09:00 - 18:00

Рабочее время — Пон. — Пят.

Беслатная Консультация




Alliance > Артикли  > Legal basis and organizational mechanisms of the fight against cybercrime in US and UK law

Legal basis and organizational mechanisms of the fight against cybercrime in US and UK law

For the first time in the history of the United States, the domestic regulatory framework for the fight against cybercrime has emerged in terms of historical formation and development. For the first time, cybercrime was committed in the United States, and over time, this crime began to have trans boundary or transnational significance.

In 1977, the US Federal Computer Systems Protection Bill was drafted. The draft law provided for criminal liability for the following acts: knowingly entering false or misleading information into a computer system; illegal use of computer devices; changes in the process of information processing or violation of these processes; theft of money, securities, property, services, valuable information using the capabilities of computer technology or computer information. Later, on the basis of this draft law, in 1984, the main normative legal act defining criminal liability for illegal actions in the field of computer information — the Law on Computer Fraud and Abuse — was adopted [1].

At present, this law is enshrined in Article 1030 of Chapter 47 of the 18th US Code of Laws. This article provides for criminal liability for seven main components of computer crimes: computer espionage; Unauthorized or unauthorized access to information belonging to US government agencies or to interstate or international trade, as well as financial records and information cards of financial institutions; Influencing computers used exclusively by US government agencies or disrupting the operation of computers used in whole or in part by the US government; computer fraud; intentional or negligent damage to protected computers; fraud through computer passwords or similar information trading that allows unauthorized access to information, if such trade affects trade relations between states and with other states, or computers used by the US government; threats, blackmail, violence and other illegal acts committed with the use of computer technology [2].

Punishment for cybercrime listed in the relevant paragraphs of Article 1030 depends on the degree of public danger of the act committed, the importance of the object of the conspiracy, the recurrence of the act, and  is punishable by a fine of 1.5, 10 or 20 years. U.S. criminal law classifies these crimes as felony.

One of the laws passed by the United States in this area is the 1996 Law on the Prevention of Child Pornography (CPPA). This Law prohibits the acquisition of pornographic images and materials reflecting the views of children, their dissemination on the Internet such materials by computer or e-mail prohibits the use of trade [4].

The United States even has an Internet Gambling Prohibition Act that prohibits online gambling. The law prohibits gambling within the United States (with the exception of Las Vegas and the Atlantic City), which may generate significant income through the Internet, and carries a maximum sentence of two years in prison for such offenses or as well as a fine of around $ 10,000 [5].

Since 2013, the Legal Committee of the US House of Representatives has been working on a new draft law on cybersecurity (CISPA), discussing its specific aspects. In particular, the draft under discussion highlights the tendency to toughen penalties for cybercrime, to equate their level of public safety with real crimes. The bill stipulates that if an offender accesses information on a US computer network, he could be sentenced to 30 years in prison, without regard to the right to early release.

It should be noted that there is a precedent for extraterritorial activities of the United States in relation to the information space of foreign countries. The precedent was set in 2000 in Chelyabinsk, Russia, when Russian computer programmers repeatedly hacked into the computer networks of US-owned companies and became the subject of US FBI scrutiny. Shortly afterwards, on that precedent, in 2002, American law enacted a law to cover the virtual space of other states. This precedent effectively allows the competent authorities, in particular the FBI and the Central Telegraph Agency, to engage in international hacking without regard to any legal or international constraints [3, p. 154]

After Kevin Mitnick (nicknamed Condor), a former hacker and now a well-known cybersecurity consultant, illegally attacked the US Department of Defense’s network in 1988, the US government used computers to prevent possible and future intrusions into the Internet and to ensure information security established the CERT-Computer Emergency Response Team. The Center is currently housed at the Institute of Programming at Carnegie Mellon University in Pittsburgh, which serves as an information agency to alert private and public companies to attacks on information networks. Given the rapid growth of cybercrime, the United States later established the US Cyber ​​Command, a computer unit directly under the Pentagon, the Computer Crime and Intellectual Property Section, the Internet Police, and the Internet and Network Police [6].

The U.S. Cybercrime Criminal Investigation and Prosecution Jurisdiction is primarily under the auspices of the U.S. Secret Service and the Federal Bureau of Investigation. The US Customs Service, the Air Force Investigation Service and other military agencies, the Ministry of Commerce, as well as other government agencies have the jurisdiction to prosecute, investigate and prosecute these crimes. As can be seen from the above considerations, the United States has a well-established and well-developed legal framework for combating cybercrime. The limits of the sanctions (penalties) and fines provided for in these laws are characterized by their seriousness, and the tendency to increase these sanctions continues to grow.

In modern times, the fight against cybercrime is also found in the United Kingdom, which has a conservative legal system. At one time in history, the United Kingdom was able to cope with these crimes with its rich judicial experience, but the «strong pressure» of cybercrime has led to a radical change in the policy of this state in relation to these crimes. The first legal act in the UK to combat cybercrime was the Computer Misuse Act of 1990 [7].

According to the law, the following acts are considered criminal:

1) Intentional illegal access to a computer or computer information or programs reflected in it (Article 1);

2) Intentional illegal access to a computer or computer information or programs reflected in it for their subsequent illegal use (Article 2);

3) Illegal access to carriers, computers, computer systems or networks, if it leads to the destruction, blocking, modification or copying of this information, disruption of computers, computer systems (Article 3) [7].

Considering that cybercrime is a serious problem in modern times and the importance of joining and supporting the cooperation of states in combating this problem, the Law on Terrorism was adopted and entered into force in the United Kingdom in 2000. In addition to emphasizing that terrorism is a particularly dangerous crime, the adopted law emphasizes the importance of preventing its entry into cyberspace. According to legal journals, this law was the first to equate the actions of hackers with terrorist crimes in the international arena [8, p.345].

Other legal acts in the UK to combat cybercrime include: the 2003 Privacy and Electronic Regulations; the Police and Justice Act of 2008; the Serious Crime Act of 2007 and b. By the way, the United Kingdom ratified the Council of Europe Convention on Cybercrime in 2011 and, as researchers rightly point out, this country is beginning to see the need for more dynamic and effective implementation mechanisms in the fight against cybercrime [9].

In particular, we would like to emphasize that the legislative measures taken against cybercrime in the United Kingdom are in some ways similar to the measures taken against such crimes in the United States. Probably, this is due to the fact that both countries belong to the Anglo-Saxon family of law and react quickly to the prevention of these crimes [9].

In the UK, there are special police units to effectively combat cybercrime. To this end, the National High-Tech Crime Unit (NHTCU) was established in 2001, but in 2006 the functions of this body were transferred to the Organized Crime Agency (SOCA). The Central Police Department for Cybercrime, established in 2009, coordinates the fight against cybercrime. Since 2013, the National Agency for Crime Control, including cybercrime, has been operating in the UK. This institution is sometimes called the analogue of the US Federal Bureau of Investigation [8, p. 406].


References and Sources:

  1. S. consumers and cyber crime Statistics & Facts — https://www.statista.com/topics/2588/us-consumers-and-cyber-crime/
  2. Computer Fraud and Abuse Act (CFAA) https://www.nacdl.org/Landing/ComputerFraudandAbuseAct


  1. Cassese A. Antonio, Acquaviva G, Whiting A. International Criminal Law: Cases and Com­mentary. Oxford University Press, 2011


  1. The Prevention of Child Pornography (CPPA) — https://www.britannica.com/topic/Child-Pornography-Prevention-Act


  1. Internet Gambling Prohibition Act — https://www.ftc.gov/enforcement/statutes/unlawful-internet-gambling-enforcement-act


  1. CERT-Computer Emergency Response Team — https://cert.gov.vu/


  1. The Computer Misuse Act of 1990 — https://www.legislation.gov.uk/ukpga/1990/18/contents


  1. Jeff Kosseff “Cybersecurity Law” / Wiley; 2nd edition, November 19, 2019, p. 768


  1. Jennifer L. Bayuk «Cyber Security Policy Guidebook» / Wiley; 1st edition April 24, 2012, p. 288.


Graduated from Baku State University,

Faculty of Law (SABAH group) Kamran Khalilov




Bakı Dövlət Universiteti Hüquq fakültəsi

(SABAH qrupu) məzunu Kamran Xəlilov


No Comments

Leave a Comment