The process of law making is notoriously long and drawn out, with Bills taking months or even years to pass into to law. In the realms of computer crime, where technology develops apace, this sometimes means that the law is left flagging dangerously behind.
An area where law particularly struggles to keep up with technology is in the prevention of breach of copyright by illegal distribution of intellectual property via the internet. For example, copyright law has struggled to keep up with the advent of peer-to-peer file sharing technology, so that downloading music illegally (‘digital piracy’) has become a commonplace activity for as many as seven million internet users in Britain. In January 2009, The Times newspaper reported that the government’s latest plans to combat internet pirates failed when a consensus could not be found between internet service providers (ISPs) and the music industry as to how to deal with them.
A key problem is where to draw the line between a teenager who downloads a handful of songs from their bedroom, and a server owner who uploads and distributes tens of thousands of pirated tracks and pieces of software. This may sound simple, but with hard drive capacity and internet bandwidth increasing all the time, the average teenager in their bedroom could easily possess thousands of illegal tracks without considering themselves a criminal. So by the time the lines are drawn, technology has moved on.
Another issue yet to be ironed out by the legal system is one of culpability. For example, in the case of illegal file sharing, it is not clear who should be prosecuted: the person who downloads the file, the person who uploads it to the internet, or indeed the software provider or internet service provider (ISP) who facilitated the transfer. In 2008, Britain’s six largest ISPs sent out warning letters to file sharers, but as this was not followed up by prosecutions, its effectiveness as a deterrent were minimal.
As computer criminals become more adept at covering their tracks, policing computer crime has also become increasingly difficult. Many crimes are now committed in the digital world and so there are often no physical leads available for the police to follow. This is where computer forensics comes in. Computer forensics is the analysis of electronic devices in order to produce legal evidence of a crime or unauthorised action. When a person is suspected of committing a crime, computer forensic analysts can scour the suspect’s computer for evidence such as deleted files, internet browsing histories or chat logs.
In response to the need for such investigations, the Association of Chief Police Officers has put guidelines in place to ensure that good practice is adhered to when collecting digital information for the purpose of law enforcement. The ACPO guidelines require computer evidence to be collected by qualified experts who keep an auditable trail of all work done. If this is not adhered to, any evidence recovered may be deemed inadmissible.
As technology progresses, it is likely that guidelines for the recovery of computer based evidence will need to be continually revisited to ensure they remain up-to-date, but there can be little doubt that computer forensics will play a key role in assisting the legal system in its race to keep up with the lightning pace of technological development.