This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The notion of cyber crime is generally understood to mean unlawful attacks and threats of attacks against computer equipments, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political and social objectives. Cyber crime, traditionally, include cyber attacks, distribution of illegal materials in cyberspace, illegal communications between crime groups. However, phishing and pharming have been recently recognised a new forms of cyber crimes beyond the traditional ones. Phishing is an effort to unlawfully gain private information, including financial accounts details, credit card details, telephone numbers, identification information, etc. through the use of ICT. Pharming is an attempt to redirect users to fraudulent websites and in the process disclosing the details of their identity making them vulnerable and unintentionally used as sources of viruses, pornography materials, and/or offensive materials (without the users themselves being aware of what is happening).
The increasing threat from crimes dedicated against information systems, is starting to assert interest in state Capitals. Tanzania like many other African countries, is a major source or target of cyber crime, a natural entry point for cyber attacks; Why?- Because it is one of the countries least prepared for cyber crimes in terms of legislative ,technological and manpower systems to manage electronic evidences .Electronic evidence adds more challenges in its usage as opposed to traditional paper based evidence in the sense that it can change moment by moment, it is easily alterable, and it is easily be changed in the process of collecting. Consequently, existing laws in Tanzania are prone to be unable to be compelled against such crimes. This lack of lawful safeguard means that businesses and the government must depend only on procedural instruments to guard themselves from individuals who would take, refuse right of entry to, or wipe out valuable information.
Self-preservation, whilst necessary, is not enough to make cyberspace a safe and sound place to conduct business. The regulations have to also be imposed. Countries where legal protections are not enough will become progressively less able to participate in the latest markets. As cyber crime gradually breaches more state boundaries, states professed as hens run the risk of having the electronic messages blocked by the network. The government's efforts to combat cyber crime need to be put at all four levels of crime management (namely, crime prevention, crime monitoring and detection, crime prosecution, and crime stoppage).
What is different concerning cyber crime?
Unfazed by the prospect of capture, or prosecution, cyber criminals all over the globe prowl on the network, as all-pervading threat, to the financial wellbeing of businesses, to the belief of their clientele, and as an up-and-coming threat to nation's security. Headlines command our attention with increasing frequency. According to available information, the number of reported incidences of security breaches in the period 2009 worldwide has risen over the total of incidences 2008. Moreover, countless instances of illegal access and damage around the world remain unreported, as victims dread the disclosure of vulnerabilities, the potential for mimic crimes, and the loss of civic confidence.
Cyber crimes-harmful acts dedicated from or against a computer or network-differ from most global crimes in four ways. They are simple to gain knowledge of how to perpetrate; they need little resources relative to the potential harm they intend to bring about; they can be done in a jurisdiction exclusive of being actually there; and they are over and over again not evidently illegitimate.
The majority of reports it's revealed that the laws of most countries do not plainly proscribe cyber crimes. Active worldly laws against practical acts of intrude or breaking and entering frequently does not "swathe their Virtual" counterparts. E-commerce sites of late hit by well-known, circulated denial of service attacks, for example, might not be covered by redundant laws as confined form of assets. Recent kinds of crimes can fall between the cracks, as the Philippines learned when it attempted to take legal action the person responsible for of the May 2000 love bug virus, which was responsible for the loss billions of dollars in terms monetary damage world wide or the collapse of the financial markets.
Effective law enforcement is more problematical by the multinational character of cyber crime. Mechanisms of assistance across state boundaries to unravel and indict crimes are complex and time-consuming. Cyber criminals can disregard the conventional boundaries of independent states, protruding an assault from roughly any computer in the world, passing it across numerous state boundaries, or scheming attacks that appear to be coming from overseas sources. Such means significantly amplify both the practical and permissible complexities of investigating and prosecuting of cyber crimes. In order to prevent catastrophes resulting from cyber crimes, therefore, the future of the networked world demands a more proactive approach, whereby governments, industry, and the public work together to device enforceable laws that will effectively deter all but the most cyber criminals.
Poor Information Security reduces the competitiveness of Nations
Although several countries, particularly in Europe and Asia, were reported to have addressed a number of these broader information security factors, it is revealed that few countries are able to demonstrate that adequate legal measures had been taken to ensure that perpetrators of cyber crime would be held accountable for their actions. Only a small fraction of countries indicated that progress was currently underway to solve the problem. Useless laws and policy, and frail enforcement mechanisms for shielding networked information, generate an unreceptive atmosphere in which to carry out e-business inside a state and across national boundaries. Insufficient lawful defence of digital information can generate barriers to its trade and inhibit the expansion on e-commerce. As e-business expands globally, the need for tough and dependable ways to look after networked information will mature.
SADC Countries are Boorish of cyber Laws
Most SADC countries including Tanzania have not yet modernized their laws to deal with any form of cyber crime. South Africa, Zambia and Mauritius, however, have enacted legislation to address most type of cyber crime and have updated their laws, to prosecute against so of the types of cyber crime. On another front, in the international experience, a good example is Canada; successful prosecutions of computer related fraud have effectively updated the law. Canada also provides an example of a phenomenon in many countries-that law enforcement officials have self-confidence that active laws offer adequate exposure against the "cyber crimes' of aiding and abetting cyber crimes, and computer-related fraud and forgery.
Even among developed countries, crimes are not treated uniformly. In some unauthorised access is crime only if harmful intent is present; in others data theft is a crime only if the data relates specifically to an individual's religion or health, or if the intent is to defraud. Laws tend to be biased in favour of protecting public sector computers.
Finally its understood that a number of countries have indicated progress toward the adaption of updated legislation to combat cyber crime. Some of these countries are in Africa and the Middle East, indicating that, although these regions have not yet adequately addressed the issue of cyber crime, many countries are aware that action is needed.
Regulations are merely an element of the solution
Extending the statute of laws into cyberspace is a crucial stride to make a reliable setting for individuals and businesses. Since that extension remains a work in progress, organisations in our day must initially and primarily defend their own systems and information from attack, be it from outside or from inside. They can depend more secondarily on the deterrence that effective law enforcement can provide. To offer the self-protection, organisation has to centre on implementing cyber security strategy addressing individuals, process, and equipment issues. Organisations require entrusting the resources to skilled employees on security practices, developing systematic procedure for the management of sensitive data, records and communication, and incorporating vigorous security parameters - such as, anti-virus software, intrusion detection parameters, and firewalls - all the way through the organisations' computer systems.
These system fortification parameters -the software and hardware for protecting information systems -are complex and costly to operate. To steer clear of hassles and cost, system manufactures and system operators more often than not leave security characteristics "turned off," pointlessly escalating the vulnerability of the information on the systems. Bugs and security holes with known fixes are usually left unattended. Additional, no agreed-upon principles exist to level the parity of the tools, and no conventional line exists for organizations to establish how much investment in security is adequate. The incapability to put a figure on the costs and benefits of information security investments leave security managers at a difficulty when competing for organisational resources. a great deal work remains to advance management and practical solution for much more protection.
Globally, a range of industries have been providing information related to threats, vulnerabilities, attacks, and counter measures. A number of international summits are being organised to bring together industry, governments, and multilateral organisations across financially viable sectors to share information and build partnerships. In SADC a number of working groups are now developing accommodating approaches to addressing the most vital information security problems. These summits and working groups will also make available an opening to revisit the movement of states in updating their laws to swathe cyber crimes.
Reliance on terrestrial laws is an untested approach. Despite the progress being made in most countries, most countries still rely on paradigm terrestrial law to go after cyber crimes. Mainstream countries are relying on ancient statutes that predate the birth of cyberspace and have not yet tested in court.
Frail penalties limit deterrence. The weak penalties in most updated criminal statues offer narrow prevention for crimes that can have huge scale economic and social baggage.
Self-protection remains the first line of defence. The general weakness of statues increases the importance of private sector efforts to develop and adapt strong and efficient technical solutions and management practices for information security.
A global patchwork of laws creates little certainty. Little consensus exist among countries regarding exactly which crimes need to be legislated against. In the networked world, no island is an island. Unless crimes are defined in a parallel way across jurisdictions, harmonized efforts by law enforcement officials to fight cyber crime will be thorny.
A model approach is needed. Most countries recognise the significance of prohibition malicious computer-related acts in a timely approach in order to encourage a secure setting for e-commerce and are seeking a model to follow. But only some have the lawful and practical resources essential to address the complexities of adapting worldly criminal statues to cyberspace. A coordinated, public-private partnership can help eliminate the potential dander from the in advertent creation of cyber crime havens.
based on this report, the weak state of Tanzania's legal protections against cyber crime, and the current pressure to maintain security to safeguard investors' climate in the country, we strongly believe that the following three kinds of actions need to be engaged.
Firms have to make safe their networked information.
Laws to put into effect property rights apply only when property owners take rational steps to look after their property in the first place. If homeowners failed to buy locks for their front doors, should towns decipher the dilemma by passing more laws or hiring more police?. Even where laws are sufficient, firms reliant on the network must make their own information and system secure. And where enforceable laws are months or years away, as in most countries, this responsibility is even more significant. CCU and the TPF should take deliberate efforts to educate private and public organisation to ascertain their commitment and steps taken in this direction. A natural beginning to implement this is to request each organisation to develop and make available to TPF the company policy regarding the use of ICT and electronic information.
The GoT should ensure that our laws are relevant to cyber crimes.
National governments remain the main authority for regulating criminal behaviour in most places in the world. South Africa and Mauritius already have struggled from, and ultimately improved, their legal systems after an altercation with the distinctive challenges to be had by cyber crime. It is crucial that other SADC nations yield from this report, and scrutinize their present laws to determine whether they are poised in a technically unbiased manner that would not rule out the prosecution of cyber criminals. In many cases, Tanzania will find that our current laws ought to be updated. Ratification of enforceable computer crime laws that also value the rights of individuals are crucial in the next step in the battle against this rising menace. CCU and TPF should be a catalyst to initiate this process.
Firms, Governments, and civil society should work together as part of SADC/EAC to strengthen policy frameworks for cyber security.
To be prosecuted across the border, an act must be a crime in each jurisdiction. Thus, while local legal traditions must be respected, nations must define cyber crimes in a similar manner. As part of EAC or SADC, Tanzania should have a policy that addresses computer-related forgery, illegal interception, system interference, data interference, computer-related fraud illegal access, and the aiding and abetting of these crimes. The policy should also address investigational matters related to jurisdiction, extradition, the interception of communications, and the production and preservation of data. Finally, it should promote cooperation among law enforcement officials across national borders.
Proposed action plan
Firms should secure their networked information
action Challenge to be addressed by the cyber Crimes Unit Target organisation 1 Implement best computer and network based security systems with latest technology Can these expensive technologies be shared between GoT and tech companies? ISP, Telephone Companies, TCRA 2 Broad education on potential incidences of security issues Do we have financial capacity? Can private sector assist ISP, Telephone Companies, TCRA 3 Create around the clock security capability in each organisation Can we use distributed computing to enhance these? ISP, Telephone Companies, TCRA 4 Create rapid notification and action systems for security breaches Company by Company or region ISP, Telephone Companies, TCRA 5 Define data and communications privacy and data property rights Do all organisations have capacities? MoJCA, ISP Telephone Companies 6 Promote effective sharing of security holes and solutions between companies and governments How this is achieved- Does it require an integrated security strategy? TPF, Telecommunication companies 7 Increase cooperation to help trace and locate cyber criminals - registration of IDs of users Are we poliCCUally ready for this? Service providers, national ID project, TPF 8 Obtain ICT policy in each organisation as a matter of requirement to allow for prosecution of individual criminals Do guidelines exist for developing a coherent and traceable ICT policy within individual organisations? ICT Consultants, TPF, CCU 9 Find mechanism for TSPs and ISPs and agents to tag and monitor the usage of devices (e.g computers/ telephones,etc)report incidences to law enforcement officers Can service providers agree to this (as it tends to reduce their revenues and add more preasure in their back office systems managemet)? ISP, Telephone Companies, TCRA
The GoT should ensure that our laws apply to cyber crimes
actions Challenges to be addressed by the cyber Crimes Unit Target Organisations 1 Review existing laws Do we have mandate to do this? MoJCA 2 Learn from other countries laws Do we have financial resources? Donors, sponsors 3 Draft new laws/ amendments Do we have expertise? International consultants 4 Create awareness amongst stakeholders and seek public buy-in Can we manage issues around human rights? Human rights groups 5 Review monitoring and evaluation framework for the new law enforcement Do we have capacities? MoF, Investor 6 Identify champions and organisational structures to support the new laws Can we convince the GoT to buy in? PO-PSM, Chief Secretary
Firms, governments, and civil society should work cooperatively as part of EAC/SADC to develop policy frameworks for cyber security
actions Challenges to be addressed by the cyber Crimes Unit Target Organisations 1 Join EAC/SADC technical working groups Do similar working groups exist? Can we manage to convince member countries? MoEAC, MoFA,MoIT 2 Formulate the common elements of the policy framework Do we have technical capacity? Member countries 3 Review / formulate new policy for Tanzania Do we have money? donors 4 Engage stakeholders Do we have the mandate? 5 Engage the public Do we have the money? GoT