Rising, Eset etc.
78
Lee Garber and Richard Raucci (2001)
79
Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of America,p.184.
80
Ibid, p.185.

24
and other relevant risks that may occur during the use such a mode of transaction. They must

further give them alternative ways on how to counterattack the problem.81

3.3.3 Improvement of Technology Industry.

By looking at how to prevent cyber attacks, the technology itself must be improved. Pfleeger and

Rue (2008) once said, “To provide a more realistic picture of the nature and number of cyber

incidents, researchers have to conduct several surveys in the last few years to capture information

about security attacks and protection”.82

For instance, in 2002 the annual Australia Computer Crime and Security used information

provided by Australia’s Federal, State, and Territorial Law Enforcement Agencies to solicit data

from large organization about computer network attacks and misuse trends in Australia. The UK

has done the same, under the UK Department of Trade and Industry.83

3.4 The Legal Instruments in Cyber Prevention.

Prevention of cyber crimes went further to the legal aspects. As the result that, there is no any

other stronger measure than law to prevent cyber crimes, several countries and international

organizations pioneer to harmonize legal regime for controlling cyber crimes.

81
Tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, Vienna, A/CONF.
187/10, 10-17 April 2000, page 14.
82
Brett Pladna, The Lack of Attention in the Prevention of Cyber Crime and How to Improve It, ICTN6883,East
Carolina University, 2005, p.16.
83
Ibid.

25
3.4.1 At the National Level.

3.4.1.1 USA.

Cyber Security Enhancement Act of 2009 (S.773). Intended to improve cyber security within the

federal government and throughout the public and private sectors. To this end, the act establishes

research and development (R&D) requirements for federal agencies and promotes public-private

partnerships (PPPs).84The Act provides the National Institute for Science and Technology for

developing public awareness and education plan.85

Cyber Intelligence Sharing and Protection Act of 2011 (CISPA). Is proposed United States

federal law that would allow for the sharing of Web data between the government and

technology companies. Authors of the bill state that it will help the government to contend with

cyber terrorism and cyber warfare.86

3.4.1.2 Philippines.

Cyber Crime Prevention Act of 2012 officially recorded as Republic Act No. 10175. Previously

Philippines had Electronic Commerce Act of 200087, the Act did not extensively curter the need

for combating cyber crimes.88 The Act has universal jurisdiction, criminalizes several types of

offences, including illegal access (hacking), data interference, device misuse, cybersquatting,

84
http://whatis.techtarget.com/definition/cybersecurity

85
Ibid.
86
Ibid.
87
Electronic Commerce Act of 2000 (Republic Act No. 8792.
88
Arnold, Wayne (22 August 2000). "Technology; Philippines to Drop Charges on E-Mail Virus". The New York
Times. Retrieved 3 October 2012.

26
computer-related offences such as computer fraud, content-related offences such as cybersex and

spam, and other offences. It reaffirms existing laws against child pornography, an offence under

Republic Act No. 9779 (the Anti-Child Pornography Act of 2009).89

India is also one among the countries which strongly combat cyber crimes through Information

and Technology Act, of 2000.

3.4.2 At Regional Level.

3.4.2.1 The Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185,
90
Budapest, and 23.XI. 2001. It is said to be the highest legal instrument covering the aspect of

cyber crimes. It provides offences such as;

Offences against the confidentiality, integrity and availability of computer data and systems,

such as illegal access, illegal interception, data interference, system interference, and misuse of

devoice; Computer-related offences, such as computer-related forgery and computer-related

91
Fraud ; Content-related offences, such as offences related to child pornography;92 and

Copyright-related offences, such as offences related to copyright infringements and related

rights. To the greatest extent, it has solved a number of problems brought by cyber revolution.

89
Sy, Marvin (23 September 2012). “‘give Cybercrime Prevention Act a chance'". The Philippine Star.
90
Sofaer, Toward an International Convention on Cyber in Seymour/Goodman, The Transnational Dimension of
Cyber Crime and Terror, page 225, available at: http://media.hoover.org/document/0817999825_221.pdf
91
View Article 7 and 8 of the Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185,
Budapest, and 23.XI. 2001.
92
Article 9 of the Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185, Budapest, and
23.XI. 2001.

27
3.4.3 At International Level.

3.4.3.1 United Nations.

United Nations through several congresses have managed to create some principles relating to

prevention of cyber crimes. Prominent Congresses are The Tenth United Nations Congress on

the Prevention of Crime and the Treatment of Offenders, Vienna, A/CONF. 187/10, 10-17 April

2000, and the 11th UN Congress on Crime Prevention and Criminal Justice in Bangkok, Thailand

2005. The Declaration was adopted that highlighted the need for harmonization in the fight

against cyber crime.93

3.4.3.2 Council of Europe.94

In 1985 the Council of Europe (CoE) appointed the Expert Committee to discuss the legal

aspects of computer crimes.95Their Recommendation was adopted under the terms of Article

15.b of the Statute of the Council of Europe by recognizing the new challenges of cybercrimes,

and harmonization of law and practice.

The Council of Europe introduced a new convention with 23 signatory state members at first

instance.96 Apart from the criminalization of the sexual abuse of children (Art. 18) the

93
“Declaration Synergies and Responses: Strategic Alliances in Crime Prevention and Criminal Justice”,
at:http://www.unodc.org/pdf/crime/congress11/BangkokDeclaration.pdf.
94
Based in Strasbourg and founded in 1949, representing 47 member states in the European region. It is not a part of
European Union but separate organization.
95
United Nations Conference on Trade and Development, Information Economy Report 2005,
UNCTAD/STE/ECB/2005/1, 2005, Chapter 6, page 233, available at:
http://www.unctad.org/en/doc/sdteecb20051ch6_en.pdf.
96
Council of Europe Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse, CETS
No.201.

28
Convention contains a provision dealing with the exchange of child pornography (Art. 20) and

the solicitation of children for sexual purposes (Art. 23).

29
PART IV: PERSONAL ASSESSMENT.

4.0 Introduction.

“Our world is different; cyberspace offered the opportunity to create a new social

order, free from the entrenched power imbalances evident in the physical world”.

“We are forming our own social contract”, the global social space that is beyond the

laws of traditional society.

John Perry Barlow and Howard Rheingold97.

It should come as no surprise that computer technology is involved in a growing number of

crimes. In addition to being used as a tool to perpetrate crimes (e.g., Computer intrusion,

stalking, harassment, and fraud), computer can contain evidence related to any crime, including

homicide and rape.

It is no longer sufficient to have a few experts familiar with evidence stored on and transmitted

using computers. Any investigation can involve computer or networks and everyone involved in a

criminal investigation or prosecution can benefit from knowledge of the associated technical,

legal and evidentiary issues related to this technology.98

97
(Barlow, 1996).
98
Eoghan Casey, Digital Evidence and Computer, Forensic Science, Computer and the Internet, Academic Press,
2000.

30
 “The next Pearl Harbor we confront could very well be a cyber attack that cripples

our power systems, our grid, our security systems, our financial systems, our

governmental systems,”

Leon Panetta, US Secretary of Defence.99

The statements above made by various prominent authors and leaders, tries to show how

cyberspace is unsafe and create a new world. They contend that, it can be useful for some aspects

(like evidential facts) if well managed. There is no rightful management of cyberspace than the

rightful laws which can help the court to interpret it at the rightful place.

Does Tanzania have rightful laws which can help the court to interpret it at the right place?

4.1 Cyber Crimes Situation in Tanzania.

Tanzania does not have specific legislations dealing with cyber security, prevention or detection

of cyber crimes. Currently the laws which are in place were made before cyber security was an

issue. While cyber crimes pose a significant threat to the development of electronic transactions

Tanzanian Laws do not recognize criminal activities on the internet. For example illegal

intrusion into a computer system cannot be prosecuted with the current legislations which require

physical presence.

The internet does not recognize administrative borders and hence making the internet an

attractive option for people with criminal intents. Tanzania needs to join the world in enacting

99
http://www.its3.us.com/index.php/about-us/why-cyber-security

31
cyber laws which will protect the country and its people against criminal activities on the

internet.

Because,

“There can be no peace without justice, no justice without law and no meaning law

without a Court to decide what is just and lawful under any given circumstances”.

Benjamin B. Ferenez100

Once Mahatma Gandhi, argued that,

“We get the Government we deserve. When we improve, the Government is also

bound to improve”101

It is the duty of the government of the United Republic of Tanzania to ensure that its laws cope

with the development of science and technology, and fully participate in the legislative

enactment (for example in Kenya they have the Electronic Transactions Bill of 2007 which is

supported by USAID, E-legislation Policy Development Initiative for the East African

Community which will soon be an ACT).

100
Stein Schjolberg and Solange Ghernaouti-Helie, A Global Treaty on Cyber Security and Cyber Crime, second
edition, AaiT Oslo, 2011, p.66.
101
Vakul Sharma, Information Technology-Law and Practice, 3rd Edition (New Delhi: Universal Law Publishing
Co.Pvt. Ltd., 2011), page 46.

32
BIBLIOGRAPHY.

Statutes.

The India Information Technology Act of 2000.

The Philippines Electronic Commerce Act No 8792 of 2000

The Philippines Cybercrime Prevention Act of 2012 No. 10175

USA Cyber Intelligence Sharing and Protection Act of 2011 (CISPA).

USA Cyber Security Enhancement Act of 2009 (S.773).

International Laws

The Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185, Budapest,

and 23.XI. 2001.

The Council of Europe Convention on the Protection of Children against Sexual Exploitation and

Sexual Abuse, CETS No.201.

Case Laws

S v Douvenga case no 111/150/2003, dated 2003/08/19 Northern Transvaal Regional Division

93 Cr App R 25

United States v. Morris (1991).

Text Books

33
Adam J. Mambi, ICT LAW BOOK, a Source Book for Information and Communication

Technologies and Cyber Law in Tanzania and East Africa Community, 2010.

Chapman and Hall, Computer Insecurity, 1983.

Christopher Reed, Internet Law; Text and Materials, 2000.

Eoghan Casey, Digital Evidence and Computer, Forensic Science, Computer and the Internet,

Academic Press, 2000.

Herman T. Tavani, Ethics and Technology, Ethical Issues in an Age of Information and

Communication Technology, 2nd Edition, John Wiley & Sons, Inc, 2007, United States of

America.

Jonathan Zittrain, 'The Future of The Internet', Penguin Books, 2008.

Lloyd, I.J. Information Technology Law at Pg. 201.

Roy J. Girasa, Cyber law: National and International Perspectives, (2002)Stoll,

Cliff, the Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage (New York:

Pocket Books) 1990.

Stein Schjolberg and Solange Ghernaouti-Helie, A Global Treaty on Cyber Security and Cyber

Crime, second edition, AaiT Oslo, 201.1

Vakul Sharma, Information Technology-Law and Practice, 3rd Edition (New Delhi: Universal

Law Publishing Co. Pvt. Ltd., 2011.

Articles and Journals

34
9th Global Fraud Survey: Fraud risk in emerging markets. This survey was conducted in 2006 on

behalf of Ernst & Young‘s Fraud Investigation & Dispute Services Practice.

Arnold, Wayne (22 August 2000). "Technology; Philippines to Drop Charges on E-Mail Virus".

The New York Times. Retrieved 3 October 2012.

Brett Pladna, The Lack of Attention in the Prevention of Cyber Crime and How to Improve It,

ICTN6883, East Carolina University, 2005.

Campbell, Gordon, Loeb, Zhou, “The Economic Cost of Publicly Announced Information

Security Breaches: Empirical Evidence from the Stock Market”, Journal of Computer Security,

Vol.11.

Clarke, Richard and Lee Zeichner: Beyond the Moat: New Strategies for Cyber security, in:

Bank Systems & Technology, January (2004).

Dunn, Myriam: Cyber-Threats and Countermeasures: Towards an Analytical Framework for

Explaining Threat Politics in the Information Age. Conference paper, SGIR Fifth Pan-European

IR Conference, The Hague, 10 September (2004)

Fischer, Eric A. (2005): Creating a National Framework for Cyber security: An Analysis of

Issues and Options, February 22, CRS Report for Congress, Order Code RL32777.

ITU Global Cyber Security Agenda/High-Level Experts Group, Global Strategic Report, 2008

ITU Publication, Understanding Cyber Crime: A Guide for Developing Countries, 2009.

Gordon/Ford, On the Definition and Classification of Cyber Crime, Journal in Computer

Virology, Vol.2, No. 1, 2006.

35
Marcus, K. R, social learning theory and moral disengagement analysis of criminal computer

behaviour: an exploratory study of 2001.

Magnin, C.J. The 2001 Council of Europe Convention on Cyber Crime: An Efficient Tool to

Fight Crime in Cyberspace?

McConnell International, Cyber Crime and Punishment? Archaic Laws Threaten Global

Information, December 2000, Washington DC.

Safer, Toward an International Convention on Cyber in Seymour/Goodman, The Transnational

Dimension of Cyber Crime and Terror.

Stein Schjolberg CJ, the History of Global Harmonization on Cyber Crime Legislation-The Road

to Geneva, December 2008.

Talwant Singh, District & Sessions Judge, Cyber Law & Information Technology, Delhi-India.

Tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders,

Vienna, A/CONF. 187/10, 10-17 April 2000

United Nations Conference on Trade and Development, Information Economy Report 2005,

UNCTAD/STE/ECB/2005/1, 2005,

Internet Sources

http://en.wikipedia.org/wiki/MoU/

http://en.wikipedia.org/wiki/Security.

http://dealnews.com/pages/articles/guide-computer-crime-prevention.

36
http://media.hoover.org/document/0817999825_221.pdf

http://www.banktech.com/showArticle.jhtml?articleID=17501355

http://www.cybercrimelaw.net

http://www.itu.int/ITU-D/cyb/cybeersecurity/legislation.html.

http://www.unctad.org/en/doc/sdteecb20051ch6_en.pdf.

Author’s Particulars:

Name: Asherry Magalla.

Home Address: 8401, DSM-Tanzania.

E-mail Address: magallajr@gmail.com

Phone No: +255716348882, +255687565680, +255752140992

Occupation: Student (LL.B Degree Holder (2012) and LL. M-ICT LAW Candidate (2013)

Tumaini University Iringa University College.

37